From patchwork Tue Oct 15 23:16:35 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthew Maurer X-Patchwork-Id: 13837394 Received: from mail-yb1-f201.google.com (mail-yb1-f201.google.com [209.85.219.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1B2621D63DF for ; Tue, 15 Oct 2024 23:17:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729034223; cv=none; b=WOOU2lrwK6rykYUub5uku+zO4wiuNL8Yj/MqMZC5x6mu9rb7/Q8lWZ5VOYfZg8930pQy61fCT4ecL64y6K9C0Pwe7QwIlQEn58dvoXgrkvh2qI0IjMJw7Smh+d4fSwxtRjXDgGH4D1S7rVSw+Ew+VDYQDI5HW+JdyVwVnaODeeY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729034223; c=relaxed/simple; bh=QHhoXvpDEQPD/TLcchSrrWPbQthnrEyocMzfS0P9NlM=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=qEWFd4M7VCj7bJIXo3qIPKALGR7jutgQJnWH/tiS7iXQNEi0X7a602ilxLtREsVHr837I3t23YY2D4RhzTy4R1DTeSxjqA4mkY0BP0nWQbZGunHSSR9hrB9fj9T8qcWD3AZlc4lt0Ue7nop95H4wfNWf1px7+DE3mEs1X5jB7es= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=At/WHyQB; arc=none smtp.client-ip=209.85.219.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="At/WHyQB" Received: by mail-yb1-f201.google.com with SMTP id 3f1490d57ef6-e29135d1d0cso8158431276.1 for ; Tue, 15 Oct 2024 16:17:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1729034221; x=1729639021; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=0RbEG7McUi9uEsl34Zx+GKrR9c4aF7zdcdcYg+Y9woE=; b=At/WHyQB2iNFrmHLOvaUVcnNycV2VXevkFrNgr0tmzO8PngCWPd9pRFcJPNc1Q1nvQ DgK84P0q9RB1IAk+PSLfeTCiuiZvE6iQuqsbj4t/C8bqEFzgvqYHJszicV7VH4okcTcy S29ReuJ6ffcAuCL/y7qmwYjJIV/Ys4oKpBYOm4zdd444THXc6V4dqoXEzLGZOvpe7a7o J8goC0c4AYBmOf0nZILXSTInL+bAzXvvQowkteJNxGC6He1AJIJqLIo1ZXJLeK2zKhI2 EUw5+vuyM//OQ8Yu2KMFkSsydbyeu16INNfxOiyJTvIPkUQaa5cK1Bp5b5sAs63BTLqF lRjQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729034221; x=1729639021; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=0RbEG7McUi9uEsl34Zx+GKrR9c4aF7zdcdcYg+Y9woE=; b=iewt6QSuCiXVf2I3jZ9UB/cELdZUGpzVdOEXFjw47+2VZKDM1kaHBaQzlJFZJiCRzX qMsiP2NUb9A+bKVu3DzCcaxMkxcIF4yXBqJy12jdKNZiQEa4qSzzwnJmtf0Ckq1SLm7e BwsRmL1ovwQg396cccns5B5CrhWl0Pl4+6vTqx0eGEFahutupl8XERveT1ai8L37IMS7 M4niapIe7rrZMTpZfRUHatP/OEqX+zOTWoNi+flXJcIy1s+bGhQIQm+MOCcJT+s3cCFM qMcBynkwnvdwV3S3XzvMQCAUaQEkQYPMUDBbvBo/vNmMXG8gWBWLujJxih+sscNliTD3 JFYQ== X-Forwarded-Encrypted: i=1; AJvYcCW1hSCO2zfL3TUcDyl0swRwjHajaF8xgPF/eJEU2/YGI5K+G8vYlc5RNxMzgj6w9ctV06UeW2xfCikjlwmF@vger.kernel.org X-Gm-Message-State: AOJu0Yyxa8hNDAKRMoWTUF0H+kBpRYr9y0peF0YQfSnzTB3qpG3pzeew 9t2+5jCNltUozQ4M4m+6l/kpZ6tFKLg4DLoWjd17UW8+Agack/kpyEHExGbfsvBVELe2+WyeF1v O5lSqkQ== X-Google-Smtp-Source: AGHT+IFPXzBe3tq4UEclYkB5CjDIeF4FAjlDz1DojdfYJQwU20ut08n6Uq7PA2tBHvy9wJlNUFsUH1mxlBeM X-Received: from anyblade.c.googlers.com ([fda3:e722:ac3:cc00:20:ed76:c0a8:1791]) (user=mmaurer job=sendgmr) by 2002:a25:ad60:0:b0:e16:6771:a299 with SMTP id 3f1490d57ef6-e29786b577amr950276.11.1729034220838; Tue, 15 Oct 2024 16:17:00 -0700 (PDT) Date: Tue, 15 Oct 2024 23:16:35 +0000 In-Reply-To: <20241015231651.3851138-1-mmaurer@google.com> Precedence: bulk X-Mailing-List: linux-modules@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241015231651.3851138-1-mmaurer@google.com> X-Mailer: git-send-email 2.47.0.rc1.288.g06298d1525-goog Message-ID: <20241015231651.3851138-2-mmaurer@google.com> Subject: [PATCH 01/12] module: Take const arg in validate_section_offset From: Matthew Maurer To: mcgrof@kernel.org Cc: linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, samitolvanen@google.com, Matthew Maurer , Petr Pavlu , Daniel Gomez `validate_section_offset` doesn't modify the info passed in. Make this clear by adjusting the type signature. Signed-off-by: Matthew Maurer --- kernel/module/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index ef54733bd7d2..1ed1d1bf1416 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -1678,7 +1678,7 @@ bool __weak module_exit_section(const char *name) return strstarts(name, ".exit"); } -static int validate_section_offset(struct load_info *info, Elf_Shdr *shdr) +static int validate_section_offset(const struct load_info *info, Elf_Shdr *shdr) { #if defined(CONFIG_64BIT) unsigned long long secend; From patchwork Tue Oct 15 23:16:36 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthew Maurer X-Patchwork-Id: 13837395 Received: from mail-yw1-f202.google.com (mail-yw1-f202.google.com [209.85.128.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9D4341D9669 for ; Tue, 15 Oct 2024 23:17:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729034225; cv=none; b=SA4V4rZk6WaAq+Fz01p6cWwo1Wx1fBb6NZCJ3wvhuAK4FLmlA3Pa3bPkvemDfrPrIJHALUITORITpi7h0KMQq0g9mQje2iMfmvFs4fBzQ2u3LqHMj4ydxBD8FWvXU6Sp5tUASZ5Kfsxk9F07AugfG79QDhNeDeqxts7XyYLTta4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729034225; c=relaxed/simple; bh=mDYkZeYGnRE3sQhCcF+uoxl/1TxGRA4ekAMIMeBAB4I=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=PnrjIfQllto0H6Ece1VuQDPR/VfFMThiZK2O/J6iybR7q8iE1KFmAI6b8T6jyON9wnW3f+39H7Q6jkKZQIHRetgHsX226VQW2YQ8lai8eh9Glz2233pqllljxIts45O2dX5DultjrCgawRuwGcxbNyssZWPJFzdAIJAutff7Rhg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=daeXy4L9; arc=none smtp.client-ip=209.85.128.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="daeXy4L9" Received: by mail-yw1-f202.google.com with SMTP id 00721157ae682-6e32b43e053so75154817b3.1 for ; Tue, 15 Oct 2024 16:17:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1729034223; x=1729639023; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=GaOp4Let+iTa8j/z2TDGbKzwODexvMJh2E3PsytoWq8=; b=daeXy4L9nRtc6nArHS91VmuufFuGsrMwJxht0PqJCpgA1loiBrY2PA/YKEXOuu6yjk hrTjapcmDP00tlk4n/RUDidPpNoYJXv9BHqTcW75PWA/jdyVEC0mU02rV7hXdf4RE8vI kqJALoLd5BHmRpGVW8Mk0moqWB+iF9wzKpVPU2dtZsZ+rtVugT55WBCHwDYfM73gcSuT WYfw2FxVqjEjWt8wjlevu6BilnOEKEaIp2NUk264SF8TLxE1SMpZbynZTS/X+eVXPttr NuEDUO3sGPq1S+7zriGr0hI078g+jSBQQy7FZCZ2XrBr3T1+AkKzp+wH9xuZtYTzuW8h YfJw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729034223; x=1729639023; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=GaOp4Let+iTa8j/z2TDGbKzwODexvMJh2E3PsytoWq8=; b=J8XhktsNLpNmrGXa4AyjFNm5zZfqEl40OtUfe9tcFhvXVPmEtnYrQ/HYIkpCTSaYx4 P1FqCaJod7FpOZQUkLjoFPr/zKiLCM+wREapYEAEYa2HYSEXABpgXQW2EWT4n+2XqJ2w rr/n51urQN6gHOtdOoleRf312Rtdwbw1gQW1ysbndRgXQAS2pWp+5r+0lM2eflkpN5q6 dvwTpMaVeEBzBdhPKcLRAD5/f0u0hKvjrR5pLxQG6CjeZBDtE5e4bSEb2qXWOOrmMmQP gLrg6NABJxblqLXxVrxKXzcVLTYP/s9G2FZeitRpC+DDtlRHfU9MoXF5xE7bSE/XShuq 5puA== X-Forwarded-Encrypted: i=1; AJvYcCUIvWSFjdO4Q37TZKSQfHp4Ehr4UIhgeZv1m/iftTS81Ka0KlTbSCeaqYb/Wl2oCfweZOuEYZXr30fQIdZQ@vger.kernel.org X-Gm-Message-State: AOJu0YxwJzlqWShQeSakrp9W4mJDXeYEyO+LlMWyy3ZN31tFjphVDLUe u4+DUAfGM2mPsBLV/Y1TpqGIZyIYZGsyujSefFphtZciXcp7rSbY1my1DAjzmhC6vk3+fibxyPj E0tV8kQ== X-Google-Smtp-Source: AGHT+IFZZ+EiwW/n3OCbtia15roWRedKzxQbPaS+sWOvG4bizXkUKDFwjIvX7+XcR/hn6q6oyOTxd8iYrUp2 X-Received: from anyblade.c.googlers.com ([fda3:e722:ac3:cc00:20:ed76:c0a8:1791]) (user=mmaurer job=sendgmr) by 2002:a05:690c:74c7:b0:6e3:39e5:f0e8 with SMTP id 00721157ae682-6e3d41c6eacmr556067b3.6.1729034222868; Tue, 15 Oct 2024 16:17:02 -0700 (PDT) Date: Tue, 15 Oct 2024 23:16:36 +0000 In-Reply-To: <20241015231651.3851138-1-mmaurer@google.com> Precedence: bulk X-Mailing-List: linux-modules@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241015231651.3851138-1-mmaurer@google.com> X-Mailer: git-send-email 2.47.0.rc1.288.g06298d1525-goog Message-ID: <20241015231651.3851138-3-mmaurer@google.com> Subject: [PATCH 02/12] module: Factor out elf_validity_ehdr From: Matthew Maurer To: mcgrof@kernel.org Cc: linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, samitolvanen@google.com, Matthew Maurer , Petr Pavlu , Daniel Gomez Factor out verification of the ELF header and document what is checked. Signed-off-by: Matthew Maurer --- kernel/module/main.c | 70 +++++++++++++++++++++++++++++--------------- 1 file changed, 47 insertions(+), 23 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index 1ed1d1bf1416..c836354928f0 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -1697,6 +1697,50 @@ static int validate_section_offset(const struct load_info *info, Elf_Shdr *shdr) return 0; } +/** + * elf_validity_ehdr() - Checks an ELF header for module validity + * @info: Load info containing the ELF header to check + * + * Checks whether an ELF header could belong to a valid module. Checks: + * + * * ELF header is within the data the user provided + * * ELF magic is present + * * It is relocatable (not final linked, not core file, etc.) + * * The header's machine type matches what the architecture expects. + * * Optional arch-specific hook for other properties + * - module_elf_check_arch() is currently only used by PPC to check + * ELF ABI version, but may be used by others in the future. + * + * Return: %0 if valid, %-ENOEXEC on failure. + */ +static int elf_validity_ehdr(const struct load_info *info) +{ + if (info->len < sizeof(*(info->hdr))) { + pr_err("Invalid ELF header len %lu\n", info->len); + return -ENOEXEC; + } + if (memcmp(info->hdr->e_ident, ELFMAG, SELFMAG) != 0) { + pr_err("Invalid ELF header magic: != %s\n", ELFMAG); + return -ENOEXEC; + } + if (info->hdr->e_type != ET_REL) { + pr_err("Invalid ELF header type: %u != %u\n", + info->hdr->e_type, ET_REL); + return -ENOEXEC; + } + if (!elf_check_arch(info->hdr)) { + pr_err("Invalid architecture in ELF header: %u\n", + info->hdr->e_machine); + return -ENOEXEC; + } + if (!module_elf_check_arch(info->hdr)) { + pr_err("Invalid module architecture in ELF header: %u\n", + info->hdr->e_machine); + return -ENOEXEC; + } + return 0; +} + /* * Check userspace passed ELF module against our expectations, and cache * useful variables for further processing as we go. @@ -1726,30 +1770,10 @@ static int elf_validity_cache_copy(struct load_info *info, int flags) unsigned int num_info_secs = 0, info_idx; unsigned int num_sym_secs = 0, sym_idx; - if (info->len < sizeof(*(info->hdr))) { - pr_err("Invalid ELF header len %lu\n", info->len); - goto no_exec; - } + err = elf_validity_ehdr(info); + if (err < 0) + return err; - if (memcmp(info->hdr->e_ident, ELFMAG, SELFMAG) != 0) { - pr_err("Invalid ELF header magic: != %s\n", ELFMAG); - goto no_exec; - } - if (info->hdr->e_type != ET_REL) { - pr_err("Invalid ELF header type: %u != %u\n", - info->hdr->e_type, ET_REL); - goto no_exec; - } - if (!elf_check_arch(info->hdr)) { - pr_err("Invalid architecture in ELF header: %u\n", - info->hdr->e_machine); - goto no_exec; - } - if (!module_elf_check_arch(info->hdr)) { - pr_err("Invalid module architecture in ELF header: %u\n", - info->hdr->e_machine); - goto no_exec; - } if (info->hdr->e_shentsize != sizeof(Elf_Shdr)) { pr_err("Invalid ELF section header size\n"); goto no_exec; From patchwork Tue Oct 15 23:16:37 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthew Maurer X-Patchwork-Id: 13837396 Received: from mail-yb1-f202.google.com (mail-yb1-f202.google.com [209.85.219.