From patchwork Tue Aug 6 21:20:27 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthew Maurer X-Patchwork-Id: 13755313 Received: from mail-yb1-f201.google.com (mail-yb1-f201.google.com [209.85.219.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C0EC113E881 for ; Tue, 6 Aug 2024 21:21:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1722979276; cv=none; b=EGmEj+uq7k6fj7egZgU+fmkm9YgTr3HhF2oyuDbYgG4KUAyLL5Kd9qGxdSGOBMWv4IoJr2hqGXXd8f/hcMkiP4xfk7Gp7Jdlt/uoN8CwbI3LMTxMjDlSfPey8FQn8iy70CLV6wqPv8pUbuutUBcHCPiidPotN/dnJDOPbh6tj5s= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1722979276; c=relaxed/simple; bh=iji02Oc/3eVse8/8b0a97tqkHPOd2ny7+/1oh5B8hHY=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=fmlEclTMlDLJLX/ZgW3pAQ1elyP9yCI+ZdsEeEolNHy6gTSxMdlKV9sIq6vXOosWKy4XZ3B/MW6/+V9zN4qVuGhIRcKBNHG9qnF23Km9dfm/gSuZ2C53uh/8/K7apQXekvKqVecZCQfN1ypuLOEJjTY8f6FUz7aI9ku2Js/OWqc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=sMR8GsLr; arc=none smtp.client-ip=209.85.219.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="sMR8GsLr" Received: by mail-yb1-f201.google.com with SMTP id 3f1490d57ef6-e0ba318b1b2so1807195276.0 for ; Tue, 06 Aug 2024 14:21:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1722979273; x=1723584073; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=jOl8CtEcN1RVp67UAYoE5SQ2BHxlCocLL/lZKU0oS64=; b=sMR8GsLrWGGLnAivD0/ZcacpSVIAT+HyrCJr80Ljsgb+akD+gu0IyhTaRPMVbRCOwQ e29Km3ZQI0bm+x05zroBtWzX07TIXLAcGyeDLoQiBYtddkf/TO1KZwjswxtlila8Nyqi mZbCjf/GGXUanauQs1mzDSILPh2h5e+XpQV6VyMTe2djpqs5qacmhEuD5JkXhCT2Llc0 gBga8E4G+3s3M2jZtVWgdJMcNxy95wSE9E37NY+GoSuD1gyh/LtDgtz85emICnvg8d3g 8TtXaCp5Gi0CLB6K1Y61NlKDXN7borzFDdwip7Tc2ASj+IHzVzaHhCnjXmYl/TEIL0cS aHbw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722979273; x=1723584073; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=jOl8CtEcN1RVp67UAYoE5SQ2BHxlCocLL/lZKU0oS64=; b=CQhtnuOL/h0VF3ZuMMrnwW7ndfknQGepI89Bk50DS1hijzNl0g8UbZmTnGXJJHW/6Q revWqkM/RlFdWWtOmr4g1JKb46xjmp+e9S50F88ue5OiEpYwqdp9p4daqQYgKvEnkgCI Q3KcBRJzIYrc5XqWypausd0FD8QEzNTrErk6FrVMoQv5xq+bJJjIC+KyCJckJzqiWk8Q +dtXjhrhJpf5YyijZBuLOWWSryOicR3qoqseACi2hIq93aznIlV5d+2RW0lgTzuro/9m /kVSzO4I1X8Eso38l4TGtqGEt/1eLhDeRNFINL2abma7VyZf2JFmiCzr4USoHpqqHPcv BdKg== X-Forwarded-Encrypted: i=1; AJvYcCVWHBzFsI/i5sc+DoHHZThmQRXY572GLQZ7RMgs5MVZkHyiWoScxeVpL+PcuyS8RHJG5INdUNzhXSwGhJxavBDagbDckvHliwTJIk6dUw== X-Gm-Message-State: AOJu0Yxg1TTglwzStgHVuiD8fUq3IS/eQ8U4BSfRGeySleG+ylw0iTMp c8LFXWqDhhilsgM5d37PHpQg2YwUgMWxiiiwx9l8tGLCM2S+emJn7PngOBLfwkvfk4ws0TCqfBo 14xD3MQ== X-Google-Smtp-Source: AGHT+IH68bwpdjlnY26x/2+wcQZQXwD9UHybE1nA22cklT9RgpSzraQUX4QVqW9CAA8bhLmB1AIfRzUuzphh X-Received: from anyblade.c.googlers.com ([fda3:e722:ac3:cc00:20:ed76:c0a8:1791]) (user=mmaurer job=sendgmr) by 2002:a05:6902:188a:b0:e0c:301a:1d8d with SMTP id 3f1490d57ef6-e0c30666c8bmr256479276.4.1722979272769; Tue, 06 Aug 2024 14:21:12 -0700 (PDT) Date: Tue, 6 Aug 2024 21:20:27 +0000 In-Reply-To: <20240806212106.617164-1-mmaurer@google.com> Precedence: bulk X-Mailing-List: linux-modules@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240806212106.617164-1-mmaurer@google.com> X-Mailer: git-send-email 2.46.0.rc2.264.g509ed76dc8-goog Message-ID: <20240806212106.617164-2-mmaurer@google.com> Subject: [PATCH v3 01/16] module: Take const arg in validate_section_offset From: Matthew Maurer To: masahiroy@kernel.org, ndesaulniers@google.com, ojeda@kernel.org, gary@garyguo.net, mcgrof@kernel.org, Alex Gaynor , Wedson Almeida Filho Cc: Matthew Maurer , rust-for-linux@vger.kernel.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, neal@gompa.dev, marcan@marcan.st, j@jannau.net, asahi@lists.linux.dev, Boqun Feng , " =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= " , Benno Lossin , Andreas Hindborg , Alice Ryhl , linux-modules@vger.kernel.org `validate_section_offset` doesn't modify the info passed in. Make this clear by adjusting the type signature. Signed-off-by: Matthew Maurer --- kernel/module/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index d9592195c5bb..141a964b6b13 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -1645,7 +1645,7 @@ bool __weak module_exit_section(const char *name) return strstarts(name, ".exit"); } -static int validate_section_offset(struct load_info *info, Elf_Shdr *shdr) +static int validate_section_offset(const struct load_info *info, Elf_Shdr *shdr) { #if defined(CONFIG_64BIT) unsigned long long secend; From patchwork Tue Aug 6 21:20:28 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthew Maurer X-Patchwork-Id: 13755314 Received: from mail-yb1-f202.google.com (mail-yb1-f202.google.com [209.85.219.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D87A315ECF1 for ; Tue, 6 Aug 2024 21:21:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1722979277; cv=none; b=d2uRF3PdgmjEdYUYzm8pBZuXtXQNx19KRszMr0aEl28/MI9uySWsyy7YWMPl+v1XUrj+1nB8Ts//BMcIEuo3JncJoBuQZgUwgAunHWSdZiGBXU60sOBF7I0702TNpoGCWVjaNnCHVb84YdJtZNJ/EMMrX//D5XajnvifVNTeTUs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1722979277; c=relaxed/simple; bh=7o/q0V/8nz20ZimeKJ7F4Niz14kg6QxkIphDjXT52fk=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=WBK0quFkOl83vp/+RKIYYKH0rNnDpYD/UcCZPtxa8a68MVlMu8mIi51elfwn+2zbPvoRPjOacYhhSPoHVxiKshq9j8Y0apy9QNjhjupiZy/Ip1t5nDWroMTqqJzY9bb1+7r/0cBRrbC34R+KcTteFGKDq/7vR48Tio8Wy/7BvyA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=POhTE3M+; arc=none smtp.client-ip=209.85.219.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="POhTE3M+" Received: by mail-yb1-f202.google.com with SMTP id 3f1490d57ef6-e0e8826e03bso28642276.3 for ; Tue, 06 Aug 2024 14:21:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1722979275; x=1723584075; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=Fo9KIzckPaWjR62wzQWzW1E6r1YIZ+FzcJKNKEd2cbc=; b=POhTE3M+Fo1UBDSyBnmjhMiJrFHU62yByxS/wam1BH2Cqd3OPSd1HL860KLDmHVqWm RcaNmin9FDyc2FTBuj4MfWw1L+cv5iZgtcNbIkcHigL3OQDsQ67pxpc3oNT8atcUc+Sa Ge9zAFiP4CDlpamsbCjJ93OvN729DmUfB1AkkFVO5/LeUvXEY6TdZSZ45kY7E5o+Y1oG X4QDpWFdiRWX4+q8tCxCJML+tNN84m7EtkScwhbgjLD7igr1yE1bh7p/BmMc6h1xgge8 GVB0I8hmhTZycYYZt3kbEZuCsygEunRAeq4jKL8AO7zgBlyNcszYRP8W1DqGgzFoHK/4 RXnA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722979275; x=1723584075; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Fo9KIzckPaWjR62wzQWzW1E6r1YIZ+FzcJKNKEd2cbc=; b=oNcU9eAO0xPFRdQ1LTdVRdsTatl8fg4yLeRlplsqHKa768dxMSH4qq6m2HV6FDlDmh b7xl3fVDBvHdhoDofMSEPOejBPu1FyYMiWqxCUqoFFFnc4bZbbLeYsQE8lhfA4zUpMIJ Gj1bFFtv7dgNrdVdMaVj43v0FSc4k8FeSb2/I6RWXqyh5c1RQutAI4teTPWFV7qr5mh1 tK/87WUVSOO9CbqxoUxL9/PY2ylSoYSEMsVHnn7MOmKm8p6rREaA8I8hCBAtFIK6WqLR JJHmP40eT+QB/DQLFUzj+6FHN0mV5G+jXBe1Xo/b671daI2/5wPm99/7rRFeu1MgoTB7 krkA== X-Forwarded-Encrypted: i=1; AJvYcCUBoTNF/zEkc8+otrMJ6ONkXHO+vhB05OZ8GMw8BCFCLXuMb9mP6Qe2D3EtP5wNQEyY19T6mVH+shFMko18QGhmWyilmFN3HHiXcPJzNA== X-Gm-Message-State: AOJu0YyVj1ZPR0FFBDUsjddK7hiaKRzG+wm1ZiCo4/lSrtcUNB6uIGlA bw/G1sSGc/j20Kd1ooWBhYEwVVw0Mgp1LbDhrzAyzBMvj69mh0P4TzTib7nlkmN4zEPpBBf4ioe 6o3Ly0A== X-Google-Smtp-Source: AGHT+IH7JJ+cAD9RGztSP5vgRVCBQElvxeH9dvZHKNMgEx11Gqo+XyM2E9Dbljxi3vzskmoey/eoE16MBt22 X-Received: from anyblade.c.googlers.com ([fda3:e722:ac3:cc00:20:ed76:c0a8:1791]) (user=mmaurer job=sendgmr) by 2002:a05:6902:100c:b0:e0b:4dd5:3995 with SMTP id 3f1490d57ef6-e0bde4abb59mr28777276.7.1722979274758; Tue, 06 Aug 2024 14:21:14 -0700 (PDT) Date: Tue, 6 Aug 2024 21:20:28 +0000 In-Reply-To: <20240806212106.617164-1-mmaurer@google.com> Precedence: bulk X-Mailing-List: linux-modules@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240806212106.617164-1-mmaurer@google.com> X-Mailer: git-send-email 2.46.0.rc2.264.g509ed76dc8-goog Message-ID: <20240806212106.617164-3-mmaurer@google.com> Subject: [PATCH v3 02/16] module: Factor out elf_validity_ehdr From: Matthew Maurer To: masahiroy@kernel.org, ndesaulniers@google.com, ojeda@kernel.org, gary@garyguo.net, mcgrof@kernel.org, Alex Gaynor , Wedson Almeida Filho Cc: Matthew Maurer , rust-for-linux@vger.kernel.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, neal@gompa.dev, marcan@marcan.st, j@jannau.net, asahi@lists.linux.dev, Boqun Feng , " =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= " , Benno Lossin , Andreas Hindborg , Alice Ryhl , linux-modules@vger.kernel.org Factor out verification of the ELF header and document what is checked. Signed-off-by: Matthew Maurer --- kernel/module/main.c | 70 +++++++++++++++++++++++++++++--------------- 1 file changed, 47 insertions(+), 23 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index 141a964b6b13..1218cc7e1196 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -1664,6 +1664,50 @@ static int validate_section_offset(const struct load_info *info, Elf_Shdr *shdr) return 0; } +/** + * elf_validity_ehdr() - Checks an ELF header for module validity + * @info: Load info containing the ELF header to check + * + * Checks whether an ELF header could belong to a valid module. Checks: + * + * * ELF header is within the data the user provided + * * ELF magic is present + * * It is relocatable (not final linked, not core file, etc.) + * * The header's machine type matches what the architecture expects. + * * Optional arch-specific hook for other properties + * - module_elf_check_arch() is currently only used by PPC to check + * ELF ABI version, but may be used by others in the future. + * + * Return: %0 if valid, %-ENOEXEC on failure. + */ +static int elf_validity_ehdr(const struct load_info *info) +{ + if (info->len < sizeof(*(info->hdr))) { + pr_err("Invalid ELF header len %lu\n", info->len); + return -ENOEXEC; + } + if (memcmp(info->hdr->e_ident, ELFMAG, SELFMAG) != 0) { + pr_err("Invalid ELF header magic: != %s\n", ELFMAG); + return -ENOEXEC; + } + if (info->hdr->e_type != ET_REL) { + pr_err("Invalid ELF header type: %u != %u\n", + info->hdr->e_type, ET_REL); + return -ENOEXEC; + } + if (!elf_check_arch(info->hdr)) { + pr_err("Invalid architecture in ELF header: %u\n", + info->hdr->e_machine); + return -ENOEXEC; + } + if (!module_elf_check_arch(info->hdr)) { + pr_err("Invalid module architecture in ELF header: %u\n", + info->hdr->e_machine); + return -ENOEXEC; + } + return 0; +} + /* * Check userspace passed ELF module against our expectations, and cache * useful variables for further processing as we go. @@ -1693,30 +1737,10 @@ static int elf_validity_cache_copy(struct load_info *info, int flags) unsigned int num_info_secs = 0, info_idx; unsigned int num_sym_secs = 0, sym_idx; - if (info->len < sizeof(*(info->hdr))) { - pr_err("Invalid ELF header len %lu\n", info->len); - goto no_exec; - } + err = elf_validity_ehdr(info); + if (err < 0) + return err; - if (memcmp(info->hdr->e_ident, ELFMAG, SELFMAG) != 0) { - pr_err("Invalid ELF header magic: != %s\n", ELFMAG); - goto no_exec; - } - if (info->hdr->e_type != ET_REL) { - pr_err("Invalid ELF header type: %u != %u\n", - info->hdr->e_type, ET_REL); - goto no_exec; - } - if (!elf_check_arch(info->hdr)) { - pr_err("Invalid architecture in ELF header: %u\n", - info->hdr->e_machine); - goto no_exec; - } - if (!module_elf_check_arch(info->hdr)) { - pr_err("Invalid module architecture in ELF header: %u\n", - info->hdr->e_machine); - goto no_exec; - } if (info->hdr->e_shentsize != sizeof(Elf_Shdr)) { pr_err("Invalid ELF section header size\n"); goto no_exec; From patchwork Tue Aug 6 21:20:29 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthew Maurer X-Patchwork-Id: 13755315 Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com [209.85.128.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 03A55171E61 for ; Tue, 6 Aug 2024 21:21:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1722979279; cv=none; b=uNnrDQB34igi07L8+qHx/YvS2uBG0Eix4nYyad1IVj+MKJraCwU6hyyFgBiffIqsVut/BMbvH9RyuueHR9rfHk4Tmsb8LvosaDUvLzxQFsM7zVjaYayBg+JS0fxmF6XiY2PMA5EzOCBKwiAO/npodzldIrPpRjsSBoI7Mkahm9I= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1722979279; c=relaxed/simple; bh=AVuM77XBvRTP7CQN/96dK2QzyY+wZxWUme8oRgVt+OQ=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=ETuJIioE+6X3FGhCyfvo8V6UaHCp1ojrNZiBuKsOS6WAPuxLDOO/elt2KqfH9elFB33r7lCgvOl955nUoMPJAirmpGVHKQVuJwhI1fTuet7nM0r6JN5T98uyDoVdInG+kqWwp+rghotLRae8uZ4hSRwrnPLamG6KECtn8WjXutY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=w1C04Dfb; arc=none smtp.client-ip=209.85.128.