| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20250429-module-hashes-v3-7-00e9258def9e@weissschuh.net> Date: Tue, 29 Apr 2025 15:04:34 +0200 From: Thomas Weißschuh <linux@...ssschuh.net> To: Masahiro Yamada <masahiroy@...nel.org>, Nathan Chancellor <nathan@...nel.org>, Arnd Bergmann <arnd@...db.de>, Luis Chamberlain <mcgrof@...nel.org>, Petr Pavlu <petr.pavlu@...e.com>, Sami Tolvanen <samitolvanen@...gle.com>, Daniel Gomez <da.gomez@...sung.com>, Paul Moore <paul@...l-moore.com>, James Morris <jmorris@...ei.org>, "Serge E. Hallyn" <serge@...lyn.com>, Jonathan Corbet <corbet@....net>, Madhavan Srinivasan <maddy@...ux.ibm.com>, Michael Ellerman <mpe@...erman.id.au>, Nicholas Piggin <npiggin@...il.com>, Christophe Leroy <christophe.leroy@...roup.eu>, Naveen N Rao <naveen@...nel.org>, Mimi Zohar <zohar@...ux.ibm.com>, Roberto Sassu <roberto.sassu@...wei.com>, Dmitry Kasatkin <dmitry.kasatkin@...il.com>, Eric Snowberg <eric.snowberg@...cle.com>, Nicolas Schier <nicolas.schier@...ux.dev>, Nicolas Schier <nicolas.schier@...ux.dev> Cc: Fabian Grünbichler <f.gruenbichler@...xmox.com>, Arnout Engelen <arnout@...t.net>, Mattia Rizzolo <mattia@...reri.org>, kpcyrd <kpcyrd@...hlinux.org>, Christian Heusel <christian@...sel.eu>, Câju Mihai-Drosi <mcaju95@...il.com>, linux-kbuild@...r.kernel.org, linux-kernel@...r.kernel.org, linux-arch@...r.kernel.org, linux-modules@...r.kernel.org, linux-security-module@...r.kernel.org, linux-doc@...r.kernel.org, linuxppc-dev@...ts.ozlabs.org, linux-integrity@...r.kernel.org, Thomas Weißschuh <linux@...ssschuh.net> Subject: [PATCH v3 7/9] module: Move lockdown check into generic module loader The lockdown check buried in module_sig_check() will not compose well with the introduction of hash-based module validation. Move it into module_integrity_check() which will work better. Signed-off-by: Thomas Weißschuh <linux@...ssschuh.net> --- kernel/module/main.c | 6 +++++- kernel/module/signing.c | 3 +-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index 0c88d443a3bc894b18a7aa230cadf396e585c415..1c353ece05fd1d2d709204e4d5fa44ecb8832bfa 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -3254,7 +3254,11 @@ static int module_integrity_check(struct load_info *info, int flags) if (IS_ENABLED(CONFIG_MODULE_SIG)) err = module_sig_check(info, flags); - return err; + if (err) + return err; + if (info->sig_ok) + return 0; + return security_locked_down(LOCKDOWN_MODULE_SIGNATURE); } /* diff --git a/kernel/module/signing.c b/kernel/module/signing.c index e51920605da14771601327ea596dad2e12400518..029e1ef6f0e369fd48e8c81154b6c697ad7a6249 100644 --- a/kernel/module/signing.c +++ b/kernel/module/signing.c @@ -11,7 +11,6 @@ #include <linux/module_signature.h> #include <linux/string.h> #include <linux/verification.h> -#include <linux/security.h> #include <crypto/public_key.h> #include <uapi/linux/module.h> #include "internal.h" @@ -100,5 +99,5 @@ int module_sig_check(struct load_info *info, int flags) return -EKEYREJECTED; } - return security_locked_down(LOCKDOWN_MODULE_SIGNATURE); + return 0; } -- 2.49.0
Powered by blists - more mailing lists