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BB9BD1F80A4 for ; Tue, 15 Oct 2024 23:17:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729034227; cv=none; b=i6WNa8foQjfGAgrZDv4zSKVRDw6raog+GlzvU3GNB185C4BpaQjBjLz9iMgBd9eJQppfqr6Dzi48ArCHWG4xp0Bp1iIMAZtO78x3osvvZCZAJ4El9mYroRadTnUoh+PYwAy+30v6FRFiTuVwxoHqVsNvzyuE2rW9de+1wp/wf6M= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729034227; c=relaxed/simple; bh=Q/ebP4VppKXgX75HHkGyapl6+59q2K1k/6cBCCOTXVg=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=YFsjHxM5LlYZcTVxlvxvai6ZKyxi0cPTPzN6UXSDvkqS9I4Skdu7wara6nPtVnnAJ6r3Z2BQf3lz9WnkGBMaOJViO7ZepMOjw1kPgJj2Nwqc+4J+9Fu4NoNsUbuDb8p+C6lqZZKKGumtj2DmjImTLB0ZTa/e1hGiqh0Ff2xnTFA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=CfVslK/m; arc=none smtp.client-ip=209.85.219.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="CfVslK/m" Received: by mail-yb1-f202.google.com with SMTP id 3f1490d57ef6-e290222fde4so7367635276.1 for ; Tue, 15 Oct 2024 16:17:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1729034225; x=1729639025; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=s9C2Ei02TD++bK2BpkVHJvqSOFvsQEfujDFHeRhGRWA=; b=CfVslK/mQVPkVgi4qJvoUZuABqvmzYgpJ6kTRKUmqxe8S7zCiSW7iob7vGS+xY4cAT SRP68ozJtRNQr795X4nh2LyqiTysn4ptun2+nwfAncPcdaR8r0UNBVdX1/m0KiaTBSQk WNwkJ/frh8rDOPyLEos1bqxVoRBth+TfLH9RZQ8TAYmn7Kqzngd5kSTiU15EX6Ix1l/O dOhtXgts75yCjRl+hehBodMZ7JaWZCp49lRh2rjKYnYgEnVNwxGwiwIqIhgdsg0n7ZEM nH1FXWMknZZ+doIM3pAy5lCDa/DlMp1KSbzDwIVGFM06fxF2uh+VHQcc9OnpOmRh/ytC mzWQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729034225; x=1729639025; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=s9C2Ei02TD++bK2BpkVHJvqSOFvsQEfujDFHeRhGRWA=; b=cCNwR4gqlwH3r1bK4tGuHWyYigKB3R7jhvpwp5scikIPGDO3OBAYAWZdzQ9lYCZSv3 eZ6KYlTI346Y8pGattys816sH1mJde8NsoIZlJV+f/96ljtIi8re1kP3DwVrCa9pspKR BE4MePo0xLDO23EMEPlLe6QgzrBUtv25V+ziqf/YzxAXjQdPpWew+309YoMy8oGQBkiE mMEujZBuPtN9CMct8QcmY3lTUkgfq7iCPhkLOmsozw+N7XD+NYvROKk7B/OmeJObaHM0 tW88ExP+jewPfLn5Wbze6CRD4XAFFUn3wbRarU1v8id/E6kbdgm3vdRelnFlB2joUOyH kH5Q== X-Forwarded-Encrypted: i=1; AJvYcCWJT0qXON7BZS5w29GoZ9gbb75pxAGdoWIzTYT2pF7lkDwr8TOK1wDv/kOsYaKo1Kzl8CwYI5KT7wrXLVTW@vger.kernel.org X-Gm-Message-State: AOJu0YxfwRcfeJEgLp6aUuPlwje8akZjb9zascoYMWhnALdMwP2GqCqe ynUtKFn75pRYshmvh4aUfY0wnJCkSqktA4Q2mK1ZDq2OnRCNcNgsNLGJOR4biHMEq1Y2fK/aMTZ Z65TDsQ== X-Google-Smtp-Source: AGHT+IF9/RrejyXjamOHmES0fO9LFDxPPSqw0EHrizmRCN81klIy8hyZiM00NmuWFywfdGDutrXWewNuQlb5 X-Received: from anyblade.c.googlers.com ([fda3:e722:ac3:cc00:20:ed76:c0a8:1791]) (user=mmaurer job=sendgmr) by 2002:a25:68d4:0:b0:e29:6fd5:70ec with SMTP id 3f1490d57ef6-e2978558d8dmr2050276.6.1729034224721; Tue, 15 Oct 2024 16:17:04 -0700 (PDT) Date: Tue, 15 Oct 2024 23:16:37 +0000 In-Reply-To: <20241015231651.3851138-1-mmaurer@google.com> Precedence: bulk X-Mailing-List: linux-modules@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241015231651.3851138-1-mmaurer@google.com> X-Mailer: git-send-email 2.47.0.rc1.288.g06298d1525-goog Message-ID: <20241015231651.3851138-4-mmaurer@google.com> Subject: [PATCH 03/12] module: Factor out elf_validity_cache_sechdrs From: Matthew Maurer To: mcgrof@kernel.org Cc: linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, samitolvanen@google.com, Matthew Maurer , Petr Pavlu , Daniel Gomez Factor out and document the validation of section headers. Because we now validate all section offsets and lengths before accessing them, we can remove the ad-hoc checks. Signed-off-by: Matthew Maurer --- kernel/module/main.c | 125 ++++++++++++++++++++++++++++--------------- 1 file changed, 82 insertions(+), 43 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index c836354928f0..467e35f0232a 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -1741,6 +1741,87 @@ static int elf_validity_ehdr(const struct load_info *info) return 0; } +/** + * elf_validity_cache_sechdrs() - Cache section headers if valid + * @info: Load info to compute section headers from + * + * Checks: + * + * * ELF header is valid (see elf_validity_ehdr()) + * * Section headers are the size we expect + * * Section array fits in the user provided data + * * Section index 0 is NULL + * * Section contents are inbounds + * + * Then updates @info with a &load_info->sechdrs pointer if valid. + * + * Return: %0 if valid, negative error code if validation failed. + */ +static int elf_validity_cache_sechdrs(struct load_info *info) +{ + Elf_Shdr *sechdrs; + Elf_Shdr *shdr; + int i; + int err; + + err = elf_validity_ehdr(info); + if (err < 0) + return err; + + if (info->hdr->e_shentsize != sizeof(Elf_Shdr)) { + pr_err("Invalid ELF section header size\n"); + return -ENOEXEC; + } + + /* + * e_shnum is 16 bits, and sizeof(Elf_Shdr) is + * known and small. So e_shnum * sizeof(Elf_Shdr) + * will not overflow unsigned long on any platform. + */ + if (info->hdr->e_shoff >= info->len + || (info->hdr->e_shnum * sizeof(Elf_Shdr) > + info->len - info->hdr->e_shoff)) { + pr_err("Invalid ELF section header overflow\n"); + return -ENOEXEC; + } + + sechdrs = (void *)info->hdr + info->hdr->e_shoff; + + /* + * The code assumes that section 0 has a length of zero and + * an addr of zero, so check for it. + */ + if (sechdrs[0].sh_type != SHT_NULL + || sechdrs[0].sh_size != 0 + || sechdrs[0].sh_addr != 0) { + pr_err("ELF Spec violation: section 0 type(%d)!=SH_NULL or non-zero len or addr\n", + sechdrs[0].sh_type); + return -ENOEXEC; + } + + /* Validate contents are inbounds */ + for (i = 1; i < info->hdr->e_shnum; i++) { + shdr = &sechdrs[i]; + switch (shdr->sh_type) { + case SHT_NULL: + case SHT_NOBITS: + /* No contents, offset/size don't mean anything */ + continue; + default: + err = validate_section_offset(info, shdr); + if (err < 0) { + pr_err("Invalid ELF section in module (section %u type %u)\n", + i, shdr->sh_type); + return err; + } + } + } + + info->sechdrs = sechdrs; + + return 0; +} + /* * Check userspace passed ELF module against our expectations, and cache * useful variables for further processing as we go. @@ -1770,29 +1851,10 @@ static int elf_validity_cache_copy(struct load_info *info, int flags) unsigned int num_info_secs = 0, info_idx; unsigned int num_sym_secs = 0, sym_idx; - err = elf_validity_ehdr(info); + err = elf_validity_cache_sechdrs(info); if (err < 0) return err; - if (info->hdr->e_shentsize != sizeof(Elf_Shdr)) { - pr_err("Invalid ELF section header size\n"); - goto no_exec; - } - - /* - * e_shnum is 16 bits, and sizeof(Elf_Shdr) is - * known and small. So e_shnum * sizeof(Elf_Shdr) - * will not overflow unsigned long on any platform. - */ - if (info->hdr->e_shoff >= info->len - || (info->hdr->e_shnum * sizeof(Elf_Shdr) > - info->len - info->hdr->e_shoff)) { - pr_err("Invalid ELF section header overflow\n"); - goto no_exec; - } - - info->sechdrs = (void *)info->hdr + info->hdr->e_shoff; - /* * Verify if the section name table index is valid. */ @@ -1805,11 +1867,6 @@ static int elf_validity_cache_copy(struct load_info *info, int flags) } strhdr = &info->sechdrs[info->hdr->e_shstrndx]; - err = validate_section_offset(info, strhdr); - if (err < 0) { - pr_err("Invalid ELF section hdr(type %u)\n", strhdr->sh_type); - return err; - } /* * The section name table must be NUL-terminated, as required @@ -1826,18 +1883,6 @@ static int elf_validity_cache_copy(struct load_info *info, int flags) goto no_exec; } - /* - * The code assumes that section 0 has a length of zero and - * an addr of zero, so check for it. - */ - if (info->sechdrs[0].sh_type != SHT_NULL - || info->sechdrs[0].sh_size != 0 - || info->sechdrs[0].sh_addr != 0) { - pr_err("ELF Spec violation: section 0 type(%d)!=SH_NULL or non-zero len or addr\n", - info->sechdrs[0].sh_type); - goto no_exec; - } - for (i = 1; i < info->hdr->e_shnum; i++) { shdr = &info->sechdrs[i]; switch (shdr->sh_type) { @@ -1856,12 +1901,6 @@ static int elf_validity_cache_copy(struct load_info *info, int flags) sym_idx = i; fallthrough; default: - err = validate_section_offset(info, shdr); - if (err < 0) { - pr_err("Invalid ELF section in module (section %u type %u)\n", - i, shdr->sh_type); - return err; - } if (strcmp(info->secstrings + shdr->sh_name, ".gnu.linkonce.this_module") == 0) { num_mod_secs++; From patchwork Tue Oct 15 23:16:38 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthew Maurer X-Patchwork-Id: 13837397 Received: from mail-yb1-f202.google.com (mail-yb1-f202.google.com [209.85.219.