From: Mehmet Kayaalp <mkayaalp@linux.vnet.ibm.com> To: David Howells <dhowells@redhat.com> Cc: David Woodhouse <dwmw2@infradead.org>, keyrings <keyrings@vger.kernel.org>, LSM <linux-security-module@vger.kernel.org>, kernel <linux-kernel@vger.kernel.org>, Mimi Zohar <zohar@linux.vnet.ibm.com>, Stefan Berger <stefanb@linux.vnet.ibm.com>, George Wilson <gcwilson@us.ibm.com>, Mehmet Kayaalp <mkayaalp@linux.vnet.ibm.com> Subject: [PATCH v5 2/4] KEYS: Add ELF class-independent certificate insertion support Date: Wed, 10 May 2017 14:20:54 -0400 [thread overview] Message-ID: <1494440456-28671-3-git-send-email-mkayaalp@linux.vnet.ibm.com> (raw) In-Reply-To: <1494440456-28671-1-git-send-email-mkayaalp@linux.vnet.ibm.com> Use ELF class-independent GElf API for processing the kernel binary. This patch adds support for compiling the script for 64-bit and the kernel for 32-bit (e.g. make ARCH=i386 on x86-64). Signed-off-by: Mehmet Kayaalp <mkayaalp@linux.vnet.ibm.com> --- scripts/Makefile | 1 + scripts/insert-sys-cert.c | 215 +++++++++++++++++++++++----------------------- 2 files changed, 109 insertions(+), 107 deletions(-) diff --git a/scripts/Makefile b/scripts/Makefile index 1d80897..5633f2c 100644 --- a/scripts/Makefile +++ b/scripts/Makefile @@ -25,6 +25,7 @@ HOSTCFLAGS_sortextable.o = -I$(srctree)/tools/include HOSTCFLAGS_asn1_compiler.o = -I$(srctree)/include HOSTLOADLIBES_sign-file = -lcrypto HOSTLOADLIBES_extract-cert = -lcrypto +HOSTLOADLIBES_insert-sys-cert = -lelf always := $(hostprogs-y) $(hostprogs-m) diff --git a/scripts/insert-sys-cert.c b/scripts/insert-sys-cert.c index 8902836..86a3d41 100644 --- a/scripts/insert-sys-cert.c +++ b/scripts/insert-sys-cert.c @@ -24,7 +24,8 @@ #include <sys/mman.h> #include <fcntl.h> #include <unistd.h> -#include <elf.h> +#include <gelf.h> +#include <linux/types.h> #define CERT_SYM "system_extra_cert" #define USED_SYM "system_extra_cert_used" @@ -34,18 +35,6 @@ #define warn(format, args...) fprintf(stdout, "WARNING: " format, ## args) #define err(format, args...) fprintf(stderr, "ERROR: " format, ## args) -#if UINTPTR_MAX == 0xffffffff -#define CURRENT_ELFCLASS ELFCLASS32 -#define Elf_Ehdr Elf32_Ehdr -#define Elf_Shdr Elf32_Shdr -#define Elf_Sym Elf32_Sym -#else -#define CURRENT_ELFCLASS ELFCLASS64 -#define Elf_Ehdr Elf64_Ehdr -#define Elf_Shdr Elf64_Shdr -#define Elf_Sym Elf64_Sym -#endif - static unsigned char endianness(void) { uint16_t two_byte = 0x00FF; @@ -65,22 +54,17 @@ struct sym { int size; }; -static unsigned long get_offset_from_address(Elf_Ehdr *hdr, unsigned long addr) +static unsigned long get_offset_from_address(Elf *elf, unsigned long addr) { - Elf_Shdr *x; - unsigned int i, num_sections; - - x = (void *)hdr + hdr->e_shoff; - if (hdr->e_shnum == SHN_UNDEF) - num_sections = x[0].sh_size; - else - num_sections = hdr->e_shnum; - - for (i = 1; i < num_sections; i++) { - unsigned long start = x[i].sh_addr; - unsigned long end = start + x[i].sh_size; - unsigned long offset = x[i].sh_offset; - + Elf_Scn *scn = NULL; + GElf_Shdr shdr; + unsigned long start, end, offset; + + while ((scn = elf_nextscn(elf, scn)) != NULL) { + gelf_getshdr(scn, &shdr); + start = shdr.sh_addr; + end = start + shdr.sh_size; + offset = shdr.sh_offset; if (addr >= start && addr <= end) return addr - start + offset; } @@ -90,7 +74,7 @@ static unsigned long get_offset_from_address(Elf_Ehdr *hdr, unsigned long addr) #define LINE_SIZE 100 -static void get_symbol_from_map(Elf_Ehdr *hdr, FILE *f, char *name, +static void get_symbol_from_map(Elf *elf, void *base, FILE *f, char *name, struct sym *s) { char l[LINE_SIZE]; @@ -125,76 +109,65 @@ static void get_symbol_from_map(Elf_Ehdr *hdr, FILE *f, char *name, s->address = strtoul(l, NULL, 16); if (s->address == 0) return; - s->offset = get_offset_from_address(hdr, s->address); + s->offset = get_offset_from_address(elf, s->address); s->name = name; - s->content = (void *)hdr + s->offset; -} - -static Elf_Sym *find_elf_symbol(Elf_Ehdr *hdr, Elf_Shdr *symtab, char *name) -{ - Elf_Sym *sym, *symtab_start; - char *strtab, *symname; - unsigned int link; - Elf_Shdr *x; - int i, n; - - x = (void *)hdr + hdr->e_shoff; - link = symtab->sh_link; - symtab_start = (void *)hdr + symtab->sh_offset; - n = symtab->sh_size / symtab->sh_entsize; - strtab = (void *)hdr + x[link].sh_offset; - - for (i = 0; i < n; i++) { - sym = &symtab_start[i]; - symname = strtab + sym->st_name; - if (strcmp(symname, name) == 0) - return sym; - } - err("Unable to find symbol: %s\n", name); - return NULL; + s->content = (void *)base + s->offset; } -static void get_symbol_from_table(Elf_Ehdr *hdr, Elf_Shdr *symtab, +static void get_symbol_from_table(Elf *elf, Elf_Scn *symtab, void *base, char *name, struct sym *s) { - Elf_Shdr *sec; - int secndx; - Elf_Sym *elf_sym; - Elf_Shdr *x; + GElf_Shdr shdr; + Elf_Data *data; + int count; + int i; + GElf_Sym sym; + char *symname; + int found = 0; + size_t secndx; + Elf_Scn *sec; + + gelf_getshdr(symtab, &shdr); + data = elf_getdata(symtab, NULL); + count = shdr.sh_size / shdr.sh_entsize; + + for (i = 0; i < count; i++) { + gelf_getsym(data, i, &sym); + symname = elf_strptr(elf, shdr.sh_link, sym.st_name); + if (strcmp(symname, name) == 0) { + found = 1; + break; + } + } - x = (void *)hdr + hdr->e_shoff; s->size = 0; s->address = 0; s->offset = 0; - elf_sym = find_elf_symbol(hdr, symtab, name); - if (!elf_sym) + if (!found) return; - secndx = elf_sym->st_shndx; + secndx = sym.st_shndx; if (!secndx) return; - sec = &x[secndx]; - s->size = elf_sym->st_size; - s->address = elf_sym->st_value; - s->offset = s->address - sec->sh_addr - + sec->sh_offset; + sec = elf_getscn(elf, secndx); + gelf_getshdr(sec, &shdr); + s->size = sym.st_size; + s->address = sym.st_value; + s->offset = s->address - shdr.sh_addr + + shdr.sh_offset; s->name = name; - s->content = (void *)hdr + s->offset; + s->content = base + s->offset; } -static Elf_Shdr *get_symbol_table(Elf_Ehdr *hdr) +static Elf_Scn *get_symbol_table(Elf *elf) { - Elf_Shdr *x; - unsigned int i, num_sections; - - x = (void *)hdr + hdr->e_shoff; - if (hdr->e_shnum == SHN_UNDEF) - num_sections = x[0].sh_size; - else - num_sections = hdr->e_shnum; + Elf_Scn *scn = NULL; + GElf_Shdr shdr; - for (i = 1; i < num_sections; i++) - if (x[i].sh_type == SHT_SYMTAB) - return &x[i]; + while ((scn = elf_nextscn(elf, scn)) != NULL) { + gelf_getshdr(scn, &shdr); + if (shdr.sh_type == SHT_SYMTAB) + return scn; + } return NULL; } @@ -257,7 +230,7 @@ static char *read_file(char *file_name, int *size) return buf; } -static void print_sym(Elf_Ehdr *hdr, struct sym *s) +static void print_sym(struct sym *s) { info("sym: %s\n", s->name); info("addr: 0x%lx\n", s->address); @@ -277,14 +250,15 @@ int main(int argc, char **argv) char *cert_file = NULL; int vmlinux_size; int cert_size; - Elf_Ehdr *hdr; + char *vmlinux; char *cert; FILE *system_map; - unsigned long *lsize; int *used; int opt; - Elf_Shdr *symtab = NULL; struct sym cert_sym, lsize_sym, used_sym; + Elf *elf; + GElf_Ehdr hdr_s, *hdr; + Elf_Scn *symtab = NULL; while ((opt = getopt(argc, argv, "b:c:s:")) != -1) { switch (opt) { @@ -311,12 +285,24 @@ int main(int argc, char **argv) if (!cert) exit(EXIT_FAILURE); - hdr = map_file(vmlinux_file, &vmlinux_size); - if (!hdr) + vmlinux = map_file(vmlinux_file, &vmlinux_size); + if (!vmlinux) exit(EXIT_FAILURE); - if (vmlinux_size < sizeof(*hdr)) { - err("Invalid ELF file.\n"); + if (elf_version(EV_CURRENT) == EV_NONE) { + err("Init libelf failed.\n"); + exit(EXIT_FAILURE); + } + + elf = elf_memory(vmlinux, vmlinux_size); + if (!elf) { + err("Unable to read Elf: %s\n", elf_errmsg(elf_errno())); + exit(EXIT_FAILURE); + } + + hdr = gelf_getehdr(elf, &hdr_s); + if (!hdr) { + err("Unable to read Elf_hdr: %s\n", elf_errmsg(elf_errno())); exit(EXIT_FAILURE); } @@ -328,11 +314,6 @@ int main(int argc, char **argv) exit(EXIT_FAILURE); } - if (hdr->e_ident[EI_CLASS] != CURRENT_ELFCLASS) { - err("ELF class mismatch.\n"); - exit(EXIT_FAILURE); - } - if (hdr->e_ident[EI_DATA] != endianness()) { err("ELF endian mismatch.\n"); exit(EXIT_FAILURE); @@ -343,7 +324,7 @@ int main(int argc, char **argv) exit(EXIT_FAILURE); } - symtab = get_symbol_table(hdr); + symtab = get_symbol_table(elf); if (!symtab) { warn("Could not find the symbol table.\n"); if (!system_map_file) { @@ -357,27 +338,32 @@ int main(int argc, char **argv) perror(system_map_file); exit(EXIT_FAILURE); } - get_symbol_from_map(hdr, system_map, CERT_SYM, &cert_sym); - get_symbol_from_map(hdr, system_map, USED_SYM, &used_sym); - get_symbol_from_map(hdr, system_map, LSIZE_SYM, &lsize_sym); + get_symbol_from_map(elf, vmlinux, system_map, + CERT_SYM, &cert_sym); + get_symbol_from_map(elf, vmlinux, system_map, + USED_SYM, &used_sym); + get_symbol_from_map(elf, vmlinux, system_map, + LSIZE_SYM, &lsize_sym); cert_sym.size = used_sym.address - cert_sym.address; } else { info("Symbol table found.\n"); if (system_map_file) warn("System.map is ignored.\n"); - get_symbol_from_table(hdr, symtab, CERT_SYM, &cert_sym); - get_symbol_from_table(hdr, symtab, USED_SYM, &used_sym); - get_symbol_from_table(hdr, symtab, LSIZE_SYM, &lsize_sym); + get_symbol_from_table(elf, symtab, vmlinux, + CERT_SYM, &cert_sym); + get_symbol_from_table(elf, symtab, vmlinux, + USED_SYM, &used_sym); + get_symbol_from_table(elf, symtab, vmlinux, + LSIZE_SYM, &lsize_sym); } if (!cert_sym.offset || !lsize_sym.offset || !used_sym.offset) exit(EXIT_FAILURE); - print_sym(hdr, &cert_sym); - print_sym(hdr, &used_sym); - print_sym(hdr, &lsize_sym); + print_sym(&cert_sym); + print_sym(&used_sym); + print_sym(&lsize_sym); - lsize = (unsigned long *)lsize_sym.content; used = (int *)used_sym.content; if (cert_sym.size < cert_size) { @@ -400,11 +386,26 @@ int main(int argc, char **argv) memset(cert_sym.content + cert_size, 0, cert_sym.size - cert_size); - *lsize = *lsize + cert_size - *used; + if (hdr->e_ident[EI_CLASS] == ELFCLASS64) { + u64 *lsize; + + lsize = (u64 *)lsize_sym.content; + *lsize = *lsize + cert_size - *used; + } else { + u32 *lsize; + + lsize = (u32 *)lsize_sym.content; + *lsize = *lsize + cert_size - *used; + } *used = cert_size; info("Inserted the contents of %s into %lx.\n", cert_file, cert_sym.address); info("Used %d bytes out of %d bytes reserved.\n", *used, cert_sym.size); + if (munmap(vmlinux, vmlinux_size) == -1) { + perror(vmlinux_file); + exit(EXIT_FAILURE); + } + exit(EXIT_SUCCESS); } -- 2.7.4
WARNING: multiple messages have this Message-ID (diff)
From: mkayaalp@linux.vnet.ibm.com (Mehmet Kayaalp) To: linux-security-module@vger.kernel.org Subject: [PATCH v5 2/4] KEYS: Add ELF class-independent certificate insertion support Date: Wed, 10 May 2017 14:20:54 -0400 [thread overview] Message-ID: <1494440456-28671-3-git-send-email-mkayaalp@linux.vnet.ibm.com> (raw) In-Reply-To: <1494440456-28671-1-git-send-email-mkayaalp@linux.vnet.ibm.com> Use ELF class-independent GElf API for processing the kernel binary. This patch adds support for compiling the script for 64-bit and the kernel for 32-bit (e.g. make ARCH=i386 on x86-64). Signed-off-by: Mehmet Kayaalp <mkayaalp@linux.vnet.ibm.com> --- scripts/Makefile | 1 + scripts/insert-sys-cert.c | 215 +++++++++++++++++++++++----------------------- 2 files changed, 109 insertions(+), 107 deletions(-) diff --git a/scripts/Makefile b/scripts/Makefile index 1d80897..5633f2c 100644 --- a/scripts/Makefile +++ b/scripts/Makefile @@ -25,6 +25,7 @@ HOSTCFLAGS_sortextable.o = -I$(srctree)/tools/include HOSTCFLAGS_asn1_compiler.o = -I$(srctree)/include HOSTLOADLIBES_sign-file = -lcrypto HOSTLOADLIBES_extract-cert = -lcrypto +HOSTLOADLIBES_insert-sys-cert = -lelf always := $(hostprogs-y) $(hostprogs-m) diff --git a/scripts/insert-sys-cert.c b/scripts/insert-sys-cert.c index 8902836..86a3d41 100644 --- a/scripts/insert-sys-cert.c +++ b/scripts/insert-sys-cert.c @@ -24,7 +24,8 @@ #include <sys/mman.h> #include <fcntl.h> #include <unistd.h> -#include <elf.h> +#include <gelf.h> +#include <linux/types.h> #define CERT_SYM "system_extra_cert" #define USED_SYM "system_extra_cert_used" @@ -34,18 +35,6 @@ #define warn(format, args...) fprintf(stdout, "WARNING: " format, ## args) #define err(format, args...) fprintf(stderr, "ERROR: " format, ## args) -#if UINTPTR_MAX == 0xffffffff -#define CURRENT_ELFCLASS ELFCLASS32 -#define Elf_Ehdr Elf32_Ehdr -#define Elf_Shdr Elf32_Shdr -#define Elf_Sym Elf32_Sym -#else -#define CURRENT_ELFCLASS ELFCLASS64 -#define Elf_Ehdr Elf64_Ehdr -#define Elf_Shdr Elf64_Shdr -#define Elf_Sym Elf64_Sym -#endif - static unsigned char endianness(void) { uint16_t two_byte = 0x00FF; @@ -65,22 +54,17 @@ struct sym { int size; }; -static unsigned long get_offset_from_address(Elf_Ehdr *hdr, unsigned long addr) +static unsigned