| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20220209204812.GD3113@kunlun.suse.cz>
Date: Wed, 9 Feb 2022 21:48:12 +0100
From: Michal Suchánek <msuchanek@...e.de>
To: 20220209170358.3266629-1-atomlin@...hat.com
Cc: mcgrof@...nel.org, cl@...ux.com, pmladek@...e.com, mbenes@...e.cz,
akpm@...ux-foundation.org, jeyu@...nel.org,
linux-kernel@...r.kernel.org, linux-modules@...r.kernel.org,
live-patching@...r.kernel.org, atomlin@...mlin.com,
ghalat@...hat.com, allen.lkml@...il.com, void@...ifault.com,
joe@...ches.com, christophe.leroy@...roup.eu,
oleksandr@...alenko.name
Subject: Re: [PATCH v5 07/13] module: Move extra signature support out of
core code
Hello,
On Wed, Feb 09, 2022 at 05:08:08PM +0000, Aaron Tomlin wrote:
> No functional change.
There is functional change.
> @@ -2565,70 +2542,6 @@ static inline void kmemleak_load_module(const struct module *mod,
> }
> #endif
>
> -#ifdef CONFIG_MODULE_SIG
> -static int module_sig_check(struct load_info *info, int flags)
> -{
> - int err = -ENODATA;
> - const unsigned long markerlen = sizeof(MODULE_SIG_STRING) - 1;
> - const char *reason;
> - const void *mod = info->hdr;
> - bool mangled_module = flags & (MODULE_INIT_IGNORE_MODVERSIONS |
> - MODULE_INIT_IGNORE_VERMAGIC);
> - /*
> - * Do not allow mangled modules as a module with version information
> - * removed is no longer the module that was signed.
> - */
> - if (!mangled_module &&
^^^^^^^^^^^^^
> - info->len > markerlen &&
> - memcmp(mod + info->len - markerlen, MODULE_SIG_STRING, markerlen) == 0) {
> - /* We truncate the module to discard the signature */
> - info->len -= markerlen;
> - err = mod_verify_sig(mod, info);
> - if (!err) {
> - info->sig_ok = true;
> - return 0;
> - }
> - }
> diff --git a/kernel/module/signing.c b/kernel/module/signing.c
> index 8aeb6d2ee94b..ff41541e982a 100644
> --- a/kernel/module/signing.c
> +++ b/kernel/module/signing.c
> @@ -43,3 +62,59 @@ int mod_verify_sig(const void *mod, struct load_info *info)
> VERIFYING_MODULE_SIGNATURE,
> NULL, NULL);
> }
> +
> +int module_sig_check(struct load_info *info, int flags)
> +{
> + int err = -ENODATA;
> + const unsigned long markerlen = sizeof(MODULE_SIG_STRING) - 1;
> + const char *reason;
> + const void *mod = info->hdr;
> +
> + /*
> + * Require flags == 0, as a module with version information
> + * removed is no longer the module that was signed
> + */
> + if (flags == 0 &&
^^^^^^
This reverts a97ac8cb24a3c3ad74794adb83717ef1605d1b47
Please re-apply.
Thanks
Michal
> + info->len > markerlen &&
> + memcmp(mod + info->len - markerlen, MODULE_SIG_STRING, markerlen) == 0) {
> + /* We truncate the module to discard the signature */
> + info->len -= markerlen;
> + err = mod_verify_sig(mod, info);
> + if (!err) {
> + info->sig_ok = true;
> + return 0;
> + }
> + }
Powered by blists - more mailing lists