From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EFD9D198A17 for ; Tue, 5 May 2026 09:49:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777974548; cv=none; b=PcbBMcBfQp26aDEFyqEl6rSiTOZt9MB5PjaBqpdcykDa/x7EyGZemOvJCo7PgRqCR1jetCJbESXjkZ+t/oZJJGb0ofGDnFyC4rEo7vByaUzom0veegeOCWIMrP/xDz0f2NN/RmbtGcCI8vnUDq1PW4xnEQa29XpNJUKAAS5KTHs= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777974548; c=relaxed/simple; bh=WMkkDnjGKorBFdLE6fQYlpfqC1mPGchKEquw2+qnOR0=; h=From:Subject:To:Cc:In-Reply-To:References:Content-Type:Date: Message-Id; b=kOZdbTUw3duNZsyeoxE1pTtFDE3bGMoFBaf4BhT2/A0FBYzdzMhnuxdJRJu/MAd1y08dQCOgbudycbpjYsZvI7dbbPbm4y9mp2JpHCl+glU2voU9W1FkuF01UmBhThngaTWe1ydO4yUwMEJ2mtciR0mOG38UO26xtIh23JCDJ10= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=jX5HSNM7; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="jX5HSNM7" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 649D0C2BCB4; Tue, 5 May 2026 09:49:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777974547; bh=WMkkDnjGKorBFdLE6fQYlpfqC1mPGchKEquw2+qnOR0=; h=From:Subject:Reply-To:To:Cc:In-Reply-To:References:Date:From; b=jX5HSNM7VXOljhf3TwRgpMYoAn6FmKhTyEJzze39dgC9LOS2cT25SYlLYQXpl9Vvt sRiZU2k3nMW2mPhxZx86D1PdQQfcsUA+zFLNC/iXL6vxSZVY3Ps4hsmZANVugfMGsd BhlnHwuLSHJcYKzkYMSLKXNDv9t8U3IAsZ0xCdHG/Ltk7nM3VfUPKWnELVLgS7eXWH 1ERbFdSOrzuLemKn0oEg4oaoITU7e0p2CJnr71wjXWlTk6IgMw3A/4WVRGN3kHKUVb APfWd0cD3HlZpVLn1jFBAMinRKU6E7k1KAYs9We96YSa3SHc6hWni2pn32pYn6P9QV C8RkAbGc76s5Q== From: sashiko-bot@kernel.org Subject: Re: [PATCH v5 12/14] module: Introduce hash-based integrity checking Reply-To: sashiko@lists.linux.dev To: =?utf-8?b?VGhvbWFzIFdlacOfc2NodWg=?= Cc: bpf@vger.kernel.org In-Reply-To: <20260505-module-hashes-v5-12-e174a5a49fce@weissschuh.net> References: <20260505-module-hashes-v5-12-e174a5a49fce@weissschuh.net> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Date: Tue, 05 May 2026 09:49:06 +0000 Message-Id: <20260505094907.649D0C2BCB4@smtp.kernel.org> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Thank you for your contribution! Sashiko AI review found 3 potential issue(= s) to consider: - [High] Build corruption due to concurrent Kbuild executions of the `modul= es` target. - [High] Standalone module builds and installations are fundamentally broke= n. - [Low] Memory leak in the `modules-merkle-tree` host utility. -- commit 199906bc761e41bbeca38213843237f79baf0aaf Author: Thomas Wei=C3=9Fschuh module: Introduce hash-based integrity checking This commit introduces a hash-based integrity checking mechanism to support reproducible builds. It embeds a Merkle tree root of all builtin modules into vmlinux, while out-of-tree modules continue to be validated through signatures. > diff --git a/scripts/Makefile.modinst b/scripts/Makefile.modinst > index 9ba45e5b32b18..68708a039a621 100644 > --- a/scripts/Makefile.modinst > +++ b/scripts/Makefile.modinst [ ... ] > @@ -116,6 +122,11 @@ quiet_cmd_sign :=3D > cmd_sign :=3D : > endif > =20 > +ifeq ($(KBUILD_EXTMOD)|$(CONFIG_MODULE_HASHES),|y) > +quiet_cmd_sign =3D MERKLE [M] $@ > + cmd_sign =3D cat $(objtree)/$*.merkle >> $@ > +endif If modules are built and installed independently of a full vmlinux compilat= ion using make modules followed by make modules_install, will this cat command abort with a missing file error?=20 The .merkle files appear to only be generated by scripts/modules-merkle-tree during the vmlinux link stage, which might leave standalone module builds without the required proof files. > diff --git a/scripts/Makefile.vmlinux b/scripts/Makefile.vmlinux > index 6cc661e5292b0..a0332c06bde1d 100644 > --- a/scripts/Makefile.vmlinux > +++ b/scripts/Makefile.vmlinux [ ... ] > @@ -78,6 +78,33 @@ ifdef CONFIG_BUILDTIME_TABLE_SORT > vmlinux.unstripped: scripts/sorttable > endif > =20 > +ifdef CONFIG_MODULE_HASHES > +targets +=3D .tmp_module_hashes.c > + > +modules.order: vmlinux.unstripped FORCE > + $(Q)echo " MAKE modules" > + $(Q)$(MAKE) -f $(srctree)/Makefile modules Can this recursive make invocation race with the top-level modules target if a user runs make -j vmlinux modules?=20 Since both targets share the modpost prerequisite, it seems Kbuild could evaluate both concurrently. This might cause two independent instances of scripts/Makefile.modfinal to compile and link the exact same .mod.o and .ko files at the same time, leading to unpredictable file truncations. > diff --git a/scripts/modules-merkle-tree.c b/scripts/modules-merkle-tree.c > new file mode 100644 > index 0000000000000..10e3455d5d7af > --- /dev/null > +++ b/scripts/modules-merkle-tree.c [ ... ] > + mt =3D build_merkle(fh_list, num_files); > + write_merkle_root(mt, argv[1]); > + for (size_t i =3D 0; i < num_files; i++) { > + char *signame; > + int fd; > + > + signame =3D xstrdup_replace_suffix(fh_list[i].name, kmod_suffix, ".mer= kle"); > + > + fd =3D open(signame, O_WRONLY | O_CREAT | O_TRUNC, 0644); > + if (fd < 0) > + err(1, "Can't create %s", signame); > + > + build_proof(mt, i, fd); > + append_module_signature_magic(fd, lseek(fd, 0, SEEK_CUR)); > + if (close(fd)) > + err(1, "Can't write %s", signame); > + } Does this code leak the signame string? The xstrdup_replace_suffix helper allocates memory that does not appear to be freed before the end of the loop, which might leave memory stranded for each kernel module processed. --=20 Sashiko AI review =C2=B7 https://sashiko.dev/#/patchset/20260505-module-has= hes-v5-0-e174a5a49fce@weissschuh.net?part=3D12