| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2d6b4a2e-b65a-4db2-aa92-2ad80d066516@t-8ch.de>
Date: Tue, 3 Feb 2026 13:42:26 +0100
From: Thomas Weißschuh <linux@...ssschuh.net>
To: Petr Pavlu <petr.pavlu@...e.com>
Cc: Nathan Chancellor <nathan@...nel.org>, Arnd Bergmann <arnd@...db.de>,
Luis Chamberlain <mcgrof@...nel.org>, Sami Tolvanen <samitolvanen@...gle.com>,
Daniel Gomez <da.gomez@...sung.com>, Paul Moore <paul@...l-moore.com>,
James Morris <jmorris@...ei.org>, "Serge E. Hallyn" <serge@...lyn.com>,
Jonathan Corbet <corbet@....net>, Madhavan Srinivasan <maddy@...ux.ibm.com>,
Michael Ellerman <mpe@...erman.id.au>, Nicholas Piggin <npiggin@...il.com>,
Naveen N Rao <naveen@...nel.org>, Mimi Zohar <zohar@...ux.ibm.com>,
Roberto Sassu <roberto.sassu@...wei.com>, Dmitry Kasatkin <dmitry.kasatkin@...il.com>,
Eric Snowberg <eric.snowberg@...cle.com>, Nicolas Schier <nicolas.schier@...ux.dev>,
Daniel Gomez <da.gomez@...nel.org>, Aaron Tomlin <atomlin@...mlin.com>,
"Christophe Leroy (CS GROUP)" <chleroy@...nel.org>, Nicolas Schier <nsc@...nel.org>,
Nicolas Bouchinet <nicolas.bouchinet@....cyber.gouv.fr>, Xiu Jianfeng <xiujianfeng@...wei.com>,
Fabian Grünbichler <f.gruenbichler@...xmox.com>, Arnout Engelen <arnout@...t.net>,
Mattia Rizzolo <mattia@...reri.org>, kpcyrd <kpcyrd@...hlinux.org>,
Christian Heusel <christian@...sel.eu>, Câju Mihai-Drosi <mcaju95@...il.com>,
Sebastian Andrzej Siewior <bigeasy@...utronix.de>, linux-kbuild@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-arch@...r.kernel.org, linux-modules@...r.kernel.org,
linux-security-module@...r.kernel.org, linux-doc@...r.kernel.org, linuxppc-dev@...ts.ozlabs.org,
linux-integrity@...r.kernel.org
Subject: Re: [PATCH v4 12/17] module: Move signature splitting up
On 2026-01-29 15:41:43+0100, Petr Pavlu wrote:
> On 1/13/26 1:28 PM, Thomas Weißschuh wrote:
> > The signature splitting will also be used by CONFIG_MODULE_HASHES.
> >
> > Move it up the callchain, so the result can be reused.
> >
> > Signed-off-by: Thomas Weißschuh <linux@...ssschuh.net>
> > ---
> > [...]
> > diff --git a/kernel/module/main.c b/kernel/module/main.c
> > index c09b25c0166a..d65bc300a78c 100644
> > --- a/kernel/module/main.c
> > +++ b/kernel/module/main.c
> > @@ -3346,10 +3346,21 @@ static int early_mod_check(struct load_info *info, int flags)
> >
> > static int module_integrity_check(struct load_info *info, int flags)
> > {
> > + bool mangled_module = flags & (MODULE_INIT_IGNORE_MODVERSIONS |
> > + MODULE_INIT_IGNORE_VERMAGIC);
> > + size_t sig_len;
> > + const u8 *sig;
> > int err = 0;
> >
> > + if (IS_ENABLED(CONFIG_MODULE_SIG_POLICY)) {
> > + err = mod_split_sig(info->hdr, &info->len, mangled_module,
> > + &sig_len, &sig, "module");
> > + if (err)
> > + return err;
> > + }
> > +
> > if (IS_ENABLED(CONFIG_MODULE_SIG))
> > - err = module_sig_check(info, flags);
> > + err = module_sig_check(info, sig, sig_len);
> >
> > if (err)
> > return err;
>
> I suggest moving the IS_ENABLED(CONFIG_MODULE_SIG) block under the
> new IS_ENABLED(CONFIG_MODULE_SIG_POLICY) section. I realize that
> CONFIG_MODULE_SIG implies CONFIG_MODULE_SIG_POLICY, but I believe this
> change makes it more apparent that this it the case. Otherwise, one
> might for example wonder if sig_len in the module_sig_check() call can
> be undefined.
>
> if (IS_ENABLED(CONFIG_MODULE_SIG_POLICY)) {
> err = mod_split_sig(info->hdr, &info->len, mangled_module,
> &sig_len, &sig, "module");
> if (err)
> return err;
>
> if (IS_ENABLED(CONFIG_MODULE_SIG))
> err = module_sig_check(info, sig, sig_len);
> }
Ack.
Powered by blists - more mailing lists