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DD7991F9ED7 for ; Tue, 15 Oct 2024 23:17:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729034229; cv=none; b=Sma2JK6Kli5FsERT/r95CbpM+g9BbP+IpNIhuWgD0KDa7A4sb2Vz/4s78oxkbWgk9+iuIu4JNKVpalGVy++C7eCARNjXFDTwEqXgLPKX0BIe1/ca3XW6j1xrKMJGdPKlhJ5ewV1Ri1vwWL29in+FVinMfctmYhltdqsORPVxW5s= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729034229; c=relaxed/simple; bh=YE/oK9ZOhdsHNUDoCLONYihU16c/izMFQR3EpE6qWgg=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Bn9ENkoscAAHM17S2zq4VQtGM5qWizQaPDoZ+q3T9mRlPM9MPFYMDgVN7SoIvVhPDS4+lYqhU1bU4liIqhh6zOmmOVaR4W4XnGFPkM14USyu8+gzzzYeA2rPlr5Vmbc8zvSnJP0XgVHCTd1I1tUgj/uHSw+h/SHjEWPSu+1aDQw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=TwwwPg+Z; arc=none smtp.client-ip=209.85.219.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="TwwwPg+Z" Received: by mail-yb1-f202.google.com with SMTP id 3f1490d57ef6-e292a6bdd72so6629027276.0 for ; Tue, 15 Oct 2024 16:17:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1729034227; x=1729639027; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=hpXqqJ7mhE4OTX7mw0ZIHnsdobY/QXMTdFshJ+hNzmc=; b=TwwwPg+ZV1lFiBZt4WXhSYohJ4VKuSEvF31Vx47EuMkHa+FwmCcvjhXZFfeTxm4o0c EnMvqT3CZDLSPv8vY9g6CP296PScmCdWPOdCuDZg67a07jmbjdI42Eus4UoUJMWs2mcS BS50jFuSGHhphKfHguQ+YRphsVkhW6fQSomgCCBqiLpUpuGy4G+PG1smnbvmiR7XS22b hgyBo/QLC+1XnVRFjwg8kLQdVR1oxHH2kwer0FOYdzk75fjOp4uUzVZBYYyg3Y58yWvN +CTHmvR5YJ1dSWBrpOrAP5GITbOKPBNOvt3sHM+Q6ZKajPIEuHSq7iH81o9/NWHrD3Bp WeXQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729034227; x=1729639027; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=hpXqqJ7mhE4OTX7mw0ZIHnsdobY/QXMTdFshJ+hNzmc=; b=CK2hLeFPPo7WxCegO76PJX4ulp9lRzm9JrHuvWNzOL50tqOgVTpEW6UvKh4/Z8czor pVQCu0OqYBp760Ogz8sHkewyPkgk8eGTapkOGOgjbiMUP4x3LEmATNPh9JMC5gHzl02E 23iCErJHyMWKoW+LC9AiJCl99oUYjcz1S5lmM/Yu92WL1NNOCqK0iaXmf2GLmKD1hw3w Je7MjKzCR5ioeQXF+nW2FQ7fSJHCYE21SkpEYt+RDBb0NVziF2U9ICnZ7vWkY6ZQ+5Aq +/a8VfuZ1QoIx4JU+YxQlDxjG5Lb9SYesY00PH7n/MyCn0bVutpISIFw8pVwoj+xmPqb N+OQ== X-Forwarded-Encrypted: i=1; AJvYcCUS8M12m4tKgP3QaxbVOJaa0POYcSCRs6fRsi6Ct8TeqUOawZrfP6PcM1eq/wz7vvTO8EY7Su3qvN57TAsV@vger.kernel.org X-Gm-Message-State: AOJu0Yz3/U4/Dv9FWtz1LbaDAOEqx7QICi0QmgDWKbWqU41eB9RZ8csF tz4DKtbucilphGgUOcthx5xbJ24P84feAdDOL7Q3CHbTRrHg5JyhMRw5rS2sVra/R+/TYARq6S4 /y0Ofzw== X-Google-Smtp-Source: AGHT+IHizGOPKT5xbBjYB4IekU0DU2Mgds5ptzsICNd3lT/qy4QxEafJXfV6FVd+c7tsCcxLBv+gbqraWgah X-Received: from anyblade.c.googlers.com ([fda3:e722:ac3:cc00:20:ed76:c0a8:1791]) (user=mmaurer job=sendgmr) by 2002:a25:947:0:b0:e29:76b7:ed37 with SMTP id 3f1490d57ef6-e2978585cc5mr1523276.9.1729034226849; Tue, 15 Oct 2024 16:17:06 -0700 (PDT) Date: Tue, 15 Oct 2024 23:16:38 +0000 In-Reply-To: <20241015231651.3851138-1-mmaurer@google.com> Precedence: bulk X-Mailing-List: linux-modules@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241015231651.3851138-1-mmaurer@google.com> X-Mailer: git-send-email 2.47.0.rc1.288.g06298d1525-goog Message-ID: <20241015231651.3851138-5-mmaurer@google.com> Subject: [PATCH 04/12] module: Factor out elf_validity_cache_secstrings From: Matthew Maurer To: mcgrof@kernel.org Cc: linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, samitolvanen@google.com, Matthew Maurer , Petr Pavlu , Daniel Gomez Factor out the validation of section names. There are two behavioral changes: 1. Previously, we did not validate non-SHF_ALLOC sections. This may have once been safe, as find_sec skips non-SHF_ALLOC sections, but find_any_sec, which will be used to load BTF if that is enabled, ignores the SHF_ALLOC flag. Since there's no need to support invalid section names, validate all of them, not just SHF_ALLOC sections. 2. Section names were validated *after* accessing them for the purposes of detecting ".modinfo" and ".gnu.linkonce.this_module". They are now checked prior to the access, which could avoid bad accesses with malformed modules. Signed-off-by: Matthew Maurer --- kernel/module/main.c | 106 ++++++++++++++++++++++++++++--------------- 1 file changed, 69 insertions(+), 37 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index 467e35f0232a..473f1fb25de2 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -1822,6 +1822,71 @@ static int elf_validity_cache_sechdrs(struct load_info *info) return 0; } +/** + * elf_validity_cache_secstrings() - Caches section names if valid + * @info: Load info to cache section names from. Must have valid sechdrs. + * + * Specifically checks: + * + * * Section name table index is inbounds of section headers + * * Section name table is not empty + * * Section name table is NUL terminated + * * All section name offsets are inbounds of the section + * + * Then updates @info with a &load_info->secstrings pointer if valid. + * + * Return: %0 if valid, negative error code if validation failed. + */ +static int elf_validity_cache_secstrings(struct load_info *info) +{ + Elf_Shdr *strhdr, *shdr; + char *secstrings; + int i; + + /* + * Verify if the section name table index is valid. + */ + if (info->hdr->e_shstrndx == SHN_UNDEF + || info->hdr->e_shstrndx >= info->hdr->e_shnum) { + pr_err("Invalid ELF section name index: %d || e_shstrndx (%d) >= e_shnum (%d)\n", + info->hdr->e_shstrndx, info->hdr->e_shstrndx, + info->hdr->e_shnum); + return -ENOEXEC; + } + + strhdr = &info->sechdrs[info->hdr->e_shstrndx]; + + /* + * The section name table must be NUL-terminated, as required + * by the spec. This makes strcmp and pr_* calls that access + * strings in the section safe. + */ + secstrings = (void *)info->hdr + strhdr->sh_offset; + if (strhdr->sh_size == 0) { + pr_err("empty section name table\n"); + return -ENOEXEC; + } + if (secstrings[strhdr->sh_size - 1] != '\0') { + pr_err("ELF Spec violation: section name table isn't null terminated\n"); + return -ENOEXEC; + } + + for (i = 0; i < info->hdr->e_shnum; i++) { + shdr = &info->sechdrs[i]; + /* SHT_NULL means sh_name has an undefined value */ + if (shdr->sh_type == SHT_NULL) + continue; + if (shdr->sh_name >= strhdr->sh_size) { + pr_err("Invalid ELF section name in module (section %u type %u)\n", + i, shdr->sh_type); + return -ENOEXEC; + } + } + + info->secstrings = secstrings; + return 0; +} + /* * Check userspace passed ELF module against our expectations, and cache * useful variables for further processing as we go. @@ -1845,7 +1910,7 @@ static int elf_validity_cache_sechdrs(struct load_info *info) static int elf_validity_cache_copy(struct load_info *info, int flags) { unsigned int i; - Elf_Shdr *shdr, *strhdr; + Elf_Shdr *shdr; int err; unsigned int num_mod_secs = 0, mod_idx; unsigned int num_info_secs = 0, info_idx; @@ -1854,34 +1919,9 @@ static int elf_validity_cache_copy(struct load_info *info, int flags) err = elf_validity_cache_sechdrs(info); if (err < 0) return err; - - /* - * Verify if the section name table index is valid. - */ - if (info->hdr->e_shstrndx == SHN_UNDEF - || info->hdr->e_shstrndx >= info->hdr->e_shnum) { - pr_err("Invalid ELF section name index: %d || e_shstrndx (%d) >= e_shnum (%d)\n", - info->hdr->e_shstrndx, info->hdr->e_shstrndx, - info->hdr->e_shnum); - goto no_exec; - } - - strhdr = &info->sechdrs[info->hdr->e_shstrndx]; - - /* - * The section name table must be NUL-terminated, as required - * by the spec. This makes strcmp and pr_* calls that access - * strings in the section safe. - */ - info->secstrings = (void *)info->hdr + strhdr->sh_offset; - if (strhdr->sh_size == 0) { - pr_err("empty section name table\n"); - goto no_exec; - } - if (info->secstrings[strhdr->sh_size - 1] != '\0') { - pr_err("ELF Spec violation: section name table isn't null terminated\n"); - goto no_exec; - } + err = elf_validity_cache_secstrings(info); + if (err < 0) + return err; for (i = 1; i < info->hdr->e_shnum; i++) { shdr = &info->sechdrs[i]; @@ -1910,14 +1950,6 @@ static int elf_validity_cache_copy(struct load_info *info, int flags) num_info_secs++; info_idx = i; } - - if (shdr->sh_flags & SHF_ALLOC) { - if (shdr->sh_name >= strhdr->sh_size) { - pr_err("Invalid ELF section name in module (section %u type %u)\n", - i, shdr->sh_type); - return -ENOEXEC; - } - } break; } } From patchwork Tue Oct 15 23:16:39 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthew Maurer X-Patchwork-Id: 13837398 Received: from mail-yb1-f201.google.com (mail-yb1-f201.google.com [209.85.219.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D4BF91D63FE for ; Tue, 15 Oct 2024 23:17:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729034231; cv=none; b=iWEgBynS3QdfpopAiw8jg93CjTtv2kyAjyjjx4rHD5o1qkP1wpzkAqhJ0CS8xA8urQB6tPtPBhzHsg4oNqeollD/oVEA5uwzS8he2gbBzXIWzrPJrG9/AkMp7DU5UmtyfhxlIMsfVr1hcc4hY9/DOcR7vgJPzEab7Yft1n1C6BM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729034231; c=relaxed/simple; bh=keltVl7vYU9EPlcQRfVtCcny2Z6cQUk1MMTzAOK5SA8=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=dpKxv11BoNABFrpvYzVNf5QgEc6tzYHtw90ZbFNnznkGNDt3X0uKKoNXf7VikCZZKd51/aSqzRGdxY4vjS+Qjog688w3/+0f1mPtUSpOB7UiIckQDC4nWfC0Byh896SVtRAGEIte7OQs3HanQ3d3K6P7pekypJn4H15MGFiNjLI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=MDUpd6ZD; arc=none smtp.client-ip=209.85.219.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="MDUpd6ZD" Received: by mail-yb1-f201.google.com with SMTP id 3f1490d57ef6-e0b8fa94718so8420426276.0 for ; Tue, 15 Oct 2024 16:17:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1729034229; x=1729639029; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=TQYiDylULU1Fc0U45JVmZV1jTxB4Hv3WLTHptCyQE2g=; b=MDUpd6ZDW/46H5uih+sC5p0hbH+2TgiHDd5ZjVFgDcb2zdy9YVya/9UAGy4BmVz8hu 7hjbr/8LObxT2x9Mok7YHG9ad6nuauL2tU83okr6JdyuWjCOLsrYgAwg5oKpqtZ2DMDs 4LwiX5Pln9KZLIuEzdCkL3bjGymYlT5BzKBtUGO2RelAlJt8x1cX/ONLa6+6EFV5AknT zP6dbSwovGRYvqLpazrx5xJqVd2+lVuQP1BnZYtULu22VZaOHA01DOvBBNK2WyBJmDaJ 897CoHTnr90hTi5ZhUjALuzFQQU8fdPb77wYNfzrsB3JSUsSm8fb0fq+b+hDB7ioNRKs geBg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729034229; x=1729639029; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=TQYiDylULU1Fc0U45JVmZV1jTxB4Hv3WLTHptCyQE2g=; b=MRrk6b1VCu8LAolHoOdSsPXsrBFvg3ybpFIPsc/AWmTBSF0rcMtP4z5+Uap8jhGeQT k6Nyvmqfrsza734kKwMx0HMXOdjE/5BSMYKrSj8O8L+zt7UOP2zeYwsE+ng+x4UQMpJ2 WIWt+wc3mqk0RM8zTvgfpOr6XzHM1wz5ME03xGY1PO01URMTfREvuUV2MWG4S8WqgwvZ TLxM8n6miA5I3hO71k6InDTrCB4RUb9ANSieMkhrq2MFSo+5AiNamz4d9YYfGdChipEI qM3ueQuorTik4SwvuJ3yOj45tAG/Z6htD/zArxJ1oG6av3hTsAATwU3llVv+51WNL0Bx 4UeA== X-Forwarded-Encrypted: i=1; AJvYcCVxgH6Muh7bvn+XitILchdHmyL6XPZbYUEOClMApduizEXRh6twwPJp5P7QwdFmfUZpTzdm3sI9u7RkSgG/@vger.kernel.org X-Gm-Message-State: AOJu0YyWg3sG9j5ze74sJqFHtqdwkxFfy/6mYi/q25ZcHdl1etEUXeBa ueckyuNqUA43M6c4ANfEm60BX7Dlo90XpGZWu///CzAS5vjnLPNETFRLctF9VqS4ZMouJDQ9xBl fPVfQtg== X-Google-Smtp-Source: AGHT+IESRWGhdP/DVUgoBjA23GTWDfK0rZz9759983ENQNbLXCK4xnlPImOdO8gU18zMbWXRCEMfPIx3Zu6o X-Received: from anyblade.c.googlers.com ([fda3:e722:ac3:cc00:20:ed76:c0a8:1791]) (user=mmaurer job=sendgmr) by 2002:a25:68d4:0:b0:e28:f454:7de5 with SMTP id 3f1490d57ef6-e297855147cmr1515276.6.1729034228858; Tue, 15 Oct 2024 16:17:08 -0700 (PDT) Date: Tue, 15 Oct 2024 23:16:39 +0000 In-Reply-To: <20241015231651.3851138-1-mmaurer@google.com> Precedence: bulk X-Mailing-List: linux-modules@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241015231651.3851138-1-mmaurer@google.com> X-Mailer: git-send-email 2.47.0.rc1.288.g06298d1525-goog Message-ID: <20241015231651.3851138-6-mmaurer@google.com> Subject: [PATCH 05/12] module: Factor out elf_validity_cache_index_info From: Matthew Maurer To: mcgrof@kernel.org Cc: linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, samitolvanen@google.com, Matthew Maurer , Petr Pavlu , Daniel Gomez Centralize .modinfo detection and property validation. Signed-off-by: Matthew Maurer --- kernel/module/main.c | 82 ++++++++++++++++++++++++++++++++++++-------- 1 file changed, 68 insertions(+), 14 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index 473f1fb25de2..6747cbc774b0 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -195,6 +195,38 @@ static unsigned int find_sec(const struct load_info *info, const char *name) return 0; } +/** + * find_any_unique_sec() - Find a unique section index by name + * @info: Load info for the module to scan + * @name: Name of the section we're looking for + * + * Locates a unique section by name. Ignores SHF_ALLOC. + * + * Return: Section index if found uniquely, zero if absent, negative count + * of total instances if multiple were found. + */ +static int find_any_unique_sec(const struct load_info *info, const char *name) +{ + unsigned int idx; + unsigned int count = 0; + int i; + + for (i = 1; i < info->hdr->e_shnum; i++) { + if (strcmp(info->secstrings + info->sechdrs[i].sh_name, + name) == 0) { + count++; + idx = i; + } + } + if (count == 1) { + return idx; + } else if (count == 0) { + return 0; + } else { + return -count; + } +} + /* Find a module section, or NULL. */ static void *section_addr(const struct load_info *info, const char *name) { @@ -1887,6 +1919,39 @@ static int elf_validity_cache_secstrings(struct load_info *info) return 0; } +/** + * elf_validity_cache_index_info() - Validate and cache modinfo section + * @info: Load info to populate the modinfo index on. + * Must have &load_info->sechdrs and &load_info->secstrings populated + * + * Checks that if there is a .modinfo section, it is unique. + * Then, it caches its index in &load_info->index.info. + * Finally, it tries to populate the name to improve error messages. + * + * Return: %0 if valid, %-ENOEXEC if multiple modinfo sections were found. + */ +static int elf_validity_cache_index_info(struct load_info *info) +{ + int info_idx; + + info_idx = find_any_unique_sec(info, ".modinfo"); + + if (info_idx == 0) + /* Early return, no .modinfo */ + return 0; + + if (info_idx < 0) { + pr_err("Only one .modinfo section must exist.\n"); + return -ENOEXEC; + } + + info->index.info = info_idx; + /* Try to find a name early so we can log errors with a module name */ + info->name = get_modinfo(info, "name"); + + return 0; +} + /* * Check userspace passed ELF module against our expectations, and cache * useful variables for further processing as we go. @@ -1913,13 +1978,15 @@ static int elf_validity_cache_copy(struct load_info *info, int flags) Elf_Shdr *shdr; int err; unsigned int num_mod_secs = 0, mod_idx; - unsigned int num_info_secs = 0, info_idx; unsigned int num_sym_secs = 0, sym_idx; err = elf_validity_cache_sechdrs(info); if (err < 0) return err; err = elf_validity_cache_secstrings(info); + if (err < 0) + return err; + err = elf_validity_cache_index_info(info); if (err < 0) return err; @@ -1945,24 +2012,11 @@ static int elf_validity_cache_copy(struct load_info *info, int flags) ".gnu.linkonce.this_module") == 0) { num_mod_secs++; mod_idx = i; - } else if (strcmp(info->secstrings + shdr->sh_name, - ".modinfo") == 0) { - num_info_secs++; - info_idx = i; } break; } } - if (num_info_secs > 1) { - pr_err("Only one .modinfo section must exist.\n"); - goto no_exec; - } else if (num_info_secs == 1) { - /* Try to find a name early so we can log errors with a module name */ - info->index.info = info_idx; - info->name = get_modinfo(info, "name"); - } - if (num_sym_secs != 1) { pr_warn("%s: module has no symbols (stripped?)\n", info->name ?: "(missing .modinfo section or name field)"); From patchwork Tue Oct 15 23:16:40 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthew Maurer X-Patchwork-Id: 13837399 Received: from mail-yb1-f201.google.com (mail-yb1-f201.google.com [209.85.219.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CE3011FDF9C for ; Tue, 15 Oct 2024 23:17:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729034233; cv=none; b=Jb4OhkAkyDXpH1SX2Yhhrrl58IwmfeZqWtlJCHzCl9/K7os8AEACoIVZM91Xls5AR4QTJMdqJ66jzOkKGGSK9aPqhMuKIpvGlhackxDWS1TEMVK6h+nYcVzQPlR5I2Z0b84DIIAyjiPkg4jejomMWJDGYFHePaz6wH1Ka9mI9cw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729034233; c=relaxed/simple; bh=XJb8GC1WAknzucT2QTWdPk2p/Ah0/usyy4/JqpeqgqY=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=mG3K96TjtFykr7qw5aLDSZS7WfCHVNPlmUckUOP7ZCeslyNWo0YMwnZ+iJU9GDrB3qx/4K0787KtGC6pUsgDiWwNbcuRH94E8ol6tJ7usUPqlr8PDwPwewG1QLVD5ZJKnAyoKA05jUlxusOmmSSSIDplhXG22KSDoravURWP+B0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=TWdPjvFc; arc=none smtp.client-ip=209.85.219.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="TWdPjvFc" Received: by mail-yb1-f201.google.com with SMTP id 3f1490d57ef6-e292a6bdd72so6629063276.0 for ; Tue, 15 Oct 2024 16:17:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1729034231; x=1729639031; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=Z5/P7PU9aN7A7FFAWIBfgCyglKPdadfqEBvM4ZLHjr8=; b=TWdPjvFcxbbZxe5pCEVt3skTpH90BrIXPLyRDfZEjsq/lQmqIGLnupqjl3lnRIQIad ICLrcpN/IYNTeGPMXqWCffiCo6U7Uz+EdsGpIalLsYqKFoMD7enkHHT1q7Q/+VD1LLRv VnEC7XbvFV0ngrqoUoN8ybeV/f43La0NizowOyukYnY6/PnfjOh6Fr0NwbVVYUKZ2d5r Po7oV+xBvYoQWfblGuloTorS/WR8GbNAvVVaSeQfvpxHTleN7phazlQBI4xC/jB10odi aSuGPUiWAgBfNh6TPV5IBhbqlrui2DlDYhD7odEOg7dVhjmB1ms+HHiLz+ev++HFEllR S3aQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729034231; x=1729639031; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Z5/P7PU9aN7A7FFAWIBfgCyglKPdadfqEBvM4ZLHjr8=; b=uB1B5FM+9dlfnNiWWu65umX2YIdq73qjQfEA52YDiS0bvbJxIpTlIhfyFSr8+PX59i EHaV/SXENxPMkRzT7pzK43xs0/aoxLVDi48DKFjRLE2rjC3p2CNSonamUd8u34qIrAN5 z8nc+xKbL8HhNVby7+qh8H3QNrqJFPFQlAo8hA7oUgulLSOVnvcgLzZMiPFbyvxzLHw9 l70nSVrLiE+exHW1JpNBfODFXobb5FP0pjpRAOlhVhbJBpD3YwxOabPXvZtEaRQLMvuB Cl09/cs2bFLdAsJuwCNiUhrrGQUdZtjqbB+X10cQRmcF1J30xicN4XzIcfdQMEGMVX17 hKYg== X-Forwarded-Encrypted: i=1; AJvYcCX065VoDxx0XGoosaywDH+8+/dZhk1PtS9i0m+0Bcj6pVbcayJnPx0G9xMxcaHNEvCxFI5FDBtMqHqMNQ+H@vger.kernel.org X-Gm-Message-State: AOJu0Yz3PTA81x4fTqhKLSO7dn5sK8st07uEC9Pq6cUBCTBXHvk1Mqq9 /Tnfhz0g+zXquE8jPeLX/vc46hMVtjiu9tTbJSVOWOBtPGrYwpq19yz67eoeaZcalSvPX9DlZde sWtL7yQ== X-Google-Smtp-Source: AGHT+IHlcOSiFpgrtgTMZf7XD1aoOu7CIo6sCmkumbM59IPTWcpoaqCvBof0VvqlLZjwyxA/2OD2PgVfqjC/ X-Received: from anyblade.c.googlers.com ([fda3:e722:ac3:cc00:20:ed76:c0a8:1791]) (user=mmaurer job=sendgmr) by 2002:a25:6b43:0:b0:e1d:2043:da46 with SMTP id 3f1490d57ef6-e29782f3106mr1614276.3.1729034230807; Tue, 15 Oct 2024 16:17:10 -0700 (PDT) Date: Tue, 15 Oct 2024 23:16:40 +0000 In-Reply-To: <20241015231651.3851138-1-mmaurer@google.com> Precedence: bulk X-Mailing-List: linux-modules@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241015231651.3851138-1-mmaurer@google.com> X-Mailer: git-send-email 2.47.0.rc1.288.g06298d1525-goog Message-ID: <20241015231651.3851138-7-mmaurer@google.com> Subject: [PATCH 06/12] module: Factor out elf_validity_cache_index_mod From: Matthew Maurer To: mcgrof@kernel.org Cc: linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, samitolvanen@google.com, Matthew Maurer , Petr Pavlu , Daniel Gomez Centralize .gnu.linkonce.this_module detection and property validation. Signed-off-by: Matthew Maurer --- kernel/module/main.c | 129 ++++++++++++++++++++++--------------------- 1 file changed, 67 insertions(+), 62 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index 6747cbc774b0..b633347d5d98 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -1952,6 +1952,68 @@ static int elf_validity_cache_index_info(struct load_info *info) return 0; } +/** + * elf_validity_cache_index_mod() - Validates and caches this_module section + * @info: Load info to cache this_module on. + * Must have &load_info->sechdrs and &load_info->secstrings populated + * + * The ".gnu.linkonce.this_module" ELF section is special. It is what modpost + * uses to refer to __this_module and let's use rely on THIS_MODULE to point + * to &__this_module properly. The kernel's modpost declares it on each + * modules's *.mod.c file. If the struct module of the kernel changes a full + * kernel rebuild is required. + * + * We have a few expectations for this special section, this function + * validates all this for us: + * + * * The section has contents + * * The section is unique + * * We expect the kernel to always have to allocate it: SHF_ALLOC + * * The section size must match the kernel's run time's struct module + * size + * + * If all checks pass, the index will be cached in &load_info->index.mod + * + * Return: %0 on validation success, %-ENOEXEC on failure + */ +static int elf_validity_cache_index_mod(struct load_info *info) +{ + Elf_Shdr *shdr; + int mod_idx; + + mod_idx = find_any_unique_sec(info, ".gnu.linkonce.this_module"); + if (mod_idx <= 0) { + pr_err("module %s: Exactly one .gnu.linkonce.this_module section must exist.\n", + info->name ?: "(missing .modinfo section or name field)"); + return -ENOEXEC; + } + + shdr = &info->sechdrs[mod_idx]; + + if (shdr->sh_type == SHT_NOBITS) { + pr_err("module %s: .gnu.linkonce.this_module section must have a size set\n", + info->name ?: "(missing .modinfo section or name field)"); + return -ENOEXEC; + } + + if (!(shdr->sh_flags & SHF_ALLOC)) { + pr_err("module %s: .gnu.linkonce.this_module must occupy memory during process execution\n", + info->name ?: "(missing .modinfo section or name field)"); + return -ENOEXEC; + } + + if (shdr->sh_size != sizeof(struct module)) { + pr_err("module %s: .gnu.linkonce.this_module section size must match the kernel's built struct module size at run time\n", + info->name ?: "(missing .modinfo section or name field)"); + return -ENOEXEC; + } + + info->index.mod = mod_idx; + + return 0; +} + + /* * Check userspace passed ELF module against our expectations, and cache * useful variables for further processing as we go. @@ -1977,7 +2039,6 @@ static int elf_validity_cache_copy(struct load_info *info, int flags) unsigned int i; Elf_Shdr *shdr; int err; - unsigned int num_mod_secs = 0, mod_idx; unsigned int num_sym_secs = 0, sym_idx; err = elf_validity_cache_sechdrs(info); @@ -1987,16 +2048,15 @@ static int elf_validity_cache_copy(struct load_info *info, int flags) if (err < 0) return err; err = elf_validity_cache_index_info(info); + if (err < 0) + return err; + err = elf_validity_cache_index_mod(info); if (err < 0) return err; for (i = 1; i < info->hdr->e_shnum; i++) { shdr = &info->sechdrs[i]; - switch (shdr->sh_type) { - case SHT_NULL: - case SHT_NOBITS: - continue; - case SHT_SYMTAB: + if (shdr->sh_type == SHT_SYMTAB) { if (shdr->sh_link == SHN_UNDEF || shdr->sh_link >= info->hdr->e_shnum) { pr_err("Invalid ELF sh_link!=SHN_UNDEF(%d) or (sh_link(%d) >= hdr->e_shnum(%d)\n", @@ -2006,14 +2066,6 @@ static int elf_validity_cache_copy(struct load_info *info, int flags) } num_sym_secs++; sym_idx = i; - fallthrough; - default: - if (strcmp(info->secstrings + shdr->sh_name, - ".gnu.linkonce.this_module") == 0) { - num_mod_secs++; - mod_idx = i; - } - break; } } @@ -2029,55 +2081,8 @@ static int elf_validity_cache_copy(struct load_info *info, int flags) info->index.str = shdr->sh_link; info->strtab = (char *)info->hdr + info->sechdrs[info->index.str].sh_offset; - /* - * The ".gnu.linkonce.this_module" ELF section is special. It is - * what modpost uses to refer to __this_module and let's use rely - * on THIS_MODULE to point to &__this_module properly. The kernel's - * modpost declares it on each modules's *.mod.c file. If the struct - * module of the kernel changes a full kernel rebuild is required. - * - * We have a few expectaions for this special section, the following - * code validates all this for us: - * - * o Only one section must exist - * o We expect the kernel to always have to allocate it: SHF_ALLOC - * o The section size must match the kernel's run time's struct module - * size - */ - if (num_mod_secs != 1) { - pr_err("module %s: Only one .gnu.linkonce.this_module section must exist.\n", - info->name ?: "(missing .modinfo section or name field)"); - goto no_exec; - } - - shdr = &info->sechdrs[mod_idx]; - - /* - * This is already implied on the switch above, however let's be - * pedantic about it. - */ - if (shdr->sh_type == SHT_NOBITS) { - pr_err("module %s: .gnu.linkonce.this_module section must have a size set\n", - info->name ?: "(missing .modinfo section or name field)"); - goto no_exec; - } - - if (!(shdr->sh_flags & SHF_ALLOC)) { - pr_err("module %s: .gnu.linkonce.this_module must occupy memory during process execution\n", - info->name ?: "(missing .modinfo section or name field)"); - goto no_exec; - } - - if (shdr->sh_size != sizeof(struct module)) { - pr_err("module %s: .gnu.linkonce.this_module section size must match the kernel's built struct module size at run time\n", - info->name ?: "(missing .modinfo section or name field)"); - goto no_exec; - } - - info->index.mod = mod_idx; - /* This is temporary: point mod into copy of data. */ - info->mod = (void *)info->hdr + shdr->sh_offset; + info->mod = (void *)info->hdr + info->sechdrs[info->index.mod].sh_offset; /* * If we didn't load the .modinfo 'name' field earlier, fall back to From patchwork Tue Oct 15 23:16:41 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthew Maurer X-Patchwork-Id: 13837400 Received: from mail-yw1-f202.google.com (mail-yw1-f202.google.com [209.85.128.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DAF091FDFBF for ; Tue, 15 Oct 2024 23:17:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729034235; cv=none; b=XXHn8IcvRkqvsudD0QFzAwzxnoDn7L4pFwEszxssEbNKdzsl5FQSAPr+AnLqKhOwepWkwRQM/giKNBputQp8Q6n1lKcf1jcp0zfl1XEekfol2DVcRFb2Bezag+zodq3idKNPMBIA5ULZMMxSsfwcJ3nRVXRD4OmczkCIcYWinSs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729034235; c=relaxed/simple; bh=IoH7pzgf0vRG81KSc64PH526sZjBPee8CO7MjeLtc0Y=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=nfKg5x2z1v8v7JM2O34jlI6/ne5k6ZlFd91pL5IMdLoOVae8F91fpM1nSj0oAyaVyH8brbKetII9P8tSob2LDjBYYR+Y+ii+HgtKBrmghMsQMSvxB7yC564ZSfLw33KwfUKtCR+OIH0QZkYeviI5NJuWylnG2YWRKzwesStaDpg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Z69UuG6m; arc=none smtp.client-ip=209.85.128.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Z69UuG6m" Received: by mail-yw1-f202.google.com with SMTP id 00721157ae682-6e000d68bb1so4263297b3.1 for ; Tue, 15 Oct 2024 16:17:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1729034233; x=1729639033; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=719H0QwRK260v2OWeLynQ1hn1vTZVWJ8dOTdLhhDG88=; b=Z69UuG6m70uqmnEcK9+h3Z4w+uXySDKybz7231PjCfbLDIlK3Xx7KBr0l94VQzwNVz 02Q+lIN2oWS4wQZQhqFLt53+q3+Tr2FM4yQERh7+1YlweF+4s48AH7kNfvKs4ga0Vr6T E5uwNIRHPQsvTmKrhIwQ0lSGgsRtPVD38yYlSSSpMz2g6xsP86y3egkVJiqXrUahyojb U4aNitZ+Bub0t7bmNrZtTGKt3wi+bOvysI2ErQ21QgmGhM0UHsn+MAP9HZUP16EadHnE 7NIB8JjxA5H614BXxm5EatDEEgt6f74OrhYFYorKfb1VXZ56Df5YlxEEojRWoI1vZoyC 47Hw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729034233; x=1729639033; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=719H0QwRK260v2OWeLynQ1hn1vTZVWJ8dOTdLhhDG88=; b=ef6cvGzXHS9FXBP0YSq4Y4wMYQS9WOFn/aonHL2n83NyEJnH9k308JMDBSmWz60zb2 gulVmfJToXJ2mcqHMN78HI0pnuvgP57rB9yrzdYgd4H+joOt3AiUyPBStp5UgJ6of/W/ +C6Kz1hn3RXN1s4x+3jA2ZpAP8hY8t2etC/T4ErfsGaNst8j6V2pCEK0K2Ze8xGjrgQ5 0wEd0mXHULsuducNuvog1UkXs2EA6Ysf4zLA5yodjKYmI4MFLCqyl88Jf1hdKAhAeolq RLVtrmZO0aqg3m/50upvTjv5+P15nhTwtxGCOc6GCh8c7CMUMFDmPH3Lkot+U+5NL9fQ +U4g== X-Forwarded-Encrypted: i=1; AJvYcCURtF2pR4E6BvZgiT2JhGUWXwTIhPM/VShjcSnH4X2sWfdUn45Y/PAAEegCxTheaLTYbCUWziV8U+HHEs/u@vger.kernel.org X-Gm-Message-State: AOJu0YwSLmyj2uRd6Jy2cFTc2lGAbcaAvshuZJ2Uu9eS/jdaDJkyYSP2 6PNS8yd1e2cTYcplRR5qq0DH0aRSwwGCEKVLD4KQ7DzinVkQr0IYzVxLndhwthSBEjecd0BeITu urLRJ3g== X-Google-Smtp-Source: AGHT+IFVoc/78thbQxUF8y16OnSrdHo3E4CbWYdabzTsfLPOZQvqyCxP9i6oAH1nir8Og6g/hirEotZrgmAw X-Received: from anyblade.c.googlers.com ([fda3:e722:ac3:cc00:20:ed76:c0a8:1791]) (user=mmaurer job=sendgmr) by 2002:a25:ad42:0:b0:e28:fdd7:bb27 with SMTP id 3f1490d57ef6-e2977517616mr11736276.3.1729034232869; Tue, 15 Oct 2024 16:17:12 -0700 (PDT) Date: Tue, 15 Oct 2024 23:16:41 +0000 In-Reply-To: <20241015231651.3851138-1-mmaurer@google.com> Precedence: bulk X-Mailing-List: linux-modules@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241015231651.3851138-1-mmaurer@google.com> X-Mailer: git-send-email 2.47.0.rc1.288.g06298d1525-goog Message-ID: <20241015231651.3851138-8-mmaurer@google.com> Subject: [PATCH 07/12] module: Factor out elf_validity_cache_index_sym From: Matthew Maurer To: mcgrof@kernel.org Cc: linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, samitolvanen@google.com, Matthew Maurer , Petr Pavlu , Daniel Gomez Centralize symbol table detection and property validation. Signed-off-by: Matthew Maurer --- kernel/module/main.c | 73 ++++++++++++++++++++++++++------------------ 1 file changed, 44 insertions(+), 29 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index b633347d5d98..955746649f37 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -2013,6 +2013,39 @@ static int elf_validity_cache_index_mod(struct load_info *info) return 0; } +/** + * elf_validity_cache_index_sym() - Validate and cache symtab index + * @info: Load info to cache symtab index in. + * Must have &load_info->sechdrs and &load_info->secstrings populated. + * + * Checks that there is exactly one symbol table, then caches its index in + * &load_info->index.sym. + * + * Return: %0 if valid, %-ENOEXEC on failure. + */ +static int elf_validity_cache_index_sym(struct load_info *info) +{ + unsigned int sym_idx; + unsigned int num_sym_secs = 0; + int i; + + for (i = 1; i < info->hdr->e_shnum; i++) { + if (info->sechdrs[i].sh_type == SHT_SYMTAB) { + num_sym_secs++; + sym_idx = i; + } + } + + if (num_sym_secs != 1) { + pr_warn("%s: module has no symbols (stripped?)