* [PATCH v3 5/8] module: Move 'struct module_signature' to UAPI
From: Thomas Weißschuh @ 2026-03-05 9:31 UTC (permalink / raw)
To: David Howells, David Woodhouse, Luis Chamberlain, Petr Pavlu,
Daniel Gomez, Sami Tolvanen, Aaron Tomlin, Heiko Carstens,
Vasily Gorbik, Alexander Gordeev, Christian Borntraeger,
Sven Schnelle, Mimi Zohar, Roberto Sassu, Dmitry Kasatkin,
Eric Snowberg, Paul Moore, James Morris, Serge E. Hallyn,
Nathan Chancellor, Nicolas Schier, Alexei Starovoitov,
Daniel Borkmann, Andrii Nakryiko, Martin KaFai Lau,
Eduard Zingerman, Song Liu, Yonghong Song, John Fastabend,
KP Singh, Stanislav Fomichev, Hao Luo, Jiri Olsa, Shuah Khan
Cc: keyrings, linux-kernel, linux-modules, linux-s390,
linux-integrity, linux-security-module, linux-kbuild, bpf,
linux-kselftest, Thomas Weißschuh
In-Reply-To: <20260305-module-signature-uapi-v3-0-92f45ea6028c@linutronix.de>
This structure definition is used outside the kernel proper.
For example in kmod and the kernel build environment.
To allow reuse, move it to a new UAPI header.
While it is not a true UAPI, it is a common practice to have
non-UAPI interface definitions in the kernel's UAPI headers.
Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de>
Reviewed-by: Petr Pavlu <petr.pavlu@suse.com>
---
include/linux/module_signature.h | 28 +-----------------------
include/uapi/linux/module_signature.h | 41 +++++++++++++++++++++++++++++++++++
2 files changed, 42 insertions(+), 27 deletions(-)
diff --git a/include/linux/module_signature.h b/include/linux/module_signature.h
index 915549c779dc..db335d46787f 100644
--- a/include/linux/module_signature.h
+++ b/include/linux/module_signature.h
@@ -10,33 +10,7 @@
#define _LINUX_MODULE_SIGNATURE_H
#include <linux/types.h>
-
-/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */
-#define MODULE_SIGNATURE_MARKER "~Module signature appended~\n"
-
-enum module_signature_type {
- MODULE_SIGNATURE_TYPE_PKCS7 = 2, /* Signature in PKCS#7 message */
-};
-
-/*
- * Module signature information block.
- *
- * The constituents of the signature section are, in order:
- *
- * - Signer's name
- * - Key identifier
- * - Signature data
- * - Information block
- */
-struct module_signature {
- u8 algo; /* Public-key crypto algorithm [0] */
- u8 hash; /* Digest algorithm [0] */
- u8 id_type; /* Key identifier type [enum module_signature_type] */
- u8 signer_len; /* Length of signer's name [0] */
- u8 key_id_len; /* Length of key identifier [0] */
- u8 __pad[3];
- __be32 sig_len; /* Length of signature data */
-};
+#include <uapi/linux/module_signature.h>
int mod_check_sig(const struct module_signature *ms, size_t file_len,
const char *name);
diff --git a/include/uapi/linux/module_signature.h b/include/uapi/linux/module_signature.h
new file mode 100644
index 000000000000..634c9f1c8fc2
--- /dev/null
+++ b/include/uapi/linux/module_signature.h
@@ -0,0 +1,41 @@
+/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
+/*
+ * Module signature handling.
+ *
+ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ */
+
+#ifndef _UAPI_LINUX_MODULE_SIGNATURE_H
+#define _UAPI_LINUX_MODULE_SIGNATURE_H
+
+#include <linux/types.h>
+
+/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */
+#define MODULE_SIGNATURE_MARKER "~Module signature appended~\n"
+
+enum module_signature_type {
+ MODULE_SIGNATURE_TYPE_PKCS7 = 2, /* Signature in PKCS#7 message */
+};
+
+/*
+ * Module signature information block.
+ *
+ * The constituents of the signature section are, in order:
+ *
+ * - Signer's name
+ * - Key identifier
+ * - Signature data
+ * - Information block
+ */
+struct module_signature {
+ __u8 algo; /* Public-key crypto algorithm [0] */
+ __u8 hash; /* Digest algorithm [0] */
+ __u8 id_type; /* Key identifier type [enum module_signature_type] */
+ __u8 signer_len; /* Length of signer's name [0] */
+ __u8 key_id_len; /* Length of key identifier [0] */
+ __u8 __pad[3];
+ __be32 sig_len; /* Length of signature data */
+};
+
+#endif /* _UAPI_LINUX_MODULE_SIGNATURE_H */
--
2.53.0
^ permalink raw reply related
* [PATCH v3 6/8] tools uapi headers: add linux/module_signature.h
From: Thomas Weißschuh @ 2026-03-05 9:31 UTC (permalink / raw)
To: David Howells, David Woodhouse, Luis Chamberlain, Petr Pavlu,
Daniel Gomez, Sami Tolvanen, Aaron Tomlin, Heiko Carstens,
Vasily Gorbik, Alexander Gordeev, Christian Borntraeger,
Sven Schnelle, Mimi Zohar, Roberto Sassu, Dmitry Kasatkin,
Eric Snowberg, Paul Moore, James Morris, Serge E. Hallyn,
Nathan Chancellor, Nicolas Schier, Alexei Starovoitov,
Daniel Borkmann, Andrii Nakryiko, Martin KaFai Lau,
Eduard Zingerman, Song Liu, Yonghong Song, John Fastabend,
KP Singh, Stanislav Fomichev, Hao Luo, Jiri Olsa, Shuah Khan
Cc: keyrings, linux-kernel, linux-modules, linux-s390,
linux-integrity, linux-security-module, linux-kbuild, bpf,
linux-kselftest, Thomas Weißschuh
In-Reply-To: <20260305-module-signature-uapi-v3-0-92f45ea6028c@linutronix.de>
This header is going to be used from scripts/sign-file.
Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de>
Reviewed-by: Petr Pavlu <petr.pavlu@suse.com>
---
tools/include/uapi/linux/module_signature.h | 41 +++++++++++++++++++++++++++++
1 file changed, 41 insertions(+)
diff --git a/tools/include/uapi/linux/module_signature.h b/tools/include/uapi/linux/module_signature.h
new file mode 100644
index 000000000000..634c9f1c8fc2
--- /dev/null
+++ b/tools/include/uapi/linux/module_signature.h
@@ -0,0 +1,41 @@
+/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
+/*
+ * Module signature handling.
+ *
+ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ */
+
+#ifndef _UAPI_LINUX_MODULE_SIGNATURE_H
+#define _UAPI_LINUX_MODULE_SIGNATURE_H
+
+#include <linux/types.h>
+
+/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */
+#define MODULE_SIGNATURE_MARKER "~Module signature appended~\n"
+
+enum module_signature_type {
+ MODULE_SIGNATURE_TYPE_PKCS7 = 2, /* Signature in PKCS#7 message */
+};
+
+/*
+ * Module signature information block.
+ *
+ * The constituents of the signature section are, in order:
+ *
+ * - Signer's name
+ * - Key identifier
+ * - Signature data
+ * - Information block
+ */
+struct module_signature {
+ __u8 algo; /* Public-key crypto algorithm [0] */
+ __u8 hash; /* Digest algorithm [0] */
+ __u8 id_type; /* Key identifier type [enum module_signature_type] */
+ __u8 signer_len; /* Length of signer's name [0] */
+ __u8 key_id_len; /* Length of key identifier [0] */
+ __u8 __pad[3];
+ __be32 sig_len; /* Length of signature data */
+};
+
+#endif /* _UAPI_LINUX_MODULE_SIGNATURE_H */
--
2.53.0
^ permalink raw reply related
* [PATCH v3 4/8] module: Give MODULE_SIG_STRING a more descriptive name
From: Thomas Weißschuh @ 2026-03-05 9:31 UTC (permalink / raw)
To: David Howells, David Woodhouse, Luis Chamberlain, Petr Pavlu,
Daniel Gomez, Sami Tolvanen, Aaron Tomlin, Heiko Carstens,
Vasily Gorbik, Alexander Gordeev, Christian Borntraeger,
Sven Schnelle, Mimi Zohar, Roberto Sassu, Dmitry Kasatkin,
Eric Snowberg, Paul Moore, James Morris, Serge E. Hallyn,
Nathan Chancellor, Nicolas Schier, Alexei Starovoitov,
Daniel Borkmann, Andrii Nakryiko, Martin KaFai Lau,
Eduard Zingerman, Song Liu, Yonghong Song, John Fastabend,
KP Singh, Stanislav Fomichev, Hao Luo, Jiri Olsa, Shuah Khan
Cc: keyrings, linux-kernel, linux-modules, linux-s390,
linux-integrity, linux-security-module, linux-kbuild, bpf,
linux-kselftest, Thomas Weißschuh
In-Reply-To: <20260305-module-signature-uapi-v3-0-92f45ea6028c@linutronix.de>
The purpose of the constant it is not entirely clear from its name.
As this constant is going to be exposed in a UAPI header, give it a more
specific name for clarity. As all its users call it 'marker', use that
wording in the constant itself.
Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de>
Reviewed-by: Petr Pavlu <petr.pavlu@suse.com>
---
arch/s390/kernel/machine_kexec_file.c | 4 ++--
include/linux/module_signature.h | 2 +-
kernel/module/signing.c | 4 ++--
security/integrity/ima/ima_modsig.c | 6 +++---
4 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/arch/s390/kernel/machine_kexec_file.c b/arch/s390/kernel/machine_kexec_file.c
index 667ee9279e23..6f0852d5a3a9 100644
--- a/arch/s390/kernel/machine_kexec_file.c
+++ b/arch/s390/kernel/machine_kexec_file.c
@@ -28,7 +28,7 @@ const struct kexec_file_ops * const kexec_file_loaders[] = {
#ifdef CONFIG_KEXEC_SIG
int s390_verify_sig(const char *kernel, unsigned long kernel_len)
{
- const unsigned long marker_len = sizeof(MODULE_SIG_STRING) - 1;
+ const unsigned long marker_len = sizeof(MODULE_SIGNATURE_MARKER) - 1;
struct module_signature *ms;
unsigned long sig_len;
int ret;
@@ -40,7 +40,7 @@ int s390_verify_sig(const char *kernel, unsigned long kernel_len)
if (marker_len > kernel_len)
return -EKEYREJECTED;
- if (memcmp(kernel + kernel_len - marker_len, MODULE_SIG_STRING,
+ if (memcmp(kernel + kernel_len - marker_len, MODULE_SIGNATURE_MARKER,
marker_len))
return -EKEYREJECTED;
kernel_len -= marker_len;
diff --git a/include/linux/module_signature.h b/include/linux/module_signature.h
index c3a05d4cfe67..915549c779dc 100644
--- a/include/linux/module_signature.h
+++ b/include/linux/module_signature.h
@@ -12,7 +12,7 @@
#include <linux/types.h>
/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */
-#define MODULE_SIG_STRING "~Module signature appended~\n"
+#define MODULE_SIGNATURE_MARKER "~Module signature appended~\n"
enum module_signature_type {
MODULE_SIGNATURE_TYPE_PKCS7 = 2, /* Signature in PKCS#7 message */
diff --git a/kernel/module/signing.c b/kernel/module/signing.c
index a2ff4242e623..590ba29c85ab 100644
--- a/kernel/module/signing.c
+++ b/kernel/module/signing.c
@@ -70,7 +70,7 @@ int mod_verify_sig(const void *mod, struct load_info *info)
int module_sig_check(struct load_info *info, int flags)
{
int err = -ENODATA;
- const unsigned long markerlen = sizeof(MODULE_SIG_STRING) - 1;
+ const unsigned long markerlen = sizeof(MODULE_SIGNATURE_MARKER) - 1;
const char *reason;
const void *mod = info->hdr;
bool mangled_module = flags & (MODULE_INIT_IGNORE_MODVERSIONS |
@@ -81,7 +81,7 @@ int module_sig_check(struct load_info *info, int flags)
*/
if (!mangled_module &&
info->len > markerlen &&
- memcmp(mod + info->len - markerlen, MODULE_SIG_STRING, markerlen) == 0) {
+ memcmp(mod + info->len - markerlen, MODULE_SIGNATURE_MARKER, markerlen) == 0) {
/* We truncate the module to discard the signature */
info->len -= markerlen;
err = mod_verify_sig(mod, info);
diff --git a/security/integrity/ima/ima_modsig.c b/security/integrity/ima/ima_modsig.c
index 9aa92fd35a03..632c746fd81e 100644
--- a/security/integrity/ima/ima_modsig.c
+++ b/security/integrity/ima/ima_modsig.c
@@ -40,7 +40,7 @@ struct modsig {
int ima_read_modsig(enum ima_hooks func, const void *buf, loff_t buf_len,
struct modsig **modsig)
{
- const size_t marker_len = strlen(MODULE_SIG_STRING);
+ const size_t marker_len = strlen(MODULE_SIGNATURE_MARKER);
const struct module_signature *sig;
struct modsig *hdr;
size_t sig_len;
@@ -51,7 +51,7 @@ int ima_read_modsig(enum ima_hooks func, const void *buf, loff_t buf_len,
return -ENOENT;
p = buf + buf_len - marker_len;
- if (memcmp(p, MODULE_SIG_STRING, marker_len))
+ if (memcmp(p, MODULE_SIGNATURE_MARKER, marker_len))
return -ENOENT;
buf_len -= marker_len;
@@ -105,7 +105,7 @@ void ima_collect_modsig(struct modsig *modsig, const void *buf, loff_t size)
* Provide the file contents (minus the appended sig) so that the PKCS7
* code can calculate the file hash.
*/
- size -= modsig->raw_pkcs7_len + strlen(MODULE_SIG_STRING) +
+ size -= modsig->raw_pkcs7_len + strlen(MODULE_SIGNATURE_MARKER) +
sizeof(struct module_signature);
rc = pkcs7_supply_detached_data(modsig->pkcs7_msg, buf, size);
if (rc)
--
2.53.0
^ permalink raw reply related
* [PATCH v3 3/8] module: Give 'enum pkey_id_type' a more specific name
From: Thomas Weißschuh @ 2026-03-05 9:31 UTC (permalink / raw)
To: David Howells, David Woodhouse, Luis Chamberlain, Petr Pavlu,
Daniel Gomez, Sami Tolvanen, Aaron Tomlin, Heiko Carstens,
Vasily Gorbik, Alexander Gordeev, Christian Borntraeger,
Sven Schnelle, Mimi Zohar, Roberto Sassu, Dmitry Kasatkin,
Eric Snowberg, Paul Moore, James Morris, Serge E. Hallyn,
Nathan Chancellor, Nicolas Schier, Alexei Starovoitov,
Daniel Borkmann, Andrii Nakryiko, Martin KaFai Lau,
Eduard Zingerman, Song Liu, Yonghong Song, John Fastabend,
KP Singh, Stanislav Fomichev, Hao Luo, Jiri Olsa, Shuah Khan
Cc: keyrings, linux-kernel, linux-modules, linux-s390,
linux-integrity, linux-security-module, linux-kbuild, bpf,
linux-kselftest, Thomas Weißschuh
In-Reply-To: <20260305-module-signature-uapi-v3-0-92f45ea6028c@linutronix.de>
This enum originates in generic cryptographic code and has a very
generic name. Nowadays it is only used for module signatures.
As this enum is going to be exposed in a UAPI header, give it a more
specific name for clarity and consistency.
Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de>
Reviewed-by: Petr Pavlu <petr.pavlu@suse.com>
---
arch/s390/kernel/machine_kexec_file.c | 2 +-
include/linux/module_signature.h | 6 +++---
kernel/module_signature.c | 2 +-
3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/arch/s390/kernel/machine_kexec_file.c b/arch/s390/kernel/machine_kexec_file.c
index 1bf59c3f0e2b..667ee9279e23 100644
--- a/arch/s390/kernel/machine_kexec_file.c
+++ b/arch/s390/kernel/machine_kexec_file.c
@@ -53,7 +53,7 @@ int s390_verify_sig(const char *kernel, unsigned long kernel_len)
return -EKEYREJECTED;
kernel_len -= sig_len;
- if (ms->id_type != PKEY_ID_PKCS7)
+ if (ms->id_type != MODULE_SIGNATURE_TYPE_PKCS7)
return -EKEYREJECTED;
if (ms->algo != 0 ||
diff --git a/include/linux/module_signature.h b/include/linux/module_signature.h
index 820cc1473383..c3a05d4cfe67 100644
--- a/include/linux/module_signature.h
+++ b/include/linux/module_signature.h
@@ -14,8 +14,8 @@
/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */
#define MODULE_SIG_STRING "~Module signature appended~\n"
-enum pkey_id_type {
- PKEY_ID_PKCS7 = 2, /* Signature in PKCS#7 message */
+enum module_signature_type {
+ MODULE_SIGNATURE_TYPE_PKCS7 = 2, /* Signature in PKCS#7 message */
};
/*
@@ -31,7 +31,7 @@ enum pkey_id_type {
struct module_signature {
u8 algo; /* Public-key crypto algorithm [0] */
u8 hash; /* Digest algorithm [0] */
- u8 id_type; /* Key identifier type [PKEY_ID_PKCS7] */
+ u8 id_type; /* Key identifier type [enum module_signature_type] */
u8 signer_len; /* Length of signer's name [0] */
u8 key_id_len; /* Length of key identifier [0] */
u8 __pad[3];
diff --git a/kernel/module_signature.c b/kernel/module_signature.c
index 00132d12487c..a0eee2fe4368 100644
--- a/kernel/module_signature.c
+++ b/kernel/module_signature.c
@@ -24,7 +24,7 @@ int mod_check_sig(const struct module_signature *ms, size_t file_len,
if (be32_to_cpu(ms->sig_len) >= file_len - sizeof(*ms))
return -EBADMSG;
- if (ms->id_type != PKEY_ID_PKCS7) {
+ if (ms->id_type != MODULE_SIGNATURE_TYPE_PKCS7) {
pr_err("%s: not signed with expected PKCS#7 message\n",
name);
return -ENOPKG;
--
2.53.0
^ permalink raw reply related
* [PATCH v3 2/8] module: Drop unused signature types
From: Thomas Weißschuh @ 2026-03-05 9:31 UTC (permalink / raw)
To: David Howells, David Woodhouse, Luis Chamberlain, Petr Pavlu,
Daniel Gomez, Sami Tolvanen, Aaron Tomlin, Heiko Carstens,
Vasily Gorbik, Alexander Gordeev, Christian Borntraeger,
Sven Schnelle, Mimi Zohar, Roberto Sassu, Dmitry Kasatkin,
Eric Snowberg, Paul Moore, James Morris, Serge E. Hallyn,
Nathan Chancellor, Nicolas Schier, Alexei Starovoitov,
Daniel Borkmann, Andrii Nakryiko, Martin KaFai Lau,
Eduard Zingerman, Song Liu, Yonghong Song, John Fastabend,
KP Singh, Stanislav Fomichev, Hao Luo, Jiri Olsa, Shuah Khan
Cc: keyrings, linux-kernel, linux-modules, linux-s390,
linux-integrity, linux-security-module, linux-kbuild, bpf,
linux-kselftest, Thomas Weißschuh
In-Reply-To: <20260305-module-signature-uapi-v3-0-92f45ea6028c@linutronix.de>
Only PKCS#7 signatures are used today.
Remove the unused enum values. As this enum is used in on-disk data,
preserve the numeric value.
Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de>
Reviewed-by: Petr Pavlu <petr.pavlu@suse.com>
---
include/linux/module_signature.h | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/include/linux/module_signature.h b/include/linux/module_signature.h
index 7eb4b00381ac..820cc1473383 100644
--- a/include/linux/module_signature.h
+++ b/include/linux/module_signature.h
@@ -15,9 +15,7 @@
#define MODULE_SIG_STRING "~Module signature appended~\n"
enum pkey_id_type {
- PKEY_ID_PGP, /* OpenPGP generated key ID */
- PKEY_ID_X509, /* X.509 arbitrary subjectKeyIdentifier */
- PKEY_ID_PKCS7, /* Signature in PKCS#7 message */
+ PKEY_ID_PKCS7 = 2, /* Signature in PKCS#7 message */
};
/*
--
2.53.0
^ permalink raw reply related
* [PATCH v3 1/8] extract-cert: drop unused definition of PKEY_ID_PKCS7
From: Thomas Weißschuh @ 2026-03-05 9:31 UTC (permalink / raw)
To: David Howells, David Woodhouse, Luis Chamberlain, Petr Pavlu,
Daniel Gomez, Sami Tolvanen, Aaron Tomlin, Heiko Carstens,
Vasily Gorbik, Alexander Gordeev, Christian Borntraeger,
Sven Schnelle, Mimi Zohar, Roberto Sassu, Dmitry Kasatkin,
Eric Snowberg, Paul Moore, James Morris, Serge E. Hallyn,
Nathan Chancellor, Nicolas Schier, Alexei Starovoitov,
Daniel Borkmann, Andrii Nakryiko, Martin KaFai Lau,
Eduard Zingerman, Song Liu, Yonghong Song, John Fastabend,
KP Singh, Stanislav Fomichev, Hao Luo, Jiri Olsa, Shuah Khan
Cc: keyrings, linux-kernel, linux-modules, linux-s390,
linux-integrity, linux-security-module, linux-kbuild, bpf,
linux-kselftest, Thomas Weißschuh
In-Reply-To: <20260305-module-signature-uapi-v3-0-92f45ea6028c@linutronix.de>
This definition duplicates a definition from an internal kernel header
which is going to be renamed.
To get rid of an instance of the old name, drop the definition.
Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de>
Reviewed-by: Petr Pavlu <petr.pavlu@suse.com>
---
| 2 --
1 file changed, 2 deletions(-)
--git a/certs/extract-cert.c b/certs/extract-cert.c
index 7d6d468ed612..8c762f908443 100644
--- a/certs/extract-cert.c
+++ b/certs/extract-cert.c
@@ -33,8 +33,6 @@
#endif
#include "ssl-common.h"
-#define PKEY_ID_PKCS7 2
-
static __attribute__((noreturn))
void format(void)
{
--
2.53.0
^ permalink raw reply related
* [PATCH v3 0/8] module: Move 'struct module_signature' to UAPI
From: Thomas Weißschuh @ 2026-03-05 9:31 UTC (permalink / raw)
To: David Howells, David Woodhouse, Luis Chamberlain, Petr Pavlu,
Daniel Gomez, Sami Tolvanen, Aaron Tomlin, Heiko Carstens,
Vasily Gorbik, Alexander Gordeev, Christian Borntraeger,
Sven Schnelle, Mimi Zohar, Roberto Sassu, Dmitry Kasatkin,
Eric Snowberg, Paul Moore, James Morris, Serge E. Hallyn,
Nathan Chancellor, Nicolas Schier, Alexei Starovoitov,
Daniel Borkmann, Andrii Nakryiko, Martin KaFai Lau,
Eduard Zingerman, Song Liu, Yonghong Song, John Fastabend,
KP Singh, Stanislav Fomichev, Hao Luo, Jiri Olsa, Shuah Khan
Cc: keyrings, linux-kernel, linux-modules, linux-s390,
linux-integrity, linux-security-module, linux-kbuild, bpf,
linux-kselftest, Thomas Weißschuh
This structure definition is used outside the kernel proper.
For example in kmod and the kernel build environment.
To allow reuse, move it to a new UAPI header.
While it is not a true UAPI, it is a common practice to have
non-UAPI interface definitions in the kernel's UAPI headers.
This came up as part of my CONFIG_MODULE_HASHES series [0].
But it is useful on its own and so we get it out of the way.
[0] https://lore.kernel.org/lkml/aZ3OfJJSJgfOb0rJ@levanger/
Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de>
---
Changes in v3:
- Also adapt the include path for the custom sign-file rule in the bpf selftests.
(My manual run of BPF CI still fails, due to an BUG() on s390,
I don't see how this is due to this patch)
- Link to v2: https://lore.kernel.org/r/20260305-module-signature-uapi-v2-0-dc4d81129dee@linutronix.de
Changes in v2:
- Drop spurious definition of MODULE_SIGNATURE_TYPE_MERKLE.
- s/modules/module/ in two patch subjects.
- Pick up review tags.
- Link to v1: https://lore.kernel.org/r/20260302-module-signature-uapi-v1-0-207d955e0d69@linutronix.de
---
Thomas Weißschuh (8):
extract-cert: drop unused definition of PKEY_ID_PKCS7
module: Drop unused signature types
module: Give 'enum pkey_id_type' a more specific name
module: Give MODULE_SIG_STRING a more descriptive name
module: Move 'struct module_signature' to UAPI
tools uapi headers: add linux/module_signature.h
sign-file: use 'struct module_signature' from the UAPI headers
selftests/bpf: verify_pkcs7_sig: Use 'struct module_signature' from the UAPI headers
arch/s390/kernel/machine_kexec_file.c | 6 ++--
certs/extract-cert.c | 2 --
include/linux/module_signature.h | 30 +---------------
include/uapi/linux/module_signature.h | 41 ++++++++++++++++++++++
kernel/module/signing.c | 4 +--
kernel/module_signature.c | 2 +-
scripts/Makefile | 1 +
scripts/sign-file.c | 19 +++-------
security/integrity/ima/ima_modsig.c | 6 ++--
tools/include/uapi/linux/module_signature.h | 41 ++++++++++++++++++++++
tools/testing/selftests/bpf/Makefile | 1 +
.../selftests/bpf/prog_tests/verify_pkcs7_sig.c | 28 ++-------------
12 files changed, 101 insertions(+), 80 deletions(-)
---
base-commit: 6de23f81a5e08be8fbf5e8d7e9febc72a5b5f27f
change-id: 20260302-module-signature-uapi-61fa80b1e2bb
Best regards,
--
Thomas Weißschuh <thomas.weissschuh@linutronix.de>
^ permalink raw reply
* [PATCH v2 8/8] selftests/bpf: verify_pkcs7_sig: Use 'struct module_signature' from the UAPI headers
From: Thomas Weißschuh @ 2026-03-05 7:11 UTC (permalink / raw)
To: David Howells, David Woodhouse, Luis Chamberlain, Petr Pavlu,
Daniel Gomez, Sami Tolvanen, Aaron Tomlin, Heiko Carstens,
Vasily Gorbik, Alexander Gordeev, Christian Borntraeger,
Sven Schnelle, Mimi Zohar, Roberto Sassu, Dmitry Kasatkin,
Eric Snowberg, Paul Moore, James Morris, Serge E. Hallyn,
Nathan Chancellor, Nicolas Schier, Alexei Starovoitov,
Daniel Borkmann, Andrii Nakryiko, Martin KaFai Lau,
Eduard Zingerman, Song Liu, Yonghong Song, John Fastabend,
KP Singh, Stanislav Fomichev, Hao Luo, Jiri Olsa, Shuah Khan
Cc: keyrings, linux-kernel, linux-modules, linux-s390,
linux-integrity, linux-security-module, linux-kbuild, bpf,
linux-kselftest, Thomas Weißschuh
In-Reply-To: <20260305-module-signature-uapi-v2-0-dc4d81129dee@linutronix.de>
Now that the UAPI headers provide the required definitions, use those.
Some symbols have been renamed, adapt to those.
Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de>
Reviewed-by: Petr Pavlu <petr.pavlu@suse.com>
---
.../selftests/bpf/prog_tests/verify_pkcs7_sig.c | 28 +++-------------------
1 file changed, 3 insertions(+), 25 deletions(-)
diff --git a/tools/testing/selftests/bpf/prog_tests/verify_pkcs7_sig.c b/tools/testing/selftests/bpf/prog_tests/verify_pkcs7_sig.c
index 4d69d9d55e17..f327feb8e38c 100644
--- a/tools/testing/selftests/bpf/prog_tests/verify_pkcs7_sig.c
+++ b/tools/testing/selftests/bpf/prog_tests/verify_pkcs7_sig.c
@@ -18,6 +18,7 @@
#include <linux/keyctl.h>
#include <sys/xattr.h>
#include <linux/fsverity.h>
+#include <linux/module_signature.h>
#include <test_progs.h>
#include "test_verify_pkcs7_sig.skel.h"
@@ -33,29 +34,6 @@
#define SHA256_DIGEST_SIZE 32
#endif
-/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */
-#define MODULE_SIG_STRING "~Module signature appended~\n"
-
-/*
- * Module signature information block.
- *
- * The constituents of the signature section are, in order:
- *
- * - Signer's name
- * - Key identifier
- * - Signature data
- * - Information block
- */
-struct module_signature {
- __u8 algo; /* Public-key crypto algorithm [0] */
- __u8 hash; /* Digest algorithm [0] */
- __u8 id_type; /* Key identifier type [PKEY_ID_PKCS7] */
- __u8 signer_len; /* Length of signer's name [0] */
- __u8 key_id_len; /* Length of key identifier [0] */
- __u8 __pad[3];
- __be32 sig_len; /* Length of signature data */
-};
-
struct data {
__u8 data[MAX_DATA_SIZE];
__u32 data_len;
@@ -215,7 +193,7 @@ static int populate_data_item_mod(struct data *data_item)
return 0;
modlen = st.st_size;
- marker_len = sizeof(MODULE_SIG_STRING) - 1;
+ marker_len = sizeof(MODULE_SIGNATURE_MARKER) - 1;
fd = open(mod_path, O_RDONLY);
if (fd == -1)
@@ -228,7 +206,7 @@ static int populate_data_item_mod(struct data *data_item)
if (mod == MAP_FAILED)
return -errno;
- if (strncmp(mod + modlen - marker_len, MODULE_SIG_STRING, marker_len)) {
+ if (strncmp(mod + modlen - marker_len, MODULE_SIGNATURE_MARKER, marker_len)) {
ret = -EINVAL;
goto out;
}
--
2.53.0
^ permalink raw reply related
* [PATCH v2 7/8] sign-file: use 'struct module_signature' from the UAPI headers
From: Thomas Weißschuh @ 2026-03-05 7:11 UTC (permalink / raw)
To: David Howells, David Woodhouse, Luis Chamberlain, Petr Pavlu,
Daniel Gomez, Sami Tolvanen, Aaron Tomlin, Heiko Carstens,
Vasily Gorbik, Alexander Gordeev, Christian Borntraeger,
Sven Schnelle, Mimi Zohar, Roberto Sassu, Dmitry Kasatkin,
Eric Snowberg, Paul Moore, James Morris, Serge E. Hallyn,
Nathan Chancellor, Nicolas Schier, Alexei Starovoitov,
Daniel Borkmann, Andrii Nakryiko, Martin KaFai Lau,
Eduard Zingerman, Song Liu, Yonghong Song, John Fastabend,
KP Singh, Stanislav Fomichev, Hao Luo, Jiri Olsa, Shuah Khan
Cc: keyrings, linux-kernel, linux-modules, linux-s390,
linux-integrity, linux-security-module, linux-kbuild, bpf,
linux-kselftest, Thomas Weißschuh
In-Reply-To: <20260305-module-signature-uapi-v2-0-dc4d81129dee@linutronix.de>
Now that the UAPI headers provide the required definitions, use those.
Some symbols have been renamed, adapt to those.
Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de>
Reviewed-by: Petr Pavlu <petr.pavlu@suse.com>
---
scripts/Makefile | 1 +
scripts/sign-file.c | 19 ++++---------------
2 files changed, 5 insertions(+), 15 deletions(-)
diff --git a/scripts/Makefile b/scripts/Makefile
index 0941e5ce7b57..3434a82a119f 100644
--- a/scripts/Makefile
+++ b/scripts/Makefile
@@ -35,6 +35,7 @@ HOSTCFLAGS_sorttable.o = -I$(srctree)/tools/include
HOSTLDLIBS_sorttable = -lpthread
HOSTCFLAGS_asn1_compiler.o = -I$(srctree)/include
HOSTCFLAGS_sign-file.o = $(shell $(HOSTPKG_CONFIG) --cflags libcrypto 2> /dev/null)
+HOSTCFLAGS_sign-file.o += -I$(srctree)/tools/include/uapi/
HOSTLDLIBS_sign-file = $(shell $(HOSTPKG_CONFIG) --libs libcrypto 2> /dev/null || echo -lcrypto)
ifdef CONFIG_UNWINDER_ORC
diff --git a/scripts/sign-file.c b/scripts/sign-file.c
index 73fbefd2e540..86b010ac1514 100644
--- a/scripts/sign-file.c
+++ b/scripts/sign-file.c
@@ -40,19 +40,7 @@
#endif
#include "ssl-common.h"
-struct module_signature {
- uint8_t algo; /* Public-key crypto algorithm [0] */
- uint8_t hash; /* Digest algorithm [0] */
- uint8_t id_type; /* Key identifier type [PKEY_ID_PKCS7] */
- uint8_t signer_len; /* Length of signer's name [0] */
- uint8_t key_id_len; /* Length of key identifier [0] */
- uint8_t __pad[3];
- uint32_t sig_len; /* Length of signature data */
-};
-
-#define PKEY_ID_PKCS7 2
-
-static char magic_number[] = "~Module signature appended~\n";
+#include <linux/module_signature.h>
static __attribute__((noreturn))
void format(void)
@@ -197,7 +185,7 @@ static X509 *read_x509(const char *x509_name)
int main(int argc, char **argv)
{
- struct module_signature sig_info = { .id_type = PKEY_ID_PKCS7 };
+ struct module_signature sig_info = { .id_type = MODULE_SIGNATURE_TYPE_PKCS7 };
char *hash_algo = NULL;
char *private_key_name = NULL, *raw_sig_name = NULL;
char *x509_name, *module_name, *dest_name;
@@ -357,7 +345,8 @@ int main(int argc, char **argv)
sig_size = BIO_number_written(bd) - module_size;
sig_info.sig_len = htonl(sig_size);
ERR(BIO_write(bd, &sig_info, sizeof(sig_info)) < 0, "%s", dest_name);
- ERR(BIO_write(bd, magic_number, sizeof(magic_number) - 1) < 0, "%s", dest_name);
+ ERR(BIO_write(bd, MODULE_SIGNATURE_MARKER, sizeof(MODULE_SIGNATURE_MARKER) - 1) < 0,
+ "%s", dest_name);
ERR(BIO_free(bd) != 1, "%s", dest_name);
--
2.53.0
^ permalink raw reply related
* [PATCH v2 5/8] module: Move 'struct module_signature' to UAPI
From: Thomas Weißschuh @ 2026-03-05 7:11 UTC (permalink / raw)
To: David Howells, David Woodhouse, Luis Chamberlain, Petr Pavlu,
Daniel Gomez, Sami Tolvanen, Aaron Tomlin, Heiko Carstens,
Vasily Gorbik, Alexander Gordeev, Christian Borntraeger,
Sven Schnelle, Mimi Zohar, Roberto Sassu, Dmitry Kasatkin,
Eric Snowberg, Paul Moore, James Morris, Serge E. Hallyn,
Nathan Chancellor, Nicolas Schier, Alexei Starovoitov,
Daniel Borkmann, Andrii Nakryiko, Martin KaFai Lau,
Eduard Zingerman, Song Liu, Yonghong Song, John Fastabend,
KP Singh, Stanislav Fomichev, Hao Luo, Jiri Olsa, Shuah Khan
Cc: keyrings, linux-kernel, linux-modules, linux-s390,
linux-integrity, linux-security-module, linux-kbuild, bpf,
linux-kselftest, Thomas Weißschuh
In-Reply-To: <20260305-module-signature-uapi-v2-0-dc4d81129dee@linutronix.de>
This structure definition is used outside the kernel proper.
For example in kmod and the kernel build environment.
To allow reuse, move it to a new UAPI header.
While it is not a true UAPI, it is a common practice to have
non-UAPI interface definitions in the kernel's UAPI headers.
Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de>
Reviewed-by: Petr Pavlu <petr.pavlu@suse.com>
---
include/linux/module_signature.h | 28 +-----------------------
include/uapi/linux/module_signature.h | 41 +++++++++++++++++++++++++++++++++++
2 files changed, 42 insertions(+), 27 deletions(-)
diff --git a/include/linux/module_signature.h b/include/linux/module_signature.h
index 915549c779dc..db335d46787f 100644
--- a/include/linux/module_signature.h
+++ b/include/linux/module_signature.h
@@ -10,33 +10,7 @@
#define _LINUX_MODULE_SIGNATURE_H
#include <linux/types.h>
-
-/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */
-#define MODULE_SIGNATURE_MARKER "~Module signature appended~\n"
-
-enum module_signature_type {
- MODULE_SIGNATURE_TYPE_PKCS7 = 2, /* Signature in PKCS#7 message */
-};
-
-/*
- * Module signature information block.
- *
- * The constituents of the signature section are, in order:
- *
- * - Signer's name
- * - Key identifier
- * - Signature data
- * - Information block
- */
-struct module_signature {
- u8 algo; /* Public-key crypto algorithm [0] */
- u8 hash; /* Digest algorithm [0] */
- u8 id_type; /* Key identifier type [enum module_signature_type] */
- u8 signer_len; /* Length of signer's name [0] */
- u8 key_id_len; /* Length of key identifier [0] */
- u8 __pad[3];
- __be32 sig_len; /* Length of signature data */
-};
+#include <uapi/linux/module_signature.h>
int mod_check_sig(const struct module_signature *ms, size_t file_len,
const char *name);
diff --git a/include/uapi/linux/module_signature.h b/include/uapi/linux/module_signature.h
new file mode 100644
index 000000000000..634c9f1c8fc2
--- /dev/null
+++ b/include/uapi/linux/module_signature.h
@@ -0,0 +1,41 @@
+/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
+/*
+ * Module signature handling.
+ *
+ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ */
+
+#ifndef _UAPI_LINUX_MODULE_SIGNATURE_H
+#define _UAPI_LINUX_MODULE_SIGNATURE_H
+
+#include <linux/types.h>
+
+/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */
+#define MODULE_SIGNATURE_MARKER "~Module signature appended~\n"
+
+enum module_signature_type {
+ MODULE_SIGNATURE_TYPE_PKCS7 = 2, /* Signature in PKCS#7 message */
+};
+
+/*
+ * Module signature information block.
+ *
+ * The constituents of the signature section are, in order:
+ *
+ * - Signer's name
+ * - Key identifier
+ * - Signature data
+ * - Information block
+ */
+struct module_signature {
+ __u8 algo; /* Public-key crypto algorithm [0] */
+ __u8 hash; /* Digest algorithm [0] */
+ __u8 id_type; /* Key identifier type [enum module_signature_type] */
+ __u8 signer_len; /* Length of signer's name [0] */
+ __u8 key_id_len; /* Length of key identifier [0] */
+ __u8 __pad[3];
+ __be32 sig_len; /* Length of signature data */
+};
+
+#endif /* _UAPI_LINUX_MODULE_SIGNATURE_H */
--
2.53.0
^ permalink raw reply related
* [PATCH v2 6/8] tools uapi headers: add linux/module_signature.h
From: Thomas Weißschuh @ 2026-03-05 7:11 UTC (permalink / raw)
To: David Howells, David Woodhouse, Luis Chamberlain, Petr Pavlu,
Daniel Gomez, Sami Tolvanen, Aaron Tomlin, Heiko Carstens,
Vasily Gorbik, Alexander Gordeev, Christian Borntraeger,
Sven Schnelle, Mimi Zohar, Roberto Sassu, Dmitry Kasatkin,
Eric Snowberg, Paul Moore, James Morris, Serge E. Hallyn,
Nathan Chancellor, Nicolas Schier, Alexei Starovoitov,
Daniel Borkmann, Andrii Nakryiko, Martin KaFai Lau,
Eduard Zingerman, Song Liu, Yonghong Song, John Fastabend,
KP Singh, Stanislav Fomichev, Hao Luo, Jiri Olsa, Shuah Khan
Cc: keyrings, linux-kernel, linux-modules, linux-s390,
linux-integrity, linux-security-module, linux-kbuild, bpf,
linux-kselftest, Thomas Weißschuh
In-Reply-To: <20260305-module-signature-uapi-v2-0-dc4d81129dee@linutronix.de>
This header is going to be used from scripts/sign-file.
Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de>
Reviewed-by: Petr Pavlu <petr.pavlu@suse.com>
---
tools/include/uapi/linux/module_signature.h | 41 +++++++++++++++++++++++++++++
1 file changed, 41 insertions(+)
diff --git a/tools/include/uapi/linux/module_signature.h b/tools/include/uapi/linux/module_signature.h
new file mode 100644
index 000000000000..634c9f1c8fc2
--- /dev/null
+++ b/tools/include/uapi/linux/module_signature.h
@@ -0,0 +1,41 @@
+/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
+/*
+ * Module signature handling.
+ *
+ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ */
+
+#ifndef _UAPI_LINUX_MODULE_SIGNATURE_H
+#define _UAPI_LINUX_MODULE_SIGNATURE_H
+
+#include <linux/types.h>
+
+/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */
+#define MODULE_SIGNATURE_MARKER "~Module signature appended~\n"
+
+enum module_signature_type {
+ MODULE_SIGNATURE_TYPE_PKCS7 = 2, /* Signature in PKCS#7 message */
+};
+
+/*
+ * Module signature information block.
+ *
+ * The constituents of the signature section are, in order:
+ *
+ * - Signer's name
+ * - Key identifier
+ * - Signature data
+ * - Information block
+ */
+struct module_signature {
+ __u8 algo; /* Public-key crypto algorithm [0] */
+ __u8 hash; /* Digest algorithm [0] */
+ __u8 id_type; /* Key identifier type [enum module_signature_type] */
+ __u8 signer_len; /* Length of signer's name [0] */
+ __u8 key_id_len; /* Length of key identifier [0] */
+ __u8 __pad[3];
+ __be32 sig_len; /* Length of signature data */
+};
+
+#endif /* _UAPI_LINUX_MODULE_SIGNATURE_H */
--
2.53.0
^ permalink raw reply related
* [PATCH v2 4/8] module: Give MODULE_SIG_STRING a more descriptive name
From: Thomas Weißschuh @ 2026-03-05 7:11 UTC (permalink / raw)
To: David Howells, David Woodhouse, Luis Chamberlain, Petr Pavlu,
Daniel Gomez, Sami Tolvanen, Aaron Tomlin, Heiko Carstens,
Vasily Gorbik, Alexander Gordeev, Christian Borntraeger,
Sven Schnelle, Mimi Zohar, Roberto Sassu, Dmitry Kasatkin,
Eric Snowberg, Paul Moore, James Morris, Serge E. Hallyn,
Nathan Chancellor, Nicolas Schier, Alexei Starovoitov,
Daniel Borkmann, Andrii Nakryiko, Martin KaFai Lau,
Eduard Zingerman, Song Liu, Yonghong Song, John Fastabend,
KP Singh, Stanislav Fomichev, Hao Luo, Jiri Olsa, Shuah Khan
Cc: keyrings, linux-kernel, linux-modules, linux-s390,
linux-integrity, linux-security-module, linux-kbuild, bpf,
linux-kselftest, Thomas Weißschuh
In-Reply-To: <20260305-module-signature-uapi-v2-0-dc4d81129dee@linutronix.de>
The purpose of the constant it is not entirely clear from its name.
As this constant is going to be exposed in a UAPI header, give it a more
specific name for clarity. As all its users call it 'marker', use that
wording in the constant itself.
Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de>
Reviewed-by: Petr Pavlu <petr.pavlu@suse.com>
---
arch/s390/kernel/machine_kexec_file.c | 4 ++--
include/linux/module_signature.h | 2 +-
kernel/module/signing.c | 4 ++--
security/integrity/ima/ima_modsig.c | 6 +++---
4 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/arch/s390/kernel/machine_kexec_file.c b/arch/s390/kernel/machine_kexec_file.c
index 667ee9279e23..6f0852d5a3a9 100644
--- a/arch/s390/kernel/machine_kexec_file.c
+++ b/arch/s390/kernel/machine_kexec_file.c
@@ -28,7 +28,7 @@ const struct kexec_file_ops * const kexec_file_loaders[] = {
#ifdef CONFIG_KEXEC_SIG
int s390_verify_sig(const char *kernel, unsigned long kernel_len)
{
- const unsigned long marker_len = sizeof(MODULE_SIG_STRING) - 1;
+ const unsigned long marker_len = sizeof(MODULE_SIGNATURE_MARKER) - 1;
struct module_signature *ms;
unsigned long sig_len;
int ret;
@@ -40,7 +40,7 @@ int s390_verify_sig(const char *kernel, unsigned long kernel_len)
if (marker_len > kernel_len)
return -EKEYREJECTED;
- if (memcmp(kernel + kernel_len - marker_len, MODULE_SIG_STRING,
+ if (memcmp(kernel + kernel_len - marker_len, MODULE_SIGNATURE_MARKER,
marker_len))
return -EKEYREJECTED;
kernel_len -= marker_len;
diff --git a/include/linux/module_signature.h b/include/linux/module_signature.h
index c3a05d4cfe67..915549c779dc 100644
--- a/include/linux/module_signature.h
+++ b/include/linux/module_signature.h
@@ -12,7 +12,7 @@
#include <linux/types.h>
/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */
-#define MODULE_SIG_STRING "~Module signature appended~\n"
+#define MODULE_SIGNATURE_MARKER "~Module signature appended~\n"
enum module_signature_type {
MODULE_SIGNATURE_TYPE_PKCS7 = 2, /* Signature in PKCS#7 message */
diff --git a/kernel/module/signing.c b/kernel/module/signing.c
index a2ff4242e623..590ba29c85ab 100644
--- a/kernel/module/signing.c
+++ b/kernel/module/signing.c
@@ -70,7 +70,7 @@ int mod_verify_sig(const void *mod, struct load_info *info)
int module_sig_check(struct load_info *info, int flags)
{
int err = -ENODATA;
- const unsigned long markerlen = sizeof(MODULE_SIG_STRING) - 1;
+ const unsigned long markerlen = sizeof(MODULE_SIGNATURE_MARKER) - 1;
const char *reason;
const void *mod = info->hdr;
bool mangled_module = flags & (MODULE_INIT_IGNORE_MODVERSIONS |
@@ -81,7 +81,7 @@ int module_sig_check(struct load_info *info, int flags)
*/
if (!mangled_module &&
info->len > markerlen &&
- memcmp(mod + info->len - markerlen, MODULE_SIG_STRING, markerlen) == 0) {
+ memcmp(mod + info->len - markerlen, MODULE_SIGNATURE_MARKER, markerlen) == 0) {
/* We truncate the module to discard the signature */
info->len -= markerlen;
err = mod_verify_sig(mod, info);
diff --git a/security/integrity/ima/ima_modsig.c b/security/integrity/ima/ima_modsig.c
index 9aa92fd35a03..632c746fd81e 100644
--- a/security/integrity/ima/ima_modsig.c
+++ b/security/integrity/ima/ima_modsig.c
@@ -40,7 +40,7 @@ struct modsig {
int ima_read_modsig(enum ima_hooks func, const void *buf, loff_t buf_len,
struct modsig **modsig)
{
- const size_t marker_len = strlen(MODULE_SIG_STRING);
+ const size_t marker_len = strlen(MODULE_SIGNATURE_MARKER);
const struct module_signature *sig;
struct modsig *hdr;
size_t sig_len;
@@ -51,7 +51,7 @@ int ima_read_modsig(enum ima_hooks func, const void *buf, loff_t buf_len,
return -ENOENT;
p = buf + buf_len - marker_len;
- if (memcmp(p, MODULE_SIG_STRING, marker_len))
+ if (memcmp(p, MODULE_SIGNATURE_MARKER, marker_len))
return -ENOENT;
buf_len -= marker_len;
@@ -105,7 +105,7 @@ void ima_collect_modsig(struct modsig *modsig, const void *buf, loff_t size)
* Provide the file contents (minus the appended sig) so that the PKCS7
* code can calculate the file hash.
*/
- size -= modsig->raw_pkcs7_len + strlen(MODULE_SIG_STRING) +
+ size -= modsig->raw_pkcs7_len + strlen(MODULE_SIGNATURE_MARKER) +
sizeof(struct module_signature);
rc = pkcs7_supply_detached_data(modsig->pkcs7_msg, buf, size);
if (rc)
--
2.53.0
^ permalink raw reply related
* [PATCH v2 3/8] module: Give 'enum pkey_id_type' a more specific name
From: Thomas Weißschuh @ 2026-03-05 7:11 UTC (permalink / raw)
To: David Howells, David Woodhouse, Luis Chamberlain, Petr Pavlu,
Daniel Gomez, Sami Tolvanen, Aaron Tomlin, Heiko Carstens,
Vasily Gorbik, Alexander Gordeev, Christian Borntraeger,
Sven Schnelle, Mimi Zohar, Roberto Sassu, Dmitry Kasatkin,
Eric Snowberg, Paul Moore, James Morris, Serge E. Hallyn,
Nathan Chancellor, Nicolas Schier, Alexei Starovoitov,
Daniel Borkmann, Andrii Nakryiko, Martin KaFai Lau,
Eduard Zingerman, Song Liu, Yonghong Song, John Fastabend,
KP Singh, Stanislav Fomichev, Hao Luo, Jiri Olsa, Shuah Khan
Cc: keyrings, linux-kernel, linux-modules, linux-s390,
linux-integrity, linux-security-module, linux-kbuild, bpf,
linux-kselftest, Thomas Weißschuh
In-Reply-To: <20260305-module-signature-uapi-v2-0-dc4d81129dee@linutronix.de>
This enum originates in generic cryptographic code and has a very
generic name. Nowadays it is only used for module signatures.
As this enum is going to be exposed in a UAPI header, give it a more
specific name for clarity and consistency.
Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de>
Reviewed-by: Petr Pavlu <petr.pavlu@suse.com>
---
arch/s390/kernel/machine_kexec_file.c | 2 +-
include/linux/module_signature.h | 6 +++---
kernel/module_signature.c | 2 +-
3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/arch/s390/kernel/machine_kexec_file.c b/arch/s390/kernel/machine_kexec_file.c
index 1bf59c3f0e2b..667ee9279e23 100644
--- a/arch/s390/kernel/machine_kexec_file.c
+++ b/arch/s390/kernel/machine_kexec_file.c
@@ -53,7 +53,7 @@ int s390_verify_sig(const char *kernel, unsigned long kernel_len)
return -EKEYREJECTED;
kernel_len -= sig_len;
- if (ms->id_type != PKEY_ID_PKCS7)
+ if (ms->id_type != MODULE_SIGNATURE_TYPE_PKCS7)
return -EKEYREJECTED;
if (ms->algo != 0 ||
diff --git a/include/linux/module_signature.h b/include/linux/module_signature.h
index 820cc1473383..c3a05d4cfe67 100644
--- a/include/linux/module_signature.h
+++ b/include/linux/module_signature.h
@@ -14,8 +14,8 @@
/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */
#define MODULE_SIG_STRING "~Module signature appended~\n"
-enum pkey_id_type {
- PKEY_ID_PKCS7 = 2, /* Signature in PKCS#7 message */
+enum module_signature_type {
+ MODULE_SIGNATURE_TYPE_PKCS7 = 2, /* Signature in PKCS#7 message */
};
/*
@@ -31,7 +31,7 @@ enum pkey_id_type {
struct module_signature {
u8 algo; /* Public-key crypto algorithm [0] */
u8 hash; /* Digest algorithm [0] */
- u8 id_type; /* Key identifier type [PKEY_ID_PKCS7] */
+ u8 id_type; /* Key identifier type [enum module_signature_type] */
u8 signer_len; /* Length of signer's name [0] */
u8 key_id_len; /* Length of key identifier [0] */
u8 __pad[3];
diff --git a/kernel/module_signature.c b/kernel/module_signature.c
index 00132d12487c..a0eee2fe4368 100644
--- a/kernel/module_signature.c
+++ b/kernel/module_signature.c
@@ -24,7 +24,7 @@ int mod_check_sig(const struct module_signature *ms, size_t file_len,
if (be32_to_cpu(ms->sig_len) >= file_len - sizeof(*ms))
return -EBADMSG;
- if (ms->id_type != PKEY_ID_PKCS7) {
+ if (ms->id_type != MODULE_SIGNATURE_TYPE_PKCS7) {
pr_err("%s: not signed with expected PKCS#7 message\n",
name);
return -ENOPKG;
--
2.53.0
^ permalink raw reply related
* [PATCH v2 2/8] module: Drop unused signature types
From: Thomas Weißschuh @ 2026-03-05 7:11 UTC (permalink / raw)
To: David Howells, David Woodhouse, Luis Chamberlain, Petr Pavlu,
Daniel Gomez, Sami Tolvanen, Aaron Tomlin, Heiko Carstens,
Vasily Gorbik, Alexander Gordeev, Christian Borntraeger,
Sven Schnelle, Mimi Zohar, Roberto Sassu, Dmitry Kasatkin,
Eric Snowberg, Paul Moore, James Morris, Serge E. Hallyn,
Nathan Chancellor, Nicolas Schier, Alexei Starovoitov,
Daniel Borkmann, Andrii Nakryiko, Martin KaFai Lau,
Eduard Zingerman, Song Liu, Yonghong Song, John Fastabend,
KP Singh, Stanislav Fomichev, Hao Luo, Jiri Olsa, Shuah Khan
Cc: keyrings, linux-kernel, linux-modules, linux-s390,
linux-integrity, linux-security-module, linux-kbuild, bpf,
linux-kselftest, Thomas Weißschuh
In-Reply-To: <20260305-module-signature-uapi-v2-0-dc4d81129dee@linutronix.de>
Only PKCS#7 signatures are used today.
Remove the unused enum values. As this enum is used in on-disk data,
preserve the numeric value.
Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de>
Reviewed-by: Petr Pavlu <petr.pavlu@suse.com>
---
include/linux/module_signature.h | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/include/linux/module_signature.h b/include/linux/module_signature.h
index 7eb4b00381ac..820cc1473383 100644
--- a/include/linux/module_signature.h
+++ b/include/linux/module_signature.h
@@ -15,9 +15,7 @@
#define MODULE_SIG_STRING "~Module signature appended~\n"
enum pkey_id_type {
- PKEY_ID_PGP, /* OpenPGP generated key ID */
- PKEY_ID_X509, /* X.509 arbitrary subjectKeyIdentifier */
- PKEY_ID_PKCS7, /* Signature in PKCS#7 message */
+ PKEY_ID_PKCS7 = 2, /* Signature in PKCS#7 message */
};
/*
--
2.53.0
^ permalink raw reply related
* [PATCH v2 1/8] extract-cert: drop unused definition of PKEY_ID_PKCS7
From: Thomas Weißschuh @ 2026-03-05 7:11 UTC (permalink / raw)
To: David Howells, David Woodhouse, Luis Chamberlain, Petr Pavlu,
Daniel Gomez, Sami Tolvanen, Aaron Tomlin, Heiko Carstens,
Vasily Gorbik, Alexander Gordeev, Christian Borntraeger,
Sven Schnelle, Mimi Zohar, Roberto Sassu, Dmitry Kasatkin,
Eric Snowberg, Paul Moore, James Morris, Serge E. Hallyn,
Nathan Chancellor, Nicolas Schier, Alexei Starovoitov,
Daniel Borkmann, Andrii Nakryiko, Martin KaFai Lau,
Eduard Zingerman, Song Liu, Yonghong Song, John Fastabend,
KP Singh, Stanislav Fomichev, Hao Luo, Jiri Olsa, Shuah Khan
Cc: keyrings, linux-kernel, linux-modules, linux-s390,
linux-integrity, linux-security-module, linux-kbuild, bpf,
linux-kselftest, Thomas Weißschuh
In-Reply-To: <20260305-module-signature-uapi-v2-0-dc4d81129dee@linutronix.de>
This definition duplicates a definition from an internal kernel header
which is going to be renamed.
To get rid of an instance of the old name, drop the definition.
Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de>
Reviewed-by: Petr Pavlu <petr.pavlu@suse.com>
---
| 2 --
1 file changed, 2 deletions(-)
--git a/certs/extract-cert.c b/certs/extract-cert.c
index 7d6d468ed612..8c762f908443 100644
--- a/certs/extract-cert.c
+++ b/certs/extract-cert.c
@@ -33,8 +33,6 @@
#endif
#include "ssl-common.h"
-#define PKEY_ID_PKCS7 2
-
static __attribute__((noreturn))
void format(void)
{
--
2.53.0
^ permalink raw reply related
* [PATCH v2 0/8] module: Move 'struct module_signature' to UAPI
From: Thomas Weißschuh @ 2026-03-05 7:11 UTC (permalink / raw)
To: David Howells, David Woodhouse, Luis Chamberlain, Petr Pavlu,
Daniel Gomez, Sami Tolvanen, Aaron Tomlin, Heiko Carstens,
Vasily Gorbik, Alexander Gordeev, Christian Borntraeger,
Sven Schnelle, Mimi Zohar, Roberto Sassu, Dmitry Kasatkin,
Eric Snowberg, Paul Moore, James Morris, Serge E. Hallyn,
Nathan Chancellor, Nicolas Schier, Alexei Starovoitov,
Daniel Borkmann, Andrii Nakryiko, Martin KaFai Lau,
Eduard Zingerman, Song Liu, Yonghong Song, John Fastabend,
KP Singh, Stanislav Fomichev, Hao Luo, Jiri Olsa, Shuah Khan
Cc: keyrings, linux-kernel, linux-modules, linux-s390,
linux-integrity, linux-security-module, linux-kbuild, bpf,
linux-kselftest, Thomas Weißschuh
This structure definition is used outside the kernel proper.
For example in kmod and the kernel build environment.
To allow reuse, move it to a new UAPI header.
While it is not a true UAPI, it is a common practice to have
non-UAPI interface definitions in the kernel's UAPI headers.
This came up as part of my CONFIG_MODULE_HASHES series [0].
But it is useful on its own and so we get it out of the way.
[0] https://lore.kernel.org/lkml/aZ3OfJJSJgfOb0rJ@levanger/
Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de>
---
Changes in v2:
- Drop spurious definition of MODULE_SIGNATURE_TYPE_MERKLE.
- s/modules/module/ in two patch subjects.
- Pick up review tags.
- Link to v1: https://lore.kernel.org/r/20260302-module-signature-uapi-v1-0-207d955e0d69@linutronix.de
---
Thomas Weißschuh (8):
extract-cert: drop unused definition of PKEY_ID_PKCS7
module: Drop unused signature types
module: Give 'enum pkey_id_type' a more specific name
module: Give MODULE_SIG_STRING a more descriptive name
module: Move 'struct module_signature' to UAPI
tools uapi headers: add linux/module_signature.h
sign-file: use 'struct module_signature' from the UAPI headers
selftests/bpf: verify_pkcs7_sig: Use 'struct module_signature' from the UAPI headers
arch/s390/kernel/machine_kexec_file.c | 6 ++--
certs/extract-cert.c | 2 --
include/linux/module_signature.h | 30 +---------------
include/uapi/linux/module_signature.h | 41 ++++++++++++++++++++++
kernel/module/signing.c | 4 +--
kernel/module_signature.c | 2 +-
scripts/Makefile | 1 +
scripts/sign-file.c | 19 +++-------
security/integrity/ima/ima_modsig.c | 6 ++--
tools/include/uapi/linux/module_signature.h | 41 ++++++++++++++++++++++
.../selftests/bpf/prog_tests/verify_pkcs7_sig.c | 28 ++-------------
11 files changed, 100 insertions(+), 80 deletions(-)
---
base-commit: 6de23f81a5e08be8fbf5e8d7e9febc72a5b5f27f
change-id: 20260302-module-signature-uapi-61fa80b1e2bb
Best regards,
--
Thomas Weißschuh <thomas.weissschuh@linutronix.de>
^ permalink raw reply
* Re: [GIT PULL] Modules fixes for v7.0-rc3
From: pr-tracker-bot @ 2026-03-05 2:30 UTC (permalink / raw)
To: Sami Tolvanen
Cc: Linus Torvalds, Sami Tolvanen, Aaron Tomlin, Daniel Gomez,
Ihor Solodrai, linux-kernel, linux-modules, Luis Chamberlain,
Petr Pavlu
In-Reply-To: <20260304232900.149281-2-samitolvanen@google.com>
The pull request you sent on Wed, 4 Mar 2026 23:28:58 +0000:
> git://git.kernel.org/pub/scm/linux/kernel/git/modules/linux.git tags/modules-7.0-rc3.fixes
has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/c107785c7e8dbabd1c18301a1c362544b5786282
Thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/prtracker.html
^ permalink raw reply
* Re: [PATCH 1/3] kallsyms: embed source file:line info in kernel stack traces
From: Sasha Levin @ 2026-03-05 2:18 UTC (permalink / raw)
To: Helge Deller
Cc: Andrew Morton, Masahiro Yamada, Luis Chamberlain, Linus Torvalds,
Richard Weinberger, Juergen Gross, Geert Uytterhoeven,
James Bottomley, Jonathan Corbet, Nathan Chancellor,
Nicolas Schier, Petr Pavlu, Daniel Gomez, Greg KH, Petr Mladek,
Steven Rostedt, Kees Cook, Peter Zijlstra, Thorsten Leemhuis,
Vlastimil Babka, linux-kernel, linux-kbuild, linux-modules,
linux-doc
In-Reply-To: <258d7167-2e82-4402-9545-108c501ae69e@gmx.de>
On Wed, Mar 04, 2026 at 09:17:37PM +0100, Helge Deller wrote:
>On 3/3/26 19:21, Sasha Levin wrote:
>>Add CONFIG_KALLSYMS_LINEINFO, which embeds a compact address-to-line
>>lookup table in the kernel image so stack traces directly print source
>>file and line number information:
>>
>> root@localhost:~# echo c > /proc/sysrq-trigger
>> [ 11.201987] sysrq: Trigger a crash
>> [ 11.202831] Kernel panic - not syncing: sysrq triggered crash
>> [ 11.206218] Call Trace:
>> [ 11.206501] <TASK>
>> [ 11.206749] dump_stack_lvl+0x5d/0x80 (lib/dump_stack.c:94)
>> [ 11.207403] vpanic+0x36e/0x620 (kernel/panic.c:650)
>> [ 11.208565] ? __lock_acquire+0x465/0x2240 (kernel/locking/lockdep.c:4674)
>> [ 11.209324] panic+0xc9/0xd0 (kernel/panic.c:787)
>> [ 11.211873] ? find_held_lock+0x2b/0x80 (kernel/locking/lockdep.c:5350)
>> [ 11.212597] ? lock_release+0xd3/0x300 (kernel/locking/lockdep.c:5535)
>> [ 11.213312] sysrq_handle_crash+0x1a/0x20 (drivers/tty/sysrq.c:154)
>> [ 11.214005] __handle_sysrq.cold+0x66/0x256 (drivers/tty/sysrq.c:611)
>> [ 11.214712] write_sysrq_trigger+0x65/0x80 (drivers/tty/sysrq.c:1221)
>> [ 11.215424] proc_reg_write+0x1bd/0x3c0 (fs/proc/inode.c:330)
>> [ 11.216061] vfs_write+0x1c6/0xff0 (fs/read_write.c:686)
>> [ 11.218848] ksys_write+0xfa/0x200 (fs/read_write.c:740)
>> [ 11.222394] do_syscall_64+0xf3/0x690 (arch/x86/entry/syscall_64.c:63)
>> [ 11.223942] entry_SYSCALL_64_after_hwframe+0x77/0x7f (arch/x86/entry/entry_64.S:121)
>
>As mentioned in the other series, I really like this patch series.
>
>I tested this series again on the parisc architecture, and the relative
>directories are now stripped with this version of your patch.
>IIRC, the previous patch did show the subdirectory names.
>[ 132.840382] Backtrace:
>[ 132.840382] [<104254d8>] show_stack+0x50/0x64 (traps.c:212)
>[ 132.840382] [<1041c0c8>] dump_stack_lvl+0x6c/0xa0 (dump_stack.c:122)
>[ 132.840382] [<1041c118>] dump_stack+0x1c/0x2c (dump_stack.c:130)
>[ 132.840382] [<10402218>] vpanic+0x154/0x344 (panic.c:550)
>[ 132.840382] [<10402438>] panic+0x30/0x34 (panic.c:787)
>[ 132.840382] [<10bebea8>] sysrq_handle_crash+0x30/0x34 (rcupdate.h:110)
>[ 132.840382] [<10bec720>] __handle_sysrq+0xc0/0x1e4 (preempt.h:14)
Ugh... Can you confirm that you've build this kernel with O=?
The RFC had a dirty dirty hack around how we turn these absolute paths into
relative ones, but I tried to re-do it so no one would yell at me :)
--
Thanks,
Sasha
^ permalink raw reply
* [PATCH v2] module.lds,codetag: force 0 sh_addr for sections
From: Joe Lawrence @ 2026-03-05 1:52 UTC (permalink / raw)
To: linux-modules, linux-kernel
Cc: Luis Chamberlain, Petr Pavlu, Daniel Gomez, Sami Tolvanen,
Aaron Tomlin, Petr Mladek, Josh Poimboeuf
Commit 1ba9f8979426 ("vmlinux.lds: Unify TEXT_MAIN, DATA_MAIN, and
related macros") added .text and made .data, .bss, and .rodata sections
unconditional in the module linker script, but without an explicit
address like the other sections in the same file.