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="w1C04Dfb" Received: by mail-yw1-f201.google.com with SMTP id 00721157ae682-672bea19c63so21721287b3.2 for ; Tue, 06 Aug 2024 14:21:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1722979277; x=1723584077; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=cGYSjKifnIb4d4VsO6oPWhpN1+4ZSxOFZf0ATG4/qxc=; b=w1C04DfbqFGqRgd9rFSUW7b+OnHqGCoEMJNsNPXldlk/MjtRZxtFxFmn6ryTNbvmXY 0otSdBDp7zf5kO+M40Ud1heIXl+04wHChIEflTaWY2zOoios7a36GXzOQWkL52DtwzYz BZBN0KTeYSEGuvVJDhuagf4QuXRt0pJmAFEdWK08sF9JZsuriw6PYnPTLULn1HDVJpgu wOFcrS5nr+Wg6SrqzRDztZXum63D81I1lsV9q8kVFjsFJvSY8uUiCXu0dxpXVQ8Cq8QD ccAmnCris34u9oSW9PPY7ibtFn5V4RHT6f2IlB+B3A3dPWwhibkdCJyM0bmmpwUQob8f B+MA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722979277; x=1723584077; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=cGYSjKifnIb4d4VsO6oPWhpN1+4ZSxOFZf0ATG4/qxc=; b=ZezO7hlZsTJTENUeL6Qmn2qMsMOBxYj6Ayc/iK3GneRuWjcn6pW3eJUgiWXgfzh9b+ 8wkSd5pfnr+evnj5jycf877dXwzImMQS3XJPYvff3tuwrvuXZurdVSTwzGOKmLN0N9BE INuznV3GsFE8sNwsY6HTf3+cOEbkK+NJzl+dfLAlvdK3qWH0LBeA3+IRG59RZQtFYDsQ 1H7gb/DCqSfb4KjL2Nc6Nls7NwShrECh8hzMJHXfFC2Ql3G9/aO2KQGHAbRl17QYFn6Q ZQDfgdy8ICSLmI/JXgtH5nGWOwbc335RaV6cdfbW5dlOmOUW9t+LieK0gFpQfht7ZDO/ qQgA== X-Forwarded-Encrypted: i=1; AJvYcCUAWxI8/r4mj4N0FeHe5theV/vA5S7WCj03saaqSb/CpAkT97JeCh/oyyS0YEoVMHN7a0TfeH06BE3VFYMIdq59z6M67vsfgWiL04KHUQ== X-Gm-Message-State: AOJu0YxhK5PIbPz81w2nVXezDyQfF+KDd0R8i251e9YwZwxfki5PCpwY KcWma2PJEZ6B57MZ1J65CugDBXL1vEtuVGSuR7mBGSfHOl1PAbwhjssAw+fvJnxeY1IqxzbdP14 Uy4ovMg== X-Google-Smtp-Source: AGHT+IFSYvmkaodRJOM+NJzUc1TZcIArEkVrs4l6TsWHjv221yZbaqYbrPbNVyJZ/JmOpD2YsJPdd4415EZ+ X-Received: from anyblade.c.googlers.com ([fda3:e722:ac3:cc00:20:ed76:c0a8:1791]) (user=mmaurer job=sendgmr) by 2002:a05:6902:118f:b0:e0e:4e5d:c414 with SMTP id 3f1490d57ef6-e0e4e5dc564mr88686276.10.1722979276827; Tue, 06 Aug 2024 14:21:16 -0700 (PDT) Date: Tue, 6 Aug 2024 21:20:29 +0000 In-Reply-To: <20240806212106.617164-1-mmaurer@google.com> Precedence: bulk X-Mailing-List: linux-modules@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240806212106.617164-1-mmaurer@google.com> X-Mailer: git-send-email 2.46.0.rc2.264.g509ed76dc8-goog Message-ID: <20240806212106.617164-4-mmaurer@google.com> Subject: [PATCH v3 03/16] module: Factor out elf_validity_cache_sechdrs From: Matthew Maurer To: masahiroy@kernel.org, ndesaulniers@google.com, ojeda@kernel.org, gary@garyguo.net, mcgrof@kernel.org, Alex Gaynor , Wedson Almeida Filho Cc: Matthew Maurer , rust-for-linux@vger.kernel.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, neal@gompa.dev, marcan@marcan.st, j@jannau.net, asahi@lists.linux.dev, Boqun Feng , " =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= " , Benno Lossin , Andreas Hindborg , Alice Ryhl , linux-modules@vger.kernel.org Factor out and document the validation of section headers. Because we now validate all section offsets and lengths before accessing them, we can remove the ad-hoc checks. Signed-off-by: Matthew Maurer --- kernel/module/main.c | 125 ++++++++++++++++++++++++++++--------------- 1 file changed, 82 insertions(+), 43 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index 1218cc7e1196..c480fd33861a 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -1708,6 +1708,87 @@ static int elf_validity_ehdr(const struct load_info *info) return 0; } +/** + * elf_validity_cache_sechdrs() - Cache section headers if valid + * @info: Load info to compute section headers from + * + * Checks: + * + * * ELF header is valid (see elf_validity_ehdr()) + * * Section headers are the size we expect + * * Section array fits in the user provided data + * * Section index 0 is NULL + * * Section contents are inbounds + * + * Then updates @info with a &load_info->sechdrs pointer if valid. + * + * Return: %0 if valid, negative error code if validation failed. + */ +static int elf_validity_cache_sechdrs(struct load_info *info) +{ + Elf_Shdr *sechdrs; + Elf_Shdr *shdr; + int i; + int err; + + err = elf_validity_ehdr(info); + if (err < 0) + return err; + + if (info->hdr->e_shentsize != sizeof(Elf_Shdr)) { + pr_err("Invalid ELF section header size\n"); + return -ENOEXEC; + } + + /* + * e_shnum is 16 bits, and sizeof(Elf_Shdr) is + * known and small. So e_shnum * sizeof(Elf_Shdr) + * will not overflow unsigned long on any platform. + */ + if (info->hdr->e_shoff >= info->len + || (info->hdr->e_shnum * sizeof(Elf_Shdr) > + info->len - info->hdr->e_shoff)) { + pr_err("Invalid ELF section header overflow\n"); + return -ENOEXEC; + } + + sechdrs = (void *)info->hdr + info->hdr->e_shoff; + + /* + * The code assumes that section 0 has a length of zero and + * an addr of zero, so check for it. + */ + if (sechdrs[0].sh_type != SHT_NULL + || sechdrs[0].sh_size != 0 + || sechdrs[0].sh_addr != 0) { + pr_err("ELF Spec violation: section 0 type(%d)!=SH_NULL or non-zero len or addr\n", + sechdrs[0].sh_type); + return -ENOEXEC; + } + + /* Validate contents are inbounds */ + for (i = 1; i < info->hdr->e_shnum; i++) { + shdr = &sechdrs[i]; + switch (shdr->sh_type) { + case SHT_NULL: + case SHT_NOBITS: + /* No contents, offset/size don't mean anything */ + continue; + default: + err = validate_section_offset(info, shdr); + if (err < 0) { + pr_err("Invalid ELF section in module (section %u type %u)\n", + i, shdr->sh_type); + return err; + } + } + } + + info->sechdrs = sechdrs; + + return 0; +} + /* * Check userspace passed ELF module against our expectations, and cache * useful variables for further processing as we go. @@ -1737,29 +1818,10 @@ static int elf_validity_cache_copy(struct load_info *info, int flags) unsigned int num_info_secs = 0, info_idx; unsigned int num_sym_secs = 0, sym_idx; - err = elf_validity_ehdr(info); + err = elf_validity_cache_sechdrs(info); if (err < 0) return err; - if (info->hdr->e_shentsize != sizeof(Elf_Shdr)) { - pr_err("Invalid ELF section header size\n"); - goto no_exec; - } - - /* - * e_shnum is 16 bits, and sizeof(Elf_Shdr) is - * known and small. So e_shnum * sizeof(Elf_Shdr) - * will not overflow unsigned long on any platform. - */ - if (info->hdr->e_shoff >= info->len - || (info->hdr->e_shnum * sizeof(Elf_Shdr) > - info->len - info->hdr->e_shoff)) { - pr_err("Invalid ELF section header overflow\n"); - goto no_exec; - } - - info->sechdrs = (void *)info->hdr + info->hdr->e_shoff; - /* * Verify if the section name table index is valid. */ @@ -1772,11 +1834,6 @@ static int elf_validity_cache_copy(struct load_info *info, int flags) } strhdr = &info->sechdrs[info->hdr->e_shstrndx]; - err = validate_section_offset(info, strhdr); - if (err < 0) { - pr_err("Invalid ELF section hdr(type %u)\n", strhdr->sh_type); - return err; - } /* * The section name table must be NUL-terminated, as required @@ -1793,18 +1850,6 @@ static int elf_validity_cache_copy(struct load_info *info, int flags) goto no_exec; } - /* - * The code assumes that section 0 has a length of zero and - * an addr of zero, so check for it. - */ - if (info->sechdrs[0].sh_type != SHT_NULL - || info->sechdrs[0].sh_size != 0 - || info->sechdrs[0].sh_addr != 0) { - pr_err("ELF Spec violation: section 0 type(%d)!=SH_NULL or non-zero len or addr\n", - info->sechdrs[0].sh_type); - goto no_exec; - } - for (i = 1; i < info->hdr->e_shnum; i++) { shdr = &info->sechdrs[i]; switch (shdr->sh_type) { @@ -1823,12 +1868,6 @@ static int elf_validity_cache_copy(struct load_info *info, int flags) sym_idx = i; fallthrough; default: - err = validate_section_offset(info, shdr); - if (err < 0) { - pr_err("Invalid ELF section in module (section %u type %u)\n", - i, shdr->sh_type); - return err; - } if (strcmp(info->secstrings + shdr->sh_name, ".gnu.linkonce.this_module") == 0) { num_mod_secs++; From patchwork Tue Aug 6 21:20:30 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthew Maurer X-Patchwork-Id: 13755316 Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com [209.85.128.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B711717334E for ; Tue, 6 Aug 2024 21:21:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1722979281; cv=none; b=GFUnNYMFEJGZOrXdJU8vQbUo4UiIbaf5bZGXAcYy5degFLkCOGUaX9OUqhwDgRkbnJmx6Ro5amuwCScz4CGbSV9BTfjrVzyOwPNcrx/K9L47zw8eRxxxqNRD1Wfd2Xb/g/B13un3z1DX+PsAzNnfiuWd7y/aWfMryt32Zjcdp00= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1722979281; c=relaxed/simple; bh=4E3+yqfPZ/EBjg1eFYj7cU9eN58K80vEwUneq+XxFn0=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=KNDG5HT+g4dhaSi9QS/Y5jogZQU1P0lEJzJC4Z6xTZQl2zxBVBdVz7cabMC2rsucj4qs2Kx0JbMcOMSY1seAIalHC9UeM5sSQNZ2yXMPcOycp0MuTpMF/LwbUkkL75AqirUNMX7qInpNAVZjgTqH3o94TKte0wTaqlmKGUHIClA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=abKFV/KQ; arc=none smtp.client-ip=209.85.128.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="abKFV/KQ" Received: by mail-yw1-f201.google.com with SMTP id 00721157ae682-66628e9ec89so25176847b3.1 for ; Tue, 06 Aug 2024 14:21:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1722979279; x=1723584079; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=LHlE/ML+MCLjX3kG65evZzMkMroBjJFNmRaVRMV6Lgg=; b=abKFV/KQGWyKxuN54FnqHVJS2pMIzFrZq/tZaeESQkrEgRKULp6UHccJS82T1SA62t 6wifCSSJhB0VFDIGjgRCxBE1S+qhdrb2YeH+W5JzKxeT1s2aHPp4zMDdkU8RYD3L19zx QvWUDmMp57nL8vMPIF/CTl8eUqotLz8v+h3zKdvlbVVLsbaxVCvooFqx2/Rk/6mvuMP1 JbvGPXesxUIYIN4ZI+Yatyr5qVmG27dFmOzp/YjUu8zVk188pjyia56Cw2W6gsCmWv1j DulAt9wosw7xqq4UOGNwl8YdjttrFMRCZdgyfzQPDCcSp4YRcw0D6Mj/fbavqsuhKMrf 7HSg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722979279; x=1723584079; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=LHlE/ML+MCLjX3kG65evZzMkMroBjJFNmRaVRMV6Lgg=; b=dlNo1jTqR5hi43adCXloYu+jREwZDdJ1o1h82je9QTGUzjtjzhr9QzGQWgqaoA8vvu WfzOSeMYcR9gi1c8T9azRiTV8otsnLtedhRWiPYcjGKaB5oHifOWY79T8svSw87s+2gP yHSyoKkSJmvxro58+pnTTPJ8grrWOm/WLyWQxGGSTiwDdKmVVRqiuJu/tgdybSeNl2Mb 4ixCQ889QppxGhdwOG1vZntxBu8VMZzqpdHy4WkmZnAMSTTdwOmj/flusGJT5SaQDXSD lsGyTeehloVk5Eoy0XHq9DASZ/32i67AaN2WJ/zHsKE7jD6PB/+Xcuc5D61j7v0HfU7E h8EA== X-Forwarded-Encrypted: i=1; AJvYcCX5rwg+GYdp/WdQdlZQ5RbxoxxvXRI+76mX3BtFj2VeO2IJILiGdU5bZ/CqsOL1Q1iShMIA5dFL4OJOq86hWgczGLzS5e1v8xlAwnSCpw== X-Gm-Message-State: AOJu0YyTLQzNKXbX33Q6cIcAK4vOprDkpS3Zlp34shViCj620f/TBo0V 8axLv875H2rZhfOkyQZGxMTxhQRZtlpSVQNh2MMpF+ckNU1HQu0BPbj58Nh/b3Zyee2/2l5TqDq SOX+GeQ== X-Google-Smtp-Source: AGHT+IHs8BjEFP03/hjkSlIFZUQ8Ej9UCuITL4bX8GerqO4z8Xhbdq0f/kQGsTvhAsALlLcsV8i31UDjpw7A X-Received: from anyblade.c.googlers.com ([fda3:e722:ac3:cc00:20:ed76:c0a8:1791]) (user=mmaurer job=sendgmr) by 2002:a05:690c:289:b0:681:8b2d:81ae with SMTP id 00721157ae682-68964d4d4cemr6090117b3.9.1722979278870; Tue, 06 Aug 2024 14:21:18 -0700 (PDT) Date: Tue, 6 Aug 2024 21:20:30 +0000 In-Reply-To: <20240806212106.617164-1-mmaurer@google.com> Precedence: bulk X-Mailing-List: linux-modules@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240806212106.617164-1-mmaurer@google.com> X-Mailer: git-send-email 2.46.0.rc2.264.g509ed76dc8-goog Message-ID: <20240806212106.617164-5-mmaurer@google.com> Subject: [PATCH v3 04/16] module: Factor out elf_validity_cache_secstrings From: Matthew Maurer To: masahiroy@kernel.org, ndesaulniers@google.com, ojeda@kernel.org, gary@garyguo.net, mcgrof@kernel.org, Alex Gaynor , Wedson Almeida Filho Cc: Matthew Maurer , rust-for-linux@vger.kernel.