diff options
author | Dmitry Torokhov <dmitry.torokhov@gmail.com> | 2022-01-14 01:51:52 +0100 |
---|---|---|
committer | Luis Chamberlain <mcgrof@kernel.org> | 2022-01-14 18:40:49 +0100 |
commit | a97ac8cb24a3c3ad74794adb83717ef1605d1b47 (patch) | |
tree | c90c1d09d830a5849bf79ee64ba9803b39841f43 | |
parent | kernel: Fix spelling mistake "compresser" -> "compressor" (diff) | |
download | linux-a97ac8cb24a3c3ad74794adb83717ef1605d1b47.tar.xz linux-a97ac8cb24a3c3ad74794adb83717ef1605d1b47.zip |
module: fix signature check failures when using in-kernel decompression
The new flag MODULE_INIT_COMPRESSED_FILE unintentionally trips check in
module_sig_check(). The check was supposed to catch case when version
info or magic was removed from a signed module, making signature
invalid, but it was coded too broadly and was catching this new flag as
well.
Change the check to only test the 2 particular flags affecting signature
validity.
Fixes: b1ae6dc41eaa ("module: add in-kernel support for decompressing")
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
-rw-r--r-- | kernel/module.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/kernel/module.c b/kernel/module.c index 34fe2824eb56..387ee77bdbd6 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -2883,12 +2883,13 @@ static int module_sig_check(struct load_info *info, int flags) const unsigned long markerlen = sizeof(MODULE_SIG_STRING) - 1; const char *reason; const void *mod = info->hdr; - + bool mangled_module = flags & (MODULE_INIT_IGNORE_MODVERSIONS | + MODULE_INIT_IGNORE_VERMAGIC); /* - * Require flags == 0, as a module with version information - * removed is no longer the module that was signed + * Do not allow mangled modules as a module with version information + * removed is no longer the module that was signed. */ - if (flags == 0 && + if (!mangled_module && info->len > markerlen && memcmp(mod + info->len - markerlen, MODULE_SIG_STRING, markerlen) == 0) { /* We truncate the module to discard the signature */ |