From: Jay Wang <wanjay@amazon.com>
To: Herbert Xu <herbert@gondor.apana.org.au>,
"David S . Miller" <davem@davemloft.net>,
<linux-crypto@vger.kernel.org>,
Masahiro Yamada <masahiroy@kernel.org>,
<linux-kbuild@vger.kernel.org>
Cc: Jay Wang <jay.wang.upstream@gmail.com>,
Vegard Nossum <vegard.nossum@oracle.com>,
Nicolai Stange <nstange@suse.de>,
Ilia Okomin <ilya.okomin@oracle.com>,
Hazem Mohamed Abuelfotoh <abuehaze@amazon.com>,
Bjoern Doebel <doebel@amazon.de>,
Martin Pohlack <mpohlack@amazon.de>,
Benjamin Herrenschmidt <benh@amazon.com>,
Nathan Chancellor <nathan@kernel.org>,
Nicolas Schier <nsc@kernel.org>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>, Thomas Gleixner <tglx@kernel.org>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
"H . Peter Anvin" <hpa@zytor.com>,
Luis Chamberlain <mcgrof@kernel.org>,
Petr Pavlu <petr.pavlu@suse.com>,
Daniel Gomez <da.gomez@kernel.org>,
Sami Tolvanen <samitolvanen@google.com>,
David Howells <dhowells@redhat.com>,
"David Woodhouse" <dwmw2@infradead.org>,
Jarkko Sakkinen <jarkko@kernel.org>,
"Ignat Korchagin" <ignat@linux.win>,
Lukas Wunner <lukas@wunner.de>,
"Alexei Starovoitov" <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
"Andrii Nakryiko" <andrii@kernel.org>,
<linux-arm-kernel@lists.infradead.org>, <x86@kernel.org>,
<linux-modules@vger.kernel.org>
Subject: [PATCH v2 10/19] module: skip modversion checks for crypto modules
Date: Sat, 18 Apr 2026 00:20:18 +0000 [thread overview]
Message-ID: <20260418002032.2877-11-wanjay@amazon.com> (raw)
In-Reply-To: <20260418002032.2877-1-wanjay@amazon.com>
The standalone crypto module feature allows loading pre-built crypto
modules from an external build to preserve FIPS certification across
kernel updates. Since these externally built modules have different
modversion CRCs than the running kernel, the module_layout and per-symbol
version checks will fail.
Add a flags field to struct load_info and bypass check_version() and
check_modstruct_version() for crypto modules. For fips140.ko loaded
from embedded kernel memory, the MODULE_INIT_CRYPTO_FROM_MEM flag is set
by the loader. For individual crypto algorithm modules (e.g., authenc.ko,
ccm.ko) built with the crypto-objs-m rule, a .fips140_crypto_marker ELF
section is detected during early_mod_check() and the
MODULE_INIT_CRYPTO_OBJS_M flag is set accordingly.
Signed-off-by: Jay Wang <wanjay@amazon.com>
---
include/uapi/linux/module.h | 1 +
kernel/module/internal.h | 1 +
kernel/module/main.c | 17 +++++++++++++++++
kernel/module/version.c | 9 +++++++++
4 files changed, 28 insertions(+)
diff --git a/include/uapi/linux/module.h b/include/uapi/linux/module.h
index 6941497350893..7c6b3ae55c8d7 100644
--- a/include/uapi/linux/module.h
+++ b/include/uapi/linux/module.h
@@ -10,6 +10,7 @@
#ifdef __KERNEL__
/* Internal flags */
#define MODULE_INIT_CRYPTO_FROM_MEM (1 << 8)
+#define MODULE_INIT_CRYPTO_OBJS_M (1 << 9)
#endif
#endif /* _UAPI_LINUX_MODULE_H */
diff --git a/kernel/module/internal.h b/kernel/module/internal.h
index 061161cc79d90..b75b19e0b5dcf 100644
--- a/kernel/module/internal.h
+++ b/kernel/module/internal.h
@@ -69,6 +69,7 @@ struct load_info {
char *secstrings, *strtab;
unsigned long symoffs, stroffs, init_typeoffs, core_typeoffs;
bool sig_ok;
+ int flags;
#ifdef CONFIG_KALLSYMS
unsigned long mod_kallsyms_init_off;
#endif
diff --git a/kernel/module/main.c b/kernel/module/main.c
index 6152b9b39e6b1..69949069dc5f5 100644
--- a/kernel/module/main.c
+++ b/kernel/module/main.c
@@ -3446,6 +3446,22 @@ static int early_mod_check(struct load_info *info, int flags)
if (err)
return err;
+#ifdef CONFIG_CRYPTO_FIPS140_EXTMOD
+ /* Detect crypto-objs-m modules by .fips140_crypto_marker section */
+ if (!(info->flags & MODULE_INIT_CRYPTO_FROM_MEM)) {
+ unsigned int i;
+
+ for (i = 1; i < info->hdr->e_shnum; i++) {
+ const char *sname = info->secstrings + info->sechdrs[i].sh_name;
+
+ if (strcmp(sname, ".fips140_crypto_marker") == 0) {
+ info->flags |= MODULE_INIT_CRYPTO_OBJS_M;
+ break;
+ }
+ }
+ }
+#endif
+
/* Check module struct version now, before we try to use module. */
if (!check_modstruct_version(info, info->mod))
return -ENOEXEC;
@@ -3678,6 +3694,7 @@ int load_crypto_module_mem(const char *mem, size_t size)
}
info.sig_ok = true;
+ info.flags = MODULE_INIT_CRYPTO_FROM_MEM;
info.hdr = (Elf_Ehdr *) mem;
info.len = size;
