From: Luis Chamberlain <mcgrof@kernel.org>
To: linux-modules@vger.kernel.org, linux-kernel@vger.kernel.org,
pmladek@suse.com, david@redhat.com, petr.pavlu@suse.com,
prarit@redhat.com
Cc: christophe.leroy@csgroup.eu, song@kernel.org, mcgrof@kernel.org
Subject: [PATCH 3/5] module: move more elf validity checks to elf_validity_check()
Date: Sun, 19 Mar 2023 14:35:40 -0700 [thread overview]
Message-ID: <20230319213542.1790479-4-mcgrof@kernel.org> (raw)
In-Reply-To: <20230319213542.1790479-1-mcgrof@kernel.org>
The symbol and strings section validation currently happen in
setup_load_info() but since they are also doing validity checks
move this to elf_validity_check().
Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
---
kernel/module/main.c | 79 ++++++++++++++++++++++++--------------------
1 file changed, 44 insertions(+), 35 deletions(-)
diff --git a/kernel/module/main.c b/kernel/module/main.c
index fbe62d1625bc..84a7f96cf35a 100644
--- a/kernel/module/main.c
+++ b/kernel/module/main.c
@@ -1658,6 +1658,8 @@ static int elf_validity_check(struct load_info *info)
Elf_Shdr *shdr, *strhdr;
int err;
unsigned int num_mod_secs = 0, mod_idx;
+ unsigned int num_info_secs = 0, info_idx;
+ unsigned int num_sym_secs = 0, sym_idx;
if (info->len < sizeof(*(info->hdr))) {
pr_err("Invalid ELF header len %lu\n", info->len);
@@ -1761,6 +1763,8 @@ static int elf_validity_check(struct load_info *info)
info->hdr->e_shnum);
goto no_exec;
}
+ num_sym_secs++;
+ sym_idx = i;
fallthrough;
default:
err = validate_section_offset(info, shdr);
@@ -1773,6 +1777,10 @@ static int elf_validity_check(struct load_info *info)
".gnu.linkonce.this_module") == 0) {
num_mod_secs++;
mod_idx = i;
+ } else if (strcmp(info->secstrings + shdr->sh_name,
+ ".modinfo") == 0) {
+ num_info_secs++;
+ info_idx = i;
}
if (shdr->sh_flags & SHF_ALLOC) {
@@ -1786,6 +1794,27 @@ static int elf_validity_check(struct load_info *info)
}
}
+ if (num_info_secs > 1) {
+ pr_err("Only one .modinfo section must exist.\n");
+ goto no_exec;
+ } else if (num_info_secs == 1) {
+ /* Try to find a name early so we can log errors with a module name */
+ info->index.info = info_idx;
+ info->name = get_modinfo(info, "name");
+ }
+
+ if (num_sym_secs != 1) {
+ pr_warn("%s: module has no symbols (stripped?)\n",
+ info->name ?: "(missing .modinfo section or name field)");
+ goto no_exec;
+ }
+
+ /* Sets internal symbols and strings. */
+ info->index.sym = sym_idx;
+ shdr = &info->sechdrs[sym_idx];
+ info->index.str = shdr->sh_link;
+ info->strtab = (char *)info->hdr + info->sechdrs[info->index.str].sh_offset;
+
/*
* The ".gnu.linkonce.this_module" ELF section is special. It is
* what modpost uses to refer to __this_module and let's use rely
@@ -1802,7 +1831,8 @@ static int elf_validity_check(struct load_info *info)
* size
*/
if (num_mod_secs != 1) {
- pr_err("Only one .gnu.linkonce.this_module section must exist.\n");
+ pr_err("module %s: Only one .gnu.linkonce.this_module section must exist.\n",
+ info->name ?: "(missing .modinfo section or name field)");
goto no_exec;
}
@@ -1813,17 +1843,20 @@ static int elf_validity_check(struct load_info *info)
* pedantic about it.
