| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20220602034111.4163292-1-saravanak@google.com>
Date: Wed, 1 Jun 2022 20:41:11 -0700
From: Saravana Kannan <saravanak@...gle.com>
To: Aaron Tomlin <atomlin@...hat.com>, mcgrof@...nel.org,
christophe.leroy@...roup.eu
Cc: cl@...ux.com, mbenes@...e.cz, akpm@...ux-foundation.org,
jeyu@...nel.org, linux-kernel@...r.kernel.org,
linux-modules@...r.kernel.org, void@...ifault.com,
atomlin@...mlin.com, allen.lkml@...il.com, joe@...ches.com,
msuchanek@...e.de, oleksandr@...alenko.name,
jason.wessel@...driver.com, pmladek@...e.com,
daniel.thompson@...aro.org, hch@...radead.org,
kernel-team@...roid.com
Subject: Re: [PATCH v12 01/14] module: Move all into module/
Aaron Tomlin <atomlin@...hat.com> wrote:
> No functional changes.
I could be mistaken, but I think this has a functional change and could
break module signature enforcement in some cases.
>
> This patch moves all module related code into a separate directory,
> modifies each file name and creates a new Makefile. Note: this effort
> is in preparation to refactor core module code.
>
> Reviewed-by: Christophe Leroy <christophe.leroy@...roup.eu>
> Signed-off-by: Aaron Tomlin <atomlin@...hat.com>
> ---
> MAINTAINERS | 2 +-
> kernel/Makefile | 5 +----
> kernel/module/Makefile | 12 ++++++++++++
> kernel/{module_decompress.c => module/decompress.c} | 2 +-
> kernel/{module-internal.h => module/internal.h} | 0
> kernel/{module.c => module/main.c} | 2 +-
> kernel/{module_signing.c => module/signing.c} | 2 +-
I spent at least an hour trying to figure out how the code below in
module/signing.c (was moved from module/main.c in a later patch in this
series) managed to have a "module" prefix for "module.sig_enforce" kernel
cmdline param and for the /sys/module/module/parameters/sig_enforce file.
static bool sig_enforce = IS_ENABLED(CONFIG_MODULE_SIG_FORCE);
module_param(sig_enforce, bool_enable_only, 0644);
I thought I was missing something until I realized this was a very recent
change and might actually be a bug. If I'm not mistaken, the prefix will
now become "signing". So the kernel cmdline param would get ignore and any
userspace writes to /sys/module/module/parameters/sig_enforce will start
failing.
I don't have a device to boot 5.19-rcX in, but I think I'm right. Can
someone confirm?
If my code analysis is right, then the fix seems to be adding this code
before the module_param() line.
diff --git a/kernel/module/signing.c b/kernel/module/signing.c
index 85c8999dfecf..6b0672e4417b 100644
--- a/kernel/module/signing.c
+++ b/kernel/module/signing.c
@@ -16,6 +16,11 @@
#include <uapi/linux/module.h>
#include "internal.h"
+#ifdef MODULE_PARAM_PREFIX
+#undef MODULE_PARAM_PREFIX
+#endif
+#define MODULE_PARAM_PREFIX "module."
+
static bool sig_enforce = IS_ENABLED(CONFIG_MODULE_SIG_FORCE);
module_param(sig_enforce, bool_enable_only, 0644);
-Saravana
Powered by blists - more mailing lists