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, neal@gompa.dev, marcan@marcan.st, j@jannau.net, asahi@lists.linux.dev, Boqun Feng , " =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= " , Benno Lossin , Andreas Hindborg , Alice Ryhl , linux-modules@vger.kernel.org Factor out the validation of section names. There are two behavioral changes: 1. Previously, we did not validate non-SHF_ALLOC sections. This may have once been safe, as find_sec skips non-SHF_ALLOC sections, but find_any_sec, which will be used to load BTF if that is enabled, ignores the SHF_ALLOC flag. Since there's no need to support invalid section names, validate all of them, not just SHF_ALLOC sections. 2. Section names were validated *after* accessing them for the purposes of detecting ".modinfo" and ".gnu.linkonce.this_module". They are now checked prior to the access, which could avoid bad accesses with malformed modules. Signed-off-by: Matthew Maurer --- kernel/module/main.c | 106 ++++++++++++++++++++++++++++--------------- 1 file changed, 69 insertions(+), 37 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index c480fd33861a..252cfa9eee67 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -1789,6 +1789,71 @@ static int elf_validity_cache_sechdrs(struct load_info *info) return 0; } +/** + * elf_validity_cache_secstrings() - Caches section names if valid + * @info: Load info to cache section names from. Must have valid sechdrs. + * + * Specifically checks: + * + * * Section name table index is inbounds of section headers + * * Section name table is not empty + * * Section name table is NUL terminated + * * All section name offsets are inbounds of the section + * + * Then updates @info with a &load_info->secstrings pointer if valid. + * + * Return: %0 if valid, negative error code if validation failed. + */ +static int elf_validity_cache_secstrings(struct load_info *info) +{ + Elf_Shdr *strhdr, *shdr; + char *secstrings; + int i; + + /* + * Verify if the section name table index is valid. + */ + if (info->hdr->e_shstrndx == SHN_UNDEF + || info->hdr->e_shstrndx >= info->hdr->e_shnum) { + pr_err("Invalid ELF section name index: %d || e_shstrndx (%d) >= e_shnum (%d)\n", + info->hdr->e_shstrndx, info->hdr->e_shstrndx, + info->hdr->e_shnum); + return -ENOEXEC; + } + + strhdr = &info->sechdrs[info->hdr->e_shstrndx]; + + /* + * The section name table must be NUL-terminated, as required + * by the spec. This makes strcmp and pr_* calls that access + * strings in the section safe. + */ + secstrings = (void *)info->hdr + strhdr->sh_offset; + if (strhdr->sh_size == 0) { + pr_err("empty section name table\n"); + return -ENOEXEC; + } + if (secstrings[strhdr->sh_size - 1] != '\0') { + pr_err("ELF Spec violation: section name table isn't null terminated\n"); + return -ENOEXEC; + } + + for (i = 0; i < info->hdr->e_shnum; i++) { + shdr = &info->sechdrs[i]; + /* SHT_NULL means sh_name has an undefined value */ + if (shdr->sh_type == SHT_NULL) + continue; + if (shdr->sh_name >= strhdr->sh_size) { + pr_err("Invalid ELF section name in module (section %u type %u)\n", + i, shdr->sh_type); + return -ENOEXEC; + } + } + + info->secstrings = secstrings; + return 0; +} + /* * Check userspace passed ELF module against our expectations, and cache * useful variables for further processing as we go. @@ -1812,7 +1877,7 @@ static int elf_validity_cache_sechdrs(struct load_info *info) static int elf_validity_cache_copy(struct load_info *info, int flags) { unsigned int i; - Elf_Shdr *shdr, *strhdr; + Elf_Shdr *shdr; int err; unsigned int num_mod_secs = 0, mod_idx; unsigned int num_info_secs = 0, info_idx; @@ -1821,34 +1886,9 @@ static int elf_validity_cache_copy(struct load_info *info, int flags) err = elf_validity_cache_sechdrs(info); if (err < 0) return err; - - /* - * Verify if the section name table index is valid. - */ - if (info->hdr->e_shstrndx == SHN_UNDEF - || info->hdr->e_shstrndx >= info->hdr->e_shnum) { - pr_err("Invalid ELF section name index: %d || e_shstrndx (%d) >= e_shnum (%d)\n", - info->hdr->e_shstrndx, info->hdr->e_shstrndx, - info->hdr->e_shnum); - goto no_exec; - } - - strhdr = &info->sechdrs[info->hdr->e_shstrndx]; - - /* - * The section name table must be NUL-terminated, as required - * by the spec. This makes strcmp and pr_* calls that access - * strings in the section safe. - */ - info->secstrings = (void *)info->hdr + strhdr->sh_offset; - if (strhdr->sh_size == 0) { - pr_err("empty section name table\n"); - goto no_exec; - } - if (info->secstrings[strhdr->sh_size - 1] != '\0') { - pr_err("ELF Spec violation: section name table isn't null terminated\n"); - goto no_exec; - } + err = elf_validity_cache_secstrings(info); + if (err < 0) + return err; for (i = 1; i < info->hdr->e_shnum; i++) { shdr = &info->sechdrs[i]; @@ -1877,14 +1917,6 @@ static int elf_validity_cache_copy(struct load_info *info, int flags) num_info_secs++; info_idx = i; } - - if (shdr->sh_flags & SHF_ALLOC) { - if (shdr->sh_name >= strhdr->sh_size) { - pr_err("Invalid ELF section name in module (section %u type %u)\n", - i, shdr->sh_type); - return -ENOEXEC; - } - } break; } } From patchwork Tue Aug 6 21:20:31 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthew Maurer X-Patchwork-Id: 13755317 Received: from mail-yw1-f202.google.com (mail-yw1-f202.google.com [209.85.128.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F27B7175D54 for ; Tue, 6 Aug 2024 21:21:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1722979283; cv=none; b=GAJQnIkZ40W4N3abDaRHa0WxhXxv9ndb+XRHPhW8lmm9cQIbhOL3RkxtCwrS9SwtBLMFkZvSsWoLuaG2qaume2d4YmbPjj4vf0AjLhdthZy4Psm1QcteQMuzoBXPDA6XcaKPWls46XtRkd5cypYik2kogaZyE1NkVmyiiPLbEs4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1722979283; c=relaxed/simple; bh=6GqSMULtD4el151RcDItMEF6Lt50YlB/q7Pl2DyHeAM=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=triB7vTYxtfQqz3YSsZQhTCw7l9mRICPCBmnNy15z1rrpSQll1RVY1CICD8n1RlNTla+V7mazkEB8akKX0iOXZM3pTD1ITPfAqNkS5PP1s0nAqVf3rn7QPPafFPRcq055LOEwuxIgnVBYSey26WA5lJwrFwpH0KMIG/8fkoAoB0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=D9whd75a; arc=none smtp.client-ip=209.85.128.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="D9whd75a" Received: by mail-yw1-f202.google.com with SMTP id 00721157ae682-666010fb35cso4886657b3.0 for ; Tue, 06 Aug 2024 14:21:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1722979281; x=1723584081; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=eZ3gIDpzvqifWGJTrfh1KRlyB6JYqqa8tRhgZU97bFA=; b=D9whd75amNQnRipHcMezPpPIHAcVKP4b0VeRdclHAcV7uFKuGdScMh9wDpGLiYFiaa zFEWltPpNcd5/Fih+fIFsGqlLa3OJI4alRfJy3XOa/bysydrFOHZpiPSc58GyR7TUxMt HP7N/l0J0IJrjGcfCJCZ46NexHwLJ/Hb02puo1P1GweRxbUWfrIVO2nkEVow2ck7TDKo a4/ws5TzaQhL0T5f3PPm92onlOMktY41pjJuchxrCMQcz+3lywldsnSHpNCGdUVE7JZY KhbBatiZOovw/f94CUYBshamY1CUAf/Fq4CnaY1F+AMCEmlAONhaIf/cJh6Gj+YDy1TQ hJsg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722979281; x=1723584081; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=eZ3gIDpzvqifWGJTrfh1KRlyB6JYqqa8tRhgZU97bFA=; b=QDb2U51LP9VRCJniDHCUq7pkYHS0Yb+fTuCdHAAFvqmzm5y96tbeVynxE/YEx67GLw syWJ2aKcIFnjDjJFqJBw/RaCDyRmv7XYnwglcCWTtweGD9IKmgm42ng9W24SHYXuLEtS 716dvy+2csSsK1T6Vum+eQqzn2UauhovaS0RPAqvqlAKjDk5shCF6QsIO4aYEPw+GwRg aeiEcxjXvE4jiOrgxmVxL+fgbMxwjZi65lrbghfhJUVEzniM9MtS0L2535+NJ9KTG5DN aHwQSyxT8f1zvzr75UvAH56RkMxbYNmi1uunITqx7+HBvrEvVVnjeCgFwvg4LXtx3Bhg +QCQ== X-Forwarded-Encrypted: i=1; AJvYcCVejUpV4kvZM00xo9OAAfn4GBq4mqZd74FwA/10TjCDk56XBTCSgHn8hHKZyu+3piErnGwrNLA8OiNyGYoBrD7b/bt6ba2/1m96VFmq+A== X-Gm-Message-State: AOJu0YyvpdZQp6U5z5q8vEN/eTXIYr7lW4yelODAV162HKojTOlKKx0p 8nyrFHi/wAT4XN21I1Xcj7VlZcKklqm7fpltgoOeqF1gK6q11er+8p3Pjuaeyc5rK2VoLt8xPq9 OQHc+nA== X-Google-Smtp-Source: AGHT+IG4aq7G8KmkD7iN5WibU+xEj88q/B5q5piN0dKYK4ohf6OT5yqQNxgPNSwh7gEkBbs93toGEJAb8w4p X-Received: from anyblade.c.googlers.com ([fda3:e722:ac3:cc00:20:ed76:c0a8:1791]) (user=mmaurer job=sendgmr) by 2002:a0d:f143:0:b0:665:24b0:e936 with SMTP id 00721157ae682-6991404e2b7mr1487b3.4.1722979280882; Tue, 06 Aug 2024 14:21:20 -0700 (PDT) Date: Tue, 6 Aug 2024 21:20:31 +0000 In-Reply-To: <20240806212106.617164-1-mmaurer@google.com> Precedence: bulk X-Mailing-List: linux-modules@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240806212106.617164-1-mmaurer@google.com> X-Mailer: git-send-email 2.46.0.rc2.264.g509ed76dc8-goog Message-ID: <20240806212106.617164-6-mmaurer@google.com> Subject: [PATCH v3 05/16] module: Factor out elf_validity_cache_index_info From: Matthew Maurer To: masahiroy@kernel.org, ndesaulniers@google.com, ojeda@kernel.org, gary@garyguo.net, mcgrof@kernel.org, Alex Gaynor , Wedson Almeida Filho Cc: Matthew Maurer , rust-for-linux@vger.kernel.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, neal@gompa.dev, marcan@marcan.st, j@jannau.net, asahi@lists.linux.dev, Boqun Feng , " =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= " , Benno Lossin , Andreas Hindborg , Alice Ryhl , linux-modules@vger.kernel.org Centralize .modinfo detection and property validation. Signed-off-by: Matthew Maurer --- kernel/module/main.c | 82 ++++++++++++++++++++++++++++++++++++-------- 1 file changed, 68 insertions(+), 14 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index 252cfa9eee67..61325a767645 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -195,6 +195,38 @@ static unsigned int find_sec(const struct load_info *info, const char *name) return 0; } +/** + * find_any_unique_sec() - Find a unique section index by name + * @info: Load info for the module to scan + * @name: Name of the section we're looking for + * + * Locates a unique section by name. Ignores SHF_ALLOC. + * + * Return: Section index if found uniquely, zero if absent, negative count + * of total instances if multiple were found. + */ +static int find_any_unique_sec(const struct load_info *info, const char *name) +{ + unsigned int idx; + unsigned int count = 0; + int i; + + for (i = 1; i < info->hdr->e_shnum; i++) { + if (strcmp(info->secstrings + info->sechdrs[i].sh_name, + name) == 0) { + count++; + idx = i; + } + } + if (count == 1) { + return idx; + } else if (count == 0) { + return 0; + } else { + return -count; + } +} + /* Find a module section, or NULL. */ static void *section_addr(const struct load_info *info, const char *name) { @@ -1854,6 +1886,39 @@ static int elf_validity_cache_secstrings(struct load_info *info) return 0; } +/** + * elf_validity_cache_index_info() - Validate and cache modinfo section + * @info: Load info to populate the modinfo index on. + * Must have &load_info->sechdrs and &load_info->secstrings populated + * + * Checks that if there is a .modinfo section, it is unique. + * Then, it caches its index in &load_info->index.info. + * Finally, it tries to populate the name to improve error messages. + * + * Return: %0 if valid, %-ENOEXEC if multiple modinfo sections were found. + */ +static int elf_validity_cache_index_info(struct load_info *info) +{ + int info_idx; + + info_idx = find_any_unique_sec(info, ".modinfo"); + + if (info_idx == 0) + /* Early return, no .modinfo */ + return 0; + + if (info_idx < 0) { + pr_err("Only one .modinfo section must exist.\n"); + return -ENOEXEC; + } + + info->index.info = info_idx; + /* Try to find a name early so we can log errors with a module name */ + info->name = get_modinfo(info, "name"); + + return 0; +} + /* * Check userspace passed ELF module against our expectations, and cache * useful variables for further processing as we go. @@ -1880,13 +1945,15 @@ static int elf_validity_cache_copy(struct load_info *info, int flags) Elf_Shdr *shdr; int err; unsigned int num_mod_secs = 0, mod_idx; - unsigned int num_info_secs = 0, info_idx; unsigned int num_sym_secs = 0, sym_idx; err = elf_validity_cache_sechdrs(info); if (err < 0) return err; err = elf_validity_cache_secstrings(info); + if (err < 0) + return err; + err = elf_validity_cache_index_info(info); if (err < 0) return err; @@ -1912,24 +1979,11 @@ static int elf_validity_cache_copy(struct load_info *info, int flags) ".gnu.linkonce.this_module") == 0) { num_mod_secs++; mod_idx = i; - } else if (strcmp(info->secstrings + shdr->sh_name, - ".modinfo") == 0) { - num_info_secs++; - info_idx = i; } break; } } - if (num_info_secs > 1) { - pr_err("Only one .modinfo section must exist.