From: Michal Suchanek <msuchanek@suse.de>
To: keyrings@vger.kernel.org, linux-crypto@vger.kernel.org,
linux-integrity@vger.kernel.org
Cc: Michal Suchanek <msuchanek@suse.de>,
kexec@lists.infradead.org, Philipp Rudo <prudo@redhat.com>,
Mimi Zohar <zohar@linux.ibm.com>,
Nayna <nayna@linux.vnet.ibm.com>, Rob Herring <robh@kernel.org>,
linux-s390@vger.kernel.org, Vasily Gorbik <gor@linux.ibm.com>,
Lakshmi Ramasubramanian <nramas@linux.microsoft.com>,
Heiko Carstens <hca@linux.ibm.com>, Jessica Yu <jeyu@kernel.org>,
linux-kernel@vger.kernel.org, David Howells <dhowells@redhat.com>,
Christian Borntraeger <borntraeger@de.ibm.com>,
Luis Chamberlain <mcgrof@kernel.org>,
Paul Mackerras <paulus@samba.org>,
Hari Bathini <hbathini@linux.ibm.com>,
Alexander Gordeev <agordeev@linux.ibm.com>,
linuxppc-dev@lists.ozlabs.org,
Frank van der Linden <fllinden@amazon.com>,
Thiago Jung Bauermann <bauerman@linux.ibm.com>,
Daniel Axtens <dja@axtens.net>,
buendgen@de.ibm.com, Michael Ellerman <mpe@ellerman.id.au>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Christian Borntraeger <borntraeger@linux.ibm.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>,
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
Sven Schnelle <svens@linux.ibm.com>, Baoquan He <bhe@redhat.com>,
linux-security-module@vger.kernel.org
Subject: [PATCH v5 6/6] module: Move duplicate mod_check_sig users code to mod_parse_sig
Date: Tue, 11 Jan 2022 12:37:48 +0100 [thread overview]
Message-ID: <687db74a714d50b9c83d7ac024da4f7dec0d9a1d.1641900831.git.msuchanek@suse.de> (raw)
In-Reply-To: <cover.1641900831.git.msuchanek@suse.de>
Multiple users of mod_check_sig check for the marker, then call
mod_check_sig, extract signature length, and remove the signature.
Put this code in one place together with mod_check_sig.
This changes the error from ENOENT to ENODATA for ima_read_modsig in the
case the signature marker is missing.
This also changes the buffer length in ima_read_modsig from size_t to
unsigned long. This reduces the possible value range on 32bit but the
length refers to kernel in-memory buffer which cannot be longer than
ULONG_MAX.
Also change mod_check_sig to unsigned long while at it.
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
---
v3: - Philipp Rudo <prudo@redhat.com>: Update the commit with note about
change of raturn value
- Preserve the EBADMSG error code while moving code araound
v4: - remove unused variable ms in module_signing.c
- note about buffer length
v5: - also change the functions in module_signature.c to unsigned long
---
include/linux/module_signature.h | 4 +-
kernel/module_signature.c | 58 ++++++++++++++++++++++++++++-
kernel/module_signing.c | 27 ++------------
security/integrity/ima/ima_modsig.c | 22 ++---------
4 files changed, 66 insertions(+), 45 deletions(-)
diff --git a/include/linux/module_signature.h b/include/linux/module_signature.h
index 7eb4b00381ac..e5fb157c085c 100644
--- a/include/linux/module_signature.h
+++ b/include/linux/module_signature.h
@@ -40,7 +40,9 @@ struct module_signature {
__be32 sig_len; /* Length of signature data */
};
-int mod_check_sig(const struct module_signature *ms, size_t file_len,
+int mod_check_sig(const struct module_signature *ms, unsigned long file_len,
+ const char *name);
+int mod_parse_sig(const void *data, unsigned long *len, unsigned long *sig_len,
const char *name);
#endif /* _LINUX_MODULE_SIGNATURE_H */
diff --git a/kernel/module_signature.c b/kernel/module_signature.c
index 00132d12487c..4a36405ecd08 100644
--- a/kernel/module_signature.c
+++ b/kernel/module_signature.c
@@ -8,17 +8,39 @@
#include <linux/errno.h>
#include <linux/printk.h>
+#include <linux/string.h>
#include <linux/module_signature.h>
#include <asm/byteorder.h>
+/**
+ * mod_check_sig_marker - check that the given data has signature marker at the end
+ *
+ * @data: Data with appended signature
+ * @len: Length of data. Signature marker length is subtracted on success.
