mirrors/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2025-11-04 10:40:15 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

modsign: log module name in the event of an error

Browse source 
Now that we have the load_info struct all initialized (including
info->name, which contains the name of the module) before
module_sig_check(), make the load_info struct and hence module name
available to mod_verify_sig() so that we can log the module name in the
event of an error.

Signed-off-by: Jessica Yu <jeyu@kernel.org>
This commit is contained in:
Jessica Yu 2018-06-29 16:37:08 +02:00
parent 996302c5e8
commit f314dfea16
3 changed files with 32 additions and 27 deletions
repo.diff.show_diff_stats Download patch file Download diff file Expand all files Collapse all files

25
kernel/module-internal.h
View file

@ -9,4 +9,27 @@
* 2 of the Licence, or (at your option) any later version.
*/
extern int mod_verify_sig(const void *mod, unsigned long *_modlen);
#include <linux/elf.h>
#include <asm/module.h>
struct load_info {
const char *name;
/* pointer to module in temporary copy, freed at end of load_module() */
struct module *mod;
Elf_Ehdr *hdr;
unsigned long len;
Elf_Shdr *sechdrs;
char *secstrings, *strtab;
unsigned long symoffs, stroffs;
struct _ddebug *debug;
unsigned int num_debug;
bool sig_ok;
#ifdef CONFIG_KALLSYMS
unsigned long mod_kallsyms_init_off;
#endif
struct {
unsigned int sym, str, mod, vers, info, pcpu;
} index;
};
extern int mod_verify_sig(const void *mod, struct load_info *info);

22
kernel/module.c
View file

@ -307,26 +307,6 @@ int unregister_module_notifier(struct notifier_block *nb)
}
EXPORT_SYMBOL(unregister_module_notifier);
struct load_info {
const char *name;
/* pointer to module in temporary copy, freed at end of load_module() */
struct module *mod;
Elf_Ehdr *hdr;
unsigned long len;
Elf_Shdr *sechdrs;
char *secstrings, *strtab;
unsigned long symoffs, stroffs;
struct _ddebug *debug;
unsigned int num_debug;
bool sig_ok;
#ifdef CONFIG_KALLSYMS
unsigned long mod_kallsyms_init_off;
#endif
struct {
unsigned int sym, str, mod, vers, info, pcpu;
} index;
};
/*
* We require a truly strong try_module_get(): 0 means success.
* Otherwise an error is returned due to ongoing or failed
@ -2778,7 +2758,7 @@ static int module_sig_check(struct load_info *info, int flags)
memcmp(mod + info->len - markerlen, MODULE_SIG_STRING, markerlen) == 0) {
/* We truncate the module to discard the signature */
info->len -= markerlen;
err = mod_verify_sig(mod, &info->len);
err = mod_verify_sig(mod, info);
}
if (!err) {

12
kernel/module_signing.c
View file

@ -45,10 +45,10 @@ struct module_signature {
/*
* Verify the signature on a module.
*/
int mod_verify_sig(const void *mod, unsigned long *_modlen)
int mod_verify_sig(const void *mod, struct load_info *info)
{
struct module_signature ms;
size_t modlen = *_modlen, sig_len;
size_t sig_len, modlen = info->len;
pr_devel("==>%s(,%zu)\n", __func__, modlen);
@ -62,10 +62,11 @@ int mod_verify_sig(const void *mod, unsigned long *_modlen)
if (sig_len >= modlen)
return -EBADMSG;
modlen -= sig_len;
*_modlen = modlen;
info->len = modlen;
if (ms.id_type != PKEY_ID_PKCS7) {
pr_err("Module is not signed with expected PKCS#7 message\n");
pr_err("%s: Module is not signed with expected PKCS#7 message\n",
info->name);
return -ENOPKG;
}
@ -76,7 +77,8 @@ int mod_verify_sig(const void *mod, unsigned long *_modlen)
ms.__pad[0] != 0 ||
ms.__pad[1] != 0 ||
ms.__pad[2] != 0) {
pr_err("PKCS#7 signature info has unexpected non-zero params\n");
pr_err("%s: PKCS#7 signature info has unexpected non-zero params\n",
info->name);
return -EBADMSG;
}