Hi Rusty,
Today's linux-next merge of the modules tree got a conflict in
kernel/module.c between commit caabe240574a ("MODSIGN: Move the magic
string to the end of a module and eliminate the search") from Linus' tree
and commit 0250abdeec54 ("module: add syscall to load module from fd")
from the modules tree.I fixed it up (I think - see below) and can carry the fix as necessary (no action is required). I do wonder why the above change in Linus' tree seems to have bypassed the modules maintainer. -- Cheers, Stephen Rothwell [email protected] diff --cc kernel/module.c index 6085f5e,261bf82..0000000 --- a/kernel/module.c +++ b/kernel/module.c @@@ -2420,18 -2422,27 +2422,18 @@@ static inline void kmemleak_load_module #endif #ifdef CONFIG_MODULE_SIG - static int module_sig_check(struct load_info *info, - const void *mod, unsigned long *_len) + static int module_sig_check(struct load_info *info) { int err = -ENOKEY; - unsigned long markerlen = sizeof(MODULE_SIG_STRING) - 1; - unsigned long len = *_len; + const unsigned long markerlen = sizeof(MODULE_SIG_STRING) - 1; + const void *mod = info->hdr; - const void *p = mod, *end = mod + info->len; ++ unsigned long len = info->len; - /* Poor man's memmem. */ - while ((p = memchr(p, MODULE_SIG_STRING[0], end - p))) { - if (p + markerlen > end) - break; - - if (memcmp(p, MODULE_SIG_STRING, markerlen) == 0) { - const void *sig = p + markerlen; - /* Truncate module up to signature. */ - info->len = p - mod; - err = mod_verify_sig(mod, info->len, - sig, end - sig); - break; - } - p++; + if (len > markerlen && + memcmp(mod + len - markerlen, MODULE_SIG_STRING, markerlen) == 0) { + /* We truncate the module to discard the signature */ - *_len -= markerlen; - err = mod_verify_sig(mod, _len); ++ info->len -= markerlen; ++ err = mod_verify_sig(mod, &info->len); } if (!err) {
pgpxrN9hRofHV.pgp
Description: PGP signature