long get_offset_from_address(Elf *elf, unsigned long addr) { - Elf_Shdr *x; - unsigned int i, num_sections; - - x = (void *)hdr + hdr->e_shoff; - if (hdr->e_shnum == SHN_UNDEF) - num_sections = x[0].sh_size; - else - num_sections = hdr->e_shnum; - - for (i = 1; i < num_sections; i++) { - unsigned long start = x[i].sh_addr; - unsigned long end = start + x[i].sh_size; - unsigned long offset = x[i].sh_offset; - + Elf_Scn *scn = NULL; + GElf_Shdr shdr; + unsigned long start, end, offset; + + while ((scn = elf_nextscn(elf, scn)) != NULL) { + gelf_getshdr(scn, &shdr); + start = shdr.sh_addr; + end = start + shdr.sh_size; + offset = shdr.sh_offset; if (addr >= start && addr <= end) return addr - start + offset; } @@ -90,7 +74,7 @@ static unsigned long get_offset_from_address(Elf_Ehdr *hdr, unsigned long addr) #define LINE_SIZE 100 -static void get_symbol_from_map(Elf_Ehdr *hdr, FILE *f, char *name, +static void get_symbol_from_map(Elf *elf, void *base, FILE *f, char *name, struct sym *s) { char l[LINE_SIZE]; @@ -125,76 +109,65 @@ static void get_symbol_from_map(Elf_Ehdr *hdr, FILE *f, char *name, s->address = strtoul(l, NULL, 16); if (s->address == 0) return; - s->offset = get_offset_from_address(hdr, s->address); + s->offset = get_offset_from_address(elf, s->address); s->name = name; - s->content = (void *)hdr + s->offset; -} - -static Elf_Sym *find_elf_symbol(Elf_Ehdr *hdr, Elf_Shdr *symtab, char *name) -{ - Elf_Sym *sym, *symtab_start; - char *strtab, *symname; - unsigned int link; - Elf_Shdr *x; - int i, n; - - x = (void *)hdr + hdr->e_shoff; - link = symtab->sh_link; - symtab_start = (void *)hdr + symtab->sh_offset; - n = symtab->sh_size / symtab->sh_entsize; - strtab = (void *)hdr + x[link].sh_offset; - - for (i = 0; i < n; i++) { - sym = &symtab_start[i]; - symname = strtab + sym->st_name; - if (strcmp(symname, name) == 0) - return sym; - } - err("Unable to find symbol: %s\n", name); - return NULL; + s->content = (void *)base + s->offset; } -static void get_symbol_from_table(Elf_Ehdr *hdr, Elf_Shdr *symtab, +static void get_symbol_from_table(Elf *elf, Elf_Scn *symtab, void *base, char *name, struct sym *s) { - Elf_Shdr *sec; - int secndx; - Elf_Sym *elf_sym; - Elf_Shdr *x; + GElf_Shdr shdr; + Elf_Data *data; + int count; + int i; + GElf_Sym sym; + char *symname; + int found = 0; + size_t secndx; + Elf_Scn *sec; + + gelf_getshdr(symtab, &shdr); + data = elf_getdata(symtab, NULL); + count = shdr.sh_size / shdr.sh_entsize; + + for (i = 0; i < count; i++) { + gelf_getsym(data, i, &sym); + symname = elf_strptr(elf, shdr.sh_link, sym.st_name); + if (strcmp(symname, name) == 0) { + found = 1; + break; + } + } - x = (void *)hdr + hdr->e_shoff; s->size = 0; s->address = 0; s->offset = 0; - elf_sym = find_elf_symbol(hdr, symtab, name); - if (!elf_sym) + if (!found) return; - secndx = elf_sym->st_shndx; + secndx = sym.st_shndx; if (!secndx) return; - sec = &x[secndx]; - s->size = elf_sym->st_size; - s->address = elf_sym->st_value; - s->offset = s->address - sec->sh_addr - + sec->sh_offset; + sec = elf_getscn(elf, secndx); + gelf_getshdr(sec, &shdr); + s->size = sym.st_size; + s->address = sym.st_value; + s->offset = s->address - shdr.sh_addr + + shdr.sh_offset; s->name = name; - s->content = (void *)hdr + s->offset; + s->content = base + s->offset; } -static Elf_Shdr *get_symbol_table(Elf_Ehdr *hdr) +static Elf_Scn *get_symbol_table(Elf *elf) { - Elf_Shdr *x; - unsigned int i, num_sections; - - x = (void *)hdr + hdr->e_shoff; - if (hdr->e_shnum == SHN_UNDEF) - num_sections = x[0].sh_size; - else - num_sections = hdr->e_shnum; + Elf_Scn *scn = NULL; + GElf_Shdr shdr; - for (i = 1; i < num_sections; i++) - if (x[i].sh_type == SHT_SYMTAB) - return &x[i]; + while ((scn = elf_nextscn(elf, scn)) != NULL) { + gelf_getshdr(scn, &shdr); + if (shdr.sh_type == SHT_SYMTAB) + return scn; + } return NULL; } @@ -257,7 +230,7 @@ static char *read_file(char *file_name, int *size) return buf; } -static void print_sym(Elf_Ehdr *hdr, struct sym *s) +static void print_sym(struct sym *s) { info("sym: %s\n", s->name); info("addr: 0x%lx\n", s->address); @@ -277,14 +250,15 @@ int main(int argc, char **argv) char *cert_file = NULL; int vmlinux_size; int cert_size; - Elf_Ehdr *hdr; + char *vmlinux; char *cert; FILE *system_map; - unsigned long *lsize; int *used; int opt; - Elf_Shdr *symtab = NULL; struct sym cert_sym, lsize_sym, used_sym; + Elf *elf; + GElf_Ehdr hdr_s, *hdr; + Elf_Scn *symtab = NULL; while ((opt = getopt(argc, argv, "b:c:s:")) != -1) { switch (opt) { @@ -311,12 +285,24 @@ int main(int argc, char **argv) if (!cert) exit(EXIT_FAILURE); - hdr = map_file(vmlinux_file, &vmlinux_size); - if (!hdr) + vmlinux = map_file(vmlinux_file, &vmlinux_size); + if (!vmlinux) exit(EXIT_FAILURE); - if (vmlinux_size < sizeof(*hdr)) { - err("Invalid ELF file.\n"); + if (elf_version(EV_CURRENT) == EV_NONE) { + err("Init libelf failed.\n"); + exit(EXIT_FAILURE); + } + + elf = elf_memory(vmlinux, vmlinux_size); + if (!elf) { + err("Unable to read Elf: %s\n", elf_errmsg(elf_errno())); + exit(EXIT_FAILURE); + } + + hdr = gelf_getehdr(elf, &hdr_s); + if (!hdr) { + err("Unable to read Elf_hdr: %s\n", elf_errmsg(elf_errno())); exit(EXIT_FAILURE); } @@ -328,11 +314,6 @@ int main(int argc, char **argv) exit(EXIT_FAILURE); } - if (hdr->e_ident[EI_CLASS] != CURRENT_ELFCLASS) { - err("ELF class mismatch.\n"); - exit(EXIT_FAILURE); - } - if (hdr->e_ident[EI_DATA] != endianness()) { err("ELF endian mismatch.\n"); exit(EXIT_FAILURE); @@ -343,7 +324,7 @@ int main(int argc, char **argv) exit(EXIT_FAILURE); } - symtab = get_symbol_table(hdr); + symtab = get_symbol_table(elf); if (!symtab) { warn("Could not find the symbol table.\n"); if (!system_map_file) { @@ -357,27 +338,32 @@ int main(int argc, char **argv) perror(system_map_file); exit(EXIT_FAILURE); } - get_symbol_from_map(hdr, system_map, CERT_SYM, &cert_sym); - get_symbol_from_map(hdr, system_map, USED_SYM, &used_sym); - get_symbol_from_map(hdr, system_map, LSIZE_SYM, &lsize_sym); + get_symbol_from_map(elf, vmlinux, system_map, + CERT_SYM, &cert_sym); + get_symbol_from_map(elf, vmlinux, system_map, + USED_SYM, &used_sym); + get_symbol_from_map(elf, vmlinux, system_map, + LSIZE_SYM, &lsize_sym); cert_sym.size = used_sym.address - cert_sym.address; } else { info("Symbol table found.\n"); if (system_map_file) warn("System.map is ignored.