\n"); - goto no_exec; - } else if (num_info_secs == 1) { - /* Try to find a name early so we can log errors with a module name */ - info->index.info = info_idx; - info->name = get_modinfo(info, "name"); - } - if (num_sym_secs != 1) { pr_warn("%s: module has no symbols (stripped?)\n", info->name ?: "(missing .modinfo section or name field)"); From patchwork Tue Aug 6 21:20:32 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthew Maurer X-Patchwork-Id: 13755318 Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com [209.85.128.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E11E1176ABF for ; Tue, 6 Aug 2024 21:21:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1722979286; cv=none; b=Hi/t9STxbOTaGRz4zHt4V0Buuj/rJcXWfdTWZer6fwXeuu5HKNbk7S0+M1KhGeyb/mFxzXNi4htzI7lYaHSaP1oYdvKP5uSEWPZ7tp9kj0eZjiex1b71k/hkMcV1AEFtLci4M/mVfw1Uezjn9FgayNtJxZhXRBHh90onkiJs3Cs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1722979286; c=relaxed/simple; bh=DpODGGDdw4VGENbXmwIPTQlzlI8dT45WdYd+kuaOmaY=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Mlu57xbGBVJK8fjWrA82FDAk7sqG5fCk+YSGEZbJR8c4mJ6bo/O5bB3UFhC7ze9dLUA2pAn//OYQsJgpPjlQ59namP+tgBDYNxiSQUItkz4iiju7zRSlb1iRqTqRhXRZm98pt9YK1UGMvbmYAtQGItYrJTWdKHCW1MbEnbczlzE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=wI2Hp3BO; arc=none smtp.client-ip=209.85.128.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="wI2Hp3BO" Received: by mail-yw1-f201.google.com with SMTP id 00721157ae682-650ab31aabdso22004537b3.3 for ; Tue, 06 Aug 2024 14:21:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1722979283; x=1723584083; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=mGjn9Z6t3I+4/9jyC+rVgONUQ3rpezka6Bxop+Eg6Nw=; b=wI2Hp3BOY1qmZ3v9idf6u0HoMSIkLAJ/72fakcvQIdx+UIzPFWZps+WweCjhOfzofe krFUwTcs+eblsw+PM0DLXY+BtAs7Zdf7Hf/YQTvHYGTeFDvCedzqzd8nGwQlQPZ3Tf99 AJpn7PXvYlld/lYwB1nMpAhG4NXjt2NcLmJfGg1HQjB8Xcmt6rHfvSfLvowYco4YKZ5f j9Ww+TdXZUYIvmy2/lZ0ntLsgXXmzmOYrPciLIL/JkAxQUfZmirLHJHqelgIu8oqQydm IgjOeZqKVl2NZn6NY0jxfkz6EnxogLLNFuWvjABd/qBdK2k+4eRXi8o7Z6OdKUXa2RlH H+yA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722979283; x=1723584083; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=mGjn9Z6t3I+4/9jyC+rVgONUQ3rpezka6Bxop+Eg6Nw=; b=A+OKM5zASXD6VdCsyIOAeb8v1xU4n7lys+UBrF7vnO5uQfCIWQFWZIjIDJ7SV3u/16 C4NqQA1YVee0Jgr3gGgEDCxIM3mtBA1dqRTNcZmSTg1s9bhEecjKYWY4Q/QQQKEzoHzZ OOtTomJhdXihWE3oB7r1GutsMNgTizh2b4tExGF478k6e9UdP/xP8Egyoh9PkFP8Pt5F vlOtq6hoSafWs8rD+JXAvAH9GIB9q40rAUczJ2cn14NSrcfko7O6PdvrWdHAU/g3mXGm aNxZra2XGdJb2pia2vf5qabSl55obwHqs/tjHO6c8GSEtglPr6+Ec0sK1Iez6BsewWum IsoA== X-Forwarded-Encrypted: i=1; AJvYcCWovfFqJokg2FiGyMOm28IwrOpswCfpt5mCYQuGv7LthBpBj1FDcxlXCxEiOb2x72mAgl1TXPAVetbu7K1V3B/TGpbaQZHDCmxfRR9wPw== X-Gm-Message-State: AOJu0YxFVPLB5EHKdT+OytTHTo9aqTxPG+s7J3rIpyhy3KFNg3nNS2qO BC/tNp5vMYlfN1J5S38MfSdZIa/QxxXN9FBeJEk0Dr0AJyNEsR92htQtGuvh0G7RwqGGNvYtO9i Ug/23cw== X-Google-Smtp-Source: AGHT+IFyCeNRyjHnqa3Pr4SiExKUtgZZoTIIoyrrFooy61j333PWvIbMWNrYvZteOAesuBL7Ip+0AcLQbPt0 X-Received: from anyblade.c.googlers.com ([fda3:e722:ac3:cc00:20:ed76:c0a8:1791]) (user=mmaurer job=sendgmr) by 2002:a05:6902:2513:b0:e05:6532:166 with SMTP id 3f1490d57ef6-e0bde213c22mr58855276.1.1722979282834; Tue, 06 Aug 2024 14:21:22 -0700 (PDT) Date: Tue, 6 Aug 2024 21:20:32 +0000 In-Reply-To: <20240806212106.617164-1-mmaurer@google.com> Precedence: bulk X-Mailing-List: linux-modules@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240806212106.617164-1-mmaurer@google.com> X-Mailer: git-send-email 2.46.0.rc2.264.g509ed76dc8-goog Message-ID: <20240806212106.617164-7-mmaurer@google.com> Subject: [PATCH v3 06/16] module: Factor out elf_validity_cache_index_mod From: Matthew Maurer To: masahiroy@kernel.org, ndesaulniers@google.com, ojeda@kernel.org, gary@garyguo.net, mcgrof@kernel.org, Alex Gaynor , Wedson Almeida Filho Cc: Matthew Maurer , rust-for-linux@vger.kernel.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, neal@gompa.dev, marcan@marcan.st, j@jannau.net, asahi@lists.linux.dev, Boqun Feng , " =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= " , Benno Lossin , Andreas Hindborg , Alice Ryhl , linux-modules@vger.kernel.org Centralize .gnu.linkonce.this_module detection and property validation. Signed-off-by: Matthew Maurer --- kernel/module/main.c | 129 ++++++++++++++++++++++--------------------- 1 file changed, 67 insertions(+), 62 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index 61325a767645..281cc1a7dee6 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -1919,6 +1919,68 @@ static int elf_validity_cache_index_info(struct load_info *info) return 0; } +/** + * elf_validity_cache_index_mod() - Validates and caches this_module section + * @info: Load info to cache this_module on. + * Must have &load_info->sechdrs and &load_info->secstrings populated + * + * The ".gnu.linkonce.this_module" ELF section is special. It is what modpost + * uses to refer to __this_module and let's use rely on THIS_MODULE to point + * to &__this_module properly. The kernel's modpost declares it on each + * modules's *.mod.c file. If the struct module of the kernel changes a full + * kernel rebuild is required. + * + * We have a few expectations for this special section, this function + * validates all this for us: + * + * * The section has contents + * * The section is unique + * * We expect the kernel to always have to allocate it: SHF_ALLOC + * * The section size must match the kernel's run time's struct module + * size + * + * If all checks pass, the index will be cached in &load_info->index.mod + * + * Return: %0 on validation success, %-ENOEXEC on failure + */ +static int elf_validity_cache_index_mod(struct load_info *info) +{ + Elf_Shdr *shdr; + int mod_idx; + + mod_idx = find_any_unique_sec(info, ".gnu.linkonce.this_module"); + if (mod_idx <= 0) { + pr_err("module %s: Exactly one .gnu.linkonce.this_module section must exist.\n", + info->name ?: "(missing .modinfo section or name field)"); + return -ENOEXEC; + } + + shdr = &info->sechdrs[mod_idx]; + + if (shdr->sh_type == SHT_NOBITS) { + pr_err("module %s: .gnu.linkonce.this_module section must have a size set\n", + info->name ?: "(missing .modinfo section or name field)"); + return -ENOEXEC; + } + + if (!(shdr->sh_flags & SHF_ALLOC)) { + pr_err("module %s: .gnu.linkonce.this_module must occupy memory during process execution\n", + info->name ?: "(missing .modinfo section or name field)"); + return -ENOEXEC; + } + + if (shdr->sh_size != sizeof(struct module)) { + pr_err("module %s: .gnu.linkonce.this_module section size must match the kernel's built struct module size at run time\n", + info->name ?: "(missing .modinfo section or name field)"); + return -ENOEXEC; + } + + info->index.mod = mod_idx; + + return 0; +} + + /* * Check userspace passed ELF module against our expectations, and cache * useful variables for further processing as we go. @@ -1944,7 +2006,6 @@ static int elf_validity_cache_copy(struct load_info *info, int flags) unsigned int i; Elf_Shdr *shdr; int err; - unsigned int num_mod_secs = 0, mod_idx; unsigned int num_sym_secs = 0, sym_idx; err = elf_validity_cache_sechdrs(info); @@ -1954,16 +2015,15 @@ static int elf_validity_cache_copy(struct load_info *info, int flags) if (err < 0) return err; err = elf_validity_cache_index_info(info); + if (err < 0) + return err; + err = elf_validity_cache_index_mod(info); if (err < 0) return err; for (i = 1; i < info->hdr->e_shnum; i++) { shdr = &info->sechdrs[i]; - switch (shdr->sh_type) { - case SHT_NULL: - case SHT_NOBITS: - continue; - case SHT_SYMTAB: + if (shdr->sh_type == SHT_SYMTAB) { if (shdr->sh_link == SHN_UNDEF || shdr->sh_link >= info->hdr->e_shnum) { pr_err("Invalid ELF sh_link!=SHN_UNDEF(%d) or (sh_link(%d) >= hdr->e_shnum(%d)\n", @@ -1973,14 +2033,6 @@ static int elf_validity_cache_copy(struct load_info *info, int flags) } num_sym_secs++; sym_idx = i; - fallthrough; - default: - if (strcmp(info->secstrings + shdr->sh_name, - ".gnu.linkonce.this_module") == 0) { - num_mod_secs++; - mod_idx = i; - } - break; } } @@ -1996,55 +2048,8 @@ static int elf_validity_cache_copy(struct load_info *info, int flags) info->index.str = shdr->sh_link; info->strtab = (char *)info->hdr + info->sechdrs[info->index.str].sh_offset; - /* - * The ".gnu.linkonce.this_module" ELF section is special. It is - * what modpost uses to refer to __this_module and let's use rely - * on THIS_MODULE to point to &__this_module properly. The kernel's - * modpost declares it on each modules's *.mod.c file. If the struct - * module of the kernel changes a full kernel rebuild is required. - * - * We have a few expectaions for this special section, the following - * code validates all this for us: - * - * o Only one section must exist - * o We expect the kernel to always have to allocate it: SHF_ALLOC - * o The section size must match the kernel's run time's struct module - * size - */ - if (num_mod_secs != 1) { - pr_err("module %s: Only one .gnu.linkonce.this_module section must exist.\n", - info->name ?: "(missing .modinfo section or name field)"); - goto no_exec; - } - - shdr = &info->sechdrs[mod_idx]; - - /* - * This is already implied on the switch above, however let's be - * pedantic about it. - */ - if (shdr->sh_type == SHT_NOBITS) { - pr_err("module %s: .gnu.linkonce.this_module section must have a size set\n", - info->name ?: "(missing .modinfo section or name field)"); - goto no_exec; - } - - if (!(shdr->sh_flags & SHF_ALLOC)) { - pr_err("module %s: .gnu.linkonce.this_module must occupy memory during process execution\n", - info->name ?: "(missing .modinfo section or name field)"); - goto no_exec; - } - - if (shdr->sh_size != sizeof(struct module)) { - pr_err("module %s: .gnu.linkonce.this_module section size must match the kernel's built struct module size at run time\n", - info->name ?: "(missing .modinfo section or name field)"); - goto no_exec; - } - - info->index.mod = mod_idx; - /* This is temporary: point mod into copy of data. */ - info->mod = (void *)info->hdr + shdr->sh_offset; + info->mod = (void *)info->hdr + info->sechdrs[info->index.mod].sh_offset; /* * If we didn't load the .modinfo 'name' field earlier, fall back to From patchwork Tue Aug 6 21:20:33 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthew Maurer X-Patchwork-Id: 13755319 Received: from mail-yw1-f202.google.com (mail-yw1-f202.google.com [209.85.128.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CA7D3176AA3 for ; Tue, 6 Aug 2024 21:21:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1722979287; cv=none; b=VQe4zpA9IKvM3Y+KiqrpECQSWLpq47Ookf/7tS0BOr3UMGpsik4ZTBkdu2y93/4eW4UF1YT35EcUKvrGfK+A7j81qscudiVeX7OSFMuW6LNyaRxI7zzL6iPDYZRPFPg0phPd+RdQ49g+ejGIllM+wozjtv4XbCDY6rEEg+wQtBY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1722979287; c=relaxed/simple; bh=AvV1Bn9k49Kipk9uw0nnfUkau+9M6JCC4wTdPYZCn98=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=MjdlRDq86PrZvNh/O51jxz/gM6pycJFv9/8DKs8/Xw2UliekUHrmNykjiRbHE0NBeRGriwrxhLUZ7Q3HtuxEncnxtuaiJBB0aKTrKJ5TvUrVXbaffYSmL07jZR5U9GyCu1mODwFjjfV5aYZU0iBdc5PYOj77LP8L69oycnV9LWg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=QbNpu8Hm; arc=none smtp.client-ip=209.85.128.