1 files changed, 130 insertions, 27 deletions
diff --git a/kernel/module.c b/kernel/module.c
index 4edbd9c11aca..0e2da8695f8e 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -58,6 +58,8 @@
 #include <linux/jump_label.h>
 #include <linux/pfn.h>
 #include <linux/bsearch.h>
+#include <linux/fips.h>
+#include "module-internal.h"
 #define CREATE_TRACE_POINTS
 #include <trace/events/module.h>
@@ -102,6 +104,43 @@ static LIST_HEAD(modules);
 struct list_head *kdb_modules = &modules; /* kdb needs the list of modules */
 #endif /* CONFIG_KGDB_KDB */
+#ifdef CONFIG_MODULE_SIG
+#ifdef CONFIG_MODULE_SIG_FORCE
+static bool sig_enforce = true;
+#else
+static bool sig_enforce = false;
+static int param_set_bool_enable_only(const char *val,
+                                      const struct kernel_param *kp)
+{
+        int err;
+        bool test;
+        struct kernel_param dummy_kp = *kp;
+        dummy_kp.arg = &test;
+        err = param_set_bool(val, &dummy_kp);
+        if (err)
+                return err;
+        /* Don't let them unset it once it's set! */
+        if (!test && sig_enforce)
+                return -EROFS;
+        if (test)
+                sig_enforce = true;
+        return 0;
+}
+static const struct kernel_param_ops param_ops_bool_enable_only = {
+        .set = param_set_bool_enable_only,
+        .get = param_get_bool,
+};
+#define param_check_bool_enable_only param_check_bool
+module_param(sig_enforce, bool_enable_only, 0644);
+#endif /* !CONFIG_MODULE_SIG_FORCE */
+#endif /* CONFIG_MODULE_SIG */
 /* Block module loading/unloading? */
 int modules_disabled = 0;
@@ -136,6 +175,7 @@ struct load_info {
        unsigned long symoffs, stroffs;
        struct _ddebug *debug;
        unsigned int num_debug;
+        bool sig_ok;
        struct {
                unsigned int sym, str, mod, vers, info, pcpu;
        } index;
@@ -1949,26 +1989,6 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
        return ret;
 }
-int __weak apply_relocate(Elf_Shdr *sechdrs,
-                          const char *strtab,
-                          unsigned int symindex,
-                          unsigned int relsec,
-                          struct module *me)
-{
-        pr_err("module %s: REL relocation unsupported\n", me->name);
-        return -ENOEXEC;
-}
-int __weak apply_relocate_add(Elf_Shdr *sechdrs,
-                              const char *strtab,
-                              unsigned int symindex,
-                              unsigned int relsec,
-                              struct module *me)
-{
-        pr_err("module %s: RELA relocation unsupported\n", me->name);
-        return -ENOEXEC;
-}
 static int apply_relocations(struct module *mod, const struct load_info *info)
 {
        unsigned int i;
@@ -2399,7 +2419,52 @@ static inline void kmemleak_load_module(const struct module *mod,
 }
 #endif
-/* Sets info->hdr and info->len. */
+#ifdef CONFIG_MODULE_SIG
+static int module_sig_check(struct load_info *info,
+                            const void *mod, unsigned long *len)
+{
+        int err = -ENOKEY;
+        const unsigned long markerlen = sizeof(MODULE_SIG_STRING) - 1;
+        const void *p = mod, *end = mod + *len;
+        /* Poor man's memmem. */
+        while ((p = memchr(p, MODULE_SIG_STRING[0], end - p))) {
+                if (p + markerlen > end)
+                        break;
+                if (memcmp(p, MODULE_SIG_STRING, markerlen) == 0) {
+                        const void *sig = p + markerlen;
+                        /* Truncate module up to signature. */
+                        *len = p - mod;
+                        err = mod_verify_sig(mod, *len, sig, end - sig);
+                        break;
+                }
+                p++;
+        }
+        if (!err) {
+                info->sig_ok = true;
+                return 0;
+        }
+        /* Not having a signature is only an error if we're strict. */
+        if (err < 0 && fips_enabled)
+                panic("Module verification failed with error %d in FIPS mode\n",
+                      err);
+        if (err == -ENOKEY && !sig_enforce)
+                err = 0;
+        return err;
+}
+#else /* !CONFIG_MODULE_SIG */
+static int module_sig_check(struct load_info *info,
+                            void *mod, unsigned long *len)
+{
+        return 0;
+}
+#endif /* !CONFIG_MODULE_SIG */
