The lockdown check buried in module_sig_check() will not compose well with the introduction of hash-based module validation. Move it into module_integrity_check() which will work better.
Signed-off-by: Thomas Weißschuh <[email protected]> --- kernel/module/main.c | 6 +++++- kernel/module/signing.c | 3 +-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index 9c570078aa9c..c09b25c0166a 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -3351,7 +3351,11 @@ static int module_integrity_check(struct load_info *info, int flags) if (IS_ENABLED(CONFIG_MODULE_SIG)) err = module_sig_check(info, flags); - return err; + if (err) + return err; + if (info->sig_ok) + return 0; + return security_locked_down(LOCKDOWN_MODULE_SIGNATURE); } /* diff --git a/kernel/module/signing.c b/kernel/module/signing.c index 66d90784de89..8a5f66389116 100644 --- a/kernel/module/signing.c +++ b/kernel/module/signing.c @@ -11,7 +11,6 @@ #include <linux/module_signature.h> #include <linux/string.h> #include <linux/verification.h> -#include <linux/security.h> #include <crypto/public_key.h> #include <uapi/linux/module.h> #include "internal.h" @@ -68,5 +67,5 @@ int module_sig_check(struct load_info *info, int flags) return -EKEYREJECTED; } - return security_locked_down(LOCKDOWN_MODULE_SIGNATURE); + return 0; } -- 2.52.0