When linking modules with ld.bfd -r, sections defined without an address
inherit the location counter, resulting in non-zero sh_addr values in
the .ko. Relocatable objects are expected to have sh_addr=0 for these
sections and these non-zero addresses confuse elfutils and have been
reported to cause segmentation faults in SystemTap [1].
Add the 0 address specifier to all sections in module.lds, including the
.codetag.* sections via MOD_SEPARATE_CODETAG_SECTIONS macro.
Link: https://sourceware.org/bugzilla/show_bug.cgi?id=33958
Fixes: 1ba9f8979426 ("vmlinux.lds: Unify TEXT_MAIN, DATA_MAIN, and related macros")
Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
---
include/asm-generic/codetag.lds.h | 2 +-
scripts/module.lds.S | 12 ++++++------
2 files changed, 7 insertions(+), 7 deletions(-)
v2:
- Update the MOD_SEPARATE_CODETAG_SECTION for .codetag.* as well [Petr]
v1: https://lore.kernel.org/lkml/20260304160611.143862-1-joe.lawrence@redhat.com
diff --git a/include/asm-generic/codetag.lds.h b/include/asm-generic/codetag.lds.h
index a14f4bdafdda..4948e5d4e9d9 100644
--- a/include/asm-generic/codetag.lds.h
+++ b/include/asm-generic/codetag.lds.h
@@ -18,7 +18,7 @@
IF_MEM_ALLOC_PROFILING(SECTION_WITH_BOUNDARIES(alloc_tags))
#define MOD_SEPARATE_CODETAG_SECTION(_name) \
- .codetag.##_name : { \
+ .codetag.##_name 0 : { \
SECTION_WITH_BOUNDARIES(_name) \
}
diff --git a/scripts/module.lds.S b/scripts/module.lds.S
index 054ef99e8288..e1cab3cee3f7 100644
--- a/scripts/module.lds.S
+++ b/scripts/module.lds.S
@@ -32,30 +32,30 @@ SECTIONS {
__jump_table 0 : ALIGN(8) { KEEP(*(__jump_table)) }
__ex_table 0 : ALIGN(4) { KEEP(*(__ex_table)) }
- __patchable_function_entries : { *(__patchable_function_entries) }
+ __patchable_function_entries 0 : { *(__patchable_function_entries) }
.init.klp_funcs 0 : ALIGN(8) { KEEP(*(.init.klp_funcs)) }
.init.klp_objects 0 : ALIGN(8) { KEEP(*(.init.klp_objects)) }
#ifdef CONFIG_ARCH_USES_CFI_TRAPS
- __kcfi_traps : { KEEP(*(.kcfi_traps)) }
+ __kcfi_traps 0 : { KEEP(*(.kcfi_traps)) }
#endif
- .text : {
+ .text 0 : {
*(.text .text.[0-9a-zA-Z_]*)
}
- .bss : {
+ .bss 0 : {
*(.bss .bss.[0-9a-zA-Z_]*)
*(.bss..L*)
}
- .data : {
+ .data 0 : {
*(.data .data.[0-9a-zA-Z_]*)
*(.data..L*)
}
- .rodata : {
+ .rodata 0 : {
*(.rodata .rodata.[0-9a-zA-Z_]*)
*(.rodata..L*)
}
--
2.53.0
^ permalink raw reply related
* [GIT PULL] Modules fixes for v7.0-rc3
From: Sami Tolvanen @ 2026-03-04 23:28 UTC (permalink / raw)
To: Linus Torvalds
Cc: Sami Tolvanen, Aaron Tomlin, Daniel Gomez, Ihor Solodrai,
linux-kernel, linux-modules, Luis Chamberlain, Petr Pavlu
The following changes since commit 6de23f81a5e08be8fbf5e8d7e9febc72a5b5f27f:
Linux 7.0-rc1 (2026-02-22 13:18:59 -0800)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/modules/linux.git tags/modules-7.0-rc3.fixes
for you to fetch changes up to f9d69d5e7bde2295eb7488a56f094ac8f5383b92:
module: Fix kernel panic when a symbol st_shndx is out of bounds (2026-02-23 19:37:28 +0000)
----------------------------------------------------------------
Modules fixes for v7.0-rc3
- Fix a potential kernel panic in the module loader by adding a bounds
check for the ELF section index. This prevents crashes if attempting
to load a module that uses SHN_XINDEX or is corrupted.
- Fix the Kconfig menu layout for module versioning, signing, and
compression options so they correctly appear as submenus in menuconfig.
- Remove a redundant lockdep_free_key_range() call in the load_module()
error path. This is already handled by module_deallocate() calling
free_mod_mem() since the module_memory rework.
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
----------------------------------------------------------------
Ihor Solodrai (1):
module: Fix kernel panic when a symbol st_shndx is out of bounds
Petr Pavlu (2):
module: Remove duplicate freeing of lockdep classes
module: Fix the modversions and signing submenus
kernel/module/Kconfig | 23 +++++++++++++----------
kernel/module/main.c | 13 +++++++------
2 files changed, 20 insertions(+), 16 deletions(-)
^ permalink raw reply
* Re: [PATCH 1/3] kallsyms: embed source file:line info in kernel stack traces
From: Helge Deller @ 2026-03-04 20:17 UTC (permalink / raw)
To: Sasha Levin, Andrew Morton, Masahiro Yamada, Luis Chamberlain,
Linus Torvalds, Richard Weinberger, Juergen Gross,
Geert Uytterhoeven, James Bottomley
Cc: Jonathan Corbet, Nathan Chancellor, Nicolas Schier, Petr Pavlu,
Daniel Gomez, Greg KH, Petr Mladek, Steven Rostedt, Kees Cook,
Peter Zijlstra, Thorsten Leemhuis, Vlastimil Babka, linux-kernel,
linux-kbuild, linux-modules, linux-doc
In-Reply-To: <20260303182103.3523438-2-sashal@kernel.org>
On 3/3/26 19:21, Sasha Levin wrote:
> Add CONFIG_KALLSYMS_LINEINFO, which embeds a compact address-to-line
> lookup table in the kernel image so stack traces directly print source
> file and line number information:
>
> root@localhost:~# echo c > /proc/sysrq-trigger
> [ 11.201987] sysrq: Trigger a crash
> [ 11.202831] Kernel panic - not syncing: sysrq triggered crash
> [ 11.206218] Call Trace:
> [ 11.206501] <TASK>
> [ 11.206749] dump_stack_lvl+0x5d/0x80 (lib/dump_stack.c:94)
> [ 11.207403] vpanic+0x36e/0x620 (kernel/panic.c:650)
> [ 11.208565] ? __lock_acquire+0x465/0x2240 (kernel/locking/lockdep.c:4674)
> [ 11.209324] panic+0xc9/0xd0 (kernel/panic.c:787)
> [ 11.211873] ? find_held_lock+0x2b/0x80 (kernel/locking/lockdep.c:5350)
> [ 11.212597] ? lock_release+0xd3/0x300 (kernel/locking/lockdep.c:5535)
> [ 11.213312] sysrq_handle_crash+0x1a/0x20 (drivers/tty/sysrq.c:154)
> [ 11.214005] __handle_sysrq.cold+0x66/0x256 (drivers/tty/sysrq.c:611)
> [ 11.214712] write_sysrq_trigger+0x65/0x80 (drivers/tty/sysrq.c:1221)
> [ 11.215424] proc_reg_write+0x1bd/0x3c0 (fs/proc/inode.c:330)
> [ 11.216061] vfs_write+0x1c6/0xff0 (fs/read_write.c:686)
> [ 11.218848] ksys_write+0xfa/0x200 (fs/read_write.c:740)
> [ 11.222394] do_syscall_64+0xf3/0x690 (arch/x86/entry/syscall_64.c:63)
> [ 11.223942] entry_SYSCALL_64_after_hwframe+0x77/0x7f (arch/x86/entry/entry_64.S:121)
As mentioned in the other series, I really like this patch series.
I tested this series again on the parisc architecture, and the relative
directories are now stripped with this version of your patch.
IIRC, the previous patch did show the subdirectory names.
[ 132.840382] Backtrace:
[ 132.840382] [<104254d8>] show_stack+0x50/0x64 (traps.c:212)
[ 132.840382] [<1041c0c8>] dump_stack_lvl+0x6c/0xa0 (dump_stack.c:122)
[ 132.840382] [<1041c118>] dump_stack+0x1c/0x2c (dump_stack.c:130)
[ 132.840382] [<10402218>] vpanic+0x154/0x344 (panic.c:550)
[ 132.840382] [<10402438>] panic+0x30/0x34 (panic.c:787)
[ 132.840382] [<10bebea8>] sysrq_handle_crash+0x30/0x34 (rcupdate.h:110)
[ 132.840382] [<10bec720>] __handle_sysrq+0xc0/0x1e4 (preempt.h:14)
Helge
^ permalink raw reply
* Re: [PATCH] module.lds: force 0 sh_addr for .text, .data, .bss, and .rodata sections
From: Petr Pavlu @ 2026-03-04 19:33 UTC (permalink / raw)
To: Joe Lawrence
Cc: Luis Chamberlain, Daniel Gomez, Sami Tolvanen, Aaron Tomlin,
Petr Mladek, Josh Poimboeuf, linux-modules, linux-kernel
In-Reply-To: <20260304160611.143862-1-joe.lawrence@redhat.com>
On 3/4/26 5:06 PM, Joe Lawrence wrote:
> Commit 1ba9f8979426 ("vmlinux.lds: Unify TEXT_MAIN, DATA_MAIN, and
> related macros") added .text and made .data, .bss, and .rodata sections
> unconditional in the module linker script, but without an explicit
> address like the other sections in the same file.
>
> When linking modules with ld.bfd -r, sections defined without an address
> inherit the location counter, resulting in non-zero sh_addr values in
> the .ko. Relocatable objects are expected to have sh_addr=0 for these
> sections and these non-zero addresses confuse elfutils and have been
> reported to cause segmentation faults in SystemTap [1].
>
> Add the 0 address specifier to .text, .bss, .data, and .rodata, and also
> to __patchable_function_entries and __kcfi_traps which had the same
> issue.