+ */
+static inline int mod_check_sig_marker(const void *data, unsigned long *len)
+{
+ const unsigned long markerlen = sizeof(MODULE_SIG_STRING) - 1;
+
+ if (markerlen > *len)
+ return -ENODATA;
+
+ if (memcmp(data + *len - markerlen, MODULE_SIG_STRING,
+ markerlen))
+ return -ENODATA;
+
+ *len -= markerlen;
+ return 0;
+}
+
/**
* mod_check_sig - check that the given signature is sane
*
* @ms: Signature to check.
- * @file_len: Size of the file to which @ms is appended.
+ * @file_len: Size of the file to which @ms is appended (without the marker).
* @name: What is being checked. Used for error messages.
*/
-int mod_check_sig(const struct module_signature *ms, size_t file_len,
+int mod_check_sig(const struct module_signature *ms, unsigned long file_len,
const char *name)
{
if (be32_to_cpu(ms->sig_len) >= file_len - sizeof(*ms))
@@ -44,3 +66,35 @@ int mod_check_sig(const struct module_signature *ms, size_t file_len,
return 0;
}
+
+/**
+ * mod_parse_sig - check that the given signature is sane and determine signature length
+ *
+ * @data: Data with appended signature.
+ * @len: Length of data. Signature and marker length is subtracted on success.
+ * @sig_len: Length of signature. Filled on success.
+ * @name: What is being checked. Used for error messages.
+ */
+int mod_parse_sig(const void *data, unsigned long *len, unsigned long *sig_len, const char *name)
+{
+ const struct module_signature *sig;
+ int rc;
+
+ rc = mod_check_sig_marker(data, len);
+ if (rc)
+ return rc;
+
+ if (*len < sizeof(*sig))
+ return -EBADMSG;
+
+ sig = data + (*len - sizeof(*sig));
+
+ rc = mod_check_sig(sig, *len, name);
+ if (rc)
+ return rc;
+
+ *sig_len = be32_to_cpu(sig->sig_len);
+ *len -= *sig_len + sizeof(*sig);
+
+ return 0;
+}
diff --git a/kernel/module_signing.c b/kernel/module_signing.c
index 20857d2a15ca..1d4cb03cce21 100644
--- a/kernel/module_signing.c
+++ b/kernel/module_signing.c
@@ -25,35 +25,16 @@ int verify_appended_signature(const void *data, unsigned long *len,
struct key *trusted_keys,
enum key_being_used_for purpose)
{
- const unsigned long markerlen = sizeof(MODULE_SIG_STRING) - 1;
- struct module_signature *ms;
- unsigned long sig_len, modlen = *len;
+ unsigned long sig_len;
int ret;
- pr_devel("==>%s %s(,%lu)\n", __func__, key_being_used_for[purpose], modlen);
+ pr_devel("==>%s %s(,%lu)\n", __func__, key_being_used_for[purpose], *len);
- if (markerlen > modlen)
- return -ENODATA;
-
- if (memcmp(data + modlen - markerlen, MODULE_SIG_STRING,
- markerlen))
- return -ENODATA;
- modlen -= markerlen;
-
- if (modlen <= sizeof(*ms))
- return -EBADMSG;
-
- ms = data + modlen - sizeof(*ms);
-
- ret = mod_check_sig(ms, modlen, key_being_used_for[purpose]);
+ ret = mod_parse_sig(data, len, &sig_len, key_being_used_for[purpose]);
if (ret)
return ret;
- sig_len = be32_to_cpu(ms->sig_len);
- modlen -= sig_len + sizeof(*ms);
- *len = modlen;
-
- return verify_pkcs7_signature(data, modlen, data + modlen, sig_len,
+ return verify_pkcs7_signature(data, *len, data + *len, sig_len,
trusted_keys,
purpose,
NULL, NULL);
diff --git a/security/integrity/ima/ima_modsig.c b/security/integrity/ima/ima_modsig.c
index fb25723c65bc..b40c8fdf6139 100644
--- a/security/integrity/ima/ima_modsig.c
+++ b/security/integrity/ima/ima_modsig.c
@@ -37,33 +37,17 @@ struct modsig {
*
* Return: 0 on success, error code otherwise.
