Re: [PATCH v12 01/14] module: Move all into module/

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Aaron Tomlin <atomlin@xxxxxxxxxx> wrote:
> No functional changes.

I could be mistaken, but I think this has a functional change and could
break module signature enforcement in some cases.

> 
> This patch moves all module related code into a separate directory,
> modifies each file name and creates a new Makefile. Note: this effort
> is in preparation to refactor core module code.
> 
> Reviewed-by: Christophe Leroy <christophe.leroy@xxxxxxxxxx>
> Signed-off-by: Aaron Tomlin <atomlin@xxxxxxxxxx>
> ---
>  MAINTAINERS                                         |  2 +-
>  kernel/Makefile                                     |  5 +----
>  kernel/module/Makefile                              | 12 ++++++++++++
>  kernel/{module_decompress.c => module/decompress.c} |  2 +-
>  kernel/{module-internal.h => module/internal.h}     |  0
>  kernel/{module.c => module/main.c}                  |  2 +-
>  kernel/{module_signing.c => module/signing.c}       |  2 +-

I spent at least an hour trying to figure out how the code below in
module/signing.c (was moved from module/main.c in a later patch in this
series) managed to have a "module" prefix for "module.sig_enforce" kernel
cmdline param and for the /sys/module/module/parameters/sig_enforce file.

static bool sig_enforce = IS_ENABLED(CONFIG_MODULE_SIG_FORCE);
module_param(sig_enforce, bool_enable_only, 0644);

I thought I was missing something until I realized this was a very recent
change and might actually be a bug. If I'm not mistaken, the prefix will
now become "signing". So the kernel cmdline param would get ignore and any
userspace writes to /sys/module/module/parameters/sig_enforce will start
failing.

I don't have a device to boot 5.19-rcX in, but I think I'm right. Can
someone confirm?

If my code analysis is right, then the fix seems to be adding this code
before the module_param() line.

diff --git a/kernel/module/signing.c b/kernel/module/signing.c
index 85c8999dfecf..6b0672e4417b 100644
--- a/kernel/module/signing.c
+++ b/kernel/module/signing.c
@@ -16,6 +16,11 @@
 #include <uapi/linux/module.h>
 #include "internal.h"
 
+#ifdef MODULE_PARAM_PREFIX
+#undef MODULE_PARAM_PREFIX
+#endif
+#define MODULE_PARAM_PREFIX "module."
+
 static bool sig_enforce = IS_ENABLED(CONFIG_MODULE_SIG_FORCE);
 module_param(sig_enforce, bool_enable_only, 0644);

-Saravana



[Index of Archives]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Big List of Linux Books]

  Powered by Linux