| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20201002173828.2099543-11-keescook@chromium.org>
Date: Fri, 2 Oct 2020 10:38:22 -0700
From: Kees Cook <keescook@...omium.org>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Kees Cook <keescook@...omium.org>, KP Singh <kpsingh@...gle.com>,
Jessica Yu <jeyu@...nel.org>,
Scott Branden <scott.branden@...adcom.com>,
Mimi Zohar <zohar@...ux.ibm.com>,
Luis Chamberlain <mcgrof@...nel.org>,
Takashi Iwai <tiwai@...e.de>, SeongJae Park <sjpark@...zon.de>,
KP Singh <kpsingh@...omium.org>, linux-efi@...r.kernel.org,
linux-security-module@...r.kernel.org,
linux-integrity@...r.kernel.org, selinux@...r.kernel.org,
linux-kselftest@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH v5 10/16] module: Call security_kernel_post_load_data()
Now that there is an API for checking loaded contents for modules
loaded without a file, call into the LSM hooks.
Signed-off-by: Kees Cook <keescook@...omium.org>
Reviewed-by: KP Singh <kpsingh@...gle.com>
Acked-by: Jessica Yu <jeyu@...nel.org>
---
kernel/module.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/kernel/module.c b/kernel/module.c
index f47209e0fde6..adfa21dd3842 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -3014,7 +3014,7 @@ static int copy_module_from_user(const void __user *umod, unsigned long len,
if (info->len < sizeof(*(info->hdr)))
return -ENOEXEC;
- err = security_kernel_load_data(LOADING_MODULE, false);
+ err = security_kernel_load_data(LOADING_MODULE, true);
if (err)
return err;
@@ -3024,11 +3024,17 @@ static int copy_module_from_user(const void __user *umod, unsigned long len,
return -ENOMEM;
if (copy_chunked_from_user(info->hdr, umod, info->len) != 0) {
- vfree(info->hdr);
- return -EFAULT;
+ err = -EFAULT;
+ goto out;
}
- return 0;
+ err = security_kernel_post_load_data((char *)info->hdr, info->len,
+ LOADING_MODULE, "init_module");
+out:
+ if (err)
+ vfree(info->hdr);
+
+ return err;
}
static void free_copy(struct load_info *info)
--
2.25.1
Powered by blists - more mailing lists