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="QbNpu8Hm" Received: by mail-yw1-f202.google.com with SMTP id 00721157ae682-66619cb2d3eso26088047b3.2 for ; Tue, 06 Aug 2024 14:21:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1722979285; x=1723584085; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=sli/LxDmVK7sExv83Tn50ATiFYlxgRbD5DaeK91AEbk=; b=QbNpu8HmSdcYKH9PnSH7AA+SkGXijWO30a0BLLVHIeb9/82OH58rIcwxi13MCzPFrS efItgLzRpWUF+5T/xgJmEOiqr6fryQ3uYZ0Jy9WjIQy3tpdvKSgrrx3iL+TXb8rxh7gW JIo8k//AsrIvwyCfPkVLaiysN/nRMkvOpxjsaeZWHFZ5SHGaW8mOqS/ol9ffVzjrztm1 B5kqh+pM2BV5QIa8wqZvd91i+PpGEy1LY3i+etHB4t6yfRbIf0iKqPA708FLjNBTQxOa P32veySdpx7zErAOGDJOlKEP60sGTxOovBjhcWtTRxKo5Fzl76vmSELvwA8it6cjHN53 kSJA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722979285; x=1723584085; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=sli/LxDmVK7sExv83Tn50ATiFYlxgRbD5DaeK91AEbk=; b=b5ME/4DAj19tG8wY1DTq17FznRTioxoJchPOZmVb+zpHexNN8Z+sznvNpE4k5bhSMd YxZECTK5gSm5liCR6XpUJoHknp74xAWCWEaet4KjWmyTpCsCtvsg4m4dkxtet0NpZJMy xxy55WTT4rphiCkmWAGC3w4dorWzRKz2OD6r0pDJKVIDn+3TKGg64qWFXBZgLzzfo0De yyojx87BLmSK7A5BbNR8ug6AM9CU+uK2Sg9w57xIppulM0R9ne13HSw+yMZlCB24w1fr rifVr9WluT16JXAgogDdZ3GmmO9xyk+iiqL1iwu+aLfZ29HGHgFxrwFZVKw9z/Ny7h7c 4wXg== X-Forwarded-Encrypted: i=1; AJvYcCVqImz8W9XMH7sBlGLZVVNlQZ4/bgXSbQte1UOHmBkGaSMOiPkyBwGKnE3CHk2rG1rk0d9mxkNEWekKastqpGRq3Q7CRsJUGUZtuPcTyg== X-Gm-Message-State: AOJu0Yx0XWT0Suu7tVyqxOhn2Uuh6oNDp35SzKrDROT35pTfDtDlFmct z8ANsz5vF/dPKYZZa/BVPmHPIlKhla3eK65OsgCm1Sv/TL1OtO+R7M2KKFw8TsAdFv3jqabPQXo 5FFENSg== X-Google-Smtp-Source: AGHT+IH4u4TnfmwmFVPoyUjm9b+0lr0KubUujePWykRTF5KEnkidiOfqfkDcnadas9BbmmYCG++qvZnouRNY X-Received: from anyblade.c.googlers.com ([fda3:e722:ac3:cc00:20:ed76:c0a8:1791]) (user=mmaurer job=sendgmr) by 2002:a81:b287:0:b0:68d:52a1:bed with SMTP id 00721157ae682-68d52a10e65mr3687567b3.1.1722979284770; Tue, 06 Aug 2024 14:21:24 -0700 (PDT) Date: Tue, 6 Aug 2024 21:20:33 +0000 In-Reply-To: <20240806212106.617164-1-mmaurer@google.com> Precedence: bulk X-Mailing-List: linux-modules@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240806212106.617164-1-mmaurer@google.com> X-Mailer: git-send-email 2.46.0.rc2.264.g509ed76dc8-goog Message-ID: <20240806212106.617164-8-mmaurer@google.com> Subject: [PATCH v3 07/16] module: Factor out elf_validity_cache_index_sym From: Matthew Maurer To: masahiroy@kernel.org, ndesaulniers@google.com, ojeda@kernel.org, gary@garyguo.net, mcgrof@kernel.org, Alex Gaynor , Wedson Almeida Filho Cc: Matthew Maurer , rust-for-linux@vger.kernel.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, neal@gompa.dev, marcan@marcan.st, j@jannau.net, asahi@lists.linux.dev, Boqun Feng , " =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= " , Benno Lossin , Andreas Hindborg , Alice Ryhl , linux-modules@vger.kernel.org Centralize symbol table detection and property validation. Signed-off-by: Matthew Maurer --- kernel/module/main.c | 73 ++++++++++++++++++++++++++------------------ 1 file changed, 44 insertions(+), 29 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index 281cc1a7dee6..53597b785e2a 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -1980,6 +1980,39 @@ static int elf_validity_cache_index_mod(struct load_info *info) return 0; } +/** + * elf_validity_cache_index_sym() - Validate and cache symtab index + * @info: Load info to cache symtab index in. + * Must have &load_info->sechdrs and &load_info->secstrings populated. + * + * Checks that there is exactly one symbol table, then caches its index in + * &load_info->index.sym. + * + * Return: %0 if valid, %-ENOEXEC on failure. + */ +static int elf_validity_cache_index_sym(struct load_info *info) +{ + unsigned int sym_idx; + unsigned int num_sym_secs = 0; + int i; + + for (i = 1; i < info->hdr->e_shnum; i++) { + if (info->sechdrs[i].sh_type == SHT_SYMTAB) { + num_sym_secs++; + sym_idx = i; + } + } + + if (num_sym_secs != 1) { + pr_warn("%s: module has no symbols (stripped?)\n", + info->name ?: "(missing .modinfo section or name field)"); + return -ENOEXEC; + } + + info->index.sym = sym_idx; + + return 0; +} /* * Check userspace passed ELF module against our expectations, and cache @@ -2003,10 +2036,8 @@ static int elf_validity_cache_index_mod(struct load_info *info) */ static int elf_validity_cache_copy(struct load_info *info, int flags) { - unsigned int i; - Elf_Shdr *shdr; int err; - unsigned int num_sym_secs = 0, sym_idx; + int str_idx; err = elf_validity_cache_sechdrs(info); if (err < 0) @@ -2018,34 +2049,21 @@ static int elf_validity_cache_copy(struct load_info *info, int flags) if (err < 0) return err; err = elf_validity_cache_index_mod(info); + if (err < 0) + return err; + err = elf_validity_cache_index_sym(info); if (err < 0) return err; - for (i = 1; i < info->hdr->e_shnum; i++) { - shdr = &info->sechdrs[i]; - if (shdr->sh_type == SHT_SYMTAB) { - if (shdr->sh_link == SHN_UNDEF - || shdr->sh_link >= info->hdr->e_shnum) { - pr_err("Invalid ELF sh_link!=SHN_UNDEF(%d) or (sh_link(%d) >= hdr->e_shnum(%d)\n", - shdr->sh_link, shdr->sh_link, - info->hdr->e_shnum); - goto no_exec; - } - num_sym_secs++; - sym_idx = i; - } - } - - if (num_sym_secs != 1) { - pr_warn("%s: module has no symbols (stripped?)\n", - info->name ?: "(missing .modinfo section or name field)"); - goto no_exec; + str_idx = info->sechdrs[info->index.sym].sh_link; + if (str_idx == SHN_UNDEF || str_idx >= info->hdr->e_shnum) { + pr_err("Invalid ELF sh_link!=SHN_UNDEF(%d) or (sh_link(%d) >= hdr->e_shnum(%d)\n", + str_idx, str_idx, info->hdr->e_shnum); + return -ENOEXEC; } - /* Sets internal symbols and strings. */ - info->index.sym = sym_idx; - shdr = &info->sechdrs[sym_idx]; - info->index.str = shdr->sh_link; + /* Sets internal strings. */ + info->index.str = str_idx; info->strtab = (char *)info->hdr + info->sechdrs[info->index.str].sh_offset; /* This is temporary: point mod into copy of data. */ @@ -2066,9 +2084,6 @@ static int elf_validity_cache_copy(struct load_info *info, int flags) info->index.pcpu = find_pcpusec(info); return 0; - -no_exec: - return -ENOEXEC; } #define COPY_CHUNK_SIZE (16*PAGE_SIZE) From patchwork Tue Aug 6 21:20:34 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthew Maurer X-Patchwork-Id: 13755320 Received: from mail-yw1-f202.google.com (mail-yw1-f202.google.com [209.85.128.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E9809175D50 for ; Tue, 6 Aug 2024 21:21:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1722979289; cv=none; b=G45Tf+lh9aiVNq2H6TgiyJ7YZf4vxIrFMV8C0PgAbJugWEklyGN6oSYmyoY9tDjTyj7gopv7wDLzGyj1eLef6lZUUm1w42Kgr9M+OqzOskhJYrg5rGpftsbFd9dC2LkBKSVRa1nQSUxRlDRiJjJi+L7LfhWPq50tew7s4Ev1CGg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1722979289; c=relaxed/simple; bh=Okhe1T5As6Y64+KRW1MjEmzZ0Hbd7KikHv1V2PgrJsw=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=MhRCRHsq2ue14ciGATjZEOWhS+rqt0P+z0KLT164EYKzDNI/HfJIrmXzRNJSOuVCorPPhufwM2OcjgN6blz1HBefWQ6+Ry903MtPQpm8+Tb1D9FBSWhyP/NQwbgrzyK3ERqMV9KffAvZ4E3qsyaWCFdYCjx6xJiWHu5sQ/VMvu4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=4WmCiMAK; arc=none smtp.client-ip=209.85.128.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="4WmCiMAK" Received: by mail-yw1-f202.google.com with SMTP id 00721157ae682-68fd6ccd4c8so21176687b3.0 for ; Tue, 06 Aug 2024 14:21:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1722979287; x=1723584087; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=dAFNE/2pEcN+jEiRbAPKQh51YEyYvD+OIb1ItIySijg=; b=4WmCiMAKduvUZyAP9BxIYPo7b/CvFzQZa8FKEdeUq7SikwFTgZQbLAR+Mw0P5hksIR R0NkfSyDEb+UEUohgsj44P7Bcq3cwN0QFk9vCaePKh3+mX86yRQ0Ktjj8jXyLRwdbMja ZW0iQGsS6KJSIEvLQxll/Vl6mmOP8HsB+ZDPIaryLBrfkK7at7roc3vnFq4j9s/NUER8 W87ZFrrgGiPm7tjJSOuj8eG99O5glfFj5rsb1t7wDTeLCKUwBiVs4Jgr8advlGC/LdVV FBSqKYQ/agLSEe1mneZ2yymXoraRh+wlEjwQOzgOYDfOzBYRSroIf5+WJb7Ev2gAh5VN LRwA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722979287; x=1723584087; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=dAFNE/2pEcN+jEiRbAPKQh51YEyYvD+OIb1ItIySijg=; b=iX2lVKSjbkIOZwIrhqTIkQRPs9VpqdcQGgTur6u2onIVlq1UrPrQvJSjtLM0L1EawV XbREkdjXco2U96nzLIIDpPB+DS6Wq9cCSokmfAxHzZ7p68vSt1n8zz5bD8vlYoC1G0zn 6iNh0fgi3NwiwbkT/THV1x55DOKtcBcu9j3CirLpZJoayv3odD+SsQPpXTnUVhkkGR5C nfpmZ5L3+WE33ou0nQ4ufUi83bmOZMpYkarwlKKty1Q9erBhzwP+Su3Un8rgy9ZYrl39 YepMr8oKKHpYnaPKbK7aWgozPZe2N4me1Q9DjIpKkMPPKYLxEAwV3d5zHrjmz68Tt37J n9SQ== X-Forwarded-Encrypted: i=1; AJvYcCVNGK4djLzxximnxV4UjcRk1lneOJpNTFkNev8mZqHs0cEcoSqqEajsvXwTRzIqjEcLDwGw0WzIT2DiIDvCoMiHXtq08gO/zqMiJW8SFQ== X-Gm-Message-State: AOJu0YxZFv3ri5wWuHKgbiUIvJDzfuIONAEMoZqf+1as2CorlWvM5Sp6 2KGWjo2i1sXvVHSie700Cj1QtVeQf4OdFjmjqZEzQi3qdUyjE3bmuJy9xvUen6JepVnsSjpWkPa RwdC59A== X-Google-Smtp-Source: AGHT+IEzhkK2hIEZemS/GfHuHvcaKTZwEFGEZ6GZBQ1IPi5h6XQ4rxIprirl+QthlbpWBOw+2Rg13mYDMQTW X-Received: from anyblade.c.googlers.com ([fda3:e722:ac3:cc00:20:ed76:c0a8:1791]) (user=mmaurer job=sendgmr) by 2002:a05:690c:113:b0:648:3f93:61f2 with SMTP id 00721157ae682-689641a414emr7231967b3.6.1722979286737; Tue, 06 Aug 2024 14:21:26 -0700 (PDT) Date: Tue, 6 Aug 2024 21:20:34 +0000 In-Reply-To: <20240806212106.617164-1-mmaurer@google.com> Precedence: bulk X-Mailing-List: linux-modules@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240806212106.617164-1-mmaurer@google.com> X-Mailer: git-send-email 2.46.0.rc2.264.g509ed76dc8-goog Message-ID: <20240806212106.617164-9-mmaurer@google.com> Subject: [PATCH v3 08/16] module: Factor out elf_validity_cache_index_str From: Matthew Maurer To: masahiroy@kernel.org, ndesaulniers@google.com, ojeda@kernel.org, gary@garyguo.net, mcgrof@kernel.org, Alex Gaynor , Wedson Almeida Filho Cc: Matthew Maurer , rust-for-linux@vger.kernel.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, neal@gompa.dev, marcan@marcan.st, j@jannau.net, asahi@lists.linux.dev, Boqun Feng , " =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= " , Benno Lossin , Andreas Hindborg , Alice Ryhl , linux-modules@vger.kernel.org Pull out index validation for the symbol string section. Note that this does not validate the *contents* of the string table, only shape and presence of the section. Signed-off-by: Matthew Maurer --- kernel/module/main.c | 37 ++++++++++++++++++++++++++++--------- 1 file changed, 28 insertions(+), 9 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index 53597b785e2a..dec733989ad6 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -2014,6 +2014,31 @@ static int elf_validity_cache_index_sym(struct load_info *info) return 0; } +/** + * elf_validity_cache_index_str() - Validate and cache strtab index + * @info: Load info to cache strtab index in. + * Must have &load_info->sechdrs and &load_info->secstrings populated. + * Must have &load_info->index.sym populated. + * + * Looks at the symbol table's associated string table, makes sure it is + * in-bounds, and caches it. + * + * Return: %0 if valid, %-ENOEXEC on failure. + */ +static int elf_validity_cache_index_str(struct load_info *info) +{ + unsigned int str_idx = info->sechdrs[info->index.sym].sh_link; + + if (str_idx == SHN_UNDEF || str_idx >= info->hdr->e_shnum) { + pr_err("Invalid ELF sh_link!=SHN_UNDEF(%d) or (sh_link(%d) >= hdr->e_shnum(%d)\n", + str_idx, str_idx, info->hdr->e_shnum); + return -ENOEXEC; + } + + info->index.str = str_idx; + return 0; +} + /* * Check userspace passed ELF module against our expectations, and cache * useful variables for further processing as we go. @@ -2037,7 +2062,6 @@ static int elf_validity_cache_index_sym(struct load_info *info) static int elf_validity_cache_copy(struct load_info *info, int flags) { int err; - int str_idx; err = elf_validity_cache_sechdrs(info); if (err < 0) @@ -2054,16 +2078,11 @@ static int elf_validity_cache_copy(struct load_info *info, int flags) err = elf_validity_cache_index_sym(info); if (err < 0) return err; - - str_idx = info->sechdrs[info->index.sym].sh_link; - if (str_idx == SHN_UNDEF || str_idx >= info->hdr->e_shnum) { - pr_err("Invalid ELF sh_link!=SHN_UNDEF(%d) or (sh_link(%d) >= hdr->e_shnum(%d)\n", - str_idx, str_idx, info->hdr->e_shnum); - return -ENOEXEC; - } + err = elf_validity_cache_index_str(info); + if (err < 0) + return err; /* Sets internal strings. */ - info->index.str = str_idx; info->strtab = (char *)info->hdr + info->sechdrs[info->index.str].sh_offset; /* This is temporary: point mod into copy of data. */ From patchwork Tue Aug 6 21:20:35 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthew Maurer X-Patchwork-Id: 13755321 Received: from mail-yb1-f202.google.com (mail-yb1-f202.google.com [209.85.219.