* [PATCH] modsign: log module name in the event of an error
@ 2018-06-29 15:53 Jessica Yu
2018-06-30 4:04 ` Joe Perches
0 siblings, 1 reply; 3+ messages in thread
From: Jessica Yu @ 2018-06-29 15:53 UTC (permalink / raw)
To: linux-kernel; +Cc: David Howells, Jessica Yu
Now that we have the load_info struct all initialized (including
info->name, which contains the name of the module) before
module_sig_check(), make the load_info struct and hence module name
available to mod_verify_sig() so that we can log the module name in the
event of an error.
Signed-off-by: Jessica Yu <jeyu@kernel.org>
---
kernel/module-internal.h | 26 +++++++++++++++++++++++++-
kernel/module.c | 22 +---------------------
kernel/module_signing.c | 9 ++++++---
3 files changed, 32 insertions(+), 25 deletions(-)
diff --git a/kernel/module-internal.h b/kernel/module-internal.h
index 915e123a430f..ddeb1241455c 100644
--- a/kernel/module-internal.h
+++ b/kernel/module-internal.h
@@ -9,4 +9,28 @@
* 2 of the Licence, or (at your option) any later version.
*/
-extern int mod_verify_sig(const void *mod, unsigned long *_modlen);
+#include <linux/elf.h>
+#include <asm/module.h>
+
+struct load_info {
+ const char *name;
+ /* pointer to module in temporary copy, freed at end of load_module() */
+ struct module *mod;
+ Elf_Ehdr *hdr;
+ unsigned long len;
+ Elf_Shdr *sechdrs;
+ char *secstrings, *strtab;
+ unsigned long symoffs, stroffs;
+ struct _ddebug *debug;
+ unsigned int num_debug;
+ bool sig_ok;
+#ifdef CONFIG_KALLSYMS
+ unsigned long mod_kallsyms_init_off;
+#endif
+ struct {
+ unsigned int sym, str, mod, vers, info, pcpu;
+ } index;
+};
+
+extern int mod_verify_sig(const void *mod, struct load_info *info,
+ unsigned long *_modlen);
diff --git a/kernel/module.c b/kernel/module.c
index ba45a84e4287..8bdd7e255274 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -307,26 +307,6 @@ int unregister_module_notifier(struct notifier_block *nb)
}
EXPORT_SYMBOL(unregister_module_notifier);
-struct load_info {
- const char *name;
- /* pointer to module in temporary copy, freed at end of load_module() */
- struct module *mod;
- Elf_Ehdr *hdr;
- unsigned long len;
- Elf_Shdr *sechdrs;
- char *secstrings, *strtab;
- unsigned long symoffs, stroffs;
- struct _ddebug *debug;
- unsigned int num_debug;
- bool sig_ok;
-#ifdef CONFIG_KALLSYMS
- unsigned long mod_kallsyms_init_off;
-#endif
- struct {
- unsigned int sym, str, mod, vers, info, pcpu;
- } index;
-};
-
/*
* We require a truly strong try_module_get(): 0 means success.
* Otherwise an error is returned due to ongoing or failed
@@ -2778,7 +2758,7 @@ static int module_sig_check(struct load_info *info, int flags)
memcmp(mod + info->len - markerlen, MODULE_SIG_STRING, markerlen) == 0) {
/* We truncate the module to discard the signature */
info->len -= markerlen;
- err = mod_verify_sig(mod, &info->len);
+ err = mod_verify_sig(mod, info, &info->len);
}
if (!err) {
diff --git a/kernel/module_signing.c b/kernel/module_signing.c
index 937c844bee4a..caeea810242d 100644
--- a/kernel/module_signing.c
+++ b/kernel/module_signing.c
@@ -45,7 +45,8 @@ struct module_signature {
/*
* Verify the signature on a module.
*/
-int mod_verify_sig(const void *mod, unsigned long *_modlen)
+int mod_verify_sig(const void *mod, struct load_info *info,
+ unsigned long *_modlen)
{
struct module_signature ms;
size_t modlen = *_modlen, sig_len;
@@ -65,7 +66,8 @@ int mod_verify_sig(const void *mod, unsigned long *_modlen)
*_modlen = modlen;
if (ms.id_type != PKEY_ID_PKCS7) {
- pr_err("Module is not signed with expected PKCS#7 message\n");
+ pr_err("%s: Module is not signed with expected PKCS#7 message\n",
+ info->name);
return -ENOPKG;
}
@@ -76,7 +78,8 @@ int mod_verify_sig(const void *mod, unsigned long *_modlen)
ms.__pad[0] != 0 ||
ms.__pad[1] != 0 ||
ms.__pad[2] != 0) {
- pr_err("PKCS#7 signature info has unexpected non-zero params\n");
+ pr_err("%s: PKCS#7 signature info has unexpected non-zero params\n",
+ info->name);
return -EBADMSG;
}
--
2.16.4
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] modsign: log module name in the event of an error
2018-06-29 15:53 [PATCH] modsign: log module name in the event of an error Jessica Yu
@ 2018-06-30 4:04 ` Joe Perches
2018-07-01 8:36 ` Jessica Yu
0 siblings, 1 reply; 3+ messages in thread
From: Joe Perches @ 2018-06-30 4:04 UTC (permalink / raw)
To: Jessica Yu, linux-kernel; +Cc: David Howells
On Fri, 2018-06-29 at 17:53 +0200, Jessica Yu wrote:
> Now that we have the load_info struct all initialized (including
> info->name, which contains the name of the module) before
> module_sig_check(), make the load_info struct and hence module name
> available to mod_verify_sig() so that we can log the module name in the
> event of an error.
[]
> diff --git a/kernel/module-internal.h b/kernel/module-internal.h
[]
> +extern int mod_verify_sig(const void *mod, struct load_info *info,
> + unsigned long *_modlen);
> diff --git a/kernel/module.c b/kernel/module.c
[]
> @@ -2778,7 +2758,7 @@ static int module_sig_check(struct load_info *info, int flags)
> memcmp(mod + info->len - markerlen, MODULE_SIG_STRING, markerlen) == 0) {
> /* We truncate the module to discard the signature */
> info->len -= markerlen;
> - err = mod_verify_sig(mod, &info->len);
> + err = mod_verify_sig(mod, info, &info->len);
This is the only place this is used correct?
So why pass info and info->member?
info should be enough
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] modsign: log module name in the event of an error
2018-06-30 4:04 ` Joe Perches
@ 2018-07-01 8:36 ` Jessica Yu
0 siblings, 0 replies; 3+ messages in thread
From: Jessica Yu @ 2018-07-01 8:36 UTC (permalink / raw)
To: Joe Perches; +Cc: linux-kernel, David Howells
+++ Joe Perches [29/06/18 21:04 -0700]:
>On Fri, 2018-06-29 at 17:53 +0200, Jessica Yu wrote:
>> Now that we have the load_info struct all initialized (including
>> info->name, which contains the name of the module) before
>> module_sig_check(), make the load_info struct and hence module name
>> available to mod_verify_sig() so that we can log the module name in the
>> event of an error.
>[]
>> diff --git a/kernel/module-internal.h b/kernel/module-internal.h
>[]
>> +extern int mod_verify_sig(const void *mod, struct load_info *info,
>> + unsigned long *_modlen);
>> diff --git a/kernel/module.c b/kernel/module.c
>[]
>> @@ -2778,7 +2758,7 @@ static int module_sig_check(struct load_info *info, int flags)
>> memcmp(mod + info->len - markerlen, MODULE_SIG_STRING, markerlen) == 0) {
>> /* We truncate the module to discard the signature */
>> info->len -= markerlen;
>> - err = mod_verify_sig(mod, &info->len);
>> + err = mod_verify_sig(mod, info, &info->len);
>
>This is the only place this is used correct?
>So why pass info and info->member?
>
>info should be enough
Ah yeah you're right, thanks!
Jessica
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-07-01 8:37 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-06-29 15:53 [PATCH] modsign: log module name in the event of an error Jessica Yu
2018-06-30 4:04 ` Joe Perches
2018-07-01 8:36 ` Jessica Yu
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).