*/
-int ima_read_modsig(enum ima_hooks func, const void *buf, loff_t buf_len,
+int ima_read_modsig(enum ima_hooks func, const void *buf, loff_t len,
struct modsig **modsig)
{
- const size_t marker_len = strlen(MODULE_SIG_STRING);
- const struct module_signature *sig;
struct modsig *hdr;
- size_t sig_len;
- const void *p;
+ unsigned long sig_len, buf_len = len;
int rc;
- if (buf_len <= marker_len + sizeof(*sig))
- return -ENOENT;
-
- p = buf + buf_len - marker_len;
- if (memcmp(p, MODULE_SIG_STRING, marker_len))
- return -ENOENT;
-
- buf_len -= marker_len;
- sig = (const struct module_signature *)(p - sizeof(*sig));
-
- rc = mod_check_sig(sig, buf_len, func_tokens[func]);
+ rc = mod_parse_sig(buf, &buf_len, &sig_len, func_tokens[func]);
if (rc)
return rc;
- sig_len = be32_to_cpu(sig->sig_len);
- buf_len -= sig_len + sizeof(*sig);
-
/* Allocate sig_len additional bytes to hold the raw PKCS#7 data. */
hdr = kzalloc(sizeof(*hdr) + sig_len, GFP_KERNEL);
if (!hdr)
--
2.31.1
WARNING: multiple messages have this Message-ID (diff)
From: Michal Suchanek <msuchanek@suse.de>
To: keyrings@vger.kernel.org, linux-crypto@vger.kernel.org,
linux-integrity@vger.kernel.org
Cc: Nayna <nayna@linux.vnet.ibm.com>,
Mimi Zohar <zohar@linux.ibm.com>,
David Howells <dhowells@redhat.com>,
Paul Mackerras <paulus@samba.org>,
Alexander Gordeev <agordeev@linux.ibm.com>,
Rob Herring <robh@kernel.org>,
Herbert Xu <herbert@gondor.apana.org.au>,
Baoquan He <bhe@redhat.com>,
Christian Borntraeger <borntraeger@de.ibm.com>,
James Morris <jmorris@namei.org>,
Lakshmi Ramasubramanian <nramas@linux.microsoft.com>,
Michal Suchanek <msuchanek@suse.de>,
"Serge E. Hallyn" <serge@hallyn.com>,
Vasily Gorbik <gor@linux.ibm.com>,
linux-s390@vger.kernel.org, Heiko Carstens <hca@linux.ibm.com>,
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
Hari Bathini <hbathini@linux.ibm.com>,
Daniel Axtens <dja@axtens.net>,
Christian Borntraeger <borntraeger@linux.ibm.com>,
Philipp Rudo <prudo@redhat.com>,
Frank van der Linden <fllinden@amazon.com>,
kexec@lists.infradead.org, linux-kernel@vger.kernel.org,
Luis Chamberlain <mcgrof@kernel.org>,
Sven Schnelle <svens@linux.ibm.com>,
linux-security-module@vger.kernel.org,
Jessica Yu <jeyu@kernel.org>,
linuxppc-dev@lists.ozlabs.org,
"David S. Miller" <davem@davemloft.net>,
Thiago Jung Bauermann <bauerman@linux.ibm.com>,
buendgen@de.ibm.com
Subject: [PATCH v5 6/6] module: Move duplicate mod_check_sig users code to mod_parse_sig
Date: Tue, 11 Jan 2022 12:37:48 +0100 [thread overview]
Message-ID: <687db74a714d50b9c83d7ac024da4f7dec0d9a1d.1641900831.git.msuchanek@suse.de> (raw)
In-Reply-To: <cover.1641900831.git.msuchanek@suse.de>
Multiple users of mod_check_sig check for the marker, then call
mod_check_sig, extract signature length, and remove the signature.
Put this code in one place together with mod_check_sig.
This changes the error from ENOENT to ENODATA for ima_read_modsig in the
case the signature marker is missing.
This also changes the buffer length in ima_read_modsig from size_t to
unsigned long. This reduces the possible value range on 32bit but the
length refers to kernel in-memory buffer which cannot be longer than
ULONG_MAX.
Also change mod_check_sig to unsigned long while at it.