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 99A651779A4 for ; Tue, 6 Aug 2024 21:21:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1722979292; cv=none; b=QUDFZkWVUKpmb1pFEWUWu+r/X9nNwbnBQKujHuPy8aZctLrNC2h8IRLaMBqtQgaC16utJaVhhD9yT2WJMIKdIv2QOcJKMhUMJUmw+GSf0L7iOolxuVl/Clwdt7/YuMA4MIGAOFYNxubVu6lZ8sTj8Q9KeJh7n6eaY7BC+lA/tk8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1722979292; c=relaxed/simple; bh=dIiU0Tc3uXRBqO8BxbcpDjMxRQlEqkdGqVYtVRXQfa4=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=MqoaKQEOOY1DEdRx8r//9DgCMtGLpPh+TwRJzoAt2iJZvEjNp89Tu26m7d2PE6F9D7YUiuZWnfpbzBopa9DPpx14XqSyzRgdXAvmrtSXHuQ/rbRTKV2Ucv9sJ2VJGnwYbYBrAjvHq2p7TuELvJkXvyIu6ed+9I7GN/Ls20cL59w= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=YoSQTAzB; arc=none smtp.client-ip=209.85.219.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="YoSQTAzB" Received: by mail-yb1-f202.google.com with SMTP id 3f1490d57ef6-e035f7b5976so746069276.0 for ; Tue, 06 Aug 2024 14:21:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1722979289; x=1723584089; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=gUIJSmYAueDMQwZOmqrMFJ3C80+DhAWejM34XgmrZE0=; b=YoSQTAzBlqBCl67gkvZV2vzY++Mq2djV1Ps44zoqDB7HkKhJUfFbtM+TJv6Ts7azbf S6idUvg03wLJKctSagydLQVQ1uXBXGdjjMY0VgJsPK+K/S7kBjRb+m1BH9XdHf68NduD hfmq0YP9RvrhT3bVFWjXrh8ReVKT3KABx/4d0Khz2o/SCYJUcM13EVh79zsMFKwnKh4A K8s42VBxkRWjwXwWN6ID1qe0fL/S6hb3E0YnR+100KDR5il7uyhsSU+Zk8CwcXSyk+yk VkfEBJp+E4FJsLPHV3KxN8Ax/jivvtozSnmeee1fzhPFAnBBIzY8z4U3Tc3xDIiKrXIP nJAg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722979289; x=1723584089; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=gUIJSmYAueDMQwZOmqrMFJ3C80+DhAWejM34XgmrZE0=; b=Zkqw9Te7GwhE/3fyiskr4gYrkstwvYR2XTYBS96mlIWzNGOPRqpg5/uZ8MzXpLJyX8 wfxgxbd4RtDC0udZK46xHJT2tyRQ3QGhCv95CLkkRU8qZDx0dGnlteHq8laMoNg7qoOr 5Ey3bSvTY9apoFtaiji6htXsGQb/QAbkQRTb8G6RCMkAnl68K9ituvbci6dRQOBNcK+k 934LM2KUTR9rgYS3DNoAAnFORhae81R+9sIfSduR5xxHkrEh/IesvEkrUU0FTmMBXuGx HDGuNQi+eyh9Z+hd/CTR3y7lB7ojEODKAqooTv5ExAQaz4s1AhD60vimlzKhC+zpAvCy fjVA== X-Forwarded-Encrypted: i=1; AJvYcCWUaTSJyObmb0H4k9/F1vampZDcZ5KPetL4ZCL8hq83lAgsMOows20AYPZ3zWoW0RKBDAQR48hLCSDWULgfm0y0X6CVwy0bu4XHy5w6Mw== X-Gm-Message-State: AOJu0YxcwMQx1VkecoSOyO9tX+Km7wdsujqw+m1ZCWkif177cNEm4Lq6 Ymh8vZR6CoVjb6ZC4t1eIWasRSYKyufP59ETDFsDEl57/QHALhlWN91fQjrBGc2untdwQgpERF5 ws8ERJg== X-Google-Smtp-Source: AGHT+IHnyhCIE7p7z2n6WnnXCPCeFudWDehmyraniu3E/okfCSEKUYauypMKOFooBVtSeqVPlFvlg3iYazYc X-Received: from anyblade.c.googlers.com ([fda3:e722:ac3:cc00:20:ed76:c0a8:1791]) (user=mmaurer job=sendgmr) by 2002:a05:6902:2207:b0:e0b:bc42:53be with SMTP id 3f1490d57ef6-e0e87799e3cmr180276.2.1722979288711; Tue, 06 Aug 2024 14:21:28 -0700 (PDT) Date: Tue, 6 Aug 2024 21:20:35 +0000 In-Reply-To: <20240806212106.617164-1-mmaurer@google.com> Precedence: bulk X-Mailing-List: linux-modules@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240806212106.617164-1-mmaurer@google.com> X-Mailer: git-send-email 2.46.0.rc2.264.g509ed76dc8-goog Message-ID: <20240806212106.617164-10-mmaurer@google.com> Subject: [PATCH v3 09/16] module: Group section index calculations together From: Matthew Maurer To: masahiroy@kernel.org, ndesaulniers@google.com, ojeda@kernel.org, gary@garyguo.net, mcgrof@kernel.org, Alex Gaynor , Wedson Almeida Filho Cc: Matthew Maurer , rust-for-linux@vger.kernel.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, neal@gompa.dev, marcan@marcan.st, j@jannau.net, asahi@lists.linux.dev, Boqun Feng , " =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= " , Benno Lossin , Andreas Hindborg , Alice Ryhl , linux-modules@vger.kernel.org Group all the index detection together to make the parent function easier to read. Signed-off-by: Matthew Maurer --- kernel/module/main.c | 68 +++++++++++++++++++++++++++++++++----------- 1 file changed, 51 insertions(+), 17 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index dec733989ad6..a3a4acdcd647 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -2039,6 +2039,56 @@ static int elf_validity_cache_index_str(struct load_info *info) return 0; } +/** + * elf_validity_cache_index() - Resolve, validate, cache section indices + * @info: Load info to read from and update. + * &load_info->sechdrs and &load_info->secstrings must be populated. + * @flags: Load flags, relevant to suppress version loading, see + * uapi/linux/module.h + * + * Populates &load_info->index, validating as it goes. + * See child functions for per-field validation: + * + * * elf_validity_cache_index_info() + * * elf_validity_cache_index_mod() + * * elf_validity_cache_index_sym() + * * elf_validity_cache_index_str() + * + * If versioning is not suppressed via flags, load the version index from + * a section called "__versions" with no validation. + * + * If CONFIG_SMP is enabled, load the percpu section by name with no + * validation. + * + * Return: 0 on success, negative error code if an index failed validation. + */ +static int elf_validity_cache_index(struct load_info *info, int flags) +{ + int err; + + err = elf_validity_cache_index_info(info); + if (err < 0) + return err; + err = elf_validity_cache_index_mod(info); + if (err < 0) + return err; + err = elf_validity_cache_index_sym(info); + if (err < 0) + return err; + err = elf_validity_cache_index_str(info); + if (err < 0) + return err; + + if (flags & MODULE_INIT_IGNORE_MODVERSIONS) + info->index.vers = 0; /* Pretend no __versions section! */ + else + info->index.vers = find_sec(info, "__versions"); + + info->index.pcpu = find_pcpusec(info); + + return 0; +} + /* * Check userspace passed ELF module against our expectations, and cache * useful variables for further processing as we go. @@ -2069,16 +2119,7 @@ static int elf_validity_cache_copy(struct load_info *info, int flags) err = elf_validity_cache_secstrings(info); if (err < 0) return err; - err = elf_validity_cache_index_info(info); - if (err < 0) - return err; - err = elf_validity_cache_index_mod(info); - if (err < 0) - return err; - err = elf_validity_cache_index_sym(info); - if (err < 0) - return err; - err = elf_validity_cache_index_str(info); + err = elf_validity_cache_index(info, flags); if (err < 0) return err; @@ -2095,13 +2136,6 @@ static int elf_validity_cache_copy(struct load_info *info, int flags) if (!info->name) info->name = info->mod->name; - if (flags & MODULE_INIT_IGNORE_MODVERSIONS) - info->index.vers = 0; /* Pretend no __versions section! */ - else - info->index.vers = find_sec(info, "__versions"); - - info->index.pcpu = find_pcpusec(info); - return 0; } From patchwork Tue Aug 6 21:20:36 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthew Maurer X-Patchwork-Id: 13755322 Received: from mail-yw1-f202.google.com (mail-yw1-f202.google.com [209.85.128.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7FD4B179202 for ; Tue, 6 Aug 2024 21:21:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1722979293; cv=none; b=qh6NfZ3W7CQXobth+S9ft3fCuqY3Ge+Ebgb5ZLUySEHCIrSKyhKPOMUz+m8CInR+Ebp9/qF0t4V90jgeKejNr/vSaHc/xF5AusXB8d+hbgkuXlbK+/mZiy6cxjcNlPEaJBr+c37iU5gCTPt2NfHgJs0YTja18CaRh4bECkAspXM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1722979293; c=relaxed/simple; bh=eZqSlIaoWM4WfSbfbvyZzWv8g4Xdrp3U8leU2Zoxrnc=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=ofTsTRwOPy315Q0go8ltgcWBKsEVv+05/w+LmCotYFhFcQ2dJxBGW0yZKWr5YGrPVlvREZ2gqY7txS8K7W7ToMTK3e4D1cbWhgW7kQUeuCcMI+TvdcoRnMnrQxuGh/Az0TQVZnOFG47OjKjUZh2vBAwmmjtkL13Vo47jWZxaDv8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=vxPC/edP; arc=none smtp.client-ip=209.85.128.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="vxPC/edP" Received: by mail-yw1-f202.google.com with SMTP id 00721157ae682-68dcbd6135dso23560057b3.3 for ; Tue, 06 Aug 2024 14:21:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1722979290; x=1723584090; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=hw8pe/f7IoV2WGVsVTnz/cmhjcosc9mitK3vA0Vr4gE=; b=vxPC/edPVG9Dq3/FENh4yehDRZG4vGdY0gyUFzCUxOR0FNtvOD+y5onZI0u+CFGX2u obXSWxw4dcyJ31+d2hqAAPZSb80BRyer8SH6CBf7pbWjoL21Zrt8gcD4xfZKbg8NCKAT W1mNf1DpNwHtUF+y0bDgHXhFv+zMxMzbwq0AtBn9MOXNET5SL8jfvyDbTed448d8TUaT ERoyQm2E4VarNDLC68Frh+m6a8ZpaHwiFb/3JXiRZELrlqGNjS1kH8/OrtpbFkBsL+Z5 7rPaFijcw+RlfW02RcdDrXBquS2AS2ptjP3Cr5jDSC6ppihYuPk90/3ZztYsNCCs6aWh IE4Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722979290; x=1723584090; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=hw8pe/f7IoV2WGVsVTnz/cmhjcosc9mitK3vA0Vr4gE=; b=hk0PfSzDTClefP5ZnFA9EdHDYzXQQBchKKJkxsGBp6Bt/fDGOjSgbvK//1d8xjhXqH UwamPqubmAhsTc881uqxSmJZ0bXGcT8EpkHiVYNcOvrfN2kjwkVkiauf96pvdjGtQK4k g73EfOTlvC2mbmYn95RiFQcD1uFwx/qMGgO038hgEg1nkXIErszCkJRLFseFh22J8FhG G27558bNoi5kZNyynwLnRar41nNCpBJc4ralhPOkvHpNNFH46Dtlh17lRc86D+f6u/bD G+PlLoVvF2+CrZ96rxDatYYsY13vs+OyqRQDNpT69kbIkZu1J72MlQEEpEaTs4LwT+Lg Uvuw== X-Forwarded-Encrypted: i=1; AJvYcCVmptYXWm8qg5LlsETsE9tGB1Dhby3obBr+lExpzxuHmGjd4gUHIaIe3MNiGjDHDW2iAz9ZCmXtOvJQ3gnYyftHMhZMK5foctoiKn7HhA== X-Gm-Message-State: AOJu0Yx+W0cCbV1cfo0nt/0xDazNS/5w0Ch7VxH6sJ5h14W7ECPvJElB S36Aj/IK0M8yTIXbLuXxhihpXMFNJM7GI4/mzeGwAy4/omc9hIy3N+4TWHt9cJhj9oLJAePz9uC ZDIQPfg== X-Google-Smtp-Source: AGHT+IF5wsgdTm2gCul2NqvSzln5bWqJN3fKvtypjNCS0MoVrnS+AxrHcsaPzCqJFh4r2PB0Xp3Zwok4SnEx X-Received: from anyblade.c.googlers.com ([fda3:e722:ac3:cc00:20:ed76:c0a8:1791]) (user=mmaurer job=sendgmr) by 2002:a05:690c:f12:b0:648:3f93:68e0 with SMTP id 00721157ae682-6896313e32emr5643397b3.6.1722979290510; Tue, 06 Aug 2024 14:21:30 -0700 (PDT) Date: Tue, 6 Aug 2024 21:20:36 +0000 In-Reply-To: <20240806212106.617164-1-mmaurer@google.com> Precedence: bulk X-Mailing-List: linux-modules@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240806212106.617164-1-mmaurer@google.com> X-Mailer: git-send-email 2.46.0.rc2.264.g509ed76dc8-goog Message-ID: <20240806212106.617164-11-mmaurer@google.com> Subject: [PATCH v3 10/16] module: Factor out elf_validity_cache_strtab From: Matthew Maurer To: masahiroy@kernel.org, ndesaulniers@google.com, ojeda@kernel.org, gary@garyguo.net, mcgrof@kernel.org, Alex Gaynor , Wedson Almeida Filho Cc: Matthew Maurer , rust-for-linux@vger.kernel.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, neal@gompa.dev, marcan@marcan.st, j@jannau.net, asahi@lists.linux.dev, Boqun Feng , " =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= " , Benno Lossin , Andreas Hindborg , Alice Ryhl , linux-modules@vger.kernel.org This patch only moves the existing strtab population to a function. Validation comes in a following patch, this is split out to make the new validation checks more clearly separated. Signed-off-by: Matthew Maurer --- kernel/module/main.c | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index a3a4acdcd647..d70d829b5ab9 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -2089,6 +2089,23 @@ static int elf_validity_cache_index(struct load_info *info, int flags) return 0; } +/** + * elf_validity_cache_strtab() - Cache symbol string table + * @info: Load info to read from and update. + * Must have &load_info->sechdrs and &load_info->secstrings populated. + * Must have &load_info->index populated. + * + * Return: 0 on success, negative error code if a check failed. + */ +static int elf_validity_cache_strtab(struct load_info *info) +{ + Elf_Shdr *str_shdr = &info->sechdrs[info->index.str]; + char *strtab = (char *)info->hdr + str_shdr->sh_offset; + + info->strtab = strtab; + return 0; +} + /* * Check userspace passed ELF module against our expectations, and cache * useful variables for further processing as we go. @@ -2122,9 +2139,9 @@ static int elf_validity_cache_copy(struct load_info *info, int flags) err = elf_validity_cache_index(info, flags); if (err < 0) return err; - - /* Sets internal strings. */ - info->strtab = (char *)info->hdr + info->sechdrs[info->index.str].sh_offset; + err = elf_validity_cache_strtab(info); + if (err < 0) + return err; /* This is temporary: point mod into copy of data. */ info->mod = (void *)info->hdr + info->sechdrs[info->index.mod].sh_offset; From patchwork Tue Aug 6 21:20:37 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthew Maurer X-Patchwork-Id: 13755323 Received: from mail-yb1-f201.google.com (mail-yb1-f201.google.com [209.85.219.