1 files changed, 122 insertions, 27 deletions
diff --git a/kernel/module.c b/kernel/module.c
index 4edbd9c11aca..6085f5ef88ea 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -58,6 +58,8 @@
 #include <linux/jump_label.h>
 #include <linux/pfn.h>
 #include <linux/bsearch.h>
+#include <linux/fips.h>
+#include "module-internal.h"
 #define CREATE_TRACE_POINTS
 #include <trace/events/module.h>
@@ -102,6 +104,43 @@ static LIST_HEAD(modules);
 struct list_head *kdb_modules = &modules; /* kdb needs the list of modules */
 #endif /* CONFIG_KGDB_KDB */
+#ifdef CONFIG_MODULE_SIG
+#ifdef CONFIG_MODULE_SIG_FORCE
+static bool sig_enforce = true;
+#else
+static bool sig_enforce = false;
+static int param_set_bool_enable_only(const char *val,
+                                      const struct kernel_param *kp)
+{
+        int err;
+        bool test;
+        struct kernel_param dummy_kp = *kp;
+        dummy_kp.arg = &test;
+        err = param_set_bool(val, &dummy_kp);
+        if (err)
+                return err;
+        /* Don't let them unset it once it's set! */
+        if (!test && sig_enforce)
+                return -EROFS;
+        if (test)
+                sig_enforce = true;
+        return 0;
+}
+static const struct kernel_param_ops param_ops_bool_enable_only = {
+        .set = param_set_bool_enable_only,
+        .get = param_get_bool,
+};
+#define param_check_bool_enable_only param_check_bool
+module_param(sig_enforce, bool_enable_only, 0644);
+#endif /* !CONFIG_MODULE_SIG_FORCE */
+#endif /* CONFIG_MODULE_SIG */
 /* Block module loading/unloading? */
 int modules_disabled = 0;
@@ -136,6 +175,7 @@ struct load_info {
        unsigned long symoffs, stroffs;
        struct _ddebug *debug;
        unsigned int num_debug;
+        bool sig_ok;
        struct {
                unsigned int sym, str, mod, vers, info, pcpu;
        } index;
@@ -1949,26 +1989,6 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
        return ret;
 }
-int __weak apply_relocate(Elf_Shdr *sechdrs,
-                          const char *strtab,
-                          unsigned int symindex,
-                          unsigned int relsec,
-                          struct module *me)
-{
-        pr_err("module %s: REL relocation unsupported\n", me->name);
-        return -ENOEXEC;
-}
-int __weak apply_relocate_add(Elf_Shdr *sechdrs,
-                              const char *strtab,
-                              unsigned int symindex,
-                              unsigned int relsec,
-                              struct module *me)
-{
-        pr_err("module %s: RELA relocation unsupported\n", me->name);
-        return -ENOEXEC;
-}
 static int apply_relocations(struct module *mod, const struct load_info *info)
 {
        unsigned int i;
@@ -2399,7 +2419,44 @@ static inline void kmemleak_load_module(const struct module *mod,
 }
 #endif
-/* Sets info->hdr and info->len. */
+#ifdef CONFIG_MODULE_SIG
+static int module_sig_check(struct load_info *info,
+                            const void *mod, unsigned long *_len)
+{
+        int err = -ENOKEY;
+        unsigned long markerlen = sizeof(MODULE_SIG_STRING) - 1;
+        unsigned long len = *_len;
+        if (len > markerlen &&
+            memcmp(mod + len - markerlen, MODULE_SIG_STRING, markerlen) == 0) {
+                /* We truncate the module to discard the signature */
+                *_len -= markerlen;
+                err = mod_verify_sig(mod, _len);
+        }
+        if (!err) {
+                info->sig_ok = true;
+                return 0;
+        }
+        /* Not having a signature is only an error if we're strict. */
+        if (err < 0 && fips_enabled)
+                panic("Module verification failed with error %d in FIPS mode\n",
+                      err);
+        if (err == -ENOKEY && !sig_enforce)
+                err = 0;
+        return err;
+}
+#else /* !CONFIG_MODULE_SIG */
+static int module_sig_check(struct load_info *info,
+                            void *mod, unsigned long *len)
+{
+        return 0;
+}
+#endif /* !CONFIG_MODULE_SIG */
+/* Sets info->hdr, info->len and info->sig_ok. */
 static int copy_and_check(struct load_info *info,
                          const void __user *umod, unsigned long len,
                          const char __user *uargs)