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
---
v3: - Philipp Rudo <prudo@redhat.com>: Update the commit with note about
change of raturn value
- Preserve the EBADMSG error code while moving code araound
v4: - remove unused variable ms in module_signing.c
- note about buffer length
v5: - also change the functions in module_signature.c to unsigned long
---
include/linux/module_signature.h | 4 +-
kernel/module_signature.c | 58 ++++++++++++++++++++++++++++-
kernel/module_signing.c | 27 ++------------
security/integrity/ima/ima_modsig.c | 22 ++---------
4 files changed, 66 insertions(+), 45 deletions(-)
diff --git a/include/linux/module_signature.h b/include/linux/module_signature.h
index 7eb4b00381ac..e5fb157c085c 100644
--- a/include/linux/module_signature.h
+++ b/include/linux/module_signature.h
@@ -40,7 +40,9 @@ struct module_signature {
__be32 sig_len; /* Length of signature data */
};
-int mod_check_sig(const struct module_signature *ms, size_t file_len,
+int mod_check_sig(const struct module_signature *ms, unsigned long file_len,
+ const char *name);
+int mod_parse_sig(const void *data, unsigned long *len, unsigned long *sig_len,
const char *name);
#endif /* _LINUX_MODULE_SIGNATURE_H */
diff --git a/kernel/module_signature.c b/kernel/module_signature.c
index 00132d12487c..4a36405ecd08 100644
--- a/kernel/module_signature.c
+++ b/kernel/module_signature.c
@@ -8,17 +8,39 @@
#include <linux/errno.h>
#include <linux/printk.h>
+#include <linux/string.h>
#include <linux/module_signature.h>
#include <asm/byteorder.h>
+/**
+ * mod_check_sig_marker - check that the given data has signature marker at the end
+ *
+ * @data: Data with appended signature
+ * @len: Length of data. Signature marker length is subtracted on success.
+ */
+static inline int mod_check_sig_marker(const void *data, unsigned long *len)
+{
+ const unsigned long markerlen = sizeof(MODULE_SIG_STRING) - 1;
+
+ if (markerlen > *len)
+ return -ENODATA;
+
+ if (memcmp(data + *len - markerlen, MODULE_SIG_STRING,
+ markerlen))
+ return -ENODATA;
+
+ *len -= markerlen;
+ return 0;
+}
+
/**
* mod_check_sig - check that the given signature is sane
*
* @ms: Signature to check.
- * @file_len: Size of the file to which @ms is appended.
+ * @file_len: Size of the file to which @ms is appended (without the marker).
* @name: What is being checked. Used for error messages.
*/
-int mod_check_sig(const struct module_signature *ms, size_t file_len,
+int mod_check_sig(const struct module_signature *ms, unsigned long file_len,
const char *name)
{
if (be32_to_cpu(ms->sig_len) >= file_len - sizeof(*ms))
@@ -44,3 +66,35 @@ int mod_check_sig(const struct module_signature *ms, size_t file_len,
return 0;
}
+
+/**
+ * mod_parse_sig - check that the given signature is sane and determine signature length
+ *
+ * @data: Data with appended signature.
+ * @len: Length of data. Signature and marker length is subtracted on success.
+ * @sig_len: Length of signature. Filled on success.
+ * @name: What is being checked. Used for error messages.
+ */
+int mod_parse_sig(const void *data, unsigned long *len, unsigned long *sig_len, const char *name)
+{
+ const struct module_signature *sig;
+ int rc;
+
+ rc = mod_check_sig_marker(data, len);
+ if (rc)
+ return rc;
+
+ if (*len < sizeof(*sig))
+ return -EBADMSG;
+
+ sig = data + (*len - sizeof(*sig));
+
+ rc = mod_check_sig(sig, *len, name);
+ if (rc)
+ return rc;
+
+ *sig_len = be32_to_cpu(sig->sig_len);
+ *len -= *sig_len + sizeof(*sig);
+
+ return 0;
+}
diff --git a/kernel/module_signing.c b/kernel/module_signing.c