\n"); - get_symbol_from_table(hdr, symtab, CERT_SYM, &cert_sym); - get_symbol_from_table(hdr, symtab, USED_SYM, &used_sym); - get_symbol_from_table(hdr, symtab, LSIZE_SYM, &lsize_sym); + get_symbol_from_table(elf, symtab, vmlinux, + CERT_SYM, &cert_sym); + get_symbol_from_table(elf, symtab, vmlinux, + USED_SYM, &used_sym); + get_symbol_from_table(elf, symtab, vmlinux, + LSIZE_SYM, &lsize_sym); } if (!cert_sym.offset || !lsize_sym.offset || !used_sym.offset) exit(EXIT_FAILURE); - print_sym(hdr, &cert_sym); - print_sym(hdr, &used_sym); - print_sym(hdr, &lsize_sym); + print_sym(&cert_sym); + print_sym(&used_sym); + print_sym(&lsize_sym); - lsize = (unsigned long *)lsize_sym.content; used = (int *)used_sym.content; if (cert_sym.size < cert_size) { @@ -400,11 +386,26 @@ int main(int argc, char **argv) memset(cert_sym.content + cert_size, 0, cert_sym.size - cert_size); - *lsize = *lsize + cert_size - *used; + if (hdr->e_ident[EI_CLASS] == ELFCLASS64) { + u64 *lsize; + + lsize = (u64 *)lsize_sym.content; + *lsize = *lsize + cert_size - *used; + } else { + u32 *lsize; + + lsize = (u32 *)lsize_sym.content; + *lsize = *lsize + cert_size - *used; + } *used = cert_size; info("Inserted the contents of %s into %lx.\n", cert_file, cert_sym.address); info("Used %d bytes out of %d bytes reserved.\n", *used, cert_sym.size); + if (munmap(vmlinux, vmlinux_size) == -1) { + perror(vmlinux_file); + exit(EXIT_FAILURE); + } + exit(EXIT_SUCCESS); } -- 2.7.4 -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo at vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2017-05-10 18:22 UTC|newest] Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top 2017-05-10 18:20 [PATCH v5 0/4] Certificate insertion support for x86 bzImages Mehmet Kayaalp 2017-05-10 18:20 ` Mehmet Kayaalp 2017-05-10 18:20 ` [PATCH v5 1/4] KEYS: Insert incompressible bytes to reserve space in bzImage Mehmet Kayaalp 2017-05-10 18:20 ` Mehmet Kayaalp 2017-05-10 18:20 ` Mehmet Kayaalp [this message] 2017-05-10 18:20 ` [PATCH v5 2/4] KEYS: Add ELF class-independent certificate insertion support Mehmet Kayaalp 2017-05-10 18:20 ` [PATCH v5 3/4] KEYS: Support for inserting a certificate into x86 bzImage Mehmet Kayaalp 2017-05-10 18:20 ` Mehmet Kayaalp 2017-05-10 18:20 ` [PATCH v5 4/4] KEYS: Print insert-sys-cert information to stdout instead of stderr Mehmet Kayaalp 2017-05-10 18:20 ` Mehmet Kayaalp 2017-09-25 6:12 ` [PATCH v5 0/4] Certificate insertion support for x86 bzImages Mike Rapoport 2017-09-25 6:12 ` Mike Rapoport 2017-09-25 6:12 ` Mike Rapoport 2017-11-08 13:30 ` [PATCH v5 2/4] KEYS: Add ELF class-independent certificate insertion support David Howells 2017-11-08 13:30 ` David Howells 2017-11-08 13:30 ` David Howells
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=1494440456-28671-3-git-send-email-mkayaalp@linux.vnet.ibm.com \ --to=mkayaalp@linux.vnet.ibm.com \ --cc=dhowells@redhat.com \ --cc=dwmw2@infradead.org \ --cc=gcwilson@us.ibm.com \ --cc=keyrings@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-security-module@vger.kernel.org \ --cc=stefanb@linux.vnet.ibm.com \ --cc=zohar@linux.vnet.ibm.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.