@@ -2419,6 +2476,10 @@ static int copy_and_check(struct load_info *info,
                goto free_hdr;
        }
+        err = module_sig_check(info, hdr, &len);
+        if (err)
+                goto free_hdr;
        /* Sanity checks against insmoding binaries or wrong arch,
           weird elf version */
        if (memcmp(hdr->e_ident, ELFMAG, SELFMAG) != 0
@@ -2730,6 +2791,10 @@ static int check_module_license_and_versions(struct module *mod)
        if (strcmp(mod->name, "driverloader") == 0)
                add_taint_module(mod, TAINT_PROPRIETARY_MODULE);
+        /* lve claims to be GPL but upstream won't provide source */
+        if (strcmp(mod->name, "lve") == 0)
+                add_taint_module(mod, TAINT_PROPRIETARY_MODULE);
 #ifdef CONFIG_MODVERSIONS
        if ((mod->num_syms && !mod->crcs)
            || (mod->num_gpl_syms && !mod->gpl_crcs)
@@ -2861,6 +2926,20 @@ static int post_relocation(struct module *mod, const struct load_info *info)
        return module_finalize(info->hdr, info->sechdrs, mod);
 }
+/* Is this module of this name done loading?  No locks held. */
+static bool finished_loading(const char *name)
+{
+        struct module *mod;
+        bool ret;
+        mutex_lock(&module_mutex);
+        mod = find_module(name);
+        ret = !mod || mod->state != MODULE_STATE_COMING;
+        mutex_unlock(&module_mutex);
+        return ret;
+}
 /* Allocate and load the module: note that size of section 0 is always
   zero, and we rely on this for optional sections. */
 static struct module *load_module(void __user *umod,
@@ -2868,7 +2947,7 @@ static struct module *load_module(void __user *umod,
                                  const char __user *uargs)
 {
        struct load_info info = { NULL, };
-        struct module *mod;
+        struct module *mod, *old;
        long err;
        pr_debug("load_module: umod=%p, len=%lu, uargs=%p\n",
@@ -2886,6 +2965,12 @@ static struct module *load_module(void __user *umod,
                goto free_copy;
        }
+#ifdef CONFIG_MODULE_SIG
+        mod->sig_ok = info.sig_ok;
+        if (!mod->sig_ok)
+                add_taint_module(mod, TAINT_FORCED_MODULE);
+#endif
        /* Now module is in final location, initialize linked lists, etc. */
        err = module_unload_init(mod);
        if (err)
@@ -2934,8 +3019,18 @@ static struct module *load_module(void __user *umod,
         * function to insert in a way safe to concurrent readers.
         * The mutex protects against concurrent writers.
         */
+again:
        mutex_lock(&module_mutex);
-        if (find_module(mod->name)) {
+        if ((old = find_module(mod->name)) != NULL) {
+                if (old->state == MODULE_STATE_COMING) {
+                        /* Wait in case it fails to load. */
+                        mutex_unlock(&module_mutex);
+                        err = wait_event_interruptible(module_wq,
+                                               finished_loading(mod->name));
+                        if (err)
+                                goto free_arch_cleanup;
+                        goto again;
+                }
                err = -EEXIST;
                goto unlock;
        }
@@ -2975,7 +3070,7 @@ static struct module *load_module(void __user *umod,
        /* Unlink carefully: kallsyms could be walking list. */
        list_del_rcu(&mod->list);
        module_bug_cleanup(mod);
+        wake_up_all(&module_wq);
 ddebug:
        dynamic_debug_remove(info.debug);
 unlock:
@@ -3050,7 +3145,7 @@ SYSCALL_DEFINE3(init_module, void __user *, umod,
                blocking_notifier_call_chain(&module_notify_list,
                                             MODULE_STATE_GOING, mod);
                free_module(mod);
-                wake_up(&module_wq);
+                wake_up_all(&module_wq);
                return ret;
        }
        if (ret > 0) {
@@ -3062,9 +3157,8 @@ SYSCALL_DEFINE3(init_module, void __user *, umod,
                dump_stack();
        }
-        /* Now it's a first class citizen!  Wake up anyone waiting for it. */
+        /* Now it's a first class citizen! */
        mod->state = MODULE_STATE_LIVE;
-        wake_up(&module_wq);
        blocking_notifier_call_chain(&module_notify_list,