index 20857d2a15ca..1d4cb03cce21 100644
--- a/kernel/module_signing.c
+++ b/kernel/module_signing.c
@@ -25,35 +25,16 @@ int verify_appended_signature(const void *data, unsigned long *len,
struct key *trusted_keys,
enum key_being_used_for purpose)
{
- const unsigned long markerlen = sizeof(MODULE_SIG_STRING) - 1;
- struct module_signature *ms;
- unsigned long sig_len, modlen = *len;
+ unsigned long sig_len;
int ret;
- pr_devel("==>%s %s(,%lu)\n", __func__, key_being_used_for[purpose], modlen);
+ pr_devel("==>%s %s(,%lu)\n", __func__, key_being_used_for[purpose], *len);
- if (markerlen > modlen)
- return -ENODATA;
-
- if (memcmp(data + modlen - markerlen, MODULE_SIG_STRING,
- markerlen))
- return -ENODATA;
- modlen -= markerlen;
-
- if (modlen <= sizeof(*ms))
- return -EBADMSG;
-
- ms = data + modlen - sizeof(*ms);
-
- ret = mod_check_sig(ms, modlen, key_being_used_for[purpose]);
+ ret = mod_parse_sig(data, len, &sig_len, key_being_used_for[purpose]);
if (ret)
return ret;
- sig_len = be32_to_cpu(ms->sig_len);
- modlen -= sig_len + sizeof(*ms);
- *len = modlen;
-
- return verify_pkcs7_signature(data, modlen, data + modlen, sig_len,
+ return verify_pkcs7_signature(data, *len, data + *len, sig_len,
trusted_keys,
purpose,
NULL, NULL);
diff --git a/security/integrity/ima/ima_modsig.c b/security/integrity/ima/ima_modsig.c
index fb25723c65bc..b40c8fdf6139 100644
--- a/security/integrity/ima/ima_modsig.c
+++ b/security/integrity/ima/ima_modsig.c
@@ -37,33 +37,17 @@ struct modsig {
*
* Return: 0 on success, error code otherwise.
*/
-int ima_read_modsig(enum ima_hooks func, const void *buf, loff_t buf_len,
+int ima_read_modsig(enum ima_hooks func, const void *buf, loff_t len,
struct modsig **modsig)
{
- const size_t marker_len = strlen(MODULE_SIG_STRING);
- const struct module_signature *sig;
struct modsig *hdr;
- size_t sig_len;
- const void *p;
+ unsigned long sig_len, buf_len = len;
int rc;
- if (buf_len <= marker_len + sizeof(*sig))
- return -ENOENT;
-
- p = buf + buf_len - marker_len;
- if (memcmp(p, MODULE_SIG_STRING, marker_len))
- return -ENOENT;
-
- buf_len -= marker_len;
- sig = (const struct module_signature *)(p - sizeof(*sig));
-
- rc = mod_check_sig(sig, buf_len, func_tokens[func]);
+ rc = mod_parse_sig(buf, &buf_len, &sig_len, func_tokens[func]);
if (rc)
return rc;
- sig_len = be32_to_cpu(sig->sig_len);
- buf_len -= sig_len + sizeof(*sig);
-
/* Allocate sig_len additional bytes to hold the raw PKCS#7 data. */
hdr = kzalloc(sizeof(*hdr) + sig_len, GFP_KERNEL);
if (!hdr)
--
2.31.1
WARNING: multiple messages have this Message-ID (diff)
From: Michal Suchanek <msuchanek@suse.de>
To: kexec@lists.infradead.org
Subject: [PATCH v5 6/6] module: Move duplicate mod_check_sig users code to mod_parse_sig
Date: Tue, 11 Jan 2022 12:37:48 +0100 [thread overview]
Message-ID: <687db74a714d50b9c83d7ac024da4f7dec0d9a1d.1641900831.git.msuchanek@suse.de> (raw)
In-Reply-To: <cover.1641900831.git.msuchanek@suse.de>
Multiple users of mod_check_sig check for the marker, then call
mod_check_sig, extract signature length, and remove the signature.
Put this code in one place together with mod_check_sig.
This changes the error from ENOENT to ENODATA for ima_read_modsig in the
case the signature marker is missing.
This also changes the buffer length in ima_read_modsig from size_t to
unsigned long. This reduces the possible value range on 32bit but the
length refers to kernel in-memory buffer which cannot be longer than
ULONG_MAX.
Also change mod_check_sig to unsigned long while at it.
