插入自定义模块污染内核

Question

我只想插入一个模块而不污染内核。

这是文件test1.c

#include <linux/init.h>
#include <linux/module.h>
#include <linux/kernel.h>

MODULE_LICENSE("GPL")
MODULE_AUTHOR("AUTHOR")
MODULE_DESCRIPTION("DESCRIPTION")

static int __init module_hello(void) {
    printk(KERN_ALERT "Hello");
    return 0;
}

static void __exit module_bye(void) {
    printk(KERN_ALERT "Bye");
}

module_init(module_hello);
module_exit(module_bye);

在同一文件夹中，文件 Makefile，如 kernel.org 第 3 节所述

ifneq ($(KERNELRELEASE),)

obj-m  := test1.o

else

KDIR ?= /lib/modules/`uname -r`/build

default:
    $(MAKE) -C $(KDIR) M=$$PWD

endif

执行make 会正确创建必要的文件，但是当我插入它时，我会收到消息Loading out-of-tree modules taints kernel，并且在我删除模块之前我不会得到module_hello 的输出，之后，如果我再次插入它，我从module_bye 函数中得到消息，但不是你好。

Answer 1

消息延迟是因为在每次打印结束时缺少\n。 \n 将数据从内核消息缓冲区放入文件中。

有关受污染的内核，请参阅this link

Answer 2

如kernel.org 第 1 节，

[...] 所有模块都是最初开发和构建的 树外。

所以，一开始内核会被污染。

Answer 3

我正在使用下一个 Makefile 来签署新创建的模块： 工作流程是：“make clean;make;make key;make cp;make sign;make install”

CONFIG_MODULE_SIG:=y

#https://stackoverflow.com/questions/24975377/kvm-module-verification-failed-signature-and-or-required-key-missing-taintin
kernel:=$(shell uname -r)
KSRC:=/usr/src/kernels/${kernel}
KBDIR:=/usr/lib/modules/${kernel}/build
KROOT:=/usr/lib/modules/${kernel}
#CONFIG_MODULE_SIG:=y
#/usr/lib/modules/4.18.0-193.19.1.el8_2.x86_64/extra/kvedemo.ko
#  /lib/modules/4.18.0-193.19.1.el8_2.x86_64/kernel/lib/kvedemo.ko
INSTALLPATH:=${KROOT}/kernel/lib
INSTALLPATH2:=${KROOT}/extra
#CONFIG_MODULE_SIG=y
# obj-m is a list of what kernel modules to build.  The .o and other
# objects will be automatically built from the corresponding .c file -
# no need to list the source files explicitly.
driver:=kvedemo
obj-m:= ${driver}.o

# KSRC is the location of the kernel source.  The current standard is
# to link to the associated source tree from the directory containing
# the compiled modules.

    # PWD is the current working directory and the location of our module
    # source files.
    PWD:= $(shell pwd)
    test:
        echo    ${KROOT}
        ls  ${KROOT}
    ${driver}.ko:   ${driver}.c
        $(MAKE) -C $(KSRC) M=$(PWD) 
    clean:
    #   rm *.o *.ko
        $(MAKE) -C $(KBDIR) M=$(PWD) clean
    key:
        openssl req -new -nodes -utf8 -sha512 -days 36500 -batch -x509 -config x509.genkey -outform DER -out signing_key.x509 -keyout signing_key.priv
        openssl req -x509 -newkey rsa:4096 -nodes -utf8 -sha512 -days 36500 \
    -batch -config ./configuration_file.config -outform DER \
    -out my_signing_key_pub.der \
    -keyout kernel-signing_key.priv
    cp:
        sudo cp signing_key.x509 ${KSRC}/certs/
        sudo cp signing_key.priv ${KSRC}/certs/
        sudo cp signing_key.pem ${KSRC}/certs/
    
    pem:
        openssl req -new -nodes -utf8 -sha512 -days 36500 -batch -x509 -config x509.genkey -outform PEM -out kernel_key.pem -keyout ./signing_key.pem
    priv:
        openssl req -x509 -newkey rsa:4096 -nodes -utf8 -sha256 -days 36500 \
    -batch -config configuration_file.config -outform DER \
    -out my_kernel-signing_key_pub.der \
    -keyout kernel-signing_key.priv
    #   openssl req -newkey  rsa:4096 -nodes -utf8 sha512 -days 3650 -batch -x509 -config ./kernel-signing_key.x509 -outform PEM -out kernel-signing_key.x509  -keyout ./kernel-signkey.priv
    sign:${driver}.ko
    #/usr/src/kernels/4.18.0-193.19.1.el8_2.x86_64/scripts/sign-file sha512 ./kernel-signing_key.priv ./kernel-signing_key.x509 kvedemo.ko
    ${KSRC}/scripts/sign-file sha512 ./signing_key.priv ./signing_key.x509 ${driver}.ko
install:${driver}.ko
    sudo cp ${driver}.ko ${INSTALLPATH}/
    sudo  depmod -a 
#   sudo ls -l  ${INSTALLPATH}
modules_install:${driver}.ko
#   hexdump -C /usr/lib/modules/4.18.0-193.19.1.el8_2.x86_64/extra/kvedemo.ko 
    sudo   $(MAKE) -C $(KBDIR) M=$(PWD) modules_install   CONFIG_MODULE_SIG=y
    sudo  depmod -a
    
# default is the default make target.  The rule here says to run make
# with a working directory of the directory containing the kernel
# source and compile only the modules in the PWD (local) directory.
#default:
#   $(MAKE) -C $(KSRC) M=$(PWD) modules
after make clean ; make you have to generate key with `make key`then sign your module by`make sign`then install it `make install`