From: Jay Wang <wanjay@amazon.com>
To: Herbert Xu <herbert@gondor.apana.org.au>,
"David S . Miller" <davem@davemloft.net>,
<linux-crypto@vger.kernel.org>,
Masahiro Yamada <masahiroy@kernel.org>,
<linux-kbuild@vger.kernel.org>
Cc: Jay Wang <jay.wang.upstream@gmail.com>,
Vegard Nossum <vegard.nossum@oracle.com>,
Nicolai Stange <nstange@suse.de>,
Ilia Okomin <ilya.okomin@oracle.com>,
Hazem Mohamed Abuelfotoh <abuehaze@amazon.com>,
Bjoern Doebel <doebel@amazon.de>,
Martin Pohlack <mpohlack@amazon.de>,
Benjamin Herrenschmidt <benh@amazon.com>,
Nathan Chancellor <nathan@kernel.org>,
Nicolas Schier <nsc@kernel.org>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>, Thomas Gleixner <tglx@kernel.org>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
"H . Peter Anvin" <hpa@zytor.com>,
Luis Chamberlain <mcgrof@kernel.org>,
Petr Pavlu <petr.pavlu@suse.com>,
Daniel Gomez <da.gomez@kernel.org>,
Sami Tolvanen <samitolvanen@google.com>,
David Howells <dhowells@redhat.com>,
"David Woodhouse" <dwmw2@infradead.org>,
Jarkko Sakkinen <jarkko@kernel.org>,
"Ignat Korchagin" <ignat@linux.win>,
Lukas Wunner <lukas@wunner.de>,
"Alexei Starovoitov" <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
"Andrii Nakryiko" <andrii@kernel.org>,
<linux-arm-kernel@lists.infradead.org>, <x86@kernel.org>,
<linux-modules@vger.kernel.org>
Subject: [PATCH v2 10/19] module: skip modversion checks for crypto modules
Date: Sat, 18 Apr 2026 00:20:18 +0000 [thread overview]
Message-ID: <20260418002032.2877-11-wanjay@amazon.com> (raw)
In-Reply-To: <20260418002032.2877-1-wanjay@amazon.com>
The standalone crypto module feature allows loading pre-built crypto
modules from an external build to preserve FIPS certification across
kernel updates. Since these externally built modules have different
modversion CRCs than the running kernel, the module_layout and per-symbol
version checks will fail.
Add a flags field to struct load_info and bypass check_version() and
check_modstruct_version() for crypto modules. For fips140.ko loaded
from embedded kernel memory, the MODULE_INIT_CRYPTO_FROM_MEM flag is set
by the loader. For individual crypto algorithm modules (e.g., authenc.ko,
ccm.ko) built with the crypto-objs-m rule, a .fips140_crypto_marker ELF
section is detected during early_mod_check() and the
MODULE_INIT_CRYPTO_OBJS_M flag is set accordingly.
Signed-off-by: Jay Wang <wanjay@amazon.com>
---
include/uapi/linux/module.h | 1 +
kernel/module/internal.h | 1 +
kernel/module/main.c | 17 +++++++++++++++++
kernel/module/version.c | 9 +++++++++
4 files changed, 28 insertions(+)
diff --git a/include/uapi/linux/module.h b/include/uapi/linux/module.h
index 6941497350893..7c6b3ae55c8d7 100644
--- a/include/uapi/linux/module.h
+++ b/include/uapi/linux/module.h
@@ -10,6 +10,7 @@
#ifdef __KERNEL__
/* Internal flags */
#define MODULE_INIT_CRYPTO_FROM_MEM (1 << 8)
+#define MODULE_INIT_CRYPTO_OBJS_M (1 << 9)
#endif
#endif /* _UAPI_LINUX_MODULE_H */
diff --git a/kernel/module/internal.h b/kernel/module/internal.h
index 061161cc79d90..b75b19e0b5dcf 100644
--- a/kernel/module/internal.h
+++ b/kernel/module/internal.h
@@ -69,6 +69,7 @@ struct load_info {
char *secstrings, *strtab;
unsigned long symoffs, stroffs, init_typeoffs, core_typeoffs;
bool sig_ok;
+ int flags;
#ifdef CONFIG_KALLSYMS
unsigned long mod_kallsyms_init_off;
#endif
diff --git a/kernel/module/main.c b/kernel/module/main.c
index 6152b9b39e6b1..69949069dc5f5 100644
--- a/kernel/module/main.c
+++ b/kernel/module/main.c
@@ -3446,6 +3446,22 @@ static int early_mod_check(struct load_info *info, int flags)
if (err)
return err;
+#ifdef CONFIG_CRYPTO_FIPS140_EXTMOD
+ /* Detect crypto-objs-m modules by .fips140_crypto_marker section */
+ if (!(info->flags & MODULE_INIT_CRYPTO_FROM_MEM)) {
+ unsigned int i;
+
+ for (i = 1; i < info->hdr->e_shnum; i++) {
+ const char *sname = info->secstrings + info->sechdrs[i].sh_name;
+
+ if (strcmp(sname, ".fips140_crypto_marker") == 0) {
+ info->flags |= MODULE_INIT_CRYPTO_OBJS_M;
+ break;
+ }
+ }
+ }
+#endif
+
/* Check module struct version now, before we try to use module. */
if (!check_modstruct_version(info, info->mod))
return -ENOEXEC;
@@ -3678,6 +3694,7 @@ int load_crypto_module_mem(const char *mem, size_t size)
}
info.sig_ok = true;
+ info.flags = MODULE_INIT_CRYPTO_FROM_MEM;
info.hdr = (Elf_Ehdr *) mem;
info.len = size;