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
---
v3: - Philipp Rudo <prudo@redhat.com>: Update the commit with note about
change of raturn value
- Preserve the EBADMSG error code while moving code araound
v4: - remove unused variable ms in module_signing.c
- note about buffer length
v5: - also change the functions in module_signature.c to unsigned long
---
include/linux/module_signature.h | 4 +-
kernel/module_signature.c | 58 ++++++++++++++++++++++++++++-
kernel/module_signing.c | 27 ++------------
security/integrity/ima/ima_modsig.c | 22 ++---------
4 files changed, 66 insertions(+), 45 deletions(-)
diff --git a/include/linux/module_signature.h b/include/linux/module_signature.h
index 7eb4b00381ac..e5fb157c085c 100644
--- a/include/linux/module_signature.h
+++ b/include/linux/module_signature.h
@@ -40,7 +40,9 @@ struct module_signature {
__be32 sig_len; /* Length of signature data */
};
-int mod_check_sig(const struct module_signature *ms, size_t file_len,
+int mod_check_sig(const struct module_signature *ms, unsigned long file_len,
+ const char *name);
+int mod_parse_sig(const void *data, unsigned long *len, unsigned long *sig_len,
const char *name);
#endif /* _LINUX_MODULE_SIGNATURE_H */
diff --git a/kernel/module_signature.c b/kernel/module_signature.c
index 00132d12487c..4a36405ecd08 100644
--- a/kernel/module_signature.c
+++ b/kernel/module_signature.c
@@ -8,17 +8,39 @@
#include <linux/errno.h>
#include <linux/printk.h>
+#include <linux/string.h>
#include <linux/module_signature.h>
#include <asm/byteorder.h>
+/**
+ * mod_check_sig_marker - check that the given data has signature marker at the end
+ *
+ * @data: Data with appended signature
+ * @len: Length of data. Signature marker length is subtracted on success.
+ */
+static inline int mod_check_sig_marker(const void *data, unsigned long *len)
+{
+ const unsigned long markerlen = sizeof(MODULE_SIG_STRING) - 1;
+
+ if (markerlen > *len)
+ return -ENODATA;
+
+ if (memcmp(data + *len - markerlen, MODULE_SIG_STRING,
+ markerlen))
+ return -ENODATA;
+
+ *len -= markerlen;
+ return 0;
+}
+
/**
* mod_check_sig - check that the given signature is sane
*
* @ms: Signature to check.
- * @file_len: Size of the file to which @ms is appended.
+ * @file_len: Size of the file to which @ms is appended (without the marker).
* @name: What is being checked. Used for error messages.
*/
-int mod_check_sig(const struct module_signature *ms, size_t file_len,
+int mod_check_sig(const struct module_signature *ms, unsigned long file_len,
const char *name)
{
if (be32_to_cpu(ms->sig_len) >= file_len - sizeof(*ms))
@@ -44,3 +66,35 @@ int mod_check_sig(const struct module_signature *ms, size_t file_len,
return 0;
}
+
+/**
+ * mod_parse_sig - check that the given signature is sane and determine signature length
+ *
+ * @data: Data with appended signature.
+ * @len: Length of data. Signature and marker length is subtracted on success.
+ * @sig_len: Length of signature. Filled on success.
+ * @name: What is being checked. Used for error messages.
+ */
+int mod_parse_sig(const void *data, unsigned long *len, unsigned long *sig_len, const char *name)
+{
+ const struct module_signature *sig;
+ int rc;
+
+ rc = mod_check_sig_marker(data, len);
+ if (rc)
+ return rc;
+
+ if (*len < sizeof(*sig))
+ return -EBADMSG;
+
+ sig = data + (*len - sizeof(*sig));
+
+ rc = mod_check_sig(sig, *len, name);
+ if (rc)
+ return rc;
+
+ *sig_len = be32_to_cpu(sig->sig_len);
+ *len -= *sig_len + sizeof(*sig);
+
+ return 0;
+}
diff --git a/kernel/module_signing.c b/kernel/module_signing.c
index 20857d2a15ca..1d4cb03cce21 100644
--- a/kernel/module_signing.c
+++ b/kernel/module_signing.c
@@ -25,35 +25,16 @@ int verify_appended_signature(const void *data, unsigned long *len,
struct key *trusted_keys,
enum key_being_used_for purpose)
{
- const unsigned long markerlen = sizeof(MODULE_SIG_STRING) - 1;
- struct module_signature *ms;
- unsigned long sig_len, modlen = *len;
+ unsigned long sig_len;
int ret;
- pr_devel("==>%s %s(,%lu)\n", __func__, key_being_used_for[purpose], modlen);
+ pr_devel("==>%s %s(,%lu)\n", __func__, key_being_used_for[purpose], *len);
- if (markerlen > modlen)
- return -ENODATA;
-
- if (memcmp(data + modlen - markerlen, MODULE_SIG_STRING,
- markerlen))
- return -ENODATA;
- modlen -= markerlen;
-
- if (modlen <= sizeof(*ms))
- return -EBADMSG;
-
- ms = data + modlen - sizeof(*ms);
-
- ret = mod_check_sig(ms, modlen, key_being_used_for[purpose]);
+ ret = mod_parse_sig(data, len, &sig_len, key_being_used_for[purpose]);
if (ret)
return ret;
- sig_len = be32_to_cpu(ms->sig_len);
- modlen -= sig_len + sizeof(*ms);
- *len = modlen;
-
- return verify_pkcs7_signature(data, modlen, data + modlen, sig_len,
+ return verify_pkcs7_signature(data, *len, data + *len, sig_len,
trusted_keys,
purpose,
NULL, NULL);
diff --git a/security/integrity/ima/ima_modsig.c b/security/integrity/ima/ima_modsig.c
index fb25723c65bc..b40c8fdf6139 100644
--- a/security/integrity/ima/ima_modsig.c
+++ b/security/integrity/ima/ima_modsig.c
@@ -37,33 +37,17 @@ struct modsig {
*
* Return: 0 on success, error code otherwise.
