From 1ba6ed325d8306e2035c0844df12c299792f9afc Mon Sep 17 00:00:00 2001
From: Jessica Yu <jeyu@kernel.org>
Date: Fri, 22 Jun 2018 14:00:01 +0200
Subject: [PATCH 2/5] module: setup load info before module_sig_check()
Patch-mainline: v4.19-rc1
Git-commit: 5fdc7db6448a4f558f298b1c98d6d124fdf2ad95
References: bsc#1093666
We want to be able to log the module name in early error messages, such as
when module signature verification fails. Previously, the module name is
set in layout_and_allocate(), meaning that any error messages that happen
before (such as those in module_sig_check()) won't be logged with a module
name, which isn't terribly helpful.
In order to do this, reshuffle the order in load_module() and set up
load info earlier so that we can log the module name along with these
error messages. This requires splitting rewrite_section_headers() out of
setup_load_info().
While we're at it, clean up and split up the operations done in
layout_and_allocate(), setup_load_info(), and rewrite_section_headers()
more cleanly so these functions only perform what their names suggest.
Signed-off-by: Jessica Yu <jeyu@kernel.org>
Acked-by: Jessica Yu <jeyu@suse.de>
---
kernel/module.c | 74 +++++++++++++++++++++++++++++++-------------------------
1 file changed, 42 insertions(+), 32 deletions(-)
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -2482,7 +2482,11 @@ static char *get_modinfo(struct load_inf
Elf_Shdr *infosec = &info->sechdrs[info->index.info];
unsigned long size = infosec->sh_size;
- for (p = (char *)infosec->sh_addr; p; p = next_string(p, &size)) {
+ /*
+ * get_modinfo() calls made before rewrite_section_headers()
+ * must use sh_offset, as sh_addr isn't set!
+ */
+ for (p = (char *)info->hdr + infosec->sh_offset; p; p = next_string(p, &size)) {
if (strncmp(p, tag, taglen) == 0 && p[taglen] == '=')
return p + taglen + 1;
}
@@ -2922,13 +2926,9 @@ static int rewrite_section_headers(struc
}
/* Track but don't keep modinfo and version sections. */
- if (flags & MODULE_INIT_IGNORE_MODVERSIONS)
- info->index.vers = 0; /* Pretend no __versions section! */
- else
- info->index.vers = find_sec(info, "__versions");
- info->index.info = find_sec(info, ".modinfo");
- info->sechdrs[info->index.info].sh_flags &= ~(unsigned long)SHF_ALLOC;
info->sechdrs[info->index.vers].sh_flags &= ~(unsigned long)SHF_ALLOC;
+ info->sechdrs[info->index.info].sh_flags &= ~(unsigned long)SHF_ALLOC;
+
return 0;
}
@@ -2943,16 +2943,19 @@ static int rewrite_section_headers(struc
static int setup_load_info(struct load_info *info, int flags)
{
unsigned int i;
- int err;
/* Set up the convenience variables */
info->sechdrs = (void *)info->hdr + info->hdr->e_shoff;
info->secstrings = (void *)info->hdr
+ info->sechdrs[info->hdr->e_shstrndx].sh_offset;
- err = rewrite_section_headers(info, flags);
- if (err)
- return err;
+ info->index.mod = find_sec(info, ".gnu.linkonce.this_module");
+ if (!info->index.mod) {
+ pr_warn("No module found in object\n");
+ return -ENOEXEC;
+ }
+ /* This is temporary: point mod into copy of data. */
+ info->mod = (void *)info->hdr + info->sechdrs[info->index.mod].sh_offset;
/* Find internal symbols and strings. */
for (i = 1; i < info->hdr->e_shnum; i++) {
@@ -2965,24 +2968,19 @@ static int setup_load_info(struct load_i
}
}
- info->index.mod = find_sec(info, ".gnu.linkonce.this_module");
- if (!info->index.mod) {
- pr_warn("No module found in object\n");
- return -ENOEXEC;
- }
- /* This is temporary: point mod into copy of data. */
- info->mod = (void *)info->sechdrs[info->index.mod].sh_addr;
-
if (info->index.sym == 0) {
pr_warn("%s: module has no symbols (stripped?)\n", info->mod->name);
return -ENOEXEC;
}
- info->index.pcpu = find_pcpusec(info);
+ info->index.info = find_sec(info, ".modinfo");
- /* Check module struct version now, before we try to use module. */
- if (!check_modstruct_version(info->sechdrs, info->index.vers, info->mod))
- return -ENOEXEC;
+ if (flags & MODULE_INIT_IGNORE_MODVERSIONS)
+ info->index.vers = 0; /* Pretend no __versions section! */
+ else
+ info->index.vers = find_sec(info, "__versions");
+
+ info->index.pcpu = find_pcpusec(info);
return 0;
}
@@ -3279,13 +3277,6 @@ static struct module *layout_and_allocat
unsigned int ndx;
int err;
- err = setup_load_info(info, flags);
- if (err)
- return ERR_PTR(err);
-
- if (blacklisted(info->mod->name))
- return ERR_PTR(-EPERM);
-
err = check_modinfo(info->mod, info, flags);
if (err)
return ERR_PTR(err);
@@ -3626,17 +3617,36 @@ static int load_module(struct load_info
int flags)
{
struct module *mod;
- long err;
+ long err = 0;
char *after_dashes;
+ err = elf_header_check(info);
+ if (err)
+ goto free_copy;
+
+ err = setup_load_info(info, flags);
+ if (err)
+ goto free_copy;
+
+ if (blacklisted(info->mod->name)) {
+ err = -EPERM;
+ goto free_copy;
+ }
+
err = module_sig_check(info, flags);
if (err)
goto free_copy;
- err = elf_header_check(info);
+ err = rewrite_section_headers(info, flags);
if (err)
goto free_copy;
+ /* Check module struct version now, before we try to use module. */
+ if (!check_modstruct_version(info->sechdrs, info->index.vers, info->mod)) {
+ err = -ENOEXEC;
+ goto free_copy;
+ }
+
/* Figure out module layout, and allocate all the memory. */
mod = layout_and_allocate(info, flags);
if (IS_ERR(mod)) {