public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
From: Kees Cook <keescook@chromium.org>
To: Peter Zijlstra <peterz@infradead.org>
Cc: tglx@linutronix.de, linux-kernel@vger.kernel.org,
	hch@infradead.org, sean.j.christopherson@intel.com,
	mingo@redhat.com, bp@alien8.de, hpa@zytor.com, x86@kernel.org,
	kenny@panix.com, jeyu@kernel.org, rasmus.villemoes@prevas.dk,
	pbonzini@redhat.com, fenghua.yu@intel.com, xiaoyao.li@intel.com,
	nadav.amit@gmail.com, thellstrom@vmware.com, tony.luck@intel.com,
	rostedt@goodmis.org, gregkh@linuxfoundation.org,
	jannh@google.com, David.Laight@aculab.com, dcovelli@vmware.com,
	mhiramat@kernel.org
Subject: Re: [PATCH 1/4] module: Expose load_info to arch module loader code
Date: Tue, 7 Apr 2020 09:52:01 -0700	[thread overview]
Message-ID: <202004070951.40A8E7B278@keescook> (raw)
In-Reply-To: <20200407111007.198738828@infradead.org>

On Tue, Apr 07, 2020 at 01:02:37PM +0200, Peter Zijlstra wrote:
> From: Jessica Yu <jeyu@kernel.org>
> 
> The x86 module loader wants to check the value of a modinfo flag
> (sld_safe), before proceeding to scan the module text for VMX
> instructions. Unfortunately the arch module code currently does not have
> access to load_info, but we can easily expose that via moduleloader.h,
> which every arch module code must already include.
> 
> Signed-off-by: Jessica Yu <jeyu@kernel.org>

Reviewed-by: Kees Cook <keescook@chromium.org>

-Kees

> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
> Link: https://lkml.kernel.org/r/20200406160420.14407-1-jeyu@kernel.org
> ---
> 
>  include/linux/moduleloader.h | 20 ++++++++++++++++++++
>  kernel/module-internal.h     | 23 -----------------------
>  kernel/module_signing.c      |  2 +-
>  3 files changed, 21 insertions(+), 24 deletions(-)
> 
> Index: linux-2.6/include/linux/moduleloader.h
> ===================================================================
> --- linux-2.6.orig/include/linux/moduleloader.h
> +++ linux-2.6/include/linux/moduleloader.h
> @@ -6,6 +6,26 @@
>  #include <linux/module.h>
>  #include <linux/elf.h>
>  
> +struct load_info {
> +	const char *name;
> +	/* pointer to module in temporary copy, freed at end of load_module() */
> +	struct module *mod;
> +	Elf_Ehdr *hdr;
> +	unsigned long len;
> +	Elf_Shdr *sechdrs;
> +	char *secstrings, *strtab;
> +	unsigned long symoffs, stroffs, init_typeoffs, core_typeoffs;
> +	struct _ddebug *debug;
> +	unsigned int num_debug;
> +	bool sig_ok;
> +#ifdef CONFIG_KALLSYMS
> +	unsigned long mod_kallsyms_init_off;
> +#endif
> +	struct {
> +		unsigned int sym, str, mod, vers, info, pcpu;
> +	} index;
> +};
> +
>  /* These may be implemented by architectures that need to hook into the
>   * module loader code.  Architectures that don't need to do anything special
>   * can just rely on the 'weak' default hooks defined in kernel/module.c.
> Index: linux-2.6/kernel/module-internal.h
> ===================================================================
> --- linux-2.6.orig/kernel/module-internal.h
> +++ linux-2.6/kernel/module-internal.h
> @@ -5,27 +5,4 @@
>   * Written by David Howells (dhowells@redhat.com)
>   */
>  
> -#include <linux/elf.h>
> -#include <asm/module.h>
> -
> -struct load_info {
> -	const char *name;
> -	/* pointer to module in temporary copy, freed at end of load_module() */
> -	struct module *mod;
> -	Elf_Ehdr *hdr;
> -	unsigned long len;
> -	Elf_Shdr *sechdrs;
> -	char *secstrings, *strtab;
> -	unsigned long symoffs, stroffs, init_typeoffs, core_typeoffs;
> -	struct _ddebug *debug;
> -	unsigned int num_debug;
> -	bool sig_ok;
> -#ifdef CONFIG_KALLSYMS
> -	unsigned long mod_kallsyms_init_off;
> -#endif
> -	struct {
> -		unsigned int sym, str, mod, vers, info, pcpu;
> -	} index;
> -};
> -
>  extern int mod_verify_sig(const void *mod, struct load_info *info);
> Index: linux-2.6/kernel/module_signing.c
> ===================================================================
> --- linux-2.6.orig/kernel/module_signing.c
> +++ linux-2.6/kernel/module_signing.c
> @@ -8,11 +8,11 @@
>  #include <linux/kernel.h>
>  #include <linux/errno.h>
>  #include <linux/module.h>
> +#include <linux/moduleloader.h>
>  #include <linux/module_signature.h>
>  #include <linux/string.h>
>  #include <linux/verification.h>
>  #include <crypto/public_key.h>
> -#include "module-internal.h"
>  
>  /*
>   * Verify the signature on a module.
> 
> 

-- 
Kees Cook

  reply	other threads:[~2020-04-07 16:52 UTC|newest]