*/
-int ima_read_modsig(enum ima_hooks func, const void *buf, loff_t buf_len,
+int ima_read_modsig(enum ima_hooks func, const void *buf, loff_t len,
struct modsig **modsig)
{
- const size_t marker_len = strlen(MODULE_SIG_STRING);
- const struct module_signature *sig;
struct modsig *hdr;
- size_t sig_len;
- const void *p;
+ unsigned long sig_len, buf_len = len;
int rc;
- if (buf_len <= marker_len + sizeof(*sig))
- return -ENOENT;
-
- p = buf + buf_len - marker_len;
- if (memcmp(p, MODULE_SIG_STRING, marker_len))
- return -ENOENT;
-
- buf_len -= marker_len;
- sig = (const struct module_signature *)(p - sizeof(*sig));
-
- rc = mod_check_sig(sig, buf_len, func_tokens[func]);
+ rc = mod_parse_sig(buf, &buf_len, &sig_len, func_tokens[func]);
if (rc)
return rc;
- sig_len = be32_to_cpu(sig->sig_len);
- buf_len -= sig_len + sizeof(*sig);
-
/* Allocate sig_len additional bytes to hold the raw PKCS#7 data. */
hdr = kzalloc(sizeof(*hdr) + sig_len, GFP_KERNEL);
if (!hdr)
--
2.31.1
next prev parent reply other threads:[~2022-01-11 11:38 UTC|newest]
Thread overview: 78+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-11 11:37 [PATCH v5 0/6] KEXEC_SIG with appended signature Michal Suchanek
2022-01-11 11:37 ` Michal Suchanek
2022-01-11 11:37 ` Michal Suchanek
2022-01-11 11:37 ` [PATCH v5 1/6] s390/kexec_file: Don't opencode appended signature check Michal Suchanek
2022-01-11 11:37 ` Michal Suchanek
2022-01-11 11:37 ` Michal Suchanek
2022-01-11 11:37 ` [PATCH v5 2/6] powerpc/kexec_file: Add KEXEC_SIG support Michal Suchanek
2022-01-11 11:37 ` Michal Suchanek
2022-01-11 11:37 ` Michal Suchanek
2022-02-09 4:43 ` Michael Ellerman
2022-02-09 4:43 ` Michael Ellerman
2022-02-09 4:43 ` Michael Ellerman
2022-02-09 6:44 ` Paul Menzel
2022-02-09 6:44 ` Paul Menzel
2022-02-09 6:44 ` Paul Menzel
2022-02-09 12:01 ` Michal Suchánek
2022-02-09 12:01 ` Michal =?unknown-8bit?q?Such=C3=A1nek?=
2022-02-09 12:01 ` Michal Suchánek
2022-02-11 15:31 ` Paul Menzel
2022-02-11 15:31 ` Paul Menzel
2022-02-11 15:31 ` Paul Menzel
2022-02-13 17:50 ` Mimi Zohar
2022-02-13 17:50 ` Mimi Zohar
2022-02-13 17:50 ` Mimi Zohar
2022-02-14 2:59 ` Mimi Zohar
2022-02-14 2:59 ` Mimi Zohar
2022-02-14 2:59 ` Mimi Zohar
2022-02-14 15:14 ` Mimi Zohar
2022-02-14 15:14 ` Mimi Zohar
2022-02-14 15:14 ` Mimi Zohar
2022-02-14 15:55 ` Michal Suchánek
2022-02-14 15:55 ` Michal =?unknown-8bit?q?Such=C3=A1nek?=
2022-02-14 15:55 ` Michal Suchánek
2022-02-14 17:09 ` Mimi Zohar
2022-02-14 17:09 ` Mimi Zohar
2022-02-14 17:09 ` Mimi Zohar
2022-01-11 11:37 ` [PATCH v5 3/6] kexec_file: Don't opencode appended signature verification Michal Suchanek
2022-01-11 11:37 ` Michal Suchanek
2022-01-11 11:37 ` Michal Suchanek