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8495617A584 for ; Tue, 6 Aug 2024 21:21:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1722979295; cv=none; b=F+VvFSdd8ByYSm1XmWIEeBO8SSGA6yl/s6HoqWip6EnIfs5hr93fuuZRUNT2Ck/TzU72Qr28AYfQHWfB8F7PRPxVdPCBQO0GszfwnfWWGyH8uUEKdbEEUsYmwN/3F/Bo7N4nltH1zXjsgqSZzSSWHg0unOoGDHaS5qYqUBCHQg4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1722979295; c=relaxed/simple; bh=epnI8eGvDDKISVPVfjjyglGB5CLDgu79i3HpiZi/AGs=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=iBBZAL0R+iE/PxPguxR7m5JtdzlrTCNsOHAfcM7iY2TwabW9QFhvZlcoc+7JCCrTsJ8h7H5m5yHigppA7zCVoOYtDVMFjsLTvscTKoCmafmdnlKT1A2Cg3/VUfBQk7P+mMx/O80zM66aK8guCXcaUfzyN6xKAlzO7QY2le8XKZU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=pdTckeFX; arc=none smtp.client-ip=209.85.219.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="pdTckeFX" Received: by mail-yb1-f201.google.com with SMTP id 3f1490d57ef6-e087ed145caso1632390276.3 for ; Tue, 06 Aug 2024 14:21:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1722979292; x=1723584092; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=FQ2zq/LCKzRU6SFahUeU1WMrViDXPV+lPPZmW0ps8uk=; b=pdTckeFXWIegKqc+4CmBazJKel8IMcm8mDemjVEdO0+mj7/5wfkCkEBnLvbUXqYblx NnTT7A80izGbzfLnMY7q6VgfHBxe58erO08xd7XOMkmstGIk1ElWiLDQUIl2gQPT/ELf gjg8UptB/wVnz9qUEGlPFd6iusGQvqaF6tIXSlBtjNfgdpA6Ncntou5SZUkt2QOVB9Dz sjs/IG1QKih8lI0+1nleiVZFs4J+2kDKj1xw3S2CZRh7jPRnEbuEXkEmnxw2KXTKly9g NR5dEwinei7OHsx28vsrmP9BcQJjtPAiHLlScdSW1DVXBZpTScXrUH0KewWrw4VqYHZ7 QVCQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722979292; x=1723584092; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=FQ2zq/LCKzRU6SFahUeU1WMrViDXPV+lPPZmW0ps8uk=; b=sFyyaunKfwSg2qhtRezuSuP20UJgqt5PVka+JwPM3j6hFeqflLQFkY8S3OfWS6+v8V dMcl5b+S9Bdno9KUZWqJWHWTkVp5Rna7a97q3n621LU8jjedW6arfivZhlwxmFMIkv3v vK9tY1o819ZOP6LxtxEle9mQBSt7J8rZWabwZ7xXGu+BFdqYqMj9mZOQ/w4pg7zQZ04G HqPUAn4UyZZXRVoSDsmhAgoqu09iFTIjphWjgoVaiSk68OvPbfqlTLZKDMGZepIRjWX5 8EGlKp1UZ76pnkq+VwGTncjwfW2PfSW+RSa+qkI16ehYF84ePVLRU5fRvnOs5K6l+ZnH tIMw== X-Forwarded-Encrypted: i=1; AJvYcCXzSumdiLaIu+z9lWK/2Xgc7jnI8CI3++bDXyqeGJFfrr5z+MRbony0gJyWYplt38XCXK1EqloIxAen3aDJD+/ruo6NogQ3+tl4iMz6SA== X-Gm-Message-State: AOJu0YwKVs9XH9U1TpHW332e3Hr2K03N5UOQYczegiYGRwOFa8EpopZH DR2uADCjid4zFnHtJIl+uNJ7va4lf4TQ+gDX+fEwmrTmlCvxjYHK6LUCQViJ+LsvtkXe1IpkBOH HiJBvtQ== X-Google-Smtp-Source: AGHT+IH6x1pd7T7CSwv3R+eylAyRZmNxI/232pEEFyoDFtMxFDuEMBONgvXpuP7EkLOuGdtv0x2gUeU1cK01 X-Received: from anyblade.c.googlers.com ([fda3:e722:ac3:cc00:20:ed76:c0a8:1791]) (user=mmaurer job=sendgmr) by 2002:a05:6902:100c:b0:dfa:8ed1:8f1b with SMTP id 3f1490d57ef6-e0bde22affamr345027276.1.1722979292488; Tue, 06 Aug 2024 14:21:32 -0700 (PDT) Date: Tue, 6 Aug 2024 21:20:37 +0000 In-Reply-To: <20240806212106.617164-1-mmaurer@google.com> Precedence: bulk X-Mailing-List: linux-modules@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240806212106.617164-1-mmaurer@google.com> X-Mailer: git-send-email 2.46.0.rc2.264.g509ed76dc8-goog Message-ID: <20240806212106.617164-12-mmaurer@google.com> Subject: [PATCH v3 11/16] module: Additional validation in elf_validity_cache_strtab From: Matthew Maurer To: masahiroy@kernel.org, ndesaulniers@google.com, ojeda@kernel.org, gary@garyguo.net, mcgrof@kernel.org, Alex Gaynor , Wedson Almeida Filho Cc: Matthew Maurer , rust-for-linux@vger.kernel.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, neal@gompa.dev, marcan@marcan.st, j@jannau.net, asahi@lists.linux.dev, Boqun Feng , " =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= " , Benno Lossin , Andreas Hindborg , Alice Ryhl , linux-modules@vger.kernel.org Validate properties of the strtab that are depended on elsewhere, but were previously unchecked: * String table nonempty (offset 0 is valid) * String table has a leading NUL (offset 0 corresponds to "") * String table is NUL terminated (strfoo functions won't run out of the table while reading). * All symbols names are inbounds of the string table. Signed-off-by: Matthew Maurer --- kernel/module/main.c | 38 +++++++++++++++++++++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index d70d829b5ab9..7001054c5c4f 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -2090,17 +2090,53 @@ static int elf_validity_cache_index(struct load_info *info, int flags) } /** - * elf_validity_cache_strtab() - Cache symbol string table + * elf_validity_cache_strtab() - Validate and cache symbol string table * @info: Load info to read from and update. * Must have &load_info->sechdrs and &load_info->secstrings populated. * Must have &load_info->index populated. * + * Checks: + * + * * The string table is not empty. + * * The string table starts and ends with NUL (required by ELF spec). + * * Every &Elf_Sym->st_name offset in the symbol table is inbounds of the + * string table. + * + * And caches the pointer as &load_info->strtab in @info. + * * Return: 0 on success, negative error code if a check failed. */ static int elf_validity_cache_strtab(struct load_info *info) { Elf_Shdr *str_shdr = &info->sechdrs[info->index.str]; + Elf_Shdr *sym_shdr = &info->sechdrs[info->index.sym]; char *strtab = (char *)info->hdr + str_shdr->sh_offset; + Elf_Sym *syms = (void *)info->hdr + sym_shdr->sh_offset; + int i; + + if (str_shdr->sh_size == 0) { + pr_err("empty symbol string table\n"); + return -ENOEXEC; + } + if (strtab[0] != '\0') { + pr_err("symbol string table missing leading NUL\n"); + return -ENOEXEC; + } + if (strtab[str_shdr->sh_size - 1] != '\0') { + pr_err("symbol string table isn't NUL terminated\n"); + return -ENOEXEC; + } + + /* + * Now that we know strtab is correctly structured, check symbol + * starts are inbounds before they're used later. + */ + for (i = 0; i < sym_shdr->sh_size / sizeof(*syms); i++) { + if (syms[i].st_name >= str_shdr->sh_size) { + pr_err("symbol name out of bounds in string table"); + return -ENOEXEC; + } + } info->strtab = strtab; return 0; From patchwork Tue Aug 6 21:20:38 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthew Maurer X-Patchwork-Id: 13755324 Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com [209.85.128.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 351B317A585 for ; Tue, 6 Aug 2024 21:21:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1722979296; cv=none; b=TeT7yIgOMuIwnvrNODTXTaksclJe87ftfSNjjFnS4+tWF5c8R5nsMttG2fCxVAo3ObWYxM414x0eH9TBeXL8vbm6yeA78L4HSmx7/7DE8Cy5M3ZaAARzMjUKZB3tDQjVaUWtuJJ27qM4ScVkqhXUIOLvTBe+5AshWBLvvSV8gZA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1722979296; c=relaxed/simple; bh=YzibuyX/ZurkiUI6GyxkLzm0ZV6PxLde5yZfANw/NIQ=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=VNedqTYHBGTynDNLbtRrbE8UBCs6uRHZxknyut+JtHFa+9AxRJRo/Int527eAipVw1fQto2cTlRc5z7h+qg0AyP9JbIiysPfwQblNopNRERpLMrVPGxRB2WQqLMMfLFtvVCc9uZQ0GRxoGBBozNz+8cdmQ1z1odj+dkELbUrdtQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=2RUt+FOb; arc=none smtp.client-ip=209.85.128.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="2RUt+FOb" Received: by mail-yw1-f201.google.com with SMTP id 00721157ae682-6902dc6d3ffso28911007b3.2 for ; Tue, 06 Aug 2024 14:21:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1722979294; x=1723584094; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=o0aAyksQBIufqTGFzbZo39MWvG4cDYo9zi1d+Qwxleg=; b=2RUt+FObJTZXU/AW1+tDAdYnk6UOpIIB0UDQG+VAosmZ0w9m3VS0M/H5IThD1VaoUc HHLYu5CblXO4lmRZbdVe3Pxa1kRv9fgpgEJa30uxACsX/90zR8i9PxpxbxZzBF9hXcyu jZtx8qp3dLmEk0oXSPTswfbbEqPJ/BwxlibYKWYGIPz/hvTpFKGSPbRD2MwSrfXvCP8X lzd1fCxN1Kr/ggz1WzVdL/PfkftnTZR+FiAit7Yn3BZJHZeuIYtYGDMC2cg9cymqthoP Dx4EwfsuSBGY2mVnht/TtMn+K7YebAzqVjLVeQpQNseLXtj9RoWTdt45B7TUkVqVvRQd uV6w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722979294; x=1723584094; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=o0aAyksQBIufqTGFzbZo39MWvG4cDYo9zi1d+Qwxleg=; b=TMO2frzqUu0YYvrBUobR4BF5FyZxZeJtNB6JYAE7+UqPFDGuPWFKroTj5kgYMtVjdg rJYlLxlNvYhJySxoYVASog2BPqtUWvyrzAyk9RGZGLFFHsXXdVFOYsJXD7UoSSWCXvrh ADCgepdD9fXILd9qa7P6KxlgUqqVnYHZupwYTHPKCqD2v50eU0GEyIXdm19hiu59e78l Ed/10T70dd1TkQCNmPIQEiz0YEF1HjI9kGCrgcQUpPDKdhUM0vg3afPYtQ4J2vnXJsGp ZpVxWZVUFH03Q9U7OwFwrQjoaOMdD2jvh7gtPVUzt56rn1aAfbsVnuzia1HHQ6TB4tFj pU0Q== X-Forwarded-Encrypted: i=1; AJvYcCWjU/ukVIcneybOHJkejngh0RFILctRxdFMWuVy5VA9+S4s7winK46TbB3a+lKjqIw9q3oqYbMcpChYlPdAa7IeiPlHd1fFjVYZXSKUEA== X-Gm-Message-State: AOJu0YydrKcc3Xwe3Fbj1vpN+YRdLkrzNJyyr/pU+dJt88VrwQ44mryO XDp7hjl3AlN2qfWx1nOrMpmMGYde8Iy6aZkRSO/GbOfnmdiRsZY3UKz4om4PXfSosKOLY5zmB53 RYDIx0A== X-Google-Smtp-Source: AGHT+IHMHXkzQl0MInvIKMa5XRAGjt8JRRLdjto+8iW/bmxLWJhyarBXnt+EN/959FSdYIRtbVwMtymGh48x X-Received: from anyblade.c.googlers.com ([fda3:e722:ac3:cc00:20:ed76:c0a8:1791]) (user=mmaurer job=sendgmr) by 2002:a05:690c:f13:b0:648:fc8a:cd23 with SMTP id 00721157ae682-6895ec48440mr10438247b3.2.1722979294433; Tue, 06 Aug 2024 14:21:34 -0700 (PDT) Date: Tue, 6 Aug 2024 21:20:38 +0000 In-Reply-To: <20240806212106.617164-1-mmaurer@google.com> Precedence: bulk X-Mailing-List: linux-modules@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240806212106.617164-1-mmaurer@google.com> X-Mailer: git-send-email 2.46.0.rc2.264.g509ed76dc8-goog Message-ID: <20240806212106.617164-13-mmaurer@google.com> Subject: [PATCH v3 12/16] module: Reformat struct for code style From: Matthew Maurer To: masahiroy@kernel.org, ndesaulniers@google.com, ojeda@kernel.org, gary@garyguo.net, mcgrof@kernel.org, Alex Gaynor , Wedson Almeida Filho Cc: Matthew Maurer , rust-for-linux@vger.kernel.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, neal@gompa.dev, marcan@marcan.st, j@jannau.net, asahi@lists.linux.dev, Boqun Feng , " =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= " , Benno Lossin , Andreas Hindborg , Alice Ryhl , linux-modules@vger.kernel.org Using commas to declare struct members makes adding new members to this struct not as nice with patch management. Signed-off-by: Matthew Maurer --- kernel/module/internal.h | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/kernel/module/internal.h b/kernel/module/internal.h index 2ebece8a789f..daef2be83902 100644 --- a/kernel/module/internal.h +++ b/kernel/module/internal.h @@ -80,7 +80,12 @@ struct load_info { unsigned int used_pages; #endif struct { - unsigned int sym, str, mod, vers, info, pcpu; + unsigned int sym; + unsigned int str; + unsigned int mod; + unsigned int vers; + unsigned int info; + unsigned int pcpu; } index; }; From patchwork Tue Aug 6 21:20:40 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthew Maurer X-Patchwork-Id: 13755325 Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com [209.85.128.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 65A5216F91D for ; Tue, 6 Aug 2024 21:21:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1722979312; cv=none; b=jCP0RjxfPFsvvynZicKixkk+ASBRIvZJB69y5AgqQLUM7pYB8Xu3lT+0Tvjgz2/Nqay7aDSGcsG4UiWgto76KPRu1v9igq9UHqlBxNP/2OKFDON3fZtwWE9gPKR85ybhbn5a8+kJywZKKr2VEI7EXicPCqwAzw7NI6l/UAw0DE4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1722979312; c=relaxed/simple; bh=OswgxDWTa55L+1zZkUErnYlQZn1Fa4uk4LxSWyaehiQ=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=LQgA1ITHfdmkmQ7WyhfInFNs1CGN9bnoiwAPQbQNvacuCXwA98nHYTwKOlh2/MwxMM3vONGRFsjYNlhDXZAAKOS4MUH4QoTmXowu7kKnG6gg/EvNk5MLjIppXTp0D5+GvtOmBVTqoXU+jG6sl1c2D4Fs6WxP6yZbz3wmMnzq1vc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=qyTc4dyw; arc=none smtp.client-ip=209.85.128.