\n", + info->name ?: "(missing .modinfo section or name field)"); + return -ENOEXEC; + } + + info->index.sym = sym_idx; + + return 0; +} /* * Check userspace passed ELF module against our expectations, and cache @@ -2036,10 +2069,8 @@ static int elf_validity_cache_index_mod(struct load_info *info) */ static int elf_validity_cache_copy(struct load_info *info, int flags) { - unsigned int i; - Elf_Shdr *shdr; int err; - unsigned int num_sym_secs = 0, sym_idx; + int str_idx; err = elf_validity_cache_sechdrs(info); if (err < 0) @@ -2051,34 +2082,21 @@ static int elf_validity_cache_copy(struct load_info *info, int flags) if (err < 0) return err; err = elf_validity_cache_index_mod(info); + if (err < 0) + return err; + err = elf_validity_cache_index_sym(info); if (err < 0) return err; - for (i = 1; i < info->hdr->e_shnum; i++) { - shdr = &info->sechdrs[i]; - if (shdr->sh_type == SHT_SYMTAB) { - if (shdr->sh_link == SHN_UNDEF - || shdr->sh_link >= info->hdr->e_shnum) { - pr_err("Invalid ELF sh_link!=SHN_UNDEF(%d) or (sh_link(%d) >= hdr->e_shnum(%d)\n", - shdr->sh_link, shdr->sh_link, - info->hdr->e_shnum); - goto no_exec; - } - num_sym_secs++; - sym_idx = i; - } - } - - if (num_sym_secs != 1) { - pr_warn("%s: module has no symbols (stripped?)\n", - info->name ?: "(missing .modinfo section or name field)"); - goto no_exec; + str_idx = info->sechdrs[info->index.sym].sh_link; + if (str_idx == SHN_UNDEF || str_idx >= info->hdr->e_shnum) { + pr_err("Invalid ELF sh_link!=SHN_UNDEF(%d) or (sh_link(%d) >= hdr->e_shnum(%d)\n", + str_idx, str_idx, info->hdr->e_shnum); + return -ENOEXEC; } - /* Sets internal symbols and strings. */ - info->index.sym = sym_idx; - shdr = &info->sechdrs[sym_idx]; - info->index.str = shdr->sh_link; + /* Sets internal strings. */ + info->index.str = str_idx; info->strtab = (char *)info->hdr + info->sechdrs[info->index.str].sh_offset; /* This is temporary: point mod into copy of data. */ @@ -2099,9 +2117,6 @@ static int elf_validity_cache_copy(struct load_info *info, int flags) info->index.pcpu = find_pcpusec(info); return 0; - -no_exec: - return -ENOEXEC; } #define COPY_CHUNK_SIZE (16*PAGE_SIZE) From patchwork Tue Oct 15 23:16:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthew Maurer X-Patchwork-Id: 13837401 Received: from mail-yb1-f202.google.com (mail-yb1-f202.google.com [209.85.219.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EBD2B1E00BE for ; Tue, 15 Oct 2024 23:17:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729034237; cv=none; b=hig6z6vE4aTwWwgntcSuffnBb7G9gCo5GoBfdTpClF3o+/Sfi+xcPvoaOkhQdD/4utV3XR8ggZ5Hc+H0htSEw7kQ1JhVoQB2vukM7Vr5nAUHxng9KL4/W2RoFFhWrSy4RSWAcodRQeVzlmqG22YIncLvtzYsVQRiGWGHWwro9PM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729034237; c=relaxed/simple; bh=iMTvib7F3dkpDDwL6WKTDohEIppYFDaWToaRVYH6puY=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=qcjntUDOkv/jqxikNq8syfmP9SlIkvD+ljDoSeraazrdrdWasWyByMzEPcLZtfcEOzJYqXUhYbuIcXdTK31iBFC3Ha341qo5ZCzRvAZ73eABERP8TwEsOz7vt/oZyQTHAvCF41biKzj4xMnneDu+/36taoItekzWNRJUcjJl9xQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=bgAbtCk8; arc=none smtp.client-ip=209.85.219.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="bgAbtCk8" Received: by mail-yb1-f202.google.com with SMTP id 3f1490d57ef6-e2605ce4276so10730307276.3 for ; Tue, 15 Oct 2024 16:17:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1729034235; x=1729639035; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=LEQ+ZejxpX7NgK9KNR6MMy0vwkxaNZHr6sUUOlvqX4A=; b=bgAbtCk8K+t86CQRTY47TlDkErpaAiflYSmITarBmU/FrZjtLdaQOQ+OgQY4FYKP0y KVrjaJF7z0qxSnQkkSggNQvYp2I00oVrIdLRTu87CrNei5EzaKefl+sruN1m4kfPokv5 xmWsjHlYelWUVfbMZW6aDcVEuSWUcHu3otUFP1rjMr4t2EakPJMnpDP+nNpgixLMrtur w5RkDfBao6kABOU66mga3ZHMQhx/1qMJlMx+pmqyINhwEcpmfM/hoi8phyNZS67u7tH5 cY0IY39LTB4Jm7JNgCgME0a5BaD3FlS/18kK8hvkipHx3vAXLKPF6WAwdmK48OnzWsi4 mOEg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729034235; x=1729639035; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=LEQ+ZejxpX7NgK9KNR6MMy0vwkxaNZHr6sUUOlvqX4A=; b=o3d/4t2rt/dBESSrUzDoghkgDE22JpNXi3kn4A8bhZblO2HACxFgS0v+tqWnXNiNMg lcIFpfbU5JJi305ie6zFh39OnPsblMNILn8LOr7fCpZ1ddhlgGyriomKvzhkpixZzwgz tQ4jIBHsXn6mfvHm9nQJQEqTQf+Fz8kv3PirC8kzxkuItxFSLHdK4dn2YOS2j1oBDwXs MOETVg8sX2glGjo7v02GUcPmI7D7qHQD/XzsZqiWjI6h82n9xqIl8aHJGPDdx5t65Boh e6IZFDbYffDu//tbYfSfeZmnEu+zOmUxc/1jAs3Eray0KUywjuCfNxlOcvIS0rCJc1cG DZeQ== X-Forwarded-Encrypted: i=1; AJvYcCX6n+3nU6RKslNHL/KgGSR0ITWt/weJcZakHEeNfqrlyOgazjbpDpLOR/aHMH7TUIL3MC42StIRqCpai7QA@vger.kernel.org X-Gm-Message-State: AOJu0YzAdf2EB/EUIXc8GkG88V9UzMfr9jzuh37/5K4VWIqC3iGRWfiA FhUrJbw7oH9fnqMmczv5+bR6wo3QwIf4M5S/Qpa+JGVgDN7Eb/Ff1a/BvAv9X0Ks6bapGaDtNKm 8/cQ2gQ== X-Google-Smtp-Source: AGHT+IFEb1A4zshho6J3INntrbo6VVyAUQkYlnk9sPxI4pRfxvsDhI95XyVYv09ejjcvutWvtOoxTc0vMwAx X-Received: from anyblade.c.googlers.com ([fda3:e722:ac3:cc00:20:ed76:c0a8:1791]) (user=mmaurer job=sendgmr) by 2002:a25:a287:0:b0:e28:fdfc:b788 with SMTP id 3f1490d57ef6-e2978597020mr1157276.9.1729034234867; Tue, 15 Oct 2024 16:17:14 -0700 (PDT) Date: Tue, 15 Oct 2024 23:16:42 +0000 In-Reply-To: <20241015231651.3851138-1-mmaurer@google.com> Precedence: bulk X-Mailing-List: linux-modules@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241015231651.3851138-1-mmaurer@google.com> X-Mailer: git-send-email 2.47.0.rc1.288.g06298d1525-goog Message-ID: <20241015231651.3851138-9-mmaurer@google.com> Subject: [PATCH 08/12] module: Factor out elf_validity_cache_index_str From: Matthew Maurer To: mcgrof@kernel.org Cc: linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, samitolvanen@google.com, Matthew Maurer , Petr Pavlu , Daniel Gomez Pull out index validation for the symbol string section. Note that this does not validate the *contents* of the string table, only shape and presence of the section. Signed-off-by: Matthew Maurer --- kernel/module/main.c | 37 ++++++++++++++++++++++++++++--------- 1 file changed, 28 insertions(+), 9 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index 955746649f37..a6bed293d97b 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -2047,6 +2047,31 @@ static int elf_validity_cache_index_sym(struct load_info *info) return 0; } +/** + * elf_validity_cache_index_str() - Validate and cache strtab index + * @info: Load info to cache strtab index in. + * Must have &load_info->sechdrs and &load_info->secstrings populated. + * Must have &load_info->index.sym populated. + * + * Looks at the symbol table's associated string table, makes sure it is + * in-bounds, and caches it. + * + * Return: %0 if valid, %-ENOEXEC on failure. + */ +static int elf_validity_cache_index_str(struct load_info *info) +{ + unsigned int str_idx = info->sechdrs[info->index.sym].sh_link; + + if (str_idx == SHN_UNDEF || str_idx >= info->hdr->e_shnum) { + pr_err("Invalid ELF sh_link!=SHN_UNDEF(%d) or (sh_link(%d) >= hdr->e_shnum(%d)\n", + str_idx, str_idx, info->hdr->e_shnum); + return -ENOEXEC; + } + + info->index.str = str_idx; + return 0; +} + /* * Check userspace passed ELF module against our expectations, and cache * useful variables for further processing as we go. @@ -2070,7 +2095,6 @@ static int elf_validity_cache_index_sym(struct load_info *info) static int elf_validity_cache_copy(struct load_info *info, int flags) { int err; - int str_idx; err = elf_validity_cache_sechdrs(info); if (err < 0) @@ -2087,16 +2111,11 @@ static int elf_validity_cache_copy(struct load_info *info, int flags) err = elf_validity_cache_index_sym(info); if (err < 0) return err; - - str_idx = info->sechdrs[info->index.sym].sh_link; - if (str_idx == SHN_UNDEF || str_idx >= info->hdr->e_shnum) { - pr_err("Invalid ELF sh_link!=SHN_UNDEF(%d) or (sh_link(%d) >= hdr->e_shnum(%d)\n", - str_idx, str_idx, info->hdr->e_shnum); - return -ENOEXEC; - } + err = elf_validity_cache_index_str(info); + if (err < 0) + return err; /* Sets internal strings. */ - info->index.str = str_idx; info->strtab = (char *)info->hdr + info->sechdrs[info->index.str].sh_offset; /* This is temporary: point mod into copy of data. */ From patchwork Tue Oct 15 23:16:43 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthew Maurer X-Patchwork-Id: 13837402 Received: from mail-yb1-f201.google.com (mail-yb1-f201.google.com [209.85.219.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C52461FF02B for ; Tue, 15 Oct 2024 23:17:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729034239; cv=none; b=KjUP4gKKnrjYivmVaJfEeLaXfOlLBTB3SKGOYTQ3drBbH45hBf2Dng2fH9C6dGDjO8Ne3hxb85XPK2rHvO8DyjtS4Sh7j6pnkgdwXAXACHsfxq0AZXQzHBVXUHxH1TjpSOmTp0wv3KrNAB0rF1ATMWbATn2WiDLmzRaRm+PUDQA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729034239; c=relaxed/simple; bh=hjDQXeiUX95J1QXpCz5oPWaRB52qH/la5DEMemSKDsg=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=kjSiiQ75CEOtV7STFT2fJpoEBgqoBEhhBZN6VuGZ/d+OnRDYTXG4ftYQVL+HgfhNOg2dikVLnAyL+ITeYLxyOGXNgI1tMRXsnnfMjVUHPPJuLWCsn0TDQgz7SKBbGzydmOwavUE36iOxggn+K30r5pE8UBoRnJitg531ITs9N/o= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=qR0cowVi; arc=none smtp.client-ip=209.85.219.