Re: [PATCH v12 01/14] module: Move all into module/

From: Saravana Kannan
Date: Wed Jun 01 2022 - 23:42:06 EST

Next message: Miaoqian Lin: "[PATCH] ASoC: mediatek: mt8173: Fix refcount leak in mt8173_rt5650_rt5676_dev_probe"
Previous message: Kalesh Singh: "Re: [Linaro-mm-sig] Re: [PATCH 2/2] procfs: Add 'path' to /proc/<pid>/fdinfo/"
Next in thread: Luis Chamberlain: "Re: [PATCH v12 01/14] module: Move all into module/"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Aaron Tomlin <atomlin@xxxxxxxxxx> wrote:
> No functional changes.

I could be mistaken, but I think this has a functional change and could
break module signature enforcement in some cases.

>
> This patch moves all module related code into a separate directory,
> modifies each file name and creates a new Makefile. Note: this effort
> is in preparation to refactor core module code.
>
> Reviewed-by: Christophe Leroy <christophe.leroy@xxxxxxxxxx>
> Signed-off-by: Aaron Tomlin <atomlin@xxxxxxxxxx>
> ---
> MAINTAINERS | 2 +-
> kernel/Makefile | 5 +----
> kernel/module/Makefile | 12 ++++++++++++
> kernel/{module_decompress.c => module/decompress.c} | 2 +-
> kernel/{module-internal.h => module/internal.h} | 0
> kernel/{module.c => module/main.c} | 2 +-
> kernel/{module_signing.c => module/signing.c} | 2 +-

I spent at least an hour trying to figure out how the code below in
module/signing.c (was moved from module/main.c in a later patch in this
series) managed to have a "module" prefix for "module.sig_enforce" kernel
cmdline param and for the /sys/module/module/parameters/sig_enforce file.

static bool sig_enforce = IS_ENABLED(CONFIG_MODULE_SIG_FORCE);
module_param(sig_enforce, bool_enable_only, 0644);

I thought I was missing something until I realized this was a very recent
change and might actually be a bug. If I'm not mistaken, the prefix will
now become "signing". So the kernel cmdline param would get ignore and any
userspace writes to /sys/module/module/parameters/sig_enforce will start
failing.

I don't have a device to boot 5.19-rcX in, but I think I'm right. Can
someone confirm?

If my code analysis is right, then the fix seems to be adding this code
before the module_param() line.

diff --git a/kernel/module/signing.c b/kernel/module/signing.c
index 85c8999dfecf..6b0672e4417b 100644
--- a/kernel/module/signing.c
+++ b/kernel/module/signing.c
@@ -16,6 +16,11 @@
#include <uapi/linux/module.h>
#include "internal.h"

+#ifdef MODULE_PARAM_PREFIX
+#undef MODULE_PARAM_PREFIX
+#endif
+#define MODULE_PARAM_PREFIX "module."
+
static bool sig_enforce = IS_ENABLED(CONFIG_MODULE_SIG_FORCE);
module_param(sig_enforce, bool_enable_only, 0644);

-Saravana

Next message: Miaoqian Lin: "[PATCH] ASoC: mediatek: mt8173: Fix refcount leak in mt8173_rt5650_rt5676_dev_probe"
Previous message: Kalesh Singh: "Re: [Linaro-mm-sig] Re: [PATCH 2/2] procfs: Add 'path' to /proc/<pid>/fdinfo/"
Next in thread: Luis Chamberlain: "Re: [PATCH v12 01/14] module: Move all into module/"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]