+/* Sets info->hdr, info->len and info->sig_ok. */
 static int copy_and_check(struct load_info *info,
                          const void __user *umod, unsigned long len,
                          const char __user *uargs)
@@ -2419,6 +2484,10 @@ static int copy_and_check(struct load_info *info,
                goto free_hdr;
        }
+        err = module_sig_check(info, hdr, &len);
+        if (err)
+                goto free_hdr;
        /* Sanity checks against insmoding binaries or wrong arch,
           weird elf version */
        if (memcmp(hdr->e_ident, ELFMAG, SELFMAG) != 0
@@ -2730,6 +2799,10 @@ static int check_module_license_and_versions(struct module *mod)
        if (strcmp(mod->name, "driverloader") == 0)
                add_taint_module(mod, TAINT_PROPRIETARY_MODULE);
+        /* lve claims to be GPL but upstream won't provide source */
+        if (strcmp(mod->name, "lve") == 0)
+                add_taint_module(mod, TAINT_PROPRIETARY_MODULE);
 #ifdef CONFIG_MODVERSIONS
        if ((mod->num_syms && !mod->crcs)
            || (mod->num_gpl_syms && !mod->gpl_crcs)
@@ -2861,6 +2934,20 @@ static int post_relocation(struct module *mod, const struct load_info *info)
        return module_finalize(info->hdr, info->sechdrs, mod);
 }
+/* Is this module of this name done loading?  No locks held. */
+static bool finished_loading(const char *name)
+{
+        struct module *mod;
+        bool ret;
+        mutex_lock(&module_mutex);
+        mod = find_module(name);
+        ret = !mod || mod->state != MODULE_STATE_COMING;
+        mutex_unlock(&module_mutex);
+        return ret;
+}
 /* Allocate and load the module: note that size of section 0 is always
   zero, and we rely on this for optional sections. */
 static struct module *load_module(void __user *umod,
@@ -2868,7 +2955,7 @@ static struct module *load_module(void __user *umod,
                                  const char __user *uargs)
 {
        struct load_info info = { NULL, };
-        struct module *mod;
+        struct module *mod, *old;
        long err;
        pr_debug("load_module: umod=%p, len=%lu, uargs=%p\n",
@@ -2886,6 +2973,12 @@ static struct module *load_module(void __user *umod,
                goto free_copy;
        }
+#ifdef CONFIG_MODULE_SIG
+        mod->sig_ok = info.sig_ok;
+        if (!mod->sig_ok)
+                add_taint_module(mod, TAINT_FORCED_MODULE);
+#endif
        /* Now module is in final location, initialize linked lists, etc. */
        err = module_unload_init(mod);
        if (err)
@@ -2934,8 +3027,18 @@ static struct module *load_module(void __user *umod,
         * function to insert in a way safe to concurrent readers.
         * The mutex protects against concurrent writers.
         */
+again:
        mutex_lock(&module_mutex);
-        if (find_module(mod->name)) {
+        if ((old = find_module(mod->name)) != NULL) {
+                if (old->state == MODULE_STATE_COMING) {
+                        /* Wait in case it fails to load. */
+                        mutex_unlock(&module_mutex);
+                        err = wait_event_interruptible(module_wq,
+                                               finished_loading(mod->name));
+                        if (err)
+                                goto free_arch_cleanup;
+                        goto again;
+                }
                err = -EEXIST;
                goto unlock;
        }
@@ -2975,7 +3078,7 @@ static struct module *load_module(void __user *umod,
        /* Unlink carefully: kallsyms could be walking list. */
        list_del_rcu(&mod->list);
        module_bug_cleanup(mod);
+        wake_up_all(&module_wq);
 ddebug:
        dynamic_debug_remove(info.debug);
 unlock:
@@ -3050,7 +3153,7 @@ SYSCALL_DEFINE3(init_module, void __user *, umod,
                blocking_notifier_call_chain(&module_notify_list,
                                             MODULE_STATE_GOING, mod);
                free_module(mod);
-                wake_up(&module_wq);
+                wake_up_all(&module_wq);
                return ret;
        }
        if (ret > 0) {
@@ -3062,9 +3165,8 @@ SYSCALL_DEFINE3(init_module, void __user *, umod,
                dump_stack();
        }
-        /* Now it's a first class citizen!  Wake up anyone waiting for it. */
+        /* Now it's a first class citizen! */
        mod->state = MODULE_STATE_LIVE;
-        wake_up(&module_wq);
