| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 2 Mar 2022 08:08:22 +0000
From: Christophe Leroy <christophe.leroy@...roup.eu>
To: Aaron Tomlin <atomlin@...hat.com>,
"mcgrof@...nel.org" <mcgrof@...nel.org>
CC: "cl@...ux.com" <cl@...ux.com>, "mbenes@...e.cz" <mbenes@...e.cz>,
"akpm@...ux-foundation.org" <akpm@...ux-foundation.org>,
"jeyu@...nel.org" <jeyu@...nel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"linux-modules@...r.kernel.org" <linux-modules@...r.kernel.org>,
"void@...ifault.com" <void@...ifault.com>,
"atomlin@...mlin.com" <atomlin@...mlin.com>,
"allen.lkml@...il.com" <allen.lkml@...il.com>,
"joe@...ches.com" <joe@...ches.com>,
"msuchanek@...e.de" <msuchanek@...e.de>,
"oleksandr@...alenko.name" <oleksandr@...alenko.name>,
"jason.wessel@...driver.com" <jason.wessel@...driver.com>,
"daniel.thompson@...aro.org" <daniel.thompson@...aro.org>,
"pmladek@...e.com" <pmladek@...e.com>
Subject: Re: [PATCH v9 07/14] module: Move extra signature support out of core
code
Le 01/03/2022 à 00:43, Aaron Tomlin a écrit :
> No functional change.
>
> This patch migrates additional module signature check
> code from core module code into kernel/module/signing.c.
>
> Reviewed-by: Christophe Leroy <christophe.leroy@...roup.eu>
> Signed-off-by: Aaron Tomlin <atomlin@...hat.com>
> ---
> kernel/module/internal.h | 9 +++++
> kernel/module/main.c | 87 ----------------------------------------
> kernel/module/signing.c | 77 +++++++++++++++++++++++++++++++++++
> 3 files changed, 86 insertions(+), 87 deletions(-)
>
> diff --git a/kernel/module/signing.c b/kernel/module/signing.c
> index 8aeb6d2ee94b..85c8999dfecf 100644
> --- a/kernel/module/signing.c
> +++ b/kernel/module/signing.c
> @@ -11,9 +11,29 @@
> #include <linux/module_signature.h>
> #include <linux/string.h>
> #include <linux/verification.h>
> +#include <linux/security.h>
> #include <crypto/public_key.h>
> +#include <uapi/linux/module.h>
> #include "internal.h"
>
> +static bool sig_enforce = IS_ENABLED(CONFIG_MODULE_SIG_FORCE);
> +module_param(sig_enforce, bool_enable_only, 0644);
> +
> +/*
> + * Export sig_enforce kernel cmdline parameter to allow other subsystems rely
> + * on that instead of directly to CONFIG_MODULE_SIG_FORCE config.
> + */
> +bool is_module_sig_enforced(void)
> +{
> + return sig_enforce;
> +}
> +EXPORT_SYMBOL(is_module_sig_enforced);
As reported by the test robot, that's not enough.
When it was in main.c, is_module_sig_enforced() was build as soon as
CONFIG_MODULES was set.
Now it is only built when CONFIG_MODULE_SIG is selected, so you have to
modify include/linux/modules.h and have the stub
is_module_sig_enforced() when CONFIG_MODULE_SIG is not selected and not
only when CONFIG_MODULES is not selected.
> +
> +void set_module_sig_enforced(void)
> +{
> + sig_enforce = true;
> +}
> +
> /*
> * Verify the signature on a module.
> */
Christophe
Powered by blists - more mailing lists