I had this issue with non-zero sh_addr values on my list of small things
to clean up for some time. I didn't realize it could cause an actual
problem. :/
>
> Link: https://sourceware.org/bugzilla/show_bug.cgi?id=33958
> Fixes: 1ba9f8979426 ("vmlinux.lds: Unify TEXT_MAIN, DATA_MAIN, and related macros")
> Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
> ---
> scripts/module.lds.S | 12 ++++++------
> 1 file changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/scripts/module.lds.S b/scripts/module.lds.S
> index 054ef99e8288..e1cab3cee3f7 100644
> --- a/scripts/module.lds.S
> +++ b/scripts/module.lds.S
> @@ -32,30 +32,30 @@ SECTIONS {
> __jump_table 0 : ALIGN(8) { KEEP(*(__jump_table)) }
> __ex_table 0 : ALIGN(4) { KEEP(*(__ex_table)) }
>
> - __patchable_function_entries : { *(__patchable_function_entries) }
> + __patchable_function_entries 0 : { *(__patchable_function_entries) }
>
> .init.klp_funcs 0 : ALIGN(8) { KEEP(*(.init.klp_funcs)) }
> .init.klp_objects 0 : ALIGN(8) { KEEP(*(.init.klp_objects)) }
>
> #ifdef CONFIG_ARCH_USES_CFI_TRAPS
> - __kcfi_traps : { KEEP(*(.kcfi_traps)) }
> + __kcfi_traps 0 : { KEEP(*(.kcfi_traps)) }
> #endif
>
> - .text : {
> + .text 0 : {
> *(.text .text.[0-9a-zA-Z_]*)
> }
>
> - .bss : {
> + .bss 0 : {
> *(.bss .bss.[0-9a-zA-Z_]*)
> *(.bss..L*)
> }
>
> - .data : {
> + .data 0 : {
> *(.data .data.[0-9a-zA-Z_]*)
> *(.data..L*)
> }
>
> - .rodata : {
> + .rodata 0 : {
> *(.rodata .rodata.[0-9a-zA-Z_]*)
> *(.rodata..L*)
> }
This looks ok but the same should be done for sections created via
MOD_SEPARATE_CODETAG_SECTIONS, namely .codetag.alloc_tags.
--
Thanks,
Petr
^ permalink raw reply
* Re: [PATCH] module.lds: force 0 sh_addr for .text, .data, .bss, and .rodata sections
From: Joe Lawrence @ 2026-03-04 16:12 UTC (permalink / raw)
To: linux-modules, linux-kernel
Cc: Luis Chamberlain, Petr Pavlu, Daniel Gomez, Sami Tolvanen,
Aaron Tomlin, Petr Mladek, Josh Poimboeuf
In-Reply-To: <20260304160611.143862-1-joe.lawrence@redhat.com>
On Wed, Mar 04, 2026 at 11:06:11AM -0500, Joe Lawrence wrote:
> Commit 1ba9f8979426 ("vmlinux.lds: Unify TEXT_MAIN, DATA_MAIN, and
> related macros") added .text and made .data, .bss, and .rodata sections
> unconditional in the module linker script, but without an explicit
> address like the other sections in the same file.
>
> When linking modules with ld.bfd -r, sections defined without an address
> inherit the location counter, resulting in non-zero sh_addr values in
> the .ko. Relocatable objects are expected to have sh_addr=0 for these
> sections and these non-zero addresses confuse elfutils and have been
> reported to cause segmentation faults in SystemTap [1].
>
> Add the 0 address specifier to .text, .bss, .data, and .rodata, and also
> to __patchable_function_entries and __kcfi_traps which had the same
> issue.
>
> Link: https://sourceware.org/bugzilla/show_bug.cgi?id=33958
> Fixes: 1ba9f8979426 ("vmlinux.lds: Unify TEXT_MAIN, DATA_MAIN, and related macros")
> Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
> ---
> scripts/module.lds.S | 12 ++++++------
> 1 file changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/scripts/module.lds.S b/scripts/module.lds.S
> index 054ef99e8288..e1cab3cee3f7 100644
> --- a/scripts/module.lds.S
> +++ b/scripts/module.lds.S
> @@ -32,30 +32,30 @@ SECTIONS {
> __jump_table 0 : ALIGN(8) { KEEP(*(__jump_table)) }
> __ex_table 0 : ALIGN(4) { KEEP(*(__ex_table)) }
>
> - __patchable_function_entries : { *(__patchable_function_entries) }
> + __patchable_function_entries 0 : { *(__patchable_function_entries) }
>
> .init.klp_funcs 0 : ALIGN(8) { KEEP(*(.init.klp_funcs)) }
> .init.klp_objects 0 : ALIGN(8) { KEEP(*(.init.klp_objects)) }
>
> #ifdef CONFIG_ARCH_USES_CFI_TRAPS
> - __kcfi_traps : { KEEP(*(.kcfi_traps)) }
> + __kcfi_traps 0 : { KEEP(*(.kcfi_traps)) }
> #endif
>
> - .text : {
> + .text 0 : {
> *(.text .text.[0-9a-zA-Z_]*)
> }
>
> - .bss : {
> + .bss 0 : {
> *(.bss .bss.[0-9a-zA-Z_]*)
> *(.bss..L*)
> }
>
> - .data : {
> + .data 0 : {
> *(.data .data.[0-9a-zA-Z_]*)
> *(.data..L*)
> }
>
> - .rodata : {
> + .rodata 0 : {
> *(.rodata .rodata.[0-9a-zA-Z_]*)
> *(.rodata..L*)
> }
> --
> 2.53.0
>
Linker files are not my usual gig, but I offer up this patch as a
strawman to raise awareness to those who might know better :D
This was very lightly tested: readelf reports 0 sh_addrs after the
change for the affected sections and stap was happier parsing this.
Thanks,
--
Joe
^ permalink raw reply
* [PATCH] module.lds: force 0 sh_addr for .text, .data, .bss, and .rodata sections
From: Joe Lawrence @ 2026-03-04 16:06 UTC (permalink / raw)
To: linux-modules, linux-kernel
Cc: Luis Chamberlain, Petr Pavlu, Daniel Gomez, Sami Tolvanen,
Aaron Tomlin, Petr Mladek, Josh Poimboeuf
Commit 1ba9f8979426 ("vmlinux.lds: Unify TEXT_MAIN, DATA_MAIN, and
related macros") added .text and made .data, .bss, and .rodata sections
unconditional in the module linker script, but without an explicit
address like the other sections in the same file.
When linking modules with ld.bfd -r, sections defined without an address
inherit the location counter, resulting in non-zero sh_addr values in
the .ko. Relocatable objects are expected to have sh_addr=0 for these
sections and these non-zero addresses confuse elfutils and have been
reported to cause segmentation faults in SystemTap [1].
Add the 0 address specifier to .text, .bss, .data, and .rodata, and also
to __patchable_function_entries and __kcfi_traps which had the same
issue.
Link: https://sourceware.org/bugzilla/show_bug.cgi?id=33958
Fixes: 1ba9f8979426 ("vmlinux.lds: Unify TEXT_MAIN, DATA_MAIN, and related macros")
Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
---
scripts/module.lds.S | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/scripts/module.lds.S b/scripts/module.lds.S
index 054ef99e8288..e1cab3cee3f7 100644
--- a/scripts/module.lds.S
+++ b/scripts/module.lds.S
@@ -32,30 +32,30 @@ SECTIONS {
__jump_table 0 : ALIGN(8) { KEEP(*(__jump_table)) }
__ex_table 0 : ALIGN(4) { KEEP(*(__ex_table)) }
- __patchable_function_entries : { *(__patchable_function_entries) }
+ __patchable_function_entries 0 : { *(__patchable_function_entries) }
.init.klp_funcs 0 : ALIGN(8) { KEEP(*(.init.klp_funcs)) }
.init.klp_objects 0 : ALIGN(8) { KEEP(*(.init.klp_objects)) }
#ifdef CONFIG_ARCH_USES_CFI_TRAPS
- __kcfi_traps : { KEEP(*(.kcfi_traps)) }
+ __kcfi_traps 0 : { KEEP(*(.kcfi_traps)) }
#endif
- .text : {
+ .text 0 : {
*(.text .text.[0-9a-zA-Z_]*)
}
- .bss : {
+ .bss 0 : {
*(.bss .bss.[0-9a-zA-Z_]*)
*(.bss..L*)
}
- .data : {
+ .data 0 : {
*(.data .data.[0-9a-zA-Z_]*)
*(.data..L*)
}
- .rodata : {
+ .rodata 0 : {
*(.rodata .rodata.[0-9a-zA-Z_]*)
*(.rodata..L*)
}
--
2.53.0
^ permalink raw reply related
* Re: [PATCH 2/8] rust: module_param: wire StringParam into the module! macro
From: Petr Pavlu @ 2026-03-04 8:13 UTC (permalink / raw)
To: Matthew Wood
Cc: Miguel Ojeda, Luis Chamberlain, Daniel Gomez, Sami Tolvanen,
Aaron Tomlin, Boqun Feng, Gary Guo, Björn Roy Baron,
Benno Lossin, Andreas Hindborg, Alice Ryhl, Trevor Gross,
Danilo Krummrich, Tamir Duberstein, David Gow,
José Expósito, linux-modules, rust-for-linux,
linux-kernel
In-Reply-To: <20260226234736.428341-3-thepacketgeek@gmail.com>
On 2/27/26 12:47 AM, Matthew Wood wrote:
> Add support for `string` as a parameter type in the module! macro.
>
> On the runtime side, add:
> - set_string_param(): an extern "C" callback matching the
> kernel_param_ops::set signature that stores the raw C string
> pointer directly into the SetOnce<StringParam> container, avoiding
> an unnecessary copy-and-parse round-trip.
> - PARAM_OPS_STRING: a static kernel_param_ops that uses
> set_string_param as its setter.
> - ModuleParam impl for StringParam with try_from_param_arg()
> returning -EINVAL, since string parameters are populated
> exclusively through the kernel's set callback.
>
> On the macro side:
> - Change the Parameter::ptype field from Ident to syn::Type to
> support path-qualified types.
Why is it necessary to change the type of Parameter::ptype? My
understanding is that this token can currently be "i8", "u8", ...,
"isize", "usize". Additionally, the value "string" should now be
accepted. When should one use a path-qualified type in this context?
> - Recognize the `string` shorthand and resolve it to the fully
> qualified ::kernel::module_param::StringParam type during code
> generation.
> - Wrap string default values with StringParam::from_c_str(c_str!(...))
> to produce a compile-time CStr-backed default.
> - Route `string` to PARAM_OPS_STRING in param_ops_path().
>
> Signed-off-by: Matthew Wood <thepacketgeek@gmail.com>
> ---
> rust/kernel/module_param.rs | 48 +++++++++++++++++++++++++++++++++++++
> rust/macros/module.rs | 42 +++++++++++++++++++++++++-------
> 2 files changed, 81 insertions(+), 9 deletions(-)
>
> diff --git a/rust/kernel/module_param.rs b/rust/kernel/module_param.rs
> index 80fe8643c0ab..67ff6f2ea9c2 100644
> --- a/rust/kernel/module_param.rs
> +++ b/rust/kernel/module_param.rs
> @@ -86,6 +86,36 @@ pub trait ModuleParam: Sized + Copy {
> })
> }
>
> +/// Set a string module parameter from a string.
> +///
> +/// Similar to [`set_param`] but for [`StringParam`].
> +///
> +/// # Safety
> +///
> +/// Same requirements as [`set_param`].
> +unsafe extern "C" fn set_string_param(
> + val: *const c_char,
> + param: *const bindings::kernel_param,
> +) -> c_int {
The safety comment is somewhat inaccurate because set_param() says that
the input value needs to be valid only for the duration of the call,
whereas set_string_param() and StringParam require it to be valid for
the module's lifetime.
--
Thanks,
Petr
^ permalink raw reply
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox