| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 19 Mar 2023 14:35:40 -0700
From: Luis Chamberlain <mcgrof@...nel.org>
To: linux-modules@...r.kernel.org, linux-kernel@...r.kernel.org,
pmladek@...e.com, david@...hat.com, petr.pavlu@...e.com,
prarit@...hat.com
Cc: christophe.leroy@...roup.eu, song@...nel.org, mcgrof@...nel.org
Subject: [PATCH 3/5] module: move more elf validity checks to elf_validity_check()
The symbol and strings section validation currently happen in
setup_load_info() but since they are also doing validity checks
move this to elf_validity_check().
Signed-off-by: Luis Chamberlain <mcgrof@...nel.org>
---
kernel/module/main.c | 79 ++++++++++++++++++++++++--------------------
1 file changed, 44 insertions(+), 35 deletions(-)
diff --git a/kernel/module/main.c b/kernel/module/main.c
index fbe62d1625bc..84a7f96cf35a 100644
--- a/kernel/module/main.c
+++ b/kernel/module/main.c
@@ -1658,6 +1658,8 @@ static int elf_validity_check(struct load_info *info)
Elf_Shdr *shdr, *strhdr;
int err;
unsigned int num_mod_secs = 0, mod_idx;
+ unsigned int num_info_secs = 0, info_idx;
+ unsigned int num_sym_secs = 0, sym_idx;
if (info->len < sizeof(*(info->hdr))) {
pr_err("Invalid ELF header len %lu\n", info->len);
@@ -1761,6 +1763,8 @@ static int elf_validity_check(struct load_info *info)
info->hdr->e_shnum);
goto no_exec;
}
+ num_sym_secs++;
+ sym_idx = i;
fallthrough;
default:
err = validate_section_offset(info, shdr);
@@ -1773,6 +1777,10 @@ static int elf_validity_check(struct load_info *info)
".gnu.linkonce.this_module") == 0) {
num_mod_secs++;
mod_idx = i;
+ } else if (strcmp(info->secstrings + shdr->sh_name,
+ ".modinfo") == 0) {
+ num_info_secs++;
+ info_idx = i;
}
if (shdr->sh_flags & SHF_ALLOC) {
@@ -1786,6 +1794,27 @@ static int elf_validity_check(struct load_info *info)
}
}
+ if (num_info_secs > 1) {
+ pr_err("Only one .modinfo section must exist.\n");
+ goto no_exec;
+ } else if (num_info_secs == 1) {
+ /* Try to find a name early so we can log errors with a module name */
+ info->index.info = info_idx;
+ info->name = get_modinfo(info, "name");
+ }
+
+ if (num_sym_secs != 1) {
+ pr_warn("%s: module has no symbols (stripped?)\n",
+ info->name ?: "(missing .modinfo section or name field)");
+ goto no_exec;
+ }
+
+ /* Sets internal symbols and strings. */
+ info->index.sym = sym_idx;
+ shdr = &info->sechdrs[sym_idx];
+ info->index.str = shdr->sh_link;
+ info->strtab = (char *)info->hdr + info->sechdrs[info->index.str].sh_offset;
+
/*
* The ".gnu.linkonce.this_module" ELF section is special. It is
* what modpost uses to refer to __this_module and let's use rely
@@ -1802,7 +1831,8 @@ static int elf_validity_check(struct load_info *info)
* size
*/
if (num_mod_secs != 1) {
- pr_err("Only one .gnu.linkonce.this_module section must exist.\n");
+ pr_err("module %s: Only one .gnu.linkonce.this_module section must exist.\n",
+ info->name ?: "(missing .modinfo section or name field)");
goto no_exec;
}
@@ -1813,17 +1843,20 @@ static int elf_validity_check(struct load_info *info)
* pedantic about it.
*/
if (shdr->sh_type == SHT_NOBITS) {
- pr_err(".gnu.linkonce.this_module section must have a size set\n");
+ pr_err("module %s: .gnu.linkonce.this_module section must have a size set\n",
+ info->name ?: "(missing .modinfo section or name field)");
goto no_exec;
}
if (!(shdr->sh_flags & SHF_ALLOC)) {
- pr_err(".gnu.linkonce.this_module must occupy memory during process execution\n");
+ pr_err("module %s: .gnu.linkonce.this_module must occupy memory during process execution\n",
+ info->name ?: "(missing .modinfo section or name field)");
goto no_exec;
}
if (shdr->sh_size != sizeof(struct module)) {
- pr_err(".gnu.linkonce.this_module section size must match the kernel's built struct module size at run time\n");
+ pr_err("module %s: .gnu.linkonce.this_module section size must match the kernel's built struct module size at run time\n",
+ info->name ?: "(missing .modinfo section or name field)");
goto no_exec;
}
@@ -1832,6 +1865,13 @@ static int elf_validity_check(struct load_info *info)
/* This is temporary: point mod into copy of data. */
info->mod = (void *)info->hdr + shdr->sh_offset;
+ /*
+ * If we didn't load the .modinfo 'name' field earlier, fall back to
+ * on-disk struct mod 'name' field.
+ */
+ if (!info->name)
+ info->name = info->mod->name;
+
return 0;
no_exec:
@@ -1954,37 +1994,6 @@ static int rewrite_section_headers(struct load_info *info, int flags)
*/
static int setup_load_info(struct load_info *info, int flags)
{
- unsigned int i;
-
- /* Try to find a name early so we can log errors with a module name */
- info->index.info = find_sec(info, ".modinfo");
- if (info->index.info)
- info->name = get_modinfo(info, "name");
-
- /* Find internal symbols and strings. */
- for (i = 1; i < info->hdr->e_shnum; i++) {
- if (info->sechdrs[i].sh_type == SHT_SYMTAB) {
- info->index.sym = i;
- info->index.str = info->sechdrs[i].sh_link;
- info->strtab = (char *)info->hdr
- + info->sechdrs[info->index.str].sh_offset;
- break;
- }
- }
-
- if (info->index.sym == 0) {
- pr_warn("%s: module has no symbols (stripped?)\n",
- info->name ?: "(missing .modinfo section or name field)");
- return -ENOEXEC;
- }
-
- /*
- * If we didn't load the .modinfo 'name' field earlier, fall back to
- * on-disk struct mod 'name' field.
- */
- if (!info->name)
- info->name = info->mod->name;
-
if (flags & MODULE_INIT_IGNORE_MODVERSIONS)
info->index.vers = 0; /* Pretend no __versions section! */
else
--
2.39.1
Powered by blists - more mailing lists