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="qyTc4dyw" Received: by mail-yw1-f201.google.com with SMTP id 00721157ae682-692aa9db2d5so19252747b3.3 for ; Tue, 06 Aug 2024 14:21:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1722979309; x=1723584109; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=5pjzv2o1pGFL72L2jPXF4pC1JexSHrGaXygPeqnIttk=; b=qyTc4dyw1/G7xKikmkIS/L328mKsbfk6ele84qvPBzxjgJELsQ65mzsLw6hOZoqr9/ wAg8xNakBQYsLX63iLXzuzjh3o4a86aMNRhaSdkfiHq4g2k18ZPwdsBzAcl60MpdND/F RJMCMCRZRUiDhC6hD33rWRXQGdfTIvIXvLNpHrt72URivkYcUWZKAnPnCWJKhmgRCR9v df9Q9ShI3rGzb+wF1Vsth1u61w/EaEwR2N0vF+wGrFUi0JJNKeZT3xNghvS/00xPp/sw /nof0nuh/QqE15rd4icBrL7kCsEMetSok1ZI9lNHaxVoJcyYiu+HLbYk2sE0A1NZny35 x7Fg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722979309; x=1723584109; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=5pjzv2o1pGFL72L2jPXF4pC1JexSHrGaXygPeqnIttk=; b=E2BsuzfgmDl5vcoPYJz6xdsd4lizdFS61hGeOsHLnX0iezYFY+rIJW6Q5K8LBmxRy5 ETZ2pfTR+GfTDMavRdp/KH398lzmtrOAHNwrnYG3/PU2tWPTmXzvU2aoNOuV0p2H2u2X vqLf2kdmANFxOUOp/7R40ZCoQN/VDh0A/LVLjqhoKq/Tst57GDLwX17610Kq/EkmMKwL vMN0AccsBSN6frq3iYl7oz4GIqfhvor1ZpVSVF2QubHu/9auaO7YLxJ/ZhQDxDKktgsx tu/FmWw1Uo0lNbU2sk3M2Xb7OsdsCKYB7ag2mQD+nehHRDTd/biRnqYSTUVgMXm0UZuQ MADA== X-Forwarded-Encrypted: i=1; AJvYcCWtg7PszP5LbmRXLx2MVIkcxBnh9E+8umh6vyOlg6ZjxlJIGILtVAblVSUmuoYyc0Zq9Vo5wEdoalPEMtkF7TFGpG5FNOMp2hvj+MOAig== X-Gm-Message-State: AOJu0Yyod7GVDcTzLrfHllDPdHKN27R+SmQjv8EOiXUEFZackk3pjFuw jjD3neOUMkz4VvCqnnZnGA1L4LYcz9vMFHE/CRcsskQkIac3Wp8R/pFm3fYY3AhvDCiTmcQHbxJ ctPaYbA== X-Google-Smtp-Source: AGHT+IFAM+K/NZck3gM4CB8LcvI2kRlOKgjyZEZ+99ZAkay8tk5d82IgaCIjy1BoHlYHZxv0xB/3Pvt6hog7 X-Received: from anyblade.c.googlers.com ([fda3:e722:ac3:cc00:20:ed76:c0a8:1791]) (user=mmaurer job=sendgmr) by 2002:a05:690c:298:b0:62d:1142:83a5 with SMTP id 00721157ae682-68964b5a5f9mr2751267b3.8.1722979309476; Tue, 06 Aug 2024 14:21:49 -0700 (PDT) Date: Tue, 6 Aug 2024 21:20:40 +0000 In-Reply-To: <20240806212106.617164-1-mmaurer@google.com> Precedence: bulk X-Mailing-List: linux-modules@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240806212106.617164-1-mmaurer@google.com> X-Mailer: git-send-email 2.46.0.rc2.264.g509ed76dc8-goog Message-ID: <20240806212106.617164-15-mmaurer@google.com> Subject: [PATCH v3 14/16] modules: Support extended MODVERSIONS info From: Matthew Maurer To: masahiroy@kernel.org, ndesaulniers@google.com, ojeda@kernel.org, gary@garyguo.net, mcgrof@kernel.org, Michael Ellerman , Alex Gaynor , Wedson Almeida Filho , Christophe Leroy , Matthew Maurer , Naveen N Rao Cc: rust-for-linux@vger.kernel.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, neal@gompa.dev, marcan@marcan.st, j@jannau.net, asahi@lists.linux.dev, Nicholas Piggin , Boqun Feng , " =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= " , Benno Lossin , Andreas Hindborg , Alice Ryhl , linuxppc-dev@lists.ozlabs.org, linux-modules@vger.kernel.org Adds a new format for MODVERSIONS which stores each field in a separate ELF section. This initially adds support for variable length names, but could later be used to add additional fields to MODVERSIONS in a backwards compatible way if needed. Any new fields will be ignored by old user tooling, unlike the current format where user tooling cannot tolerate adjustments to the format (for example making the name field longer). Since PPC munges its version records to strip leading dots, we reproduce the munging for the new format. Other architectures do not appear to have architecture-specific usage of this information. Signed-off-by: Matthew Maurer --- arch/powerpc/kernel/module_64.c | 24 ++++++++- kernel/module/internal.h | 11 ++++ kernel/module/main.c | 92 ++++++++++++++++++++++++++++++--- kernel/module/version.c | 43 +++++++++++++++ 4 files changed, 160 insertions(+), 10 deletions(-) diff --git a/arch/powerpc/kernel/module_64.c b/arch/powerpc/kernel/module_64.c index 7112adc597a8..15b74c9a1df1 100644 --- a/arch/powerpc/kernel/module_64.c +++ b/arch/powerpc/kernel/module_64.c @@ -355,6 +355,24 @@ static void dedotify_versions(struct modversion_info *vers, } } +static void dedotify_ext_version_names(char *str_seq, unsigned long size) +{ + unsigned long out = 0; + unsigned long in; + char last = '\0'; + + for (in = 0; in < size; in++) { + if (last == '\0') + /* Skip all leading dots */ + if (str_seq[in] == '.') + continue; + last = str_seq[in]; + str_seq[out++] = last; + } + /* Zero the trailing portion of the names table for robustness */ + memset(&str_seq[out], 0, size - out); +} + /* * Undefined symbols which refer to .funcname, hack to funcname. Make .TOC. * seem to be defined (value set later). @@ -424,10 +442,12 @@ int module_frob_arch_sections(Elf64_Ehdr *hdr, me->arch.toc_section = i; if (sechdrs[i].sh_addralign < 8) sechdrs[i].sh_addralign = 8; - } - else if (strcmp(secstrings+sechdrs[i].sh_name,"__versions")==0) + } else if (strcmp(secstrings + sechdrs[i].sh_name, "__versions") == 0) dedotify_versions((void *)hdr + sechdrs[i].sh_offset, sechdrs[i].sh_size); + else if (strcmp(secstrings + sechdrs[i].sh_name, "__version_ext_names") == 0) + dedotify_ext_version_names((void *)hdr + sechdrs[i].sh_offset, + sechdrs[i].sh_size); if (sechdrs[i].sh_type == SHT_SYMTAB) dedotify((void *)hdr + sechdrs[i].sh_offset, diff --git a/kernel/module/internal.h b/kernel/module/internal.h index daef2be83902..59959c21b205 100644 --- a/kernel/module/internal.h +++ b/kernel/module/internal.h @@ -86,6 +86,8 @@ struct load_info { unsigned int vers; unsigned int info; unsigned int pcpu; + unsigned int vers_ext_crc; + unsigned int vers_ext_name; } index; }; @@ -389,6 +391,15 @@ void module_layout(struct module *mod, struct modversion_info *ver, struct kerne struct kernel_symbol *ks, struct tracepoint * const *tp); int check_modstruct_version(const struct load_info *info, struct module *mod); int same_magic(const char *amagic, const char *bmagic, bool has_crcs); +struct modversion_info_ext { + size_t remaining; + const s32 *crc; + const char *name; +}; +void modversion_ext_start(const struct load_info *info, struct modversion_info_ext *ver); +void modversion_ext_advance(struct modversion_info_ext *ver); +#define for_each_modversion_info_ext(ver, info) \ + for (modversion_ext_start(info, &ver); ver.remaining > 0; modversion_ext_advance(&ver)) #else /* !CONFIG_MODVERSIONS */ static inline int check_version(const struct load_info *info, const char *symname, diff --git a/kernel/module/main.c b/kernel/module/main.c index 7001054c5c4f..ba63ea1b6ad5 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -2039,6 +2039,82 @@ static int elf_validity_cache_index_str(struct load_info *info) return 0; } +/** + * elf_validity_cache_index_versions() - Validate and cache version indices + * @info: Load info to cache version indices in. + * Must have &load_info->sechdrs and &load_info->secstrings populated. + * @flags: Load flags, relevant to suppress version loading, see + * uapi/linux/module.h + * + * If we're ignoring modversions based on @flags, zero all version indices + * and return validity. Othewrise check: + * + * * If "__version_ext_crcs" is present, "__version_ext_names" is present + * * There is a name present for every crc + * + * Then populate: + * + * * &load_info->index.vers + * * &load_info->index.vers_ext_crc + * * &load_info->index.vers_ext_names + * + * if present. + * + * Return: %0 if valid, %-ENOEXEC on failure. + */ +static int elf_validity_cache_index_versions(struct load_info *info, int flags) +{ + unsigned int vers_ext_crc; + unsigned int vers_ext_name; + size_t crc_count; + size_t remaining_len; + size_t name_size; + char *name; + + /* If modversions were suppressed, pretend we didn't find any */ + if (flags & MODULE_INIT_IGNORE_MODVERSIONS) { + info->index.vers = 0; + info->index.vers_ext_crc = 0; + info->index.vers_ext_name = 0; + return 0; + } + + vers_ext_crc = find_sec(info, "__version_ext_crcs"); + vers_ext_name = find_sec(info, "__version_ext_names"); + + /* If we have one field, we must have the other */ + if (!!vers_ext_crc != !!vers_ext_name) { + pr_err("extended version crc+name presence does not match"); + return -ENOEXEC; + } + + /* + * If we have extended version information, we should have the same + * number of entries in every section. + */ + if (vers_ext_crc) { + crc_count = info->sechdrs[vers_ext_crc].sh_size / sizeof(s32); + name = (void *)info->hdr + + info->sechdrs[vers_ext_name].sh_offset; + remaining_len = info->sechdrs[vers_ext_name].sh_size; + + while (crc_count--) { + name_size = strnlen(name, remaining_len) + 1; + if (name_size > remaining_len) { + pr_err("more extended version crcs than names"); + return -ENOEXEC; + } + remaining_len -= name_size; + name += name_size; + } + } + + info->index.vers = find_sec(info, "__versions"); + info->index.vers_ext_crc = vers_ext_crc; + info->index.vers_ext_name = vers_ext_name; + return 0; +} + /** * elf_validity_cache_index() - Resolve, validate, cache section indices * @info: Load info to read from and update. @@ -2053,9 +2129,7 @@ static int elf_validity_cache_index_str(struct load_info *info) * * elf_validity_cache_index_mod() * * elf_validity_cache_index_sym() * * elf_validity_cache_index_str() - * - * If versioning is not suppressed via flags, load the version index from - * a section called "__versions" with no validation. + * * elf_validity_cache_index_versions() * * If CONFIG_SMP is enabled, load the percpu section by name with no * validation. @@ -2078,11 +2152,9 @@ static int elf_validity_cache_index(struct load_info *info, int flags) err = elf_validity_cache_index_str(info); if (err < 0) return err; - - if (flags & MODULE_INIT_IGNORE_MODVERSIONS) - info->index.vers = 0; /* Pretend no __versions section! */ - else - info->index.vers = find_sec(info, "__versions"); + err = elf_validity_cache_index_versions(info, flags); + if (err < 0) + return err; info->index.pcpu = find_pcpusec(info); @@ -2293,6 +2365,10 @@ static int rewrite_section_headers(struct load_info *info, int flags) /* Track but don't keep modinfo and version sections. */ info->sechdrs[info->index.vers].sh_flags &= ~(unsigned long)SHF_ALLOC; + info->sechdrs[info->index.vers_ext_crc].sh_flags &= + ~(unsigned long)SHF_ALLOC; + info->sechdrs[info->index.vers_ext_name].sh_flags &= + ~(unsigned long)SHF_ALLOC; info->sechdrs[info->index.info].sh_flags &= ~(unsigned long)SHF_ALLOC; return 0; diff --git a/kernel/module/version.c b/kernel/module/version.c index 53f43ac5a73e..02d8340bdb57 100644 --- a/kernel/module/version.c +++ b/kernel/module/version.c @@ -19,11 +19,28 @@ int check_version(const struct load_info *info, unsigned int versindex = info->index.vers; unsigned int i, num_versions; struct modversion_info *versions; + struct modversion_info_ext version_ext; /* Exporting module didn't supply crcs? OK, we're already tainted. */ if (!crc) return 1; + /* If we have extended version info, rely on it */ + if (info->index.vers_ext_crc) { + for_each_modversion_info_ext(version_ext, info) { + if (strcmp(version_ext.name, symname) != 0) + continue; + if (*version_ext.crc == *crc) + return 1; + pr_debug("Found checksum %X vs module %X\n", + *crc, *version_ext.crc); + goto bad_version; + } + pr_warn_once("%s: no extended symbol version for %s\n", + info->name, symname); + return 1; + } + /* No versions at all? modprobe --force does this. */ if (versindex == 0) return try_to_force_load(mod, symname) == 0; @@ -87,6 +104,32 @@ int same_magic(const char *amagic, const char *bmagic, return strcmp(amagic, bmagic) == 0; } +void modversion_ext_start(const struct load_info *info, + struct modversion_info_ext *start) +{ + unsigned int crc_idx = info->index.vers_ext_crc; + unsigned int name_idx = info->index.vers_ext_name; + Elf_Shdr *sechdrs = info->sechdrs; + + /* + * Both of these fields are needed for this to be useful + * Any future fields should be initialized to NULL if absent. + */ + if ((crc_idx == 0) || (name_idx == 0)) + start->remaining = 0; + + start->crc = (const s32 *)sechdrs[crc_idx].sh_addr; + start->name = (const char *)sechdrs[name_idx].sh_addr; + start->remaining = sechdrs[crc_idx].sh_size / sizeof(*start->crc); +} + +void modversion_ext_advance(struct modversion_info_ext *vers) +{ + vers->remaining--; + vers->crc++; + vers->name += strlen(vers->name) + 1; +} + /* * Generate the signature for all relevant module structures here. * If these change, we don't want to try to parse the module.