diff --git a/kernel/module/version.c b/kernel/module/version.c
index 2beefeba82d94..3c5b5fceb73a9 100644
--- a/kernel/module/version.c
+++ b/kernel/module/version.c
@@ -8,6 +8,7 @@
#include <linux/module.h>
#include <linux/string.h>
#include <linux/printk.h>
+#include <uapi/linux/module.h>
#include "internal.h"
int check_version(const struct load_info *info,
@@ -21,6 +22,10 @@ int check_version(const struct load_info *info,
struct modversion_info *versions;
struct modversion_info_ext version_ext;
+ /* Skip version checks for FIPS crypto modules */
+ if (info->flags & (MODULE_INIT_CRYPTO_FROM_MEM | MODULE_INIT_CRYPTO_OBJS_M))
+ return 1;
+
/* Exporting module didn't supply crcs? OK, we're already tainted. */
if (!crc)
return 1;
@@ -81,6 +86,10 @@ int check_modstruct_version(const struct load_info *info,
};
bool have_symbol;
+ /* Skip module_layout version check for FIPS crypto modules */
+ if (info->flags & (MODULE_INIT_CRYPTO_FROM_MEM | MODULE_INIT_CRYPTO_OBJS_M))
+ return 1;
+
/*
* Since this should be found in kernel (which can't be removed), no
* locking is necessary. Regardless use a RCU read section to keep
--
2.47.3
next prev parent reply other threads:[~2026-04-18 0:23 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-18 0:20 [PATCH v2 00/19] crypto: Standalone crypto module Jay Wang
2026-04-18 0:20 ` [PATCH v2 01/19] crypto: add Kconfig options for standalone " Jay Wang
2026-04-18 0:20 ` [PATCH v2 02/19] crypto: add module entry for standalone crypto kernel module Jay Wang
2026-04-18 0:20 ` [PATCH v2 03/19] build: special compilation rule for building the standalone crypto module Jay Wang
2026-04-18 0:20 ` [PATCH v2 04/19] build: Add ELF marker for crypto-objs-m modules Jay Wang
2026-04-18 0:20 ` [PATCH v2 05/19] module: allow kernel module loading directly from memory Jay Wang
2026-04-18 0:20 ` [PATCH v2 06/19] crypto: add pluggable interface for module symbols referenced by the main kernel Jay Wang
2026-04-18 0:20 ` [PATCH v2 07/19] crypto: dedicated ELF sections for collected crypto initcalls Jay Wang
2026-04-18 0:20 ` [PATCH v2 08/19] crypto: fips140: add crypto module loader Jay Wang
2026-04-18 0:20 ` [PATCH v2 09/19] build: embed the standalone crypto module into vmlinux Jay Wang
2026-04-18 0:20 ` Jay Wang [this message]
2026-04-18 0:20 ` [PATCH v2 11/19] build: add CONFIG_DEBUG_INFO_BTF_MODULES support for the standalone crypto kernel module Jay Wang
2026-04-18 0:20 ` [PATCH v2 12/19] Allow selective crypto module loading at boot based on FIPS mode Jay Wang
2026-04-18 0:20 ` [PATCH v2 13/19] Execute crypto initcalls during module initialization Jay Wang
2026-04-18 0:20 ` [PATCH v2 14/19] crypto/algapi.c: skip crypto_check_module_sig() for the standalone crypto module Jay Wang
2026-04-18 0:20 ` [PATCH v2 15/19] crypto: fips140: add module integrity self-check Jay Wang
2026-04-18 0:20 ` [PATCH v2 16/19] crypto: convert exported symbols in architecture-independent crypto to pluggable symbols Jay Wang
2026-04-18 0:20 ` [PATCH v2 17/19] x86/crypto: convert exported symbols in x86 " Jay Wang
2026-04-18 0:20 ` [PATCH v2 18/19] arm64/crypto: convert exported symbols in arm64 " Jay Wang
2026-04-18 0:20 ` [PATCH v2 19/19] Add standalone crypto kernel module technical documentation Jay Wang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260418002032.2877-11-wanjay@amazon.com \
--to=wanjay@amazon.com \
--cc=abuehaze@amazon.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=benh@amazon.com \
--cc=bp@alien8.de \
--cc=catalin.marinas@arm.com \
--cc=da.gomez@kernel.org \
--cc=daniel@iogearbox.net \
--cc=dave.hansen@linux.intel.com \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=doebel@amazon.de \
--cc=dwmw2@infradead.org \
--cc=herbert@gondor.apana.org.au \
--cc=hpa@zytor.com \
--cc=ignat@linux.win \
--cc=ilya.okomin@oracle.com \
--cc=jarkko@kernel.org \
--cc=jay.wang.upstream@gmail.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-modules@vger.kernel.org \
--cc=lukas@wunner.de \
--cc=masahiroy@kernel.org \
--cc=mcgrof@kernel.org \
--cc=mingo@redhat.com \
--cc=mpohlack@amazon.de \
--cc=nathan@kernel.org \
--cc=nsc@kernel.org \
--cc=nstange@suse.de \
--cc=petr.pavlu@suse.com \
--cc=samitolvanen@google.com \
--cc=tglx@kernel.org \
--cc=vegard.nossum@oracle.com \
--cc=will@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox