[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CABCJKuePtd00h3Z57Nj6TbG=GyeKeFgkzUBZJUT1v2_BQ9dczA@mail.gmail.com>
Date: Fri, 5 Sep 2025 08:22:56 -0700
From: Sami Tolvanen <samitolvanen@...gle.com>
To: Coder <rootuserhere@...il.com>
Cc: linux-modules@...r.kernel.org, mcgrof@...nel.org,
"petr.pavlu@...e.com" <petr.pavlu@...e.com>, da.gomez@...nel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] module: harden module signature checking
Hi,
On Fri, Sep 5, 2025 at 6:38 AM Coder <rootuserhere@...il.com> wrote:
>
> From: Fidal Palamparambil <rootuserhere@...il.com>
> Date: Fri, 5 Sep 2025 17:16:01 +0400
> Subject: [PATCH] module: harden module signature checking
> Cc: mcgrof@...nel.org, petr.pavlu@...e.com, da.gomez@...nel.org, samitolvanen@...gle.com, linux-kernel@...r.kernel.org
>
> module: harden module signature checking
>
> This patch makes small defensive and style improvements to the
> module signature checker:
>
> - avoid void * arithmetic by casting module header to const u8 *
> - add an explicit bounds check for ms.sig_len before using it
> - restore info->len to its original value when verification fails so
> the loader does not observe a truncated length unexpectedly
> - use READ_ONCE/WRITE_ONCE for sig_enforce to avoid rare SMP visibility
> races
>
> These changes are intended to improve clarity and robustness; they do not
> change the signature verification policy or behavior.
>
> Signed-off-by: Fidal Palamparambil <rootuserhere@...il.com>
>
> ---
>
> diff --git a/kernel/module-signing.c b/kernel/module-signing.c
> index abcdef1..1234567 100644
> --- a/kernel/module-signing.c
> +++ b/kernel/module-signing.c
We used to have kernel/module_signing.c before v5.19, but I'm not sure
if kernel/module-signing.c has ever existed. How exactly did you
generate this patch?
Sami
Powered by blists - more mailing lists