*/
if (shdr->sh_type == SHT_NOBITS) {
- pr_err(".gnu.linkonce.this_module section must have a size set\n");
+ pr_err("module %s: .gnu.linkonce.this_module section must have a size set\n",
+ info->name ?: "(missing .modinfo section or name field)");
goto no_exec;
}
if (!(shdr->sh_flags & SHF_ALLOC)) {
- pr_err(".gnu.linkonce.this_module must occupy memory during process execution\n");
+ pr_err("module %s: .gnu.linkonce.this_module must occupy memory during process execution\n",
+ info->name ?: "(missing .modinfo section or name field)");
goto no_exec;
}
if (shdr->sh_size != sizeof(struct module)) {
- pr_err(".gnu.linkonce.this_module section size must match the kernel's built struct module size at run time\n");
+ pr_err("module %s: .gnu.linkonce.this_module section size must match the kernel's built struct module size at run time\n",
+ info->name ?: "(missing .modinfo section or name field)");
goto no_exec;
}
@@ -1832,6 +1865,13 @@ static int elf_validity_check(struct load_info *info)
/* This is temporary: point mod into copy of data. */
info->mod = (void *)info->hdr + shdr->sh_offset;
+ /*
+ * If we didn't load the .modinfo 'name' field earlier, fall back to
+ * on-disk struct mod 'name' field.
+ */
+ if (!info->name)
+ info->name = info->mod->name;
+
return 0;
no_exec:
@@ -1954,37 +1994,6 @@ static int rewrite_section_headers(struct load_info *info, int flags)
*/
static int setup_load_info(struct load_info *info, int flags)
{
- unsigned int i;
-
- /* Try to find a name early so we can log errors with a module name */
- info->index.info = find_sec(info, ".modinfo");
- if (info->index.info)
- info->name = get_modinfo(info, "name");
-
- /* Find internal symbols and strings. */
- for (i = 1; i < info->hdr->e_shnum; i++) {
- if (info->sechdrs[i].sh_type == SHT_SYMTAB) {
- info->index.sym = i;
- info->index.str = info->sechdrs[i].sh_link;
- info->strtab = (char *)info->hdr
- + info->sechdrs[info->index.str].sh_offset;
- break;
- }
- }
-
- if (info->index.sym == 0) {
- pr_warn("%s: module has no symbols (stripped?)\n",
- info->name ?: "(missing .modinfo section or name field)");
- return -ENOEXEC;
- }
-
- /*
- * If we didn't load the .modinfo 'name' field earlier, fall back to
- * on-disk struct mod 'name' field.
- */
- if (!info->name)
- info->name = info->mod->name;
-
if (flags & MODULE_INIT_IGNORE_MODVERSIONS)
info->index.vers = 0; /* Pretend no __versions section! */
else
--
2.39.1
next prev parent reply other threads:[~2023-03-19 21:35 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-19 21:35 [PATCH 0/5] module: ELF validation enhancement and cleanups Luis Chamberlain
2023-03-19 21:35 ` [PATCH 1/5] module: add sanity check for ELF module section Luis Chamberlain
2023-03-19 21:35 ` [PATCH 2/5] module: add stop-grap sanity check on module memcpy() Luis Chamberlain
2023-03-19 21:35 ` Luis Chamberlain [this message]
2023-03-19 21:35 ` [PATCH 4/5] module: merge remnants of setup_load_info() to elf validation Luis Chamberlain
2023-03-19 21:35 ` [PATCH 5/5] module: fold usermode helper kmod into modules directory Luis Chamberlain
2023-03-22 23:43 ` [PATCH 0/5] module: ELF validation enhancement and cleanups Luis Chamberlain
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230319213542.1790479-4-mcgrof@kernel.org \
--to=mcgrof@kernel.org \
--cc=christophe.leroy@csgroup.eu \
--cc=david@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-modules@vger.kernel.org \
--cc=petr.pavlu@suse.com \
--cc=pmladek@suse.com \
--cc=prarit@redhat.com \
--cc=song@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).