2022-01-25 20:15 ` Luis Chamberlain
2022-01-25 20:15 ` Luis Chamberlain
2022-01-25 20:15 ` Luis Chamberlain
2022-02-03 10:49 ` Michal Suchánek
2022-02-03 10:49 ` Michal =?unknown-8bit?q?Such=C3=A1nek?=
2022-02-03 10:49 ` Michal Suchánek
2022-01-11 11:37 ` [PATCH v5 4/6] module: strip the signature marker in the verification function Michal Suchanek
2022-01-11 11:37 ` Michal Suchanek
2022-01-11 11:37 ` Michal Suchanek
2022-01-25 20:23 ` Luis Chamberlain
2022-01-25 20:23 ` Luis Chamberlain
2022-01-25 20:23 ` Luis Chamberlain
2022-01-11 11:37 ` [PATCH v5 5/6] module: Use key_being_used_for for log messages in verify_appended_signature Michal Suchanek
2022-01-11 11:37 ` Michal Suchanek
2022-01-11 11:37 ` Michal Suchanek
2022-01-25 20:24 ` Luis Chamberlain
2022-01-25 20:24 ` Luis Chamberlain
2022-01-25 20:24 ` Luis Chamberlain
2022-01-11 11:37 ` Michal Suchanek [this message]
2022-01-11 11:37 ` [PATCH v5 6/6] module: Move duplicate mod_check_sig users code to mod_parse_sig Michal Suchanek
2022-01-11 11:37 ` Michal Suchanek
2022-01-25 20:27 ` Luis Chamberlain
2022-01-25 20:27 ` Luis Chamberlain
2022-01-25 20:27 ` Luis Chamberlain
2022-01-25 20:30 ` [PATCH v5 0/6] KEXEC_SIG with appended signature Luis Chamberlain
2022-01-25 20:30 ` Luis Chamberlain
2022-01-25 20:30 ` Luis Chamberlain
2022-02-09 4:46 ` Michael Ellerman
2022-02-09 4:46 ` Michael Ellerman
2022-02-09 4:46 ` Michael Ellerman
2022-02-10 23:30 ` Luis Chamberlain
2022-02-10 23:30 ` Luis Chamberlain
2022-02-10 23:30 ` Luis Chamberlain
2022-02-13 18:53 ` Mimi Zohar
2022-02-13 18:53 ` Mimi Zohar
2022-02-13 18:53 ` Mimi Zohar
2022-02-13 20:27 ` Mimi Zohar
2022-02-13 20:27 ` Mimi Zohar
2022-02-13 20:27 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=687db74a714d50b9c83d7ac024da4f7dec0d9a1d.1641900831.git.msuchanek@suse.de \
--to=msuchanek@suse.de \
--cc=agordeev@linux.ibm.com \
--cc=bauerman@linux.ibm.com \
--cc=benh@kernel.crashing.org \
--cc=bhe@redhat.com \
--cc=borntraeger@de.ibm.com \
--cc=borntraeger@linux.ibm.com \
--cc=buendgen@de.ibm.com \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=dja@axtens.net \
--cc=dmitry.kasatkin@gmail.com \
--cc=fllinden@amazon.com \
--cc=gor@linux.ibm.com \
--cc=hbathini@linux.ibm.com \
--cc=hca@linux.ibm.com \
--cc=herbert@gondor.apana.org.au \
--cc=jeyu@kernel.org \
--cc=jmorris@namei.org \
--cc=kexec@lists.infradead.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mcgrof@kernel.org \
--cc=mpe@ellerman.id.au \
--cc=nayna@linux.vnet.ibm.com \
--cc=nramas@linux.microsoft.com \
--cc=paulus@samba.org \
--cc=prudo@redhat.com \
--cc=robh@kernel.org \
--cc=serge@hallyn.com \
--cc=svens@linux.ibm.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.