                                     MODULE_STATE_LIVE, mod);
@@ -3087,6 +3181,7 @@ SYSCALL_DEFINE3(init_module, void __user *, umod,
        mod->init_ro_size = 0;
        mod->init_text_size = 0;
        mutex_unlock(&module_mutex);
+        wake_up_all(&module_wq);
        return 0;
 }

diff --git a/kernel/module.c b/kernel/module.c index 4edbd9c11aca..6085f5ef88ea 100644 --- a/kernel/module.c +++ b/kernel/module.c
@@ -58,6 +58,8 @@
58	#include <linux/jump_label.h>	58	#include <linux/jump_label.h>
59	#include <linux/pfn.h>	59	#include <linux/pfn.h>
60	#include <linux/bsearch.h>	60	#include <linux/bsearch.h>
		61	#include <linux/fips.h>
		62	#include "module-internal.h"
61		63
62	#define CREATE_TRACE_POINTS	64	#define CREATE_TRACE_POINTS
63	#include <trace/events/module.h>	65	#include <trace/events/module.h>
@@ -102,6 +104,43 @@ static LIST_HEAD(modules);
102	struct list_head kdb_modules = &modules; / kdb needs the list of modules */	104	struct list_head kdb_modules = &modules; / kdb needs the list of modules */
103	#endif /* CONFIG_KGDB_KDB */	105	#endif /* CONFIG_KGDB_KDB */
104		106
		107	#ifdef CONFIG_MODULE_SIG
		108	#ifdef CONFIG_MODULE_SIG_FORCE
		109	static bool sig_enforce = true;
		110	#else
		111	static bool sig_enforce = false;
		112
		113	static int param_set_bool_enable_only(const char *val,
		114	const struct kernel_param *kp)
		115	{
		116	int err;
		117	bool test;
		118	struct kernel_param dummy_kp = *kp;
		119
		120	dummy_kp.arg = &test;
		121
		122	err = param_set_bool(val, &dummy_kp);
		123	if (err)
		124	return err;
		125
		126	/* Don't let them unset it once it's set! */
		127	if (!test && sig_enforce)
		128	return -EROFS;
		129
		130	if (test)
		131	sig_enforce = true;
		132	return 0;
		133	}
		134
		135	static const struct kernel_param_ops param_ops_bool_enable_only = {
		136	.set = param_set_bool_enable_only,
		137	.get = param_get_bool,
		138	};
		139	#define param_check_bool_enable_only param_check_bool
		140
		141	module_param(sig_enforce, bool_enable_only, 0644);
		142	#endif /* !CONFIG_MODULE_SIG_FORCE */
		143	#endif /* CONFIG_MODULE_SIG */
105		144
106	/* Block module loading/unloading? */	145	/* Block module loading/unloading? */
107	int modules_disabled = 0;	146	int modules_disabled = 0;
@@ -136,6 +175,7 @@ struct load_info {
136	unsigned long symoffs, stroffs;	175	unsigned long symoffs, stroffs;
137	struct _ddebug *debug;	176	struct _ddebug *debug;
138	unsigned int num_debug;	177	unsigned int num_debug;
		178	bool sig_ok;
139	struct {	179	struct {
140	unsigned int sym, str, mod, vers, info, pcpu;	180	unsigned int sym, str, mod, vers, info, pcpu;
141	} index;	181	} index;
@@ -1949,26 +1989,6 @@ static int simplify_symbols(struct module mod, const struct load_info info)
1949	return ret;	1989	return ret;
1950	}	1990	}
1951		1991
1952	int __weak apply_relocate(Elf_Shdr *sechdrs,
1953	const char *strtab,
1954	unsigned int symindex,
1955	unsigned int relsec,
1956	struct module *me)
1957	{
1958	pr_err("module %s: REL relocation unsupported\n", me->name);
1959	return -ENOEXEC;
1960	}
1961
1962	int __weak apply_relocate_add(Elf_Shdr *sechdrs,
1963	const char *strtab,
1964	unsigned int symindex,
1965	unsigned int relsec,
1966	struct module *me)
1967	{
1968	pr_err("module %s: RELA relocation unsupported\n", me->name);
1969	return -ENOEXEC;
1970	}
1971
1972	static int apply_relocations(struct module mod, const struct load_info info)	1992	static int apply_relocations(struct module mod, const struct load_info info)
1973	{	1993	{
1974	unsigned int i;	1994	unsigned int i;
@@ -2399,7 +2419,44 @@ static inline void kmemleak_load_module(const struct module *mod,
2399	}	2419	}
2400	#endif	2420	#endif
2401		2421
2402	/* Sets info->hdr and info->len. */	2422	#ifdef CONFIG_MODULE_SIG
		2423	static int module_sig_check(struct load_info *info,
		2424	const void mod, unsigned long _len)
		2425	{
		2426	int err = -ENOKEY;
		2427	unsigned long markerlen = sizeof(MODULE_SIG_STRING) - 1;
		2428	unsigned long len = *_len;
		2429
		2430	if (len > markerlen &&
		2431	memcmp(mod + len - markerlen, MODULE_SIG_STRING, markerlen) == 0) {
		2432	/* We truncate the module to discard the signature */
		2433	*_len -= markerlen;
		2434	err = mod_verify_sig(mod, _len);
		2435	}
		2436
		2437	if (!err) {
		2438	info->sig_ok = true;
		2439	return 0;
		2440	}
		2441
		2442	/* Not having a signature is only an error if we're strict. */
		2443	if (err < 0 && fips_enabled)
		2444	panic("Module verification failed with error %d in FIPS mode\n",
		2445	err);
		2446	if (err == -ENOKEY && !sig_enforce)
		2447	err = 0;
		2448
		2449	return err;
		2450	}
		2451	#else /* !CONFIG_MODULE_SIG */
		2452	static int module_sig_check(struct load_info *info,
		2453	void mod, unsigned long len)
		2454	{
		2455	return 0;
		2456	}
		2457	#endif /* !CONFIG_MODULE_SIG */
		2458
		2459	/* Sets info->hdr, info->len and info->sig_ok. */
2403	static int copy_and_check(struct load_info *info,	2460	static int copy_and_check(struct load_info *info,
2404	const void __user *umod, unsigned long len,	2461	const void __user *umod, unsigned long len,
2405	const char __user *uargs)	2462	const char __user *uargs)
@@ -2419,6 +2476,10 @@ static int copy_and_check(struct load_info *info,
2419	goto free_hdr;	2476	goto free_hdr;
2420	}	2477	}
2421		2478
		2479	err = module_sig_check(info, hdr, &len);
		2480	if (err)
		2481	goto free_hdr;
		2482
2422	/* Sanity checks against insmoding binaries or wrong arch,	2483	/* Sanity checks against insmoding binaries or wrong arch,
2423	weird elf version */	2484	weird elf version */
2424	if (memcmp(hdr->e_ident, ELFMAG, SELFMAG) != 0	2485	if (memcmp(hdr->e_ident, ELFMAG, SELFMAG) != 0
@@ -2730,6 +2791,10 @@ static int check_module_license_and_versions(struct module *mod)
2730	if (strcmp(mod->name, "driverloader") == 0)	2791	if (strcmp(mod->name, "driverloader") == 0)
2731	add_taint_module(mod, TAINT_PROPRIETARY_MODULE);	2792	add_taint_module(mod, TAINT_PROPRIETARY_MODULE);
2732		2793
		2794	/* lve claims to be GPL but upstream won't provide source */
		2795	if (strcmp(mod->name, "lve") == 0)
		2796	add_taint_module(mod, TAINT_PROPRIETARY_MODULE);
		2797
2733	#ifdef CONFIG_MODVERSIONS	2798	#ifdef CONFIG_MODVERSIONS
2734	if ((mod->num_syms && !mod->crcs)	2799	if ((mod->num_syms && !mod->crcs)
2735	\|\| (mod->num_gpl_syms && !mod->gpl_crcs)	2800	\|\| (mod->num_gpl_syms && !mod->gpl_crcs)
@@ -2861,6 +2926,20 @@ static int post_relocation(struct module mod, const struct load_info info)
2861	return module_finalize(info->hdr, info->sechdrs, mod);	2926	return module_finalize(info->hdr, info->sechdrs, mod);
2862	}	2927	}
2863		2928
		2929	/* Is this module of this name done loading? No locks held. */
		2930	static bool finished_loading(const char *name)
		2931	{
		2932	struct module *mod;
		2933	bool ret;
		2934
		2935	mutex_lock(&module_mutex);
		2936	mod = find_module(name);
		2937	ret = !mod \|\| mod->state != MODULE_STATE_COMING;
		2938	mutex_unlock(&module_mutex);
		2939
		2940	return ret;
		2941	}
		2942
2864	/* Allocate and load the module: note that size of section 0 is always	2943	/* Allocate and load the module: note that size of section 0 is always
2865	zero, and we rely on this for optional sections. */	2944	zero, and we rely on this for optional sections. */
2866	static struct module load_module(void __user umod,	2945	static struct module load_module(void __user umod,
@@ -2868,7 +2947,7 @@ static struct module load_module(void __user umod,
2868	const char __user *uargs)	2947	const char __user *uargs)
2869	{	2948	{
2870	struct load_info info = { NULL, };	2949	struct load_info info = { NULL, };
2871	struct module *mod;	2950	struct module mod, old;
2872	long err;	2951	long err;
2873		2952
2874	pr_debug("load_module: umod=%p, len=%lu, uargs=%p\n",	2953	pr_debug("load_module: umod=%p, len=%lu, uargs=%p\n",
@@ -2886,6 +2965,12 @@ static struct module load_module(void __user umod,
2886	goto free_copy;	2965	goto free_copy;
2887	}	2966	}
2888		2967
		2968	#ifdef CONFIG_MODULE_SIG
		2969	mod->sig_ok = info.sig_ok;
		2970	if (!mod->sig_ok)
		2971	add_taint_module(mod, TAINT_FORCED_MODULE);
		2972	#endif
		2973
2889	/* Now module is in final location, initialize linked lists, etc. */	2974	/* Now module is in final location, initialize linked lists, etc. */
2890	err = module_unload_init(mod);	2975	err = module_unload_init(mod);
2891	if (err)	2976	if (err)
@@ -2934,8 +3019,18 @@ static struct module load_module(void __user umod,
2934	* function to insert in a way safe to concurrent readers.	3019	* function to insert in a way safe to concurrent readers.
