From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from mail-pf1-x442.google.com ([2607:f8b0:4864:20::442]) by casper.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1jwUON-0002lZ-9T for kexec@lists.infradead.org; Fri, 17 Jul 2020 17:43:52 +0000 Received: by mail-pf1-x442.google.com with SMTP id u185so5765982pfu.1 for ; Fri, 17 Jul 2020 10:43:27 -0700 (PDT) From: Kees Cook Subject: [PATCH 11/13] module: Call security_kernel_post_load_data() Date: Fri, 17 Jul 2020 10:43:06 -0700 Message-Id: <20200717174309.1164575-12-keescook@chromium.org> In-Reply-To: <20200717174309.1164575-1-keescook@chromium.org> References: <20200717174309.1164575-1-keescook@chromium.org> MIME-Version: 1.0 List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "kexec" Errors-To: kexec-bounces+dwmw2=infradead.org@lists.infradead.org To: Scott Branden Cc: "Rafael J. Wysocki" , Peter Zijlstra , Stephen Boyd , Mimi Zohar , David Howells , Peter Jones , "Joel Fernandes (Google)" , linux-security-module@vger.kernel.org, Paul Moore , Mauro Carvalho Chehab , Matthew Garrett , James Morris , Matthew Wilcox , KP Singh , "Serge E. Hallyn" , Kees Cook , selinux@vger.kernel.org, Jessica Yu , Hans de Goede , Alexander Viro , linux-integrity@vger.kernel.org, Greg Kroah-Hartman , Stephen Smalley , Randy Dunlap , kexec@lists.infradead.org, linux-kernel@vger.kernel.org, Luis Chamberlain , "Eric W. Biederman" , Dave Olsthoorn , Dmitry Kasatkin , Casey Schaufler , linux-fsdevel@vger.kernel.org, Andrew Morton Now that there is an API for checking loaded contents for modules loaded without a file, call into the LSM hooks. Cc: Jessica Yu Signed-off-by: Kees Cook --- kernel/module.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/kernel/module.c b/kernel/module.c index d56cb34d9a2f..90a4788dff9d 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -2967,7 +2967,7 @@ static int copy_module_from_user(const void __user *umod, unsigned long len, if (info->len < sizeof(*(info->hdr))) return -ENOEXEC; - err = security_kernel_load_data(LOADING_MODULE, false); + err = security_kernel_load_data(LOADING_MODULE, true); if (err) return err; @@ -2977,11 +2977,17 @@ static int copy_module_from_user(const void __user *umod, unsigned long len, return -ENOMEM; if (copy_chunked_from_user(info->hdr, umod, info->len) != 0) { - vfree(info->hdr); - return -EFAULT; + err = -EFAULT; + goto out; } - return 0; + err = security_kernel_post_load_data((char *)info->hdr, info->len, + LOADING_MODULE); +out: + if (err) + vfree(info->hdr); + + return err; } static void free_copy(struct load_info *info) -- 2.25.1 _______________________________________________ kexec mailing list kexec@lists.infradead.org http://lists.infradead.org/mailman/listinfo/kexec