Re: [PATCH v2 6/6] module: Introduce hash-based integrity checking

From: Thomas Weißschuh
Date: Thu Mar 06 2025 - 03:11:02 EST

Next message: Ron Economos: "Re: [PATCH 6.12 000/150] 6.12.18-rc1 review"
Previous message: Thomas Gleixner: "Re: [patch V2 01/17] posix-timers: Initialise timer before adding it to the hash table"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2025-01-23 00:28:40+0100, kpcyrd wrote:
> Thanks for reaching out, also your work on this is much appreciated and
> followed with great interest. <3
>
> On 1/20/25 6:44 PM, Thomas Weißschuh wrote:
> > diff --git a/kernel/module/main.c b/kernel/module/main.c
> > index effe1db02973d4f60ff6cbc0d3b5241a3576fa3e..094ace81d795711b56d12a2abc75ea35449c8300 100644
> > --- a/kernel/module/main.c
> > +++ b/kernel/module/main.c
> > @@ -3218,6 +3218,12 @@ static int module_integrity_check(struct load_info *info, int flags)
> > {
> > int err = 0;
> > + if (IS_ENABLED(CONFIG_MODULE_HASHES)) {
> > + err = module_hash_check(info, flags);
> > + if (!err)
> > + return 0;
> > + }
> > +
> > if (IS_ENABLED(CONFIG_MODULE_SIG))
> > err = module_sig_check(info, flags);
>
> From how I'm reading this (please let me know if I'm wrong):

<snip>

This is how it is intended, thanks for checking.

> This all seems reasonable to me, maybe the check for
> is_module_sig_enforced() could be moved from kernel/module/signing.c to
> kernel/module/main.c, otherwise `sig_enforce=1` would not have any effect
> for a `CONFIG_MODULE_HASHES && !CONFIG_MODULE_SIG` kernel.

Moving the check would complicate the logic and shouldn't make a
difference. In signing.c it ensures that a validation failure is
propagated. However that is the default behaviour in hashes.c.

Thomas

Next message: Ron Economos: "Re: [PATCH 6.12 000/150] 6.12.18-rc1 review"
Previous message: Thomas Gleixner: "Re: [patch V2 01/17] posix-timers: Initialise timer before adding it to the hash table"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]