        blocking_notifier_call_chain(&module_notify_list,
                                     MODULE_STATE_LIVE, mod);
@@ -3087,6 +3189,7 @@ SYSCALL_DEFINE3(init_module, void __user *, umod,
        mod->init_ro_size = 0;
        mod->init_text_size = 0;
        mutex_unlock(&module_mutex);
+        wake_up_all(&module_wq);
        return 0;
 }

diff --git a/kernel/module.c b/kernel/module.c index 4edbd9c11aca..0e2da8695f8e 100644 --- a/kernel/module.c +++ b/kernel/module.c
@@ -58,6 +58,8 @@
58	#include <linux/jump_label.h>	58	#include <linux/jump_label.h>
59	#include <linux/pfn.h>	59	#include <linux/pfn.h>
60	#include <linux/bsearch.h>	60	#include <linux/bsearch.h>
		61	#include <linux/fips.h>
		62	#include "module-internal.h"
61		63
62	#define CREATE_TRACE_POINTS	64	#define CREATE_TRACE_POINTS
63	#include <trace/events/module.h>	65	#include <trace/events/module.h>
@@ -102,6 +104,43 @@ static LIST_HEAD(modules);
102	struct list_head kdb_modules = &modules; / kdb needs the list of modules */	104	struct list_head kdb_modules = &modules; / kdb needs the list of modules */
103	#endif /* CONFIG_KGDB_KDB */	105	#endif /* CONFIG_KGDB_KDB */
104		106
		107	#ifdef CONFIG_MODULE_SIG
		108	#ifdef CONFIG_MODULE_SIG_FORCE
		109	static bool sig_enforce = true;
		110	#else
		111	static bool sig_enforce = false;
		112
		113	static int param_set_bool_enable_only(const char *val,
		114	const struct kernel_param *kp)
		115	{
		116	int err;
		117	bool test;
		118	struct kernel_param dummy_kp = *kp;
		119
		120	dummy_kp.arg = &test;
		121
		122	err = param_set_bool(val, &dummy_kp);
		123	if (err)
		124	return err;
		125
		126	/* Don't let them unset it once it's set! */
		127	if (!test && sig_enforce)
		128	return -EROFS;
		129
		130	if (test)
		131	sig_enforce = true;
		132	return 0;
		133	}
		134
		135	static const struct kernel_param_ops param_ops_bool_enable_only = {
		136	.set = param_set_bool_enable_only,
		137	.get = param_get_bool,
		138	};
		139	#define param_check_bool_enable_only param_check_bool
		140
		141	module_param(sig_enforce, bool_enable_only, 0644);
		142	#endif /* !CONFIG_MODULE_SIG_FORCE */
		143	#endif /* CONFIG_MODULE_SIG */
105		144
106	/* Block module loading/unloading? */	145	/* Block module loading/unloading? */
107	int modules_disabled = 0;	146	int modules_disabled = 0;
@@ -136,6 +175,7 @@ struct load_info {
136	unsigned long symoffs, stroffs;	175	unsigned long symoffs, stroffs;
137	struct _ddebug *debug;	176	struct _ddebug *debug;
138	unsigned int num_debug;	177	unsigned int num_debug;
		178	bool sig_ok;
139	struct {	179	struct {
140	unsigned int sym, str, mod, vers, info, pcpu;	180	unsigned int sym, str, mod, vers, info, pcpu;
141	} index;	181	} index;
@@ -1949,26 +1989,6 @@ static int simplify_symbols(struct module mod, const struct load_info info)
1949	return ret;	1989	return ret;
1950	}	1990	}
1951		1991
1952	int __weak apply_relocate(Elf_Shdr *sechdrs,
1953	const char *strtab,
1954	unsigned int symindex,
1955	unsigned int relsec,
1956	struct module *me)
1957	{
1958	pr_err("module %s: REL relocation unsupported\n", me->name);
1959	return -ENOEXEC;
1960	}
1961
1962	int __weak apply_relocate_add(Elf_Shdr *sechdrs,
1963	const char *strtab,
1964	unsigned int symindex,
1965	unsigned int relsec,
1966	struct module *me)
1967	{
1968	pr_err("module %s: RELA relocation unsupported\n", me->name);
1969	return -ENOEXEC;
1970	}
1971
1972	static int apply_relocations(struct module mod, const struct load_info info)	1992	static int apply_relocations(struct module mod, const struct load_info info)
1973	{	1993	{
1974	unsigned int i;	1994	unsigned int i;
@@ -2399,7 +2419,52 @@ static inline void kmemleak_load_module(const struct module *mod,
2399	}	2419	}
2400	#endif	2420	#endif
2401		2421
2402	/* Sets info->hdr and info->len. */	2422	#ifdef CONFIG_MODULE_SIG
		2423	static int module_sig_check(struct load_info *info,
		2424	const void mod, unsigned long len)
		2425	{
		2426	int err = -ENOKEY;
		2427	const unsigned long markerlen = sizeof(MODULE_SIG_STRING) - 1;
		2428	const void p = mod, end = mod + *len;
		2429
		2430	/* Poor man's memmem. */
		2431	while ((p = memchr(p, MODULE_SIG_STRING[0], end - p))) {
		2432	if (p + markerlen > end)
		2433	break;
		2434
		2435	if (memcmp(p, MODULE_SIG_STRING, markerlen) == 0) {
		2436	const void *sig = p + markerlen;
		2437	/* Truncate module up to signature. */
		2438	*len = p - mod;
		2439	err = mod_verify_sig(mod, *len, sig, end - sig);
