From 469b62248640c72ceb8801a7818482a35ef11b8f Mon Sep 17 00:00:00 2001
From: Jessica Yu <jeyu@kernel.org>
Date: Fri, 29 Jun 2018 16:37:08 +0200
Subject: [PATCH 3/5] modsign: log module name in the event of an error
Patch-mainline: v4.19-rc1
Git-commit: f314dfea16a085a58d2ff227ea9fa9e490ee5d18
References: bsc#1093666
Now that we have the load_info struct all initialized (including
info->name, which contains the name of the module) before
module_sig_check(), make the load_info struct and hence module name
available to mod_verify_sig() so that we can log the module name in the
event of an error.
Signed-off-by: Jessica Yu <jeyu@kernel.org>
Acked-by: Jessica Yu <jeyu@suse.de>
---
kernel/module-internal.h | 24 +++++++++++++++++++++++-
kernel/module.c | 21 +--------------------
kernel/module_signing.c | 13 ++++++++-----
3 files changed, 32 insertions(+), 26 deletions(-)
--- a/kernel/module-internal.h
+++ b/kernel/module-internal.h
@@ -9,4 +9,26 @@
* 2 of the Licence, or (at your option) any later version.
*/
-extern int mod_verify_sig(const void *mod, unsigned long *_modlen);
+#include <linux/elf.h>
+#include <asm/module.h>
+
+struct load_info {
+ /* pointer to module in temporary copy, freed at end of load_module() */
+ struct module *mod;
+ Elf_Ehdr *hdr;
+ unsigned long len;
+ Elf_Shdr *sechdrs;
+ char *secstrings, *strtab;
+ unsigned long symoffs, stroffs;
+ struct _ddebug *debug;
+ unsigned int num_debug;
+ bool sig_ok;
+#ifdef CONFIG_KALLSYMS
+ unsigned long mod_kallsyms_init_off;
+#endif
+ struct {
+ unsigned int sym, str, mod, vers, info, pcpu;
+ } index;
+};
+
+extern int mod_verify_sig(const void *mod, struct load_info *info);
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -301,25 +301,6 @@ int unregister_module_notifier(struct no
}
EXPORT_SYMBOL(unregister_module_notifier);
-struct load_info {
- /* pointer to module in temporary copy, freed at end of load_module() */
- struct module *mod;
- Elf_Ehdr *hdr;
- unsigned long len;
- Elf_Shdr *sechdrs;
- char *secstrings, *strtab;
- unsigned long symoffs, stroffs;
- struct _ddebug *debug;
- unsigned int num_debug;
- bool sig_ok;
-#ifdef CONFIG_KALLSYMS
- unsigned long mod_kallsyms_init_off;
-#endif
- struct {
- unsigned int sym, str, mod, vers, info, pcpu;
- } index;
-};
-
/*
* We require a truly strong try_module_get(): 0 means success.
* Otherwise an error is returned due to ongoing or failed
@@ -2774,7 +2755,7 @@ static int module_sig_check(struct load_
memcmp(mod + info->len - markerlen, MODULE_SIG_STRING, markerlen) == 0) {
/* We truncate the module to discard the signature */
info->len -= markerlen;
- err = mod_verify_sig(mod, &info->len);
+ err = mod_verify_sig(mod, info);
}
if (!err) {
--- a/kernel/module_signing.c
+++ b/kernel/module_signing.c
@@ -13,6 +13,7 @@
#include <linux/errno.h>
#include <linux/string.h>
#include <linux/verification.h>
+#include <linux/module.h>
#include <crypto/public_key.h>
#include "module-internal.h"
@@ -45,10 +46,10 @@ struct module_signature {
/*
* Verify the signature on a module.
*/
-int mod_verify_sig(const void *mod, unsigned long *_modlen)
+int mod_verify_sig(const void *mod, struct load_info *info)
{
struct module_signature ms;
- size_t modlen = *_modlen, sig_len;
+ size_t modlen = info->len, sig_len;
pr_devel("==>%s(,%zu)\n", __func__, modlen);
@@ -62,10 +63,11 @@ int mod_verify_sig(const void *mod, unsi
if (sig_len >= modlen)
return -EBADMSG;
modlen -= sig_len;
- *_modlen = modlen;
+ info->len = modlen;
if (ms.id_type != PKEY_ID_PKCS7) {
- pr_err("Module is not signed with expected PKCS#7 message\n");
+ pr_err("%s: Module is not signed with expected PKCS#7 message\n",
+ info->mod->name);
return -ENOPKG;
}
@@ -76,7 +78,8 @@ int mod_verify_sig(const void *mod, unsi
ms.__pad[0] != 0 ||
ms.__pad[1] != 0 ||
ms.__pad[2] != 0) {
- pr_err("PKCS#7 signature info has unexpected non-zero params\n");
+ pr_err("%s: PKCS#7 signature info has unexpected non-zero params\n",
+ info->mod->name);
return -EBADMSG;
}