diff --git a/kernel/module/version.c b/kernel/module/version.c
index 2beefeba82d94..3c5b5fceb73a9 100644
--- a/kernel/module/version.c
+++ b/kernel/module/version.c
@@ -8,6 +8,7 @@
#include <linux/module.h>
#include <linux/string.h>
#include <linux/printk.h>
+#include <uapi/linux/module.h>
#include "internal.h"
int check_version(const struct load_info *info,
@@ -21,6 +22,10 @@ int check_version(const struct load_info *info,
struct modversion_info *versions;
struct modversion_info_ext version_ext;
+ /* Skip version checks for FIPS crypto modules */
+ if (info->flags & (MODULE_INIT_CRYPTO_FROM_MEM | MODULE_INIT_CRYPTO_OBJS_M))
+ return 1;
+
/* Exporting module didn't supply crcs? OK, we're already tainted. */
if (!crc)
return 1;
@@ -81,6 +86,10 @@ int check_modstruct_version(const struct load_info *info,
};
bool have_symbol;
+ /* Skip module_layout version check for FIPS crypto modules */
+ if (info->flags & (MODULE_INIT_CRYPTO_FROM_MEM | MODULE_INIT_CRYPTO_OBJS_M))
+ return 1;
+
/*
* Since this should be found in kernel (which can't be removed), no
* locking is necessary. Regardless use a RCU read section to keep
--
2.47.3
next prev parent reply other threads:[~2026-04-18 0:23 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-18 0:20 [PATCH v2 00/19] crypto: Standalone crypto module Jay Wang
2026-04-18 0:20 ` [PATCH v2 01/19] crypto: add Kconfig options for standalone " Jay Wang
2026-04-18 0:20 ` [PATCH v2 02/19] crypto: add module entry for standalone crypto kernel module Jay Wang
2026-04-18 0:20 ` [PATCH v2 03/19] build: special compilation rule for building the standalone crypto module Jay Wang
2026-04-18 0:20 ` [PATCH v2 04/19] build: Add ELF marker for crypto-objs-m modules Jay Wang
2026-04-18 0:20 ` [PATCH v2 05/19] module: allow kernel module loading directly from memory Jay Wang
2026-04-18 0:20 ` [PATCH v2 06/19] crypto: add pluggable interface for module symbols referenced by the main kernel Jay Wang
2026-04-18 0:20 ` [PATCH v2 07/19] crypto: dedicated ELF sections for collected crypto initcalls Jay Wang
2026-04-18 0:20 ` [PATCH v2 08/19] crypto: fips140: add crypto module loader Jay Wang
2026-04-18 0:20 ` [PATCH v2 09/19] build: embed the standalone crypto module into vmlinux Jay Wang
2026-04-18 0:20 ` Jay Wang [this message]
2026-04-18 0:20 ` [PATCH v2 11/19] build: add CONFIG_DEBUG_INFO_BTF_MODULES support for the standalone crypto kernel module Jay Wang
2026-04-18 0:20 ` [PATCH v2 12/19] Allow selective crypto module loading at boot based on FIPS mode Jay Wang
2026-04-18 0:20 ` [PATCH v2 13/19] Execute crypto initcalls during module initialization Jay Wang
2026-04-18 0:20 ` [PATCH v2 14/19] crypto/algapi.c: skip crypto_check_module_sig() for the standalone crypto module Jay Wang
2026-04-18 0:20 ` [PATCH v2 15/19] crypto: fips140: add module integrity self-check Jay Wang
2026-04-18 0:20 ` [PATCH v2 16/19] crypto: convert exported symbols in architecture-independent crypto to pluggable symbols Jay Wang
2026-04-18 0:20 ` [PATCH v2 17/19] x86/crypto: convert exported symbols in x86 " Jay Wang
2026-04-18 0:20 ` [PATCH v2 18/19] arm64/crypto: convert exported symbols in arm64 " Jay Wang
2026-04-18 0:20 ` [PATCH v2 19/19] Add standalone crypto kernel module technical documentation Jay Wang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260418002032.2877-11-wanjay@amazon.com \
--to=wanjay@amazon.com \
--cc=abuehaze@amazon.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=benh@amazon.com \
--cc=bp@alien8.de \
--cc=catalin.marinas@arm.com \
--cc=da.gomez@kernel.org \
--cc=daniel@iogearbox.net \
--cc=dave.hansen@linux.intel.com \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=doebel@amazon.de \
--cc=dwmw2@infradead.org \
--cc=herbert@gondor.apana.org.au \
--cc=hpa@zytor.com \
--cc=ignat@linux.win \
--cc=ilya.okomin@oracle.com \
--cc=jarkko@kernel.org \
--cc=jay.wang.upstream@gmail.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-modules@vger.kernel.org \
--cc=lukas@wunner.de \
--cc=masahiroy@kernel.org \
--cc=mcgrof@kernel.org \
--cc=mingo@redhat.com \
--cc=mpohlack@amazon.de \
--cc=nathan@kernel.org \
--cc=nsc@kernel.org \
--cc=nstange@suse.de \
--cc=petr.pavlu@suse.com \
--cc=samitolvanen@google.com \
--cc=tglx@kernel.org \
--cc=vegard.nossum@oracle.com \
--cc=will@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.