		2440	break;
		2441	}
		2442	p++;
		2443	}
		2444
		2445	if (!err) {
		2446	info->sig_ok = true;
		2447	return 0;
		2448	}
		2449
		2450	/* Not having a signature is only an error if we're strict. */
		2451	if (err < 0 && fips_enabled)
		2452	panic("Module verification failed with error %d in FIPS mode\n",
		2453	err);
		2454	if (err == -ENOKEY && !sig_enforce)
		2455	err = 0;
		2456
		2457	return err;
		2458	}
		2459	#else /* !CONFIG_MODULE_SIG */
		2460	static int module_sig_check(struct load_info *info,
		2461	void mod, unsigned long len)
		2462	{
		2463	return 0;
		2464	}
		2465	#endif /* !CONFIG_MODULE_SIG */
		2466
		2467	/* Sets info->hdr, info->len and info->sig_ok. */
2403	static int copy_and_check(struct load_info *info,	2468	static int copy_and_check(struct load_info *info,
2404	const void __user *umod, unsigned long len,	2469	const void __user *umod, unsigned long len,
2405	const char __user *uargs)	2470	const char __user *uargs)
@@ -2419,6 +2484,10 @@ static int copy_and_check(struct load_info *info,
2419	goto free_hdr;	2484	goto free_hdr;
2420	}	2485	}
2421		2486
		2487	err = module_sig_check(info, hdr, &len);
		2488	if (err)
		2489	goto free_hdr;
		2490
2422	/* Sanity checks against insmoding binaries or wrong arch,	2491	/* Sanity checks against insmoding binaries or wrong arch,
2423	weird elf version */	2492	weird elf version */
2424	if (memcmp(hdr->e_ident, ELFMAG, SELFMAG) != 0	2493	if (memcmp(hdr->e_ident, ELFMAG, SELFMAG) != 0
@@ -2730,6 +2799,10 @@ static int check_module_license_and_versions(struct module *mod)
2730	if (strcmp(mod->name, "driverloader") == 0)	2799	if (strcmp(mod->name, "driverloader") == 0)
2731	add_taint_module(mod, TAINT_PROPRIETARY_MODULE);	2800	add_taint_module(mod, TAINT_PROPRIETARY_MODULE);
2732		2801
		2802	/* lve claims to be GPL but upstream won't provide source */
		2803	if (strcmp(mod->name, "lve") == 0)
		2804	add_taint_module(mod, TAINT_PROPRIETARY_MODULE);
		2805
2733	#ifdef CONFIG_MODVERSIONS	2806	#ifdef CONFIG_MODVERSIONS
2734	if ((mod->num_syms && !mod->crcs)	2807	if ((mod->num_syms && !mod->crcs)
2735	\|\| (mod->num_gpl_syms && !mod->gpl_crcs)	2808	\|\| (mod->num_gpl_syms && !mod->gpl_crcs)
@@ -2861,6 +2934,20 @@ static int post_relocation(struct module mod, const struct load_info info)
2861	return module_finalize(info->hdr, info->sechdrs, mod);	2934	return module_finalize(info->hdr, info->sechdrs, mod);
2862	}	2935	}
2863		2936
		2937	/* Is this module of this name done loading? No locks held. */
		2938	static bool finished_loading(const char *name)
		2939	{
		2940	struct module *mod;
		2941	bool ret;
		2942
		2943	mutex_lock(&module_mutex);
		2944	mod = find_module(name);
		2945	ret = !mod \|\| mod->state != MODULE_STATE_COMING;
		2946	mutex_unlock(&module_mutex);
		2947
		2948	return ret;
		2949	}
		2950
2864	/* Allocate and load the module: note that size of section 0 is always	2951	/* Allocate and load the module: note that size of section 0 is always
2865	zero, and we rely on this for optional sections. */	2952	zero, and we rely on this for optional sections. */
2866	static struct module load_module(void __user umod,	2953	static struct module load_module(void __user umod,
@@ -2868,7 +2955,7 @@ static struct module load_module(void __user umod,
2868	const char __user *uargs)	2955	const char __user *uargs)
2869	{	2956	{
2870	struct load_info info = { NULL, };	2957	struct load_info info = { NULL, };
2871	struct module *mod;	2958	struct module mod, old;
2872	long err;	2959	long err;
2873		2960
2874	pr_debug("load_module: umod=%p, len=%lu, uargs=%p\n",	2961	pr_debug("load_module: umod=%p, len=%lu, uargs=%p\n",
@@ -2886,6 +2973,12 @@ static struct module load_module(void __user umod,
2886	goto free_copy;	2973	goto free_copy;
2887	}	2974	}
2888		2975
		2976	#ifdef CONFIG_MODULE_SIG
		2977	mod->sig_ok = info.sig_ok;
		2978	if (!mod->sig_ok)
		2979	add_taint_module(mod, TAINT_FORCED_MODULE);
		2980	#endif
		2981
2889	/* Now module is in final location, initialize linked lists, etc. */	2982	/* Now module is in final location, initialize linked lists, etc. */
2890	err = module_unload_init(mod);	2983	err = module_unload_init(mod);
2891	if (err)	2984	if (err)
@@ -2934,8 +3027,18 @@ static struct module load_module(void __user umod,
2934	* function to insert in a way safe to concurrent readers.	3027	* function to insert in a way safe to concurrent readers.