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="qR0cowVi" Received: by mail-yb1-f201.google.com with SMTP id 3f1490d57ef6-e2954ada861so3835208276.3 for ; Tue, 15 Oct 2024 16:17:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1729034237; x=1729639037; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=1uwZjjsLk0MIG36tHEbuTh0oExV8i1gjaEov3sAmvfo=; b=qR0cowVijVl+7tBWjBpajUVhFgopifQqX9m1kqLycTJqCQyQawkaMg0jtnctU9ty1Z HcOI8dcLZEePBlV49ah2rKzypqySz8pNB7f+N8GKsccnR34YEhSyts9ULrPG3TluY9FZ fJVcRm3NPI4/dDMfFO0nK2azMBpbLuhwQZ0PiKASjPWHkzHSXn04GMdHpP49aCrD3One l5y7NBnpXQqtAcTxTXM2pNNzRQZy8t8+sFLjWARoTWHpjOusiUaCZ+0IBMGc712/dTGx zbIW7buXcfWBVgkC0Xwb43F6tGiZcfjd0nyeQcUE6YW5M+zFdg04X5ngd8rKTDcIZnrg s5qw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729034237; x=1729639037; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=1uwZjjsLk0MIG36tHEbuTh0oExV8i1gjaEov3sAmvfo=; b=eg604DURL925/idy5BTXOc1XTwe0/ND1clLAiCx7vKzcLj5NevmuJthG47WoeicF0+ iEgI4fgMvGWS2fhtehsoTDxP+7+Giy8b9+CRFssx4GTASRsnSZL4MWUswqcqIyt5KB/0 t/EBrLZoFHjPERnZKHOZDwKh1Uz2WpXd+H0O1WLh5E96LS+nwRUTRD9wUs4PVEicihih VgY3SUve1D/NHyz36PyMSbR06C1v1ABg7/XGJHIC/CYmuMhrJffXTTIcesshxJ91BV0M qWe7M/rbJeZY3YEQNttVsVqHeepI/RuDMcJ+f8hgQTXKTeKZK3KC6Mu/ywpWYqFY66cV i64w== X-Forwarded-Encrypted: i=1; AJvYcCW6/MiHD4Yz5i15rV+NbVatUOrVHBjrmYBIqzA+IVNCK3rK1yioLX6ca/b5Q/Jjo9wx2FM2yp+W76Y4bj0r@vger.kernel.org X-Gm-Message-State: AOJu0Yyf4qamAhkBSOhcUUB+TvqszGOh0k8PSCMTWojRDC9i4BOw13Yz v60uy8J+7W3dN//45e++jjSwL9Q+3aqhtrX23qezWfkPqgX9+quOtgZfj+lq+xZmIVDhbvlMtL9 quezUzA== X-Google-Smtp-Source: AGHT+IFgckrRNMXFF24rFhgTtnbQoAnZBnt81LEcyNJagNruc4+MU3SMi75f9nEJkDNi/O4B6WflF8vc2KSQ X-Received: from anyblade.c.googlers.com ([fda3:e722:ac3:cc00:20:ed76:c0a8:1791]) (user=mmaurer job=sendgmr) by 2002:a05:6902:112:b0:e29:7587:66db with SMTP id 3f1490d57ef6-e29782b20edmr2157276.2.1729034236773; Tue, 15 Oct 2024 16:17:16 -0700 (PDT) Date: Tue, 15 Oct 2024 23:16:43 +0000 In-Reply-To: <20241015231651.3851138-1-mmaurer@google.com> Precedence: bulk X-Mailing-List: linux-modules@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241015231651.3851138-1-mmaurer@google.com> X-Mailer: git-send-email 2.47.0.rc1.288.g06298d1525-goog Message-ID: <20241015231651.3851138-10-mmaurer@google.com> Subject: [PATCH 09/12] module: Group section index calculations together From: Matthew Maurer To: mcgrof@kernel.org Cc: linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, samitolvanen@google.com, Matthew Maurer , Petr Pavlu , Daniel Gomez Group all the index detection together to make the parent function easier to read. Signed-off-by: Matthew Maurer --- kernel/module/main.c | 68 +++++++++++++++++++++++++++++++++----------- 1 file changed, 51 insertions(+), 17 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index a6bed293d97b..f352c73b6f40 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -2072,6 +2072,56 @@ static int elf_validity_cache_index_str(struct load_info *info) return 0; } +/** + * elf_validity_cache_index() - Resolve, validate, cache section indices + * @info: Load info to read from and update. + * &load_info->sechdrs and &load_info->secstrings must be populated. + * @flags: Load flags, relevant to suppress version loading, see + * uapi/linux/module.h + * + * Populates &load_info->index, validating as it goes. + * See child functions for per-field validation: + * + * * elf_validity_cache_index_info() + * * elf_validity_cache_index_mod() + * * elf_validity_cache_index_sym() + * * elf_validity_cache_index_str() + * + * If versioning is not suppressed via flags, load the version index from + * a section called "__versions" with no validation. + * + * If CONFIG_SMP is enabled, load the percpu section by name with no + * validation. + * + * Return: 0 on success, negative error code if an index failed validation. + */ +static int elf_validity_cache_index(struct load_info *info, int flags) +{ + int err; + + err = elf_validity_cache_index_info(info); + if (err < 0) + return err; + err = elf_validity_cache_index_mod(info); + if (err < 0) + return err; + err = elf_validity_cache_index_sym(info); + if (err < 0) + return err; + err = elf_validity_cache_index_str(info); + if (err < 0) + return err; + + if (flags & MODULE_INIT_IGNORE_MODVERSIONS) + info->index.vers = 0; /* Pretend no __versions section! */ + else + info->index.vers = find_sec(info, "__versions"); + + info->index.pcpu = find_pcpusec(info); + + return 0; +} + /* * Check userspace passed ELF module against our expectations, and cache * useful variables for further processing as we go. @@ -2102,16 +2152,7 @@ static int elf_validity_cache_copy(struct load_info *info, int flags) err = elf_validity_cache_secstrings(info); if (err < 0) return err; - err = elf_validity_cache_index_info(info); - if (err < 0) - return err; - err = elf_validity_cache_index_mod(info); - if (err < 0) - return err; - err = elf_validity_cache_index_sym(info); - if (err < 0) - return err; - err = elf_validity_cache_index_str(info); + err = elf_validity_cache_index(info, flags); if (err < 0) return err; @@ -2128,13 +2169,6 @@ static int elf_validity_cache_copy(struct load_info *info, int flags) if (!info->name) info->name = info->mod->name; - if (flags & MODULE_INIT_IGNORE_MODVERSIONS) - info->index.vers = 0; /* Pretend no __versions section! */ - else - info->index.vers = find_sec(info, "__versions"); - - info->index.pcpu = find_pcpusec(info); - return 0; } From patchwork Tue Oct 15 23:16:44 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthew Maurer X-Patchwork-Id: 13837403 Received: from mail-yw1-f202.google.com (mail-yw1-f202.google.com [209.85.128.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D34231FF059 for ; Tue, 15 Oct 2024 23:17:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729034241; cv=none; b=uWoZNTi2KIylS93qNhEd4Mzs/sHnnqvAHyLcOIQPx0P4cW3sqksAgWDUzcZmzSmVBuZXHlGe+ErUVyVoNWnTgez4KT27TCLgzhig5XMLNjg51zCDyQaW/MAUm9alMDBZvRRiCnaXMJJVluZ6ZbrJf4ob39QAMtUe2ME05ASB+Nk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729034241; c=relaxed/simple; bh=kUK8aIbTJLs/ZpUSV/Sgdam8B7A+nd5Jkp5BRGlA5qk=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=QhDuGIaEjc0ZyzKiYV0QIkIl9J3Rfv90YjpmjarmJVQQmf7qrpZFVM8KfebGVtAeGi663+Gt26BL2WHve84gfLyDZr39X5H7ChIGeXAYEr04QEAoX2aKhm28saxmMsJ8oM5+QGP4MBc/gQzBJ2YaHI3kycxQWjyZONnrdp5HYd8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=1GZzfYY7; arc=none smtp.client-ip=209.85.128.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="1GZzfYY7" Received: by mail-yw1-f202.google.com with SMTP id 00721157ae682-6e389169f92so45615187b3.0 for ; Tue, 15 Oct 2024 16:17:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1729034239; x=1729639039; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=Z9Tw4bS4pnyP2pGgxAbp4S//c+Yt3zbDzg79HSFcXU4=; b=1GZzfYY7Ss7IbH+XlPT8XeOiUDlHH61N0JXfJ0iyS58bfKbqLgbOuZuuSz4qAd1Rxl eTQAS5WirPEG8w/yLJJiY8DU1kgdTzytbcPyQd4B6tO26jcrP/b33/hheQ508GWdwJEB FLaNx8liAgl0wJ2KJeghoXQKThUy+9zaCLmUMRAMpV1VFUw7RT4I3XS0XShK9IQ6kQ/w 3RofZkAS1pWxMAN1mCTr1U+wJ7xDshPjATM1jWG70e7Bec7PISl0lsK4ALbAgCQfiOZF zZhJInDurOXNyIOuPgsaalk8zcX3RKGZwq6p+MKNteBXyVNQjNiBCZOM4M3fiHtZJ5jn Yttg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729034239; x=1729639039; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Z9Tw4bS4pnyP2pGgxAbp4S//c+Yt3zbDzg79HSFcXU4=; b=l7u6wBOKqTRm+kNZUI5Kqho6ST+Ur3kWbTH62HEln8IUZiA2S2hPpp3Tcy/gyL/hFh bUvW5vYPcueOi3yeVhTWlBH8LbNvJsfJYwmNJVDzu+YAreSDCwBAZmq5y2jvyKmDrhgu lqaBrDLJbJDDQZeG0CepzTV7BMMQ4wgD9U3DI1sl7dkBc2lfb5N4h2QyGkEElLgpWmia 0SDEL3e61sYgCbJ/6O7RqrhVMKBWkXK+J13Njptv6gVj6QQCaav1heFT4IKpXS6u75EL iurCLsm33j19S7SraQMcFraT0ZrEp+nVtX2rCN/HuXntmIhef2to7yAaVZiEokjGPzFv BBvg== X-Forwarded-Encrypted: i=1; AJvYcCVjBYMytE3f1mNFXH0JDMzgto4bG44/9C7FJZ5gnfwxgYNR+eZu8GI78KrhyArVmaYEjCQHSeuKXDgl95Er@vger.kernel.org X-Gm-Message-State: AOJu0YzTXl13nP45yu1dcCcy2AZLUnOp7YalON3hfOL5MIZ5NNa1sIV5 U2HCs/Lu2ROn7iIRVncO+gaGvVF3VIQzaPGtogajshUtrlz8kRjrgk+Sl86AqlevNVYyNyvSqCQ usIcxhg== X-Google-Smtp-Source: AGHT+IHxHydqVygYJSAlM1hXzYrW1tI+LxpAid3o6T70JQYXfz7gH/go6iSJb2G3Op8awUnbncbIAIXUGVU+ X-Received: from anyblade.c.googlers.com ([fda3:e722:ac3:cc00:20:ed76:c0a8:1791]) (user=mmaurer job=sendgmr) by 2002:a05:690c:6703:b0:6e2:1713:bdb5 with SMTP id 00721157ae682-6e3d41e6748mr30417b3.5.1729034238606; Tue, 15 Oct 2024 16:17:18 -0700 (PDT) Date: Tue, 15 Oct 2024 23:16:44 +0000 In-Reply-To: <20241015231651.3851138-1-mmaurer@google.com> Precedence: bulk X-Mailing-List: linux-modules@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241015231651.3851138-1-mmaurer@google.com> X-Mailer: git-send-email 2.47.0.rc1.288.g06298d1525-goog Message-ID: <20241015231651.3851138-11-mmaurer@google.com> Subject: [PATCH 10/12] module: Factor out elf_validity_cache_strtab From: Matthew Maurer To: mcgrof@kernel.org Cc: linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, samitolvanen@google.com, Matthew Maurer , Petr Pavlu , Daniel Gomez This patch only moves the existing strtab population to a function. Validation comes in a following patch, this is split out to make the new validation checks more clearly separated. Signed-off-by: Matthew Maurer --- kernel/module/main.c | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index f352c73b6f40..22aa5eb4e4f4 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -2122,6 +2122,23 @@ static int elf_validity_cache_index(struct load_info *info, int flags) return 0; } +/** + * elf_validity_cache_strtab() - Cache symbol string table + * @info: Load info to read from and update. + * Must have &load_info->sechdrs and &load_info->secstrings populated. + * Must have &load_info->index populated. + * + * Return: 0 on success, negative error code if a check failed. + */ +static int elf_validity_cache_strtab(struct load_info *info) +{ + Elf_Shdr *str_shdr = &info->sechdrs[info->index.str]; + char *strtab = (char *)info->hdr + str_shdr->sh_offset; + + info->strtab = strtab; + return 0; +} + /* * Check userspace passed ELF module against our expectations, and cache * useful variables for further processing as we go. @@ -2155,9 +2172,9 @@ static int elf_validity_cache_copy(struct load_info *info, int flags) err = elf_validity_cache_index(info, flags); if (err < 0) return err; - - /* Sets internal strings. */ - info->strtab = (char *)info->hdr + info->sechdrs[info->index.str].sh_offset; + err = elf_validity_cache_strtab(info); + if (err < 0) + return err; /* This is temporary: point mod into copy of data. */ info->mod = (void *)info->hdr + info->sechdrs[info->index.mod].sh_offset; From patchwork Tue Oct 15 23:16:45 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthew Maurer X-Patchwork-Id: 13837404 Received: from mail-yb1-f201.google.com (mail-yb1-f201.google.com [209.85.219.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 99AE92003AF for ; Tue, 15 Oct 2024 23:17:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729034243; cv=none; b=krLGT6pIIM7Dra3KFjuNGwi2bzNvpSR4A5peRX3wT9xRC/6sV6u6sJx59B5o+VbZPL++ut969Gg7sbzyx9LwFOgbqbxPMd3XLofek0zoXzB84AshDXxITPJfTC0S2WaLmoJLNq5vfyJ+/N4q3O6jHhm1F5YM6kJUR152k3e0GFc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729034243; c=relaxed/simple; bh=GPb1TpKFNjVVCpW2qIAL8wvN9CirdjY1ZpdtVrcA0Wo=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=SmwUOvadEmdj8OVy9qE5L6EHoCgyIV8j5Im4cuXlnswxN6j4NX6HK7by3OHkAC5xEQB+R/ctp35rKubrl5VjXyOibblukg7evd39jEAOb5Hhz5B3dWNVAh2y4p/WMF+qG6nS/sMb7WvZyhEPSo2ej93RLzk2k/ziwV7F19NmLJk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=UVeqJ2LV; arc=none smtp.client-ip=209.85.219.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="UVeqJ2LV" Received: by mail-yb1-f201.google.com with SMTP id 3f1490d57ef6-e290a9a294fso8488552276.2 for ; Tue, 15 Oct 2024 16:17:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1729034241; x=1729639041; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=MnoeOJ9yqvZhu5BOCvDTuTGU7w1wCrt97NAeyTTyfDc=; b=UVeqJ2LVWz1wTIuAVy+fx69TM7ZWqALtDu2AuE2B9dpm3VkBB/Wh4xl7+TUTOA7FcZ Nj0aUdFuo+z5dD+JqCt+4mupbMymOtDzkvjMutytSEXu1WhGy47doAD4tZRCmh3rBKKm JgjwuDvgohtnhvkysml0PCpGF8UzkM4FKI/I4cMm1oDO4jfOmr4fhWG8Rabcr7sCRqt5 d6RYUyfpRCJXTPEo0Ru4UiAaV8WdiKDbJIHuN8HIHZC3Vt853Jlr/OqYVPbAHkm7WVxL IKaDk3Ti0ZgnB7XaXjCC0K6++HkGkDP4lK1afdQmrWM5P7nKHR/PrxZBso2rHrgihCmp u+VA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729034241; x=1729639041; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=MnoeOJ9yqvZhu5BOCvDTuTGU7w1wCrt97NAeyTTyfDc=; b=guEUo/x3ppf+eBfZjiJ1kTK09arAAgm3VjJryicivYu6bwD4Rg/aXwy1ZkQhHSENck xXvJSUS587SlHqXZ7fHPff/wIKJRDj8rfpOBYAx8aUZbqGMJVhHZCexJroaCoXdn+Yea FkLrpo6iBmEk1Ovvf/xbASATO+U5be1EhwbhJ4U/bh6uteiclnRidPm0AhbKUj8TNn8Z j799SP+TgEzpumXzTH1WLmOYFPCxovLr8BN15Y8zFx7b/HmXn49zxs29MRfpq6ZemsO1 noxI57Fg2FjZYq3KbT+MwBfIuXB8S4qTNAwZicvRF9lXxfxoO6QXqzU3yluKPsCmFWin rOYw== X-Forwarded-Encrypted: i=1; AJvYcCVjShgJIMMXQ/xvnHkgbsXz6n0KEYc6bDjNah40VVHaYbKf/pdYMeWupvGNynfmn9yemiYousL5mNobAdct@vger.kernel.org X-Gm-Message-State: AOJu0YyevkdA9Ht4deB/tFFz2qMdI0PW74IoRN3sJcTHTBcAuJUnv2El TcIyfkdDGX89JTHOB46F0v23lwdZrf8Ptm24OFTqSvDetPNSiQII4FneeMA1ypOV1Swppa4SM3P 2AGQeLA== X-Google-Smtp-Source: AGHT+IGHz6HPifKuNrMT95HK5iMWP8yOrgiK3ZaaQuMaSy1FjZCKCjGsfCmky7q8W2xsP6eERZaKJdG2Y8g2 X-Received: from anyblade.c.googlers.com ([fda3:e722:ac3:cc00:20:ed76:c0a8:1791]) (user=mmaurer job=sendgmr) by 2002:a5b:80e:0:b0:e28:f6f6:81a5 with SMTP id 3f1490d57ef6-e29780d7669mr1444276.0.1729034240688; Tue, 15 Oct 2024 16:17:20 -0700 (PDT) Date: Tue, 15 Oct 2024 23:16:45 +0000 In-Reply-To: <20241015231651.3851138-1-mmaurer@google.com> Precedence: bulk X-Mailing-List: linux-modules@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241015231651.3851138-1-mmaurer@google.com> X-Mailer: git-send-email 2.47.0.rc1.288.g06298d1525-goog Message-ID: <20241015231651.3851138-12-mmaurer@google.com> Subject: [PATCH 11/12] module: Additional validation in elf_validity_cache_strtab From: Matthew Maurer To: mcgrof@kernel.org Cc: linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, samitolvanen@google.com, Matthew Maurer , Petr Pavlu , Daniel Gomez Validate properties of the strtab that are depended on elsewhere, but were previously unchecked: * String table nonempty (offset 0 is valid) * String table has a leading NUL (offset 0 corresponds to "") * String table is NUL terminated (strfoo functions won't run out of the table while reading). * All symbols names are inbounds of the string table. Signed-off-by: Matthew Maurer --- kernel/module/main.c | 38 +++++++++++++++++++++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index 22aa5eb4e4f4..3db9ff544c09 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -2123,17 +2123,53 @@ static int elf_validity_cache_index(struct load_info *info, int flags) } /** - * elf_validity_cache_strtab() - Cache symbol string table + * elf_validity_cache_strtab() - Validate and cache symbol string table * @info: Load info to read from and update. * Must have &load_info->sechdrs and &load_info->secstrings populated. * Must have &load_info->index populated. * + * Checks: + * + * * The string table is not empty. + * * The string table starts and ends with NUL (required by ELF spec). + * * Every &Elf_Sym->st_name offset in the symbol table is inbounds of the + * string table. + * + * And caches the pointer as &load_info->strtab in @info. + * * Return: 0 on success, negative error code if a check failed. */ static int elf_validity_cache_strtab(struct load_info *info) { Elf_Shdr *str_shdr = &info->sechdrs[info->index.str]; + Elf_Shdr *sym_shdr = &info->sechdrs[info->index.sym]; char *strtab = (char *)info->hdr + str_shdr->sh_offset; + Elf_Sym *syms = (void *)info->hdr + sym_shdr->sh_offset; + int i; + + if (str_shdr->sh_size == 0) { + pr_err("empty symbol string table\n"); + return -ENOEXEC; + } + if (strtab[0] != '\0') { + pr_err("symbol string table missing leading NUL\n"); + return -ENOEXEC; + } + if (strtab[str_shdr->sh_size - 1] != '\0') { + pr_err("symbol string table isn't NUL terminated\n"); + return -ENOEXEC; + } + + /* + * Now that we know strtab is correctly structured, check symbol + * starts are inbounds before they're used later. + */ + for (i = 0; i < sym_shdr->sh_size / sizeof(*syms); i++) { + if (syms[i].st_name >= str_shdr->sh_size) { + pr_err("symbol name out of bounds in string table"); + return -ENOEXEC; + } + } info->strtab = strtab; return 0; From patchwork Tue Oct 15 23:16:46 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthew Maurer X-Patchwork-Id: 13837405 Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com [209.85.128.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 62F572003C6 for ; Tue, 15 Oct 2024 23:17:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729034244; cv=none; b=OJAq8hC6ExuEW1F7GJmQ04evg7YGOKPEJdDCyh1bN0dCk/PGWniNbuhG6IG6R7uu1TMH0q95HsHr0I96w7lzUrwN5ZKy0Hw/gMEN0SX73fpP9GnbnWKRwooUnqfc9JyL5d7eh5BAA2j5pObHP9EOi0l3vWQqf8CnJKXNMexOvxE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729034244; c=relaxed/simple; bh=jjYUVOo8O6xgO1JMXuNPLyUgwBl2/CZLZSSP4VVGvZs=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=QEcnXCYGxGFbT/XRuQ8uMxyfI2qfQu95vg8OggHNXz+JZN/mlDDfsCGEGBD+WaF7UPHQl8kij7UaxpbaVWO0QCgz0NcqiAdSF9VkIMgydABsE10ukMspSpEBTDhPmgRLhsEOgOauuN+cuT5qpyeDxPnS/IsOS1vmSDIi0XQIv7s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=ocnF3+jZ; arc=none smtp.client-ip=209.85.128.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="ocnF3+jZ" Received: by mail-yw1-f201.google.com with SMTP id 00721157ae682-6e36cfed818so44383377b3.3 for ; Tue, 15 Oct 2024 16:17:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1729034242; x=1729639042; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=RxByLhjkeevK1C1+d5cK3mr42AdVb5Xt4M/2ryRxmdU=; b=ocnF3+jZGm6iT9YXCIOB6bVD8Jwb7MyoSTGRkBLz7mUllxnrShwQFoCgN0sinRsc/F eoWoqahg3npSHRLDjBLSQ0VezP74RpxryDqwcLHuF6R9WJhfBOwUdrilPlAClpCI7ALM fYfKH9iIya147OtVBsj7NRorMbHOeKRbGDOKsSKxdhB7e/9xCfv/mNAKk52gx9nx8B8Y zja8cRnCUvYpHPAJostxXNM6Db8eU80rvV9uH77ijQqCqxF2hTHJUpfYdTZZ0JWKNegj ECkmZrDoLK6yqLCbrcYXGnGzN5NTkDFLD9AS4rv8UQCLR/0qSPAD7v+K7CdUo5VsvPfF RIaA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729034242; x=1729639042; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=RxByLhjkeevK1C1+d5cK3mr42AdVb5Xt4M/2ryRxmdU=; b=TvbZhpXhbvh9BU1r+d2jV62UWSvHmsrwug7/4Q0+KIqrvxdCQ1AIdIBoncHNQ5xmgO gDwZKGuOhBDE9YODK9BOQJwIvL/xEdrwEidP2ZZ8NOCRLZnSwSHmRqR3R5lxnidf37x8 NEo0lkcPN9lNf2AxSe1uHEghkRurr5ZngC/spDcn62e2Ur+/1VtV8/p5llaM37yYLIMj qyYA3efFM68qWEP2PSCmTHEspMkKlqR+bXQIyiVMO9VHZ5xJymVrs1aPyvR7xYKq7m1c 2M8EgLfK5EtZO/H0LY6MWrm27oSQzBTexeRJRfH01Jl7O0TS8H1fl6XhXjPj6dfhwf/M 0LtQ== X-Forwarded-Encrypted: i=1; AJvYcCUqs56+4VxGV6bMBHDj94g9MM6Bv8wK3CV/XKPit1h7cIrOJXfEfRurRpm3qdTXdl/Q+KPfyvZvRIFjVlNP@vger.kernel.org X-Gm-Message-State: AOJu0YyeZv3IjnRIfzusozrsiAnbkub0fFOj+DSWPO1KU1oyW9iLv7O5 CYgHfrB3XFyvTE6YGs4uRGppzZvFpFOf/zsddcr2PA3qtkJiXEl+dNW7bgLhNZHx4XPWsw7Wx1F fdpPiHg== X-Google-Smtp-Source: AGHT+IF56C+QSLsngMnwtUK1W1CaxTzGVo4aC5OUnQ07RdsmKUeWwVjXP9OEcZk8DuforTmZRqhlEuXncnap X-Received: from anyblade.c.googlers.com ([fda3:e722:ac3:cc00:20:ed76:c0a8:1791]) (user=mmaurer job=sendgmr) by 2002:a25:d614:0:b0:e03:53a4:1a7 with SMTP id 3f1490d57ef6-e29785a421amr1470276.10.1729034242400; Tue, 15 Oct 2024 16:17:22 -0700 (PDT) Date: Tue, 15 Oct 2024 23:16:46 +0000 In-Reply-To: <20241015231651.3851138-1-mmaurer@google.com> Precedence: bulk X-Mailing-List: linux-modules@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241015231651.3851138-1-mmaurer@google.com> X-Mailer: git-send-email 2.47.0.rc1.288.g06298d1525-goog Message-ID: <20241015231651.3851138-13-mmaurer@google.com> Subject: [PATCH 12/12] module: Reformat struct for code style From: Matthew Maurer To: mcgrof@kernel.org Cc: linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, samitolvanen@google.com, Matthew Maurer , Petr Pavlu , Daniel Gomez Using commas to declare struct members makes adding new members to this struct not as nice with patch management. Signed-off-by: Matthew Maurer --- kernel/module/internal.h | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/kernel/module/internal.h b/kernel/module/internal.h index 2ebece8a789f..daef2be83902 100644 --- a/kernel/module/internal.h +++ b/kernel/module/internal.h @@ -80,7 +80,12 @@ struct load_info { unsigned int used_pages; #endif struct { - unsigned int sym, str, mod, vers, info, pcpu; + unsigned int sym; + unsigned int str; + unsigned int mod; + unsigned int vers; + unsigned int info; + unsigned int pcpu; } index; };