2935	* The mutex protects against concurrent writers.	3020	* The mutex protects against concurrent writers.
2936	*/	3021	*/
		3022	again:
2937	mutex_lock(&module_mutex);	3023	mutex_lock(&module_mutex);
2938	if (find_module(mod->name)) {	3024	if ((old = find_module(mod->name)) != NULL) {
		3025	if (old->state == MODULE_STATE_COMING) {
		3026	/* Wait in case it fails to load. */
		3027	mutex_unlock(&module_mutex);
		3028	err = wait_event_interruptible(module_wq,
		3029	finished_loading(mod->name));
		3030	if (err)
		3031	goto free_arch_cleanup;
		3032	goto again;
		3033	}
2939	err = -EEXIST;	3034	err = -EEXIST;
2940	goto unlock;	3035	goto unlock;
2941	}	3036	}
@@ -2975,7 +3070,7 @@ static struct module load_module(void __user umod,
2975	/* Unlink carefully: kallsyms could be walking list. */	3070	/* Unlink carefully: kallsyms could be walking list. */
2976	list_del_rcu(&mod->list);	3071	list_del_rcu(&mod->list);
2977	module_bug_cleanup(mod);	3072	module_bug_cleanup(mod);
2978		3073	wake_up_all(&module_wq);
2979	ddebug:	3074	ddebug:
2980	dynamic_debug_remove(info.debug);	3075	dynamic_debug_remove(info.debug);
2981	unlock:	3076	unlock:
@@ -3050,7 +3145,7 @@ SYSCALL_DEFINE3(init_module, void __user *, umod,
3050	blocking_notifier_call_chain(&module_notify_list,	3145	blocking_notifier_call_chain(&module_notify_list,
3051	MODULE_STATE_GOING, mod);	3146	MODULE_STATE_GOING, mod);
3052	free_module(mod);	3147	free_module(mod);
3053	wake_up(&module_wq);	3148	wake_up_all(&module_wq);
3054	return ret;	3149	return ret;
3055	}	3150	}
3056	if (ret > 0) {	3151	if (ret > 0) {
@@ -3062,9 +3157,8 @@ SYSCALL_DEFINE3(init_module, void __user *, umod,
3062	dump_stack();	3157	dump_stack();
3063	}	3158	}
3064		3159
3065	/* Now it's a first class citizen! Wake up anyone waiting for it. */	3160	/* Now it's a first class citizen! */
3066	mod->state = MODULE_STATE_LIVE;	3161	mod->state = MODULE_STATE_LIVE;
3067	wake_up(&module_wq);
3068	blocking_notifier_call_chain(&module_notify_list,	3162	blocking_notifier_call_chain(&module_notify_list,
3069	MODULE_STATE_LIVE, mod);	3163	MODULE_STATE_LIVE, mod);
3070		3164
@@ -3087,6 +3181,7 @@ SYSCALL_DEFINE3(init_module, void __user *, umod,
3087	mod->init_ro_size = 0;	3181	mod->init_ro_size = 0;
3088	mod->init_text_size = 0;	3182	mod->init_text_size = 0;
3089	mutex_unlock(&module_mutex);	3183	mutex_unlock(&module_mutex);
		3184	wake_up_all(&module_wq);
3090		3185
3091	return 0;	3186	return 0;
3092	}	3187	}