2935	* The mutex protects against concurrent writers.	3028	* The mutex protects against concurrent writers.
2936	*/	3029	*/
		3030	again:
2937	mutex_lock(&module_mutex);	3031	mutex_lock(&module_mutex);
2938	if (find_module(mod->name)) {	3032	if ((old = find_module(mod->name)) != NULL) {
		3033	if (old->state == MODULE_STATE_COMING) {
		3034	/* Wait in case it fails to load. */
		3035	mutex_unlock(&module_mutex);
		3036	err = wait_event_interruptible(module_wq,
		3037	finished_loading(mod->name));
		3038	if (err)
		3039	goto free_arch_cleanup;
		3040	goto again;
		3041	}
2939	err = -EEXIST;	3042	err = -EEXIST;
2940	goto unlock;	3043	goto unlock;
2941	}	3044	}
@@ -2975,7 +3078,7 @@ static struct module load_module(void __user umod,
2975	/* Unlink carefully: kallsyms could be walking list. */	3078	/* Unlink carefully: kallsyms could be walking list. */
2976	list_del_rcu(&mod->list);	3079	list_del_rcu(&mod->list);
2977	module_bug_cleanup(mod);	3080	module_bug_cleanup(mod);
2978		3081	wake_up_all(&module_wq);
2979	ddebug:	3082	ddebug:
2980	dynamic_debug_remove(info.debug);	3083	dynamic_debug_remove(info.debug);
2981	unlock:	3084	unlock:
@@ -3050,7 +3153,7 @@ SYSCALL_DEFINE3(init_module, void __user *, umod,
3050	blocking_notifier_call_chain(&module_notify_list,	3153	blocking_notifier_call_chain(&module_notify_list,
3051	MODULE_STATE_GOING, mod);	3154	MODULE_STATE_GOING, mod);
3052	free_module(mod);	3155	free_module(mod);
3053	wake_up(&module_wq);	3156	wake_up_all(&module_wq);
3054	return ret;	3157	return ret;
3055	}	3158	}
3056	if (ret > 0) {	3159	if (ret > 0) {
@@ -3062,9 +3165,8 @@ SYSCALL_DEFINE3(init_module, void __user *, umod,
3062	dump_stack();	3165	dump_stack();
3063	}	3166	}
3064		3167
3065	/* Now it's a first class citizen! Wake up anyone waiting for it. */	3168	/* Now it's a first class citizen! */
3066	mod->state = MODULE_STATE_LIVE;	3169	mod->state = MODULE_STATE_LIVE;
3067	wake_up(&module_wq);
3068	blocking_notifier_call_chain(&module_notify_list,	3170	blocking_notifier_call_chain(&module_notify_list,
3069	MODULE_STATE_LIVE, mod);	3171	MODULE_STATE_LIVE, mod);
3070		3172
@@ -3087,6 +3189,7 @@ SYSCALL_DEFINE3(init_module, void __user *, umod,
3087	mod->init_ro_size = 0;	3189	mod->init_ro_size = 0;
3088	mod->init_text_size = 0;	3190	mod->init_text_size = 0;
3089	mutex_unlock(&module_mutex);	3191	mutex_unlock(&module_mutex);
		3192	wake_up_all(&module_wq);
3090		3193
3091	return 0;	3194	return 0;
3092	}	3195	}