Thread overview: 74+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-04-07 11:02 [PATCH 0/4] x86/module: Out-of-tree module decode and sanitize Peter Zijlstra
2020-04-07 11:02 ` [PATCH 1/4] module: Expose load_info to arch module loader code Peter Zijlstra
2020-04-07 16:52   ` Kees Cook [this message]
2020-04-07 11:02 ` [PATCH 2/4] module: Convert module_finalize() to load_info Peter Zijlstra
2020-04-07 16:53   ` Kees Cook
2020-04-07 11:02 ` [PATCH 3/4] x86,module: Detect VMX vs SLD conflicts Peter Zijlstra
2020-04-07 14:35   ` Greg KH
2020-04-07 14:44     ` Paolo Bonzini
2020-04-07 14:55       ` Greg KH
2020-04-07 14:49     ` Steven Rostedt
2020-04-07 15:24     ` Peter Zijlstra
2020-04-07 15:28       ` Paolo Bonzini
2020-04-07 15:44       ` Greg KH
2020-04-07 16:51   ` Masami Hiramatsu
2020-04-07 17:16     ` Andrew Cooper
2020-04-07 23:59       ` Masami Hiramatsu
2020-04-08  7:25     ` Masami Hiramatsu
2020-04-07 18:26   ` kbuild test robot
2020-04-07 21:25   ` David Laight
2020-04-07 23:15     ` Kees Cook
2020-04-08  2:10   ` Xiaoyao Li
2020-04-08  8:09   ` Masami Hiramatsu
2020-04-08  9:56     ` Peter Zijlstra
2020-04-08 10:15       ` Andrew Cooper
2020-04-10 11:25       ` Masami Hiramatsu
2020-04-07 11:02 ` [PATCH 4/4] x86,module: Detect CRn and DRn manipulation Peter Zijlstra
2020-04-07 17:01   ` Kees Cook
2020-04-07 18:13     ` Peter Zijlstra
2020-04-07 18:49       ` Kees Cook
2020-04-07 18:55   ` Nadav Amit
2020-04-07 19:38     ` Peter Zijlstra
2020-04-07 20:27       ` Nadav Amit
2020-04-07 20:50         ` Peter Zijlstra
2020-04-07 21:22           ` Nadav Amit
2020-04-07 21:27             ` Peter Zijlstra
2020-04-07 22:12               ` Paolo Bonzini
2020-04-07 23:51                 ` Nadav Amit
2020-04-08  8:45                 ` Peter Zijlstra
2020-04-08  5:18               ` Christoph Hellwig
2020-04-07 23:15             ` Andrew Cooper
2020-04-08  0:22               ` Paolo Bonzini
2020-04-08  8:37                 ` Peter Zijlstra
2020-04-08  9:52                 ` Andrew Cooper
2020-04-07 21:48   ` Steven Rostedt
2020-04-08  5:58     ` Jan Kiszka
2020-04-08  8:03       ` Paolo Bonzini
2020-04-08  8:58         ` Jan Kiszka
2020-04-08  9:04           ` Paolo Bonzini
2020-04-08 10:45             ` Jan Kiszka
2020-04-08  8:51       ` Peter Zijlstra
2020-04-08  8:59         ` Jan Kiszka
2020-04-08  9:25           ` David Laight
2020-04-08 11:13             ` Jan Kiszka
2020-04-08 11:17               ` David Laight
2020-04-08  9:13         ` Peter Zijlstra
2020-04-08 10:50           ` Jan Kiszka
2020-04-08 13:27   ` Steven Rostedt
2020-04-08 15:44     ` Peter Zijlstra
2020-04-08 15:46       ` Christoph Hellwig
2020-04-08 16:02         ` Sean Christopherson
2020-04-08 16:15         ` Paolo Bonzini
2020-04-09  8:56           ` Peter Zijlstra
2020-04-09 10:13             ` Nadav Amit
2020-04-09 21:13               ` Thomas Gleixner
2020-04-09 22:18                 ` Steven Rostedt
2020-04-10  5:37                   ` Nadav Amit
2020-04-08 15:54       ` Jessica Yu
2020-04-07 17:23 ` [PATCH 0/4] x86/module: Out-of-tree module decode and sanitize Andrew Cooper
2020-04-07 19:41   ` Peter Zijlstra
2020-04-07 20:11     ` Andrew Cooper
2020-04-07 20:45       ` Peter Zijlstra
2020-04-07 21:21         ` Andrew Cooper
2020-04-07 20:21     ` Andrew Cooper
2020-04-07 20:48       ` Peter Zijlstra

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=202004070951.40A8E7B278@keescook \
    --to=keescook@chromium.org \
    --cc=David.Laight@aculab.com \
    --cc=bp@alien8.de \
    --cc=dcovelli@vmware.com \
    --cc=fenghua.yu@intel.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=hch@infradead.org \
    --cc=hpa@zytor.com \
    --cc=jannh@google.com \
    --cc=jeyu@kernel.org \
    --cc=kenny@panix.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mhiramat@kernel.org \
    --cc=mingo@redhat.com \
    --cc=nadav.amit@gmail.com \
    --cc=pbonzini@redhat.com \
    --cc=peterz@infradead.org \
    --cc=rasmus.villemoes@prevas.dk \
    --cc=rostedt@goodmis.org \
    --cc=sean.j.christopherson@intel.com \
    --cc=tglx@linutronix.de \
    --cc=thellstrom@vmware.com \
    --cc=tony.luck@intel.com \
    --cc=x86@kernel.org \
    --cc=xiaoyao.li@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox