From nobody Tue Mar 11 05:12:57 2025 Received: from mail-yw1-f202.google.com (mail-yw1-f202.google.com [209.85.128.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0A92C21E3DB for ; Tue, 15 Oct 2024 23:17:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729034223; cv=none; b=Z50LxxFdtmDwzDqNDv+kMshY36FI/RV8ocQknaJnDn7XUHnQn7pSjs8vDycHz4/uXps904kVWvNqj8IopGWVPdaMwpDLnE3spkPVVPSjzCtMcWDtlQ+svkv2kfLR5+qh4iAIgrnT6r8nCW+bCzNz57+f4jxwxfNIXu9MrGr3rJk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729034223; c=relaxed/simple; bh=QHhoXvpDEQPD/TLcchSrrWPbQthnrEyocMzfS0P9NlM=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=qEWFd4M7VCj7bJIXo3qIPKALGR7jutgQJnWH/tiS7iXQNEi0X7a602ilxLtREsVHr837I3t23YY2D4RhzTy4R1DTeSxjqA4mkY0BP0nWQbZGunHSSR9hrB9fj9T8qcWD3AZlc4lt0Ue7nop95H4wfNWf1px7+DE3mEs1X5jB7es= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=At/WHyQB; arc=none smtp.client-ip=209.85.128.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="At/WHyQB" Received: by mail-yw1-f202.google.com with SMTP id 00721157ae682-6e3d6713619so10568447b3.2 for ; Tue, 15 Oct 2024 16:17:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1729034221; x=1729639021; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=0RbEG7McUi9uEsl34Zx+GKrR9c4aF7zdcdcYg+Y9woE=; b=At/WHyQB2iNFrmHLOvaUVcnNycV2VXevkFrNgr0tmzO8PngCWPd9pRFcJPNc1Q1nvQ DgK84P0q9RB1IAk+PSLfeTCiuiZvE6iQuqsbj4t/C8bqEFzgvqYHJszicV7VH4okcTcy S29ReuJ6ffcAuCL/y7qmwYjJIV/Ys4oKpBYOm4zdd444THXc6V4dqoXEzLGZOvpe7a7o J8goC0c4AYBmOf0nZILXSTInL+bAzXvvQowkteJNxGC6He1AJIJqLIo1ZXJLeK2zKhI2 EUw5+vuyM//OQ8Yu2KMFkSsydbyeu16INNfxOiyJTvIPkUQaa5cK1Bp5b5sAs63BTLqF lRjQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729034221; x=1729639021; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=0RbEG7McUi9uEsl34Zx+GKrR9c4aF7zdcdcYg+Y9woE=; b=ME5LV8Wj6I4jmaS/tLy+S4dV1kZ//fVZJ/+VwIQyyWndJkoht7coh2ZeKLM+5iyLGE mqJUTZ0Yg4QA/dSEwidl+XN+OFBQ3YmWleyNuloYCCUPSIJoxgt0ewV3oyIoQx/6fr7O BT7d2vDWoSB2mxrDm396KCC1u/nrCYeTkQ5b5Wn6MJmiDqgsGKWE5XsWIqgaovwIU3PO PejA+Ih15A2JoLJsDn7VXWP4zhIaunZqEU5Xz+GBRs+EflZ1nsT8hBgg0IFfxMHR9S89 Df/Zux8RKw//1d5tavF0wIWC/fB8b3z7+AJszgSH2ui2CZ1AxrU+aWOq1/koXVW8Y8Y5 NznA== X-Gm-Message-State: AOJu0YxALJGLSASTOFQxXOD+FzWGKcobrKdTVpjlb/kzO74vt8Lo+r8p CiCjG0SqPumljk7GE7NxTmrrhlqRFjOTQBEqmWLleW0K6nu0jroaTUjPotmp1XWNWaoYJ6ZaNjr LdmISFw== X-Google-Smtp-Source: AGHT+IFPXzBe3tq4UEclYkB5CjDIeF4FAjlDz1DojdfYJQwU20ut08n6Uq7PA2tBHvy9wJlNUFsUH1mxlBeM X-Received: from anyblade.c.googlers.com ([fda3:e722:ac3:cc00:20:ed76:c0a8:1791]) (user=mmaurer job=sendgmr) by 2002:a25:ad60:0:b0:e16:6771:a299 with SMTP id 3f1490d57ef6-e29786b577amr950276.11.1729034220838; Tue, 15 Oct 2024 16:17:00 -0700 (PDT) Date: Tue, 15 Oct 2024 23:16:35 +0000 In-Reply-To: <20241015231651.3851138-1-mmaurer@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241015231651.3851138-1-mmaurer@google.com> X-Mailer: git-send-email 2.47.0.rc1.288.g06298d1525-goog Message-ID: <20241015231651.3851138-2-mmaurer@google.com> Subject: [PATCH 01/12] module: Take const arg in validate_section_offset From: Matthew Maurer To: mcgrof@kernel.org Cc: linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, samitolvanen@google.com, Matthew Maurer , Petr Pavlu , Daniel Gomez Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" `validate_section_offset` doesn't modify the info passed in. Make this clear by adjusting the type signature. Signed-off-by: Matthew Maurer Reviewed-by: Sami Tolvanen --- kernel/module/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index ef54733bd7d2..1ed1d1bf1416 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -1678,7 +1678,7 @@ bool __weak module_exit_section(const char *name) return strstarts(name, ".exit"); } =20 -static int validate_section_offset(struct load_info *info, Elf_Shdr *shdr) +static int validate_section_offset(const struct load_info *info, Elf_Shdr = *shdr) { #if defined(CONFIG_64BIT) unsigned long long secend; --=20 2.47.0.rc1.288.g06298d1525-goog From nobody Tue Mar 11 05:12:57 2025 Received: from mail-yw1-f202.google.com (mail-yw1-f202.google.com [209.85.128.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C75681D63E7 for ; Tue, 15 Oct 2024 23:17:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729034225; cv=none; b=SA4V4rZk6WaAq+Fz01p6cWwo1Wx1fBb6NZCJ3wvhuAK4FLmlA3Pa3bPkvemDfrPrIJHALUITORITpi7h0KMQq0g9mQje2iMfmvFs4fBzQ2u3LqHMj4ydxBD8FWvXU6Sp5tUASZ5Kfsxk9F07AugfG79QDhNeDeqxts7XyYLTta4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729034225; c=relaxed/simple; bh=mDYkZeYGnRE3sQhCcF+uoxl/1TxGRA4ekAMIMeBAB4I=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=PnrjIfQllto0H6Ece1VuQDPR/VfFMThiZK2O/J6iybR7q8iE1KFmAI6b8T6jyON9wnW3f+39H7Q6jkKZQIHRetgHsX226VQW2YQ8lai8eh9Glz2233pqllljxIts45O2dX5DultjrCgawRuwGcxbNyssZWPJFzdAIJAutff7Rhg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=daeXy4L9; arc=none smtp.client-ip=209.85.128.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="daeXy4L9" Received: by mail-yw1-f202.google.com with SMTP id 00721157ae682-6e3705b2883so48407727b3.3 for ; Tue, 15 Oct 2024 16:17:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1729034223; x=1729639023; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=GaOp4Let+iTa8j/z2TDGbKzwODexvMJh2E3PsytoWq8=; b=daeXy4L9nRtc6nArHS91VmuufFuGsrMwJxht0PqJCpgA1loiBrY2PA/YKEXOuu6yjk hrTjapcmDP00tlk4n/RUDidPpNoYJXv9BHqTcW75PWA/jdyVEC0mU02rV7hXdf4RE8vI kqJALoLd5BHmRpGVW8Mk0moqWB+iF9wzKpVPU2dtZsZ+rtVugT55WBCHwDYfM73gcSuT WYfw2FxVqjEjWt8wjlevu6BilnOEKEaIp2NUk264SF8TLxE1SMpZbynZTS/X+eVXPttr NuEDUO3sGPq1S+7zriGr0hI078g+jSBQQy7FZCZ2XrBr3T1+AkKzp+wH9xuZtYTzuW8h YfJw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729034223; x=1729639023; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=GaOp4Let+iTa8j/z2TDGbKzwODexvMJh2E3PsytoWq8=; b=T//KpBSHWC8bKD7BoY/7iFa+rHh62E7CJ8K0DkPXpa1mJL+Z54FDDhqlc2oys2r2Os 5OnKXwPFYurLno/wVV+gLlS1ONfSHB6+V1W0c8jNIAoWMAgbrw7wWrecwt+kDpPSbkxn BHyviN9pTIpeL92s5NWRLRkVI3JeFy678Ja/aPDPDtZH23QX+Hu/d/9RutSvw4pe8Jcs J49qc4St/TfI0JW6EjwCC9UfJdNKZ32r78ilHfQy4Odk0S/tYQWKAZGHvozXWB3j5ceZ TrKFEXHXuB7jnnfqyPtTRH4TVt2BZzcASU9/85vkzP6w1x7NKhV6FzxkrxOENx6tr9gP /HUQ== X-Gm-Message-State: AOJu0Yxxg4XOHVZM8K35Uzu4x+wfI+jVZ/REzHJ1ZojOezkeftdN3Rrl Rq+BaIrk9NIpebS2lgJQgqjYKviFDaYX0Fd4+1xPZsEC6xbjj7pQrV1Pf2YthRZeIesqlQZmShx KUWfrIg== X-Google-Smtp-Source: AGHT+IFZZ+EiwW/n3OCbtia15roWRedKzxQbPaS+sWOvG4bizXkUKDFwjIvX7+XcR/hn6q6oyOTxd8iYrUp2 X-Received: from anyblade.c.googlers.com ([fda3:e722:ac3:cc00:20:ed76:c0a8:1791]) (user=mmaurer job=sendgmr) by 2002:a05:690c:74c7:b0:6e3:39e5:f0e8 with SMTP id 00721157ae682-6e3d41c6eacmr556067b3.6.1729034222868; Tue, 15 Oct 2024 16:17:02 -0700 (PDT) Date: Tue, 15 Oct 2024 23:16:36 +0000 In-Reply-To: <20241015231651.3851138-1-mmaurer@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241015231651.3851138-1-mmaurer@google.com> X-Mailer: git-send-email 2.47.0.rc1.288.g06298d1525-goog Message-ID: <20241015231651.3851138-3-mmaurer@google.com> Subject: [PATCH 02/12] module: Factor out elf_validity_ehdr From: Matthew Maurer To: mcgrof@kernel.org Cc: linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, samitolvanen@google.com, Matthew Maurer , Petr Pavlu , Daniel Gomez Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Factor out verification of the ELF header and document what is checked. Signed-off-by: Matthew Maurer Reviewed-by: Sami Tolvanen --- kernel/module/main.c | 70 +++++++++++++++++++++++++++++--------------- 1 file changed, 47 insertions(+), 23 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index 1ed1d1bf1416..c836354928f0 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -1697,6 +1697,50 @@ static int validate_section_offset(const struct load= _info *info, Elf_Shdr *shdr) return 0; } =20 +/** + * elf_validity_ehdr() - Checks an ELF header for module validity + * @info: Load info containing the ELF header to check + * + * Checks whether an ELF header could belong to a valid module. Checks: + * + * * ELF header is within the data the user provided + * * ELF magic is present + * * It is relocatable (not final linked, not core file, etc.) + * * The header's machine type matches what the architecture expects. + * * Optional arch-specific hook for other properties + * - module_elf_check_arch() is currently only used by PPC to check + * ELF ABI version, but may be used by others in the future. + * + * Return: %0 if valid, %-ENOEXEC on failure. + */ +static int elf_validity_ehdr(const struct load_info *info) +{ + if (info->len < sizeof(*(info->hdr))) { + pr_err("Invalid ELF header len %lu\n", info->len); + return -ENOEXEC; + } + if (memcmp(info->hdr->e_ident, ELFMAG, SELFMAG) !=3D 0) { + pr_err("Invalid ELF header magic: !=3D %s\n", ELFMAG); + return -ENOEXEC; + } + if (info->hdr->e_type !=3D ET_REL) { + pr_err("Invalid ELF header type: %u !=3D %u\n", + info->hdr->e_type, ET_REL); + return -ENOEXEC; + } + if (!elf_check_arch(info->hdr)) { + pr_err("Invalid architecture in ELF header: %u\n", + info->hdr->e_machine); + return -ENOEXEC; + } + if (!module_elf_check_arch(info->hdr)) { + pr_err("Invalid module architecture in ELF header: %u\n", + info->hdr->e_machine); + return -ENOEXEC; + } + return 0; +} + /* * Check userspace passed ELF module against our expectations, and cache * useful variables for further processing as we go. @@ -1726,30 +1770,10 @@ static int elf_validity_cache_copy(struct load_info= *info, int flags) unsigned int num_info_secs =3D 0, info_idx; unsigned int num_sym_secs =3D 0, sym_idx; =20 - if (info->len < sizeof(*(info->hdr))) { - pr_err("Invalid ELF header len %lu\n", info->len); - goto no_exec; - } + err =3D elf_validity_ehdr(info); + if (err < 0) + return err; =20 - if (memcmp(info->hdr->e_ident, ELFMAG, SELFMAG) !=3D 0) { - pr_err("Invalid ELF header magic: !=3D %s\n", ELFMAG); - goto no_exec; - } - if (info->hdr->e_type !=3D ET_REL) { - pr_err("Invalid ELF header type: %u !=3D %u\n", - info->hdr->e_type, ET_REL); - goto no_exec; - } - if (!elf_check_arch(info->hdr)) { - pr_err("Invalid architecture in ELF header: %u\n", - info->hdr->e_machine); - goto no_exec; - } - if (!module_elf_check_arch(info->hdr)) { - pr_err("Invalid module architecture in ELF header: %u\n", - info->hdr->e_machine); - goto no_exec; - } if (info->hdr->e_shentsize !=3D sizeof(Elf_Shdr)) { pr_err("Invalid ELF section header size\n"); goto no_exec; --=20 2.47.0.rc1.288.g06298d1525-goog From nobody Tue Mar 11 05:12:57 2025 Received: from mail-yb1-f201.google.com (mail-yb1-f201.google.com [209.85.219.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D01A51CACD9 for ; Tue, 15 Oct 2024 23:17:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729034227; cv=none; b=YT15f89ObFNQ/jgI4E1BSF/CeTclUNCBZD+61F3dGRjngiKY0gJHHhs1UknQ3T468jqfrEnBCfBknPdzQBcjNJ2CGkb58woFcoBZMC0PQTpahAVO3d1EXnVgfVsBdySbgPP/5fLMBpq6L1Z04XtYe08y5TniFObIOaordTLkTuo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729034227; c=relaxed/simple; bh=Q/ebP4VppKXgX75HHkGyapl6+59q2K1k/6cBCCOTXVg=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=YFsjHxM5LlYZcTVxlvxvai6ZKyxi0cPTPzN6UXSDvkqS9I4Skdu7wara6nPtVnnAJ6r3Z2BQf3lz9WnkGBMaOJViO7ZepMOjw1kPgJj2Nwqc+4J+9Fu4NoNsUbuDb8p+C6lqZZKKGumtj2DmjImTLB0ZTa/e1hGiqh0Ff2xnTFA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=CfVslK/m; arc=none smtp.client-ip=209.85.219.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="CfVslK/m" Received: by mail-yb1-f201.google.com with SMTP id 3f1490d57ef6-e2928d9e615so6644470276.0 for ; Tue, 15 Oct 2024 16:17:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1729034225; x=1729639025; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=s9C2Ei02TD++bK2BpkVHJvqSOFvsQEfujDFHeRhGRWA=; b=CfVslK/mQVPkVgi4qJvoUZuABqvmzYgpJ6kTRKUmqxe8S7zCiSW7iob7vGS+xY4cAT SRP68ozJtRNQr795X4nh2LyqiTysn4ptun2+nwfAncPcdaR8r0UNBVdX1/m0KiaTBSQk WNwkJ/frh8rDOPyLEos1bqxVoRBth+TfLH9RZQ8TAYmn7Kqzngd5kSTiU15EX6Ix1l/O dOhtXgts75yCjRl+hehBodMZ7JaWZCp49lRh2rjKYnYgEnVNwxGwiwIqIhgdsg0n7ZEM nH1FXWMknZZ+doIM3pAy5lCDa/DlMp1KSbzDwIVGFM06fxF2uh+VHQcc9OnpOmRh/ytC mzWQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729034225; x=1729639025; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=s9C2Ei02TD++bK2BpkVHJvqSOFvsQEfujDFHeRhGRWA=; b=Q0TvyWNCDGBBPY7r7GWJyV8UPrmquqsFTrtUO3JpNCHulU75d+YY0m5RU3O3+oREqA K04V6hotJCq6n8Up92BYEgJSfro2/4EpY38SjQ6wgP4G6N3TSfVbf4AYMEE2nazfnPoX tuP5qW4gUT58hnyWgr64ThYScCwYsDOfMFkoUns2a8Emq8wEgMhmvpk+eRC1hYPEmN8x 3E8YyGhnJQWP/J2e+kKVKGvds++zW7pAmRiGrXrIXqrf3cOr83Cd1Rjb2p/bKCMu5iH8 sXQeghb1rBkJogaLpmI0woesjhjXvW9m2IvMunHRwtOxyYOguqbde5c6zNzQdIhTLw/S pPlg== X-Gm-Message-State: AOJu0YywlLxourgA5VNljdPW7nPikARVE0M36C1rtdpESY1h2cGynNxW uEaSLPxcWHGk+tgw5DnC84tCLOjElYYjOoqO4WD7JeSb1AsQHc3B3Jc/t56tJbpz8V0mj4OnQQe QnhonWg== X-Google-Smtp-Source: AGHT+IF9/RrejyXjamOHmES0fO9LFDxPPSqw0EHrizmRCN81klIy8hyZiM00NmuWFywfdGDutrXWewNuQlb5 X-Received: from anyblade.c.googlers.com ([fda3:e722:ac3:cc00:20:ed76:c0a8:1791]) (user=mmaurer job=sendgmr) by 2002:a25:68d4:0:b0:e29:6fd5:70ec with SMTP id 3f1490d57ef6-e2978558d8dmr2050276.6.1729034224721; Tue, 15 Oct 2024 16:17:04 -0700 (PDT) Date: Tue, 15 Oct 2024 23:16:37 +0000 In-Reply-To: <20241015231651.3851138-1-mmaurer@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241015231651.3851138-1-mmaurer@google.com> X-Mailer: git-send-email 2.47.0.rc1.288.g06298d1525-goog Message-ID: <20241015231651.3851138-4-mmaurer@google.com> Subject: [PATCH 03/12] module: Factor out elf_validity_cache_sechdrs From: Matthew Maurer To: mcgrof@kernel.org Cc: linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, samitolvanen@google.com, Matthew Maurer , Petr Pavlu , Daniel Gomez Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Factor out and document the validation of section headers. Because we now validate all section offsets and lengths before accessing them, we can remove the ad-hoc checks. Signed-off-by: Matthew Maurer Reviewed-by: Sami Tolvanen --- kernel/module/main.c | 125 ++++++++++++++++++++++++++++--------------- 1 file changed, 82 insertions(+), 43 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index c836354928f0..467e35f0232a 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -1741,6 +1741,87 @@ static int elf_validity_ehdr(const struct load_info = *info) return 0; } =20 +/** + * elf_validity_cache_sechdrs() - Cache section headers if valid + * @info: Load info to compute section headers from + * + * Checks: + * + * * ELF header is valid (see elf_validity_ehdr()) + * * Section headers are the size we expect + * * Section array fits in the user provided data + * * Section index 0 is NULL + * * Section contents are inbounds + * + * Then updates @info with a &load_info->sechdrs pointer if valid. + * + * Return: %0 if valid, negative error code if validation failed. + */ +static int elf_validity_cache_sechdrs(struct load_info *info) +{ + Elf_Shdr *sechdrs; + Elf_Shdr *shdr; + int i; + int err; + + err =3D elf_validity_ehdr(info); + if (err < 0) + return err; + + if (info->hdr->e_shentsize !=3D sizeof(Elf_Shdr)) { + pr_err("Invalid ELF section header size\n"); + return -ENOEXEC; + } + + /* + * e_shnum is 16 bits, and sizeof(Elf_Shdr) is + * known and small. So e_shnum * sizeof(Elf_Shdr) + * will not overflow unsigned long on any platform. + */ + if (info->hdr->e_shoff >=3D info->len + || (info->hdr->e_shnum * sizeof(Elf_Shdr) > + info->len - info->hdr->e_shoff)) { + pr_err("Invalid ELF section header overflow\n"); + return -ENOEXEC; + } + + sechdrs =3D (void *)info->hdr + info->hdr->e_shoff; + + /* + * The code assumes that section 0 has a length of zero and + * an addr of zero, so check for it. + */ + if (sechdrs[0].sh_type !=3D SHT_NULL + || sechdrs[0].sh_size !=3D 0 + || sechdrs[0].sh_addr !=3D 0) { + pr_err("ELF Spec violation: section 0 type(%d)!=3DSH_NULL or non-zero le= n or addr\n", + sechdrs[0].sh_type); + return -ENOEXEC; + } + + /* Validate contents are inbounds */ + for (i =3D 1; i < info->hdr->e_shnum; i++) { + shdr =3D &sechdrs[i]; + switch (shdr->sh_type) { + case SHT_NULL: + case SHT_NOBITS: + /* No contents, offset/size don't mean anything */ + continue; + default: + err =3D validate_section_offset(info, shdr); + if (err < 0) { + pr_err("Invalid ELF section in module (section %u type %u)\n", + i, shdr->sh_type); + return err; + } + } + } + + info->sechdrs =3D sechdrs; + + return 0; +} + /* * Check userspace passed ELF module against our expectations, and cache * useful variables for further processing as we go. @@ -1770,29 +1851,10 @@ static int elf_validity_cache_copy(struct load_info= *info, int flags) unsigned int num_info_secs =3D 0, info_idx; unsigned int num_sym_secs =3D 0, sym_idx; =20 - err =3D elf_validity_ehdr(info); + err =3D elf_validity_cache_sechdrs(info); if (err < 0) return err; =20 - if (info->hdr->e_shentsize !=3D sizeof(Elf_Shdr)) { - pr_err("Invalid ELF section header size\n"); - goto no_exec; - } - - /* - * e_shnum is 16 bits, and sizeof(Elf_Shdr) is - * known and small. So e_shnum * sizeof(Elf_Shdr) - * will not overflow unsigned long on any platform. - */ - if (info->hdr->e_shoff >=3D info->len - || (info->hdr->e_shnum * sizeof(Elf_Shdr) > - info->len - info->hdr->e_shoff)) { - pr_err("Invalid ELF section header overflow\n"); - goto no_exec; - } - - info->sechdrs =3D (void *)info->hdr + info->hdr->e_shoff; - /* * Verify if the section name table index is valid. */ @@ -1805,11 +1867,6 @@ static int elf_validity_cache_copy(struct load_info = *info, int flags) } =20 strhdr =3D &info->sechdrs[info->hdr->e_shstrndx]; - err =3D validate_section_offset(info, strhdr); - if (err < 0) { - pr_err("Invalid ELF section hdr(type %u)\n", strhdr->sh_type); - return err; - } =20 /* * The section name table must be NUL-terminated, as required @@ -1826,18 +1883,6 @@ static int elf_validity_cache_copy(struct load_info = *info, int flags) goto no_exec; } =20 - /* - * The code assumes that section 0 has a length of zero and - * an addr of zero, so check for it. - */ - if (info->sechdrs[0].sh_type !=3D SHT_NULL - || info->sechdrs[0].sh_size !=3D 0 - || info->sechdrs[0].sh_addr !=3D 0) { - pr_err("ELF Spec violation: section 0 type(%d)!=3DSH_NULL or non-zero le= n or addr\n", - info->sechdrs[0].sh_type); - goto no_exec; - } - for (i =3D 1; i < info->hdr->e_shnum; i++) { shdr =3D &info->sechdrs[i]; switch (shdr->sh_type) { @@ -1856,12 +1901,6 @@ static int elf_validity_cache_copy(struct load_info = *info, int flags) sym_idx =3D i; fallthrough; default: - err =3D validate_section_offset(info, shdr); - if (err < 0) { - pr_err("Invalid ELF section in module (section %u type %u)\n", - i, shdr->sh_type); - return err; - } if (strcmp(info->secstrings + shdr->sh_name, ".gnu.linkonce.this_module") =3D=3D 0) { num_mod_secs++; --=20 2.47.0.rc1.288.g06298d1525-goog From nobody Tue Mar 11 05:12:57 2025 Received: from mail-yb1-f202.google.com (mail-yb1-f202.google.com [209.85.219.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DD7051F9EBD for ; Tue, 15 Oct 2024 23:17:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729034230; cv=none; b=ejkkWE59PU/hvhLrSBVIJ3N820Mr76RbUYFzcStstj+snYWQ2PO6Vv7BGgX/adGyxOZ/jDpOYNzB2qctzWWiZQwgGE6h7nxDvzRMmGWYJsDPEAm08P8+HQ0AvSyr1NC0m8DM5aSmWQK4gZ0w+Wt1cp5ORD5cPhW12jP6j/UVf3Y= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729034230; c=relaxed/simple; bh=YE/oK9ZOhdsHNUDoCLONYihU16c/izMFQR3EpE6qWgg=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Ira+WerPYsoj04t6TszuQ2i2p0M4GUdn682qVb3MbxRCNF7daem0SjxziekaCUWa/wKnJolGsquL5y/gvPRJXE/mU1ssPYn6j422EIOz4gspHCQPM+FGJs/QcrWSkowBhmw7/CRubfyIUi/xI04cDnSrYHGDoqk4kiYGxHp+JAg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=TwwwPg+Z; arc=none smtp.client-ip=209.85.219.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="TwwwPg+Z" Received: by mail-yb1-f202.google.com with SMTP id 3f1490d57ef6-e2904d0cad0so9004312276.1 for ; Tue, 15 Oct 2024 16:17:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1729034227; x=1729639027; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=hpXqqJ7mhE4OTX7mw0ZIHnsdobY/QXMTdFshJ+hNzmc=; b=TwwwPg+ZV1lFiBZt4WXhSYohJ4VKuSEvF31Vx47EuMkHa+FwmCcvjhXZFfeTxm4o0c EnMvqT3CZDLSPv8vY9g6CP296PScmCdWPOdCuDZg67a07jmbjdI42Eus4UoUJMWs2mcS BS50jFuSGHhphKfHguQ+YRphsVkhW6fQSomgCCBqiLpUpuGy4G+PG1smnbvmiR7XS22b hgyBo/QLC+1XnVRFjwg8kLQdVR1oxHH2kwer0FOYdzk75fjOp4uUzVZBYYyg3Y58yWvN +CTHmvR5YJ1dSWBrpOrAP5GITbOKPBNOvt3sHM+Q6ZKajPIEuHSq7iH81o9/NWHrD3Bp WeXQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729034227; x=1729639027; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=hpXqqJ7mhE4OTX7mw0ZIHnsdobY/QXMTdFshJ+hNzmc=; b=SgUzqUaGF/1DsvgvniD6e/ANV1SwgiwUPxgaPFtfI3x19tK9t6KqL1XMt5Jl69eqwG gDGcrYhaJL6pIfYQUbsXMeAZZgX62tkzEEDABGecX50iIPUTvPt4BMgq4pN+4Z8ngZrh iMJbHikJEDCbSnTYF/xbXAGiytW8I5LUKQ6j4fz4b6jlAkLsDxlE0qlMrLtBo6hpqapp cAVSjVis6mnC3NyKr4tZCE/MIFnfMW8HE3D1IYDk0JMw6no86lUp9qkYLYlROzhxD0lZ qo4GALdOeJuG5Fxgzz2EK/TPeWjvx7whSutpeW2mCl0MM6Wx8jr1ls02XzylvBfEGiDw QmOw== X-Gm-Message-State: AOJu0Yz4uILMEhLfryQ9ZE1BlQLB8bNDMy0VbRE7mFCF7ieoeppNTYib 1cq/X6mA1z0Dw798b+qFqBi1BDbceKsBJHCc5nQwt+IvsKjgLGZtm7k5AZzZ6EgLVNibr91xsM5 T1T7bIQ== X-Google-Smtp-Source: AGHT+IHizGOPKT5xbBjYB4IekU0DU2Mgds5ptzsICNd3lT/qy4QxEafJXfV6FVd+c7tsCcxLBv+gbqraWgah X-Received: from anyblade.c.googlers.com ([fda3:e722:ac3:cc00:20:ed76:c0a8:1791]) (user=mmaurer job=sendgmr) by 2002:a25:947:0:b0:e29:76b7:ed37 with SMTP id 3f1490d57ef6-e2978585cc5mr1523276.9.1729034226849; Tue, 15 Oct 2024 16:17:06 -0700 (PDT) Date: Tue, 15 Oct 2024 23:16:38 +0000 In-Reply-To: <20241015231651.3851138-1-mmaurer@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241015231651.3851138-1-mmaurer@google.com> X-Mailer: git-send-email 2.47.0.rc1.288.g06298d1525-goog Message-ID: <20241015231651.3851138-5-mmaurer@google.com> Subject: [PATCH 04/12] module: Factor out elf_validity_cache_secstrings From: Matthew Maurer To: mcgrof@kernel.org Cc: linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, samitolvanen@google.com, Matthew Maurer , Petr Pavlu , Daniel Gomez Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Factor out the validation of section names. There are two behavioral changes: 1. Previously, we did not validate non-SHF_ALLOC sections. This may have once been safe, as find_sec skips non-SHF_ALLOC sections, but find_any_sec, which will be used to load BTF if that is enabled, ignores the SHF_ALLOC flag. Since there's no need to support invalid section names, validate all of them, not just SHF_ALLOC sections. 2. Section names were validated *after* accessing them for the purposes of detecting ".modinfo" and ".gnu.linkonce.this_module". They are now checked prior to the access, which could avoid bad accesses with malformed modules. Signed-off-by: Matthew Maurer Reviewed-by: Sami Tolvanen --- kernel/module/main.c | 106 ++++++++++++++++++++++++++++--------------- 1 file changed, 69 insertions(+), 37 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index 467e35f0232a..473f1fb25de2 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -1822,6 +1822,71 @@ static int elf_validity_cache_sechdrs(struct load_in= fo *info) return 0; } =20 +/** + * elf_validity_cache_secstrings() - Caches section names if valid + * @info: Load info to cache section names from. Must have valid sechdrs. + * + * Specifically checks: + * + * * Section name table index is inbounds of section headers + * * Section name table is not empty + * * Section name table is NUL terminated + * * All section name offsets are inbounds of the section + * + * Then updates @info with a &load_info->secstrings pointer if valid. + * + * Return: %0 if valid, negative error code if validation failed. + */ +static int elf_validity_cache_secstrings(struct load_info *info) +{ + Elf_Shdr *strhdr, *shdr; + char *secstrings; + int i; + + /* + * Verify if the section name table index is valid. + */ + if (info->hdr->e_shstrndx =3D=3D SHN_UNDEF + || info->hdr->e_shstrndx >=3D info->hdr->e_shnum) { + pr_err("Invalid ELF section name index: %d || e_shstrndx (%d) >=3D e_shn= um (%d)\n", + info->hdr->e_shstrndx, info->hdr->e_shstrndx, + info->hdr->e_shnum); + return -ENOEXEC; + } + + strhdr =3D &info->sechdrs[info->hdr->e_shstrndx]; + + /* + * The section name table must be NUL-terminated, as required + * by the spec. This makes strcmp and pr_* calls that access + * strings in the section safe. + */ + secstrings =3D (void *)info->hdr + strhdr->sh_offset; + if (strhdr->sh_size =3D=3D 0) { + pr_err("empty section name table\n"); + return -ENOEXEC; + } + if (secstrings[strhdr->sh_size - 1] !=3D '\0') { + pr_err("ELF Spec violation: section name table isn't null terminated\n"); + return -ENOEXEC; + } + + for (i =3D 0; i < info->hdr->e_shnum; i++) { + shdr =3D &info->sechdrs[i]; + /* SHT_NULL means sh_name has an undefined value */ + if (shdr->sh_type =3D=3D SHT_NULL) + continue; + if (shdr->sh_name >=3D strhdr->sh_size) { + pr_err("Invalid ELF section name in module (section %u type %u)\n", + i, shdr->sh_type); + return -ENOEXEC; + } + } + + info->secstrings =3D secstrings; + return 0; +} + /* * Check userspace passed ELF module against our expectations, and cache * useful variables for further processing as we go. @@ -1845,7 +1910,7 @@ static int elf_validity_cache_sechdrs(struct load_inf= o *info) static int elf_validity_cache_copy(struct load_info *info, int flags) { unsigned int i; - Elf_Shdr *shdr, *strhdr; + Elf_Shdr *shdr; int err; unsigned int num_mod_secs =3D 0, mod_idx; unsigned int num_info_secs =3D 0, info_idx; @@ -1854,34 +1919,9 @@ static int elf_validity_cache_copy(struct load_info = *info, int flags) err =3D elf_validity_cache_sechdrs(info); if (err < 0) return err; - - /* - * Verify if the section name table index is valid. - */ - if (info->hdr->e_shstrndx =3D=3D SHN_UNDEF - || info->hdr->e_shstrndx >=3D info->hdr->e_shnum) { - pr_err("Invalid ELF section name index: %d || e_shstrndx (%d) >=3D e_shn= um (%d)\n", - info->hdr->e_shstrndx, info->hdr->e_shstrndx, - info->hdr->e_shnum); - goto no_exec; - } - - strhdr =3D &info->sechdrs[info->hdr->e_shstrndx]; - - /* - * The section name table must be NUL-terminated, as required - * by the spec. This makes strcmp and pr_* calls that access - * strings in the section safe. - */ - info->secstrings =3D (void *)info->hdr + strhdr->sh_offset; - if (strhdr->sh_size =3D=3D 0) { - pr_err("empty section name table\n"); - goto no_exec; - } - if (info->secstrings[strhdr->sh_size - 1] !=3D '\0') { - pr_err("ELF Spec violation: section name table isn't null terminated\n"); - goto no_exec; - } + err =3D elf_validity_cache_secstrings(info); + if (err < 0) + return err; =20 for (i =3D 1; i < info->hdr->e_shnum; i++) { shdr =3D &info->sechdrs[i]; @@ -1910,14 +1950,6 @@ static int elf_validity_cache_copy(struct load_info = *info, int flags) num_info_secs++; info_idx =3D i; } - - if (shdr->sh_flags & SHF_ALLOC) { - if (shdr->sh_name >=3D strhdr->sh_size) { - pr_err("Invalid ELF section name in module (section %u type %u)\n", - i, shdr->sh_type); - return -ENOEXEC; - } - } break; } } --=20 2.47.0.rc1.288.g06298d1525-goog From nobody Tue Mar 11 05:12:57 2025 Received: from mail-yb1-f202.google.com (mail-yb1-f202.google.com [209.85.219.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A82421FC7E3 for ; Tue, 15 Oct 2024 23:17:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729034231; cv=none; b=mzWPLBXenJo2AIJHlAhtBU5mgpgXy6sQBwfxoZC22GQrUXEbHH1pa1ssZMvZX0HvGGN+tvIsMQRd5+bcy0j7CSfq3ZtBn2EPoZ4t2FKhHrfWuhpAGxZQhjSXOrCVPPh9ZiMQI6envhBQVkBYGQfqxt0RfIWkYQ+ZREuetJDJCPk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729034231; c=relaxed/simple; bh=keltVl7vYU9EPlcQRfVtCcny2Z6cQUk1MMTzAOK5SA8=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=dpKxv11BoNABFrpvYzVNf5QgEc6tzYHtw90ZbFNnznkGNDt3X0uKKoNXf7VikCZZKd51/aSqzRGdxY4vjS+Qjog688w3/+0f1mPtUSpOB7UiIckQDC4nWfC0Byh896SVtRAGEIte7OQs3HanQ3d3K6P7pekypJn4H15MGFiNjLI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=MDUpd6ZD; arc=none smtp.client-ip=209.85.219.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="MDUpd6ZD" Received: by mail-yb1-f202.google.com with SMTP id 3f1490d57ef6-e292dbfd834so5696761276.3 for ; Tue, 15 Oct 2024 16:17:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1729034229; x=1729639029; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=TQYiDylULU1Fc0U45JVmZV1jTxB4Hv3WLTHptCyQE2g=; b=MDUpd6ZDW/46H5uih+sC5p0hbH+2TgiHDd5ZjVFgDcb2zdy9YVya/9UAGy4BmVz8hu 7hjbr/8LObxT2x9Mok7YHG9ad6nuauL2tU83okr6JdyuWjCOLsrYgAwg5oKpqtZ2DMDs 4LwiX5Pln9KZLIuEzdCkL3bjGymYlT5BzKBtUGO2RelAlJt8x1cX/ONLa6+6EFV5AknT zP6dbSwovGRYvqLpazrx5xJqVd2+lVuQP1BnZYtULu22VZaOHA01DOvBBNK2WyBJmDaJ 897CoHTnr90hTi5ZhUjALuzFQQU8fdPb77wYNfzrsB3JSUsSm8fb0fq+b+hDB7ioNRKs geBg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729034229; x=1729639029; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=TQYiDylULU1Fc0U45JVmZV1jTxB4Hv3WLTHptCyQE2g=; b=CWZHMnILQ4OnLnCd9YcYwY2Bke5rg4Z1wd7VvUbHdTx2UVXJpRl93njYu88NFl0P2d I1KSGa4dk5tzdBly78yNOLDrCFOo8xGbXk9hqOxeahCR6c8ZTAz83rGzWCjqhSMDSMUk FIIZAvR20YzEfto6+C257HsmQ/Eru7YBZI6xMknMTH1N3awAxzGS+XXgwLq++B6FIvct QTbWZTWoY8wj1IHagzi6nBDD/zaFXKXaCMCc+9t6piNCHQ91FaXTJTauuDoX0dzyGHDu D9BrTMV3/GCw8DC2+d3c6FQgaazWwXsUi+C2O/C3jjNBQA/KknXO1o6oUVCeP6tzaFeS Y0nA== X-Gm-Message-State: AOJu0YyLnm7T/1sDCrgOcJrdRXQD0pqxIvfi3tUwx8EuM7nY3jbWMEva 9bNJQaCXBlYgF7espAsLS1UvYVUtuxgorqV30tY1nK1xGEqB4Oc/2IHKtfIl4vSYk2xckONksUw DUSAGZg== X-Google-Smtp-Source: AGHT+IESRWGhdP/DVUgoBjA23GTWDfK0rZz9759983ENQNbLXCK4xnlPImOdO8gU18zMbWXRCEMfPIx3Zu6o X-Received: from anyblade.c.googlers.com ([fda3:e722:ac3:cc00:20:ed76:c0a8:1791]) (user=mmaurer job=sendgmr) by 2002:a25:68d4:0:b0:e28:f454:7de5 with SMTP id 3f1490d57ef6-e297855147cmr1515276.6.1729034228858; Tue, 15 Oct 2024 16:17:08 -0700 (PDT) Date: Tue, 15 Oct 2024 23:16:39 +0000 In-Reply-To: <20241015231651.3851138-1-mmaurer@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241015231651.3851138-1-mmaurer@google.com> X-Mailer: git-send-email 2.47.0.rc1.288.g06298d1525-goog Message-ID: <20241015231651.3851138-6-mmaurer@google.com> Subject: [PATCH 05/12] module: Factor out elf_validity_cache_index_info From: Matthew Maurer To: mcgrof@kernel.org Cc: linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, samitolvanen@google.com, Matthew Maurer , Petr Pavlu , Daniel Gomez Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Centralize .modinfo detection and property validation. Signed-off-by: Matthew Maurer Reviewed-by: Sami Tolvanen --- kernel/module/main.c | 82 ++++++++++++++++++++++++++++++++++++-------- 1 file changed, 68 insertions(+), 14 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index 473f1fb25de2..6747cbc774b0 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -195,6 +195,38 @@ static unsigned int find_sec(const struct load_info *i= nfo, const char *name) return 0; } =20 +/** + * find_any_unique_sec() - Find a unique section index by name + * @info: Load info for the module to scan + * @name: Name of the section we're looking for + * + * Locates a unique section by name. Ignores SHF_ALLOC. + * + * Return: Section index if found uniquely, zero if absent, negative count + * of total instances if multiple were found. + */ +static int find_any_unique_sec(const struct load_info *info, const char *n= ame) +{ + unsigned int idx; + unsigned int count =3D 0; + int i; + + for (i =3D 1; i < info->hdr->e_shnum; i++) { + if (strcmp(info->secstrings + info->sechdrs[i].sh_name, + name) =3D=3D 0) { + count++; + idx =3D i; + } + } + if (count =3D=3D 1) { + return idx; + } else if (count =3D=3D 0) { + return 0; + } else { + return -count; + } +} + /* Find a module section, or NULL. */ static void *section_addr(const struct load_info *info, const char *name) { @@ -1887,6 +1919,39 @@ static int elf_validity_cache_secstrings(struct load= _info *info) return 0; } =20 +/** + * elf_validity_cache_index_info() - Validate and cache modinfo section + * @info: Load info to populate the modinfo index on. + * Must have &load_info->sechdrs and &load_info->secstrings populat= ed + * + * Checks that if there is a .modinfo section, it is unique. + * Then, it caches its index in &load_info->index.info. + * Finally, it tries to populate the name to improve error messages. + * + * Return: %0 if valid, %-ENOEXEC if multiple modinfo sections were found. + */ +static int elf_validity_cache_index_info(struct load_info *info) +{ + int info_idx; + + info_idx =3D find_any_unique_sec(info, ".modinfo"); + + if (info_idx =3D=3D 0) + /* Early return, no .modinfo */ + return 0; + + if (info_idx < 0) { + pr_err("Only one .modinfo section must exist.\n"); + return -ENOEXEC; + } + + info->index.info =3D info_idx; + /* Try to find a name early so we can log errors with a module name */ + info->name =3D get_modinfo(info, "name"); + + return 0; +} + /* * Check userspace passed ELF module against our expectations, and cache * useful variables for further processing as we go. @@ -1913,13 +1978,15 @@ static int elf_validity_cache_copy(struct load_info= *info, int flags) Elf_Shdr *shdr; int err; unsigned int num_mod_secs =3D 0, mod_idx; - unsigned int num_info_secs =3D 0, info_idx; unsigned int num_sym_secs =3D 0, sym_idx; =20 err =3D elf_validity_cache_sechdrs(info); if (err < 0) return err; err =3D elf_validity_cache_secstrings(info); + if (err < 0) + return err; + err =3D elf_validity_cache_index_info(info); if (err < 0) return err; =20 @@ -1945,24 +2012,11 @@ static int elf_validity_cache_copy(struct load_info= *info, int flags) ".gnu.linkonce.this_module") =3D=3D 0) { num_mod_secs++; mod_idx =3D i; - } else if (strcmp(info->secstrings + shdr->sh_name, - ".modinfo") =3D=3D 0) { - num_info_secs++; - info_idx =3D i; } break; } } =20 - if (num_info_secs > 1) { - pr_err("Only one .modinfo section must exist.\n"); - goto no_exec; - } else if (num_info_secs =3D=3D 1) { - /* Try to find a name early so we can log errors with a module name */ - info->index.info =3D info_idx; - info->name =3D get_modinfo(info, "name"); - } - if (num_sym_secs !=3D 1) { pr_warn("%s: module has no symbols (stripped?)\n", info->name ?: "(missing .modinfo section or name field)"); --=20 2.47.0.rc1.288.g06298d1525-goog From nobody Tue Mar 11 05:12:57 2025 Received: from mail-yb1-f201.google.com (mail-yb1-f201.google.com [209.85.219.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BD8AF1D63FE for ; Tue, 15 Oct 2024 23:17:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729034233; cv=none; b=Jb4OhkAkyDXpH1SX2Yhhrrl58IwmfeZqWtlJCHzCl9/K7os8AEACoIVZM91Xls5AR4QTJMdqJ66jzOkKGGSK9aPqhMuKIpvGlhackxDWS1TEMVK6h+nYcVzQPlR5I2Z0b84DIIAyjiPkg4jejomMWJDGYFHePaz6wH1Ka9mI9cw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729034233; c=relaxed/simple; bh=XJb8GC1WAknzucT2QTWdPk2p/Ah0/usyy4/JqpeqgqY=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=mG3K96TjtFykr7qw5aLDSZS7WfCHVNPlmUckUOP7ZCeslyNWo0YMwnZ+iJU9GDrB3qx/4K0787KtGC6pUsgDiWwNbcuRH94E8ol6tJ7usUPqlr8PDwPwewG1QLVD5ZJKnAyoKA05jUlxusOmmSSSIDplhXG22KSDoravURWP+B0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=TWdPjvFc; arc=none smtp.client-ip=209.85.219.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="TWdPjvFc" Received: by mail-yb1-f201.google.com with SMTP id 3f1490d57ef6-e2904d0cad0so9004341276.1 for ; Tue, 15 Oct 2024 16:17:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1729034231; x=1729639031; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=Z5/P7PU9aN7A7FFAWIBfgCyglKPdadfqEBvM4ZLHjr8=; b=TWdPjvFcxbbZxe5pCEVt3skTpH90BrIXPLyRDfZEjsq/lQmqIGLnupqjl3lnRIQIad ICLrcpN/IYNTeGPMXqWCffiCo6U7Uz+EdsGpIalLsYqKFoMD7enkHHT1q7Q/+VD1LLRv VnEC7XbvFV0ngrqoUoN8ybeV/f43La0NizowOyukYnY6/PnfjOh6Fr0NwbVVYUKZ2d5r Po7oV+xBvYoQWfblGuloTorS/WR8GbNAvVVaSeQfvpxHTleN7phazlQBI4xC/jB10odi aSuGPUiWAgBfNh6TPV5IBhbqlrui2DlDYhD7odEOg7dVhjmB1ms+HHiLz+ev++HFEllR S3aQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729034231; x=1729639031; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Z5/P7PU9aN7A7FFAWIBfgCyglKPdadfqEBvM4ZLHjr8=; b=dfk7D64dZpmVZFDlsgVnXePiuFPWk0GL2lTc4D4GlF7p80L8BirnEj8aCJ28KwglrN HI0FeYqfvjk9f5OzfhnxIWLCA3gbuS9PvTPT9qLjLG4KehROIMK0Vhz24cnN5DvmRxsR EpFbr8SMHD7XoKunpHmAcaJIyJDcN5BNtbAo88JTI6oIMAtmzKjHp7/H3aPfd9vrLvOX 0M6bdVDbOvY7AjDJKcngcKNwVBFA87M70Ft7W41o5sTN/Fv1q6eqKjhH4NzO0NqcmK3I e8QRIANaF8FLyjiJaS/hqhxkX1xWN4b70nJyV6coEF4wBJGwAyFqHwvih5fADeqpiJrL OgHw== X-Gm-Message-State: AOJu0YznusLRw+k7p1A9tUHkDgEpcVLhosGGG0QcsUVmKHGmcAefO/WV 4ypOYajmAPQdg34HdxA94ekF+WT/qm9stVA6gtKZQWiKbWBMTo1d6spuf5H5m7e6+Rq2cgUXKCo DU9r8Lw== X-Google-Smtp-Source: AGHT+IHlcOSiFpgrtgTMZf7XD1aoOu7CIo6sCmkumbM59IPTWcpoaqCvBof0VvqlLZjwyxA/2OD2PgVfqjC/ X-Received: from anyblade.c.googlers.com ([fda3:e722:ac3:cc00:20:ed76:c0a8:1791]) (user=mmaurer job=sendgmr) by 2002:a25:6b43:0:b0:e1d:2043:da46 with SMTP id 3f1490d57ef6-e29782f3106mr1614276.3.1729034230807; Tue, 15 Oct 2024 16:17:10 -0700 (PDT) Date: Tue, 15 Oct 2024 23:16:40 +0000 In-Reply-To: <20241015231651.3851138-1-mmaurer@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241015231651.3851138-1-mmaurer@google.com> X-Mailer: git-send-email 2.47.0.rc1.288.g06298d1525-goog Message-ID: <20241015231651.3851138-7-mmaurer@google.com> Subject: [PATCH 06/12] module: Factor out elf_validity_cache_index_mod From: Matthew Maurer To: mcgrof@kernel.org Cc: linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, samitolvanen@google.com, Matthew Maurer , Petr Pavlu , Daniel Gomez Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Centralize .gnu.linkonce.this_module detection and property validation. Signed-off-by: Matthew Maurer Reviewed-by: Sami Tolvanen --- kernel/module/main.c | 129 ++++++++++++++++++++++--------------------- 1 file changed, 67 insertions(+), 62 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index 6747cbc774b0..b633347d5d98 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -1952,6 +1952,68 @@ static int elf_validity_cache_index_info(struct load= _info *info) return 0; } =20 +/** + * elf_validity_cache_index_mod() - Validates and caches this_module secti= on + * @info: Load info to cache this_module on. + * Must have &load_info->sechdrs and &load_info->secstrings populat= ed + * + * The ".gnu.linkonce.this_module" ELF section is special. It is what modp= ost + * uses to refer to __this_module and let's use rely on THIS_MODULE to poi= nt + * to &__this_module properly. The kernel's modpost declares it on each + * modules's *.mod.c file. If the struct module of the kernel changes a fu= ll + * kernel rebuild is required. + * + * We have a few expectations for this special section, this function + * validates all this for us: + * + * * The section has contents + * * The section is unique + * * We expect the kernel to always have to allocate it: SHF_ALLOC + * * The section size must match the kernel's run time's struct module + * size + * + * If all checks pass, the index will be cached in &load_info->index.mod + * + * Return: %0 on validation success, %-ENOEXEC on failure + */ +static int elf_validity_cache_index_mod(struct load_info *info) +{ + Elf_Shdr *shdr; + int mod_idx; + + mod_idx =3D find_any_unique_sec(info, ".gnu.linkonce.this_module"); + if (mod_idx <=3D 0) { + pr_err("module %s: Exactly one .gnu.linkonce.this_module section must ex= ist.\n", + info->name ?: "(missing .modinfo section or name field)"); + return -ENOEXEC; + } + + shdr =3D &info->sechdrs[mod_idx]; + + if (shdr->sh_type =3D=3D SHT_NOBITS) { + pr_err("module %s: .gnu.linkonce.this_module section must have a size se= t\n", + info->name ?: "(missing .modinfo section or name field)"); + return -ENOEXEC; + } + + if (!(shdr->sh_flags & SHF_ALLOC)) { + pr_err("module %s: .gnu.linkonce.this_module must occupy memory during p= rocess execution\n", + info->name ?: "(missing .modinfo section or name field)"); + return -ENOEXEC; + } + + if (shdr->sh_size !=3D sizeof(struct module)) { + pr_err("module %s: .gnu.linkonce.this_module section size must match the= kernel's built struct module size at run time\n", + info->name ?: "(missing .modinfo section or name field)"); + return -ENOEXEC; + } + + info->index.mod =3D mod_idx; + + return 0; +} + + /* * Check userspace passed ELF module against our expectations, and cache * useful variables for further processing as we go. @@ -1977,7 +2039,6 @@ static int elf_validity_cache_copy(struct load_info *= info, int flags) unsigned int i; Elf_Shdr *shdr; int err; - unsigned int num_mod_secs =3D 0, mod_idx; unsigned int num_sym_secs =3D 0, sym_idx; =20 err =3D elf_validity_cache_sechdrs(info); @@ -1987,16 +2048,15 @@ static int elf_validity_cache_copy(struct load_info= *info, int flags) if (err < 0) return err; err =3D elf_validity_cache_index_info(info); + if (err < 0) + return err; + err =3D elf_validity_cache_index_mod(info); if (err < 0) return err; =20 for (i =3D 1; i < info->hdr->e_shnum; i++) { shdr =3D &info->sechdrs[i]; - switch (shdr->sh_type) { - case SHT_NULL: - case SHT_NOBITS: - continue; - case SHT_SYMTAB: + if (shdr->sh_type =3D=3D SHT_SYMTAB) { if (shdr->sh_link =3D=3D SHN_UNDEF || shdr->sh_link >=3D info->hdr->e_shnum) { pr_err("Invalid ELF sh_link!=3DSHN_UNDEF(%d) or (sh_link(%d) >=3D hdr-= >e_shnum(%d)\n", @@ -2006,14 +2066,6 @@ static int elf_validity_cache_copy(struct load_info = *info, int flags) } num_sym_secs++; sym_idx =3D i; - fallthrough; - default: - if (strcmp(info->secstrings + shdr->sh_name, - ".gnu.linkonce.this_module") =3D=3D 0) { - num_mod_secs++; - mod_idx =3D i; - } - break; } } =20 @@ -2029,55 +2081,8 @@ static int elf_validity_cache_copy(struct load_info = *info, int flags) info->index.str =3D shdr->sh_link; info->strtab =3D (char *)info->hdr + info->sechdrs[info->index.str].sh_of= fset; =20 - /* - * The ".gnu.linkonce.this_module" ELF section is special. It is - * what modpost uses to refer to __this_module and let's use rely - * on THIS_MODULE to point to &__this_module properly. The kernel's - * modpost declares it on each modules's *.mod.c file. If the struct - * module of the kernel changes a full kernel rebuild is required. - * - * We have a few expectaions for this special section, the following - * code validates all this for us: - * - * o Only one section must exist - * o We expect the kernel to always have to allocate it: SHF_ALLOC - * o The section size must match the kernel's run time's struct module - * size - */ - if (num_mod_secs !=3D 1) { - pr_err("module %s: Only one .gnu.linkonce.this_module section must exist= .\n", - info->name ?: "(missing .modinfo section or name field)"); - goto no_exec; - } - - shdr =3D &info->sechdrs[mod_idx]; - - /* - * This is already implied on the switch above, however let's be - * pedantic about it. - */ - if (shdr->sh_type =3D=3D SHT_NOBITS) { - pr_err("module %s: .gnu.linkonce.this_module section must have a size se= t\n", - info->name ?: "(missing .modinfo section or name field)"); - goto no_exec; - } - - if (!(shdr->sh_flags & SHF_ALLOC)) { - pr_err("module %s: .gnu.linkonce.this_module must occupy memory during p= rocess execution\n", - info->name ?: "(missing .modinfo section or name field)"); - goto no_exec; - } - - if (shdr->sh_size !=3D sizeof(struct module)) { - pr_err("module %s: .gnu.linkonce.this_module section size must match the= kernel's built struct module size at run time\n", - info->name ?: "(missing .modinfo section or name field)"); - goto no_exec; - } - - info->index.mod =3D mod_idx; - /* This is temporary: point mod into copy of data. */ - info->mod =3D (void *)info->hdr + shdr->sh_offset; + info->mod =3D (void *)info->hdr + info->sechdrs[info->index.mod].sh_offse= t; =20 /* * If we didn't load the .modinfo 'name' field earlier, fall back to --=20 2.47.0.rc1.288.g06298d1525-goog From nobody Tue Mar 11 05:12:57 2025 Received: from mail-yb1-f201.google.com (mail-yb1-f201.google.com [209.85.219.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EC71A1FE0E1 for ; Tue, 15 Oct 2024 23:17:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729034235; cv=none; b=gBUH19n5kBUucUo8LMfsDIPDiHgJZswpsnD99157ld2YwIxsXEC7b5IRZbkAjbE/ULcwE/sTLU5UB1kHdslCsfXDcq89ftUlvSJeiwavcV1H/itOZKz9GjmpJ6gvVa8pU6XU1NqJKInpAW1kQdnvhVieIVCYF5L3YoTePh8rjmU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729034235; c=relaxed/simple; bh=IoH7pzgf0vRG81KSc64PH526sZjBPee8CO7MjeLtc0Y=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=nfKg5x2z1v8v7JM2O34jlI6/ne5k6ZlFd91pL5IMdLoOVae8F91fpM1nSj0oAyaVyH8brbKetII9P8tSob2LDjBYYR+Y+ii+HgtKBrmghMsQMSvxB7yC564ZSfLw33KwfUKtCR+OIH0QZkYeviI5NJuWylnG2YWRKzwesStaDpg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Z69UuG6m; arc=none smtp.client-ip=209.85.219.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Z69UuG6m" Received: by mail-yb1-f201.google.com with SMTP id 3f1490d57ef6-e2968b2ab27so467402276.0 for ; Tue, 15 Oct 2024 16:17:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1729034233; x=1729639033; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=719H0QwRK260v2OWeLynQ1hn1vTZVWJ8dOTdLhhDG88=; b=Z69UuG6m70uqmnEcK9+h3Z4w+uXySDKybz7231PjCfbLDIlK3Xx7KBr0l94VQzwNVz 02Q+lIN2oWS4wQZQhqFLt53+q3+Tr2FM4yQERh7+1YlweF+4s48AH7kNfvKs4ga0Vr6T E5uwNIRHPQsvTmKrhIwQ0lSGgsRtPVD38yYlSSSpMz2g6xsP86y3egkVJiqXrUahyojb U4aNitZ+Bub0t7bmNrZtTGKt3wi+bOvysI2ErQ21QgmGhM0UHsn+MAP9HZUP16EadHnE 7NIB8JjxA5H614BXxm5EatDEEgt6f74OrhYFYorKfb1VXZ56Df5YlxEEojRWoI1vZoyC 47Hw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729034233; x=1729639033; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=719H0QwRK260v2OWeLynQ1hn1vTZVWJ8dOTdLhhDG88=; b=OZoV/ftbulPQxGPer/mbT52WoFqrNDRu5Df8V+pWLw02iwBw9HRRqcivC3PhmUOLq5 0AfDPAoJy+qX0kRAKRaUnFu/T/8TiO+Vwr/dVAi7Ap0jiglJcHTvXA1Jngn1C/Ix/Hbh EpomQKILF+azDNUeUK91v4hhgA2vySFwnNGrqYePnAsihi7LSEXsDcFSp4KTlSiZB1M3 cpiPAWt1eWhsxtf1MJSEMqMGdH1I+IJX+o51VQtge20njxohDMELycSYbpvfA+eCdV0s nTRbRPJlwNoJayc3XdP8jEM+18p5E0p2URDRxcLId6XxRHtzLtqNhCrZ+awQiK8YoS/E UwuQ== X-Gm-Message-State: AOJu0YxXT00VVbfIU3h32CDnRIwPTE3thZr/Ri0LXgXY4oqfSVZFJV/N MVBsQoTBkaM2/iHbKJoW8oMtBRCb+vzkRk43YB+3U62GJZDUQ7lSiSAIyPa3vlhf6eMao8VDBKD 7jQR1cw== X-Google-Smtp-Source: AGHT+IFVoc/78thbQxUF8y16OnSrdHo3E4CbWYdabzTsfLPOZQvqyCxP9i6oAH1nir8Og6g/hirEotZrgmAw X-Received: from anyblade.c.googlers.com ([fda3:e722:ac3:cc00:20:ed76:c0a8:1791]) (user=mmaurer job=sendgmr) by 2002:a25:ad42:0:b0:e28:fdd7:bb27 with SMTP id 3f1490d57ef6-e2977517616mr11736276.3.1729034232869; Tue, 15 Oct 2024 16:17:12 -0700 (PDT) Date: Tue, 15 Oct 2024 23:16:41 +0000 In-Reply-To: <20241015231651.3851138-1-mmaurer@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241015231651.3851138-1-mmaurer@google.com> X-Mailer: git-send-email 2.47.0.rc1.288.g06298d1525-goog Message-ID: <20241015231651.3851138-8-mmaurer@google.com> Subject: [PATCH 07/12] module: Factor out elf_validity_cache_index_sym From: Matthew Maurer To: mcgrof@kernel.org Cc: linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, samitolvanen@google.com, Matthew Maurer , Petr Pavlu , Daniel Gomez Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Centralize symbol table detection and property validation. Signed-off-by: Matthew Maurer Reviewed-by: Sami Tolvanen --- kernel/module/main.c | 73 ++++++++++++++++++++++++++------------------ 1 file changed, 44 insertions(+), 29 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index b633347d5d98..955746649f37 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -2013,6 +2013,39 @@ static int elf_validity_cache_index_mod(struct load_= info *info) return 0; } =20 +/** + * elf_validity_cache_index_sym() - Validate and cache symtab index + * @info: Load info to cache symtab index in. + * Must have &load_info->sechdrs and &load_info->secstrings populat= ed. + * + * Checks that there is exactly one symbol table, then caches its index in + * &load_info->index.sym. + * + * Return: %0 if valid, %-ENOEXEC on failure. + */ +static int elf_validity_cache_index_sym(struct load_info *info) +{ + unsigned int sym_idx; + unsigned int num_sym_secs =3D 0; + int i; + + for (i =3D 1; i < info->hdr->e_shnum; i++) { + if (info->sechdrs[i].sh_type =3D=3D SHT_SYMTAB) { + num_sym_secs++; + sym_idx =3D i; + } + } + + if (num_sym_secs !=3D 1) { + pr_warn("%s: module has no symbols (stripped?)\n", + info->name ?: "(missing .modinfo section or name field)"); + return -ENOEXEC; + } + + info->index.sym =3D sym_idx; + + return 0; +} =20 /* * Check userspace passed ELF module against our expectations, and cache @@ -2036,10 +2069,8 @@ static int elf_validity_cache_index_mod(struct load_= info *info) */ static int elf_validity_cache_copy(struct load_info *info, int flags) { - unsigned int i; - Elf_Shdr *shdr; int err; - unsigned int num_sym_secs =3D 0, sym_idx; + int str_idx; =20 err =3D elf_validity_cache_sechdrs(info); if (err < 0) @@ -2051,34 +2082,21 @@ static int elf_validity_cache_copy(struct load_info= *info, int flags) if (err < 0) return err; err =3D elf_validity_cache_index_mod(info); + if (err < 0) + return err; + err =3D elf_validity_cache_index_sym(info); if (err < 0) return err; =20 - for (i =3D 1; i < info->hdr->e_shnum; i++) { - shdr =3D &info->sechdrs[i]; - if (shdr->sh_type =3D=3D SHT_SYMTAB) { - if (shdr->sh_link =3D=3D SHN_UNDEF - || shdr->sh_link >=3D info->hdr->e_shnum) { - pr_err("Invalid ELF sh_link!=3DSHN_UNDEF(%d) or (sh_link(%d) >=3D hdr-= >e_shnum(%d)\n", - shdr->sh_link, shdr->sh_link, - info->hdr->e_shnum); - goto no_exec; - } - num_sym_secs++; - sym_idx =3D i; - } - } - - if (num_sym_secs !=3D 1) { - pr_warn("%s: module has no symbols (stripped?)\n", - info->name ?: "(missing .modinfo section or name field)"); - goto no_exec; + str_idx =3D info->sechdrs[info->index.sym].sh_link; + if (str_idx =3D=3D SHN_UNDEF || str_idx >=3D info->hdr->e_shnum) { + pr_err("Invalid ELF sh_link!=3DSHN_UNDEF(%d) or (sh_link(%d) >=3D hdr->e= _shnum(%d)\n", + str_idx, str_idx, info->hdr->e_shnum); + return -ENOEXEC; } =20 - /* Sets internal symbols and strings. */ - info->index.sym =3D sym_idx; - shdr =3D &info->sechdrs[sym_idx]; - info->index.str =3D shdr->sh_link; + /* Sets internal strings. */ + info->index.str =3D str_idx; info->strtab =3D (char *)info->hdr + info->sechdrs[info->index.str].sh_of= fset; =20 /* This is temporary: point mod into copy of data. */ @@ -2099,9 +2117,6 @@ static int elf_validity_cache_copy(struct load_info *= info, int flags) info->index.pcpu =3D find_pcpusec(info); =20 return 0; - -no_exec: - return -ENOEXEC; } =20 #define COPY_CHUNK_SIZE (16*PAGE_SIZE) --=20 2.47.0.rc1.288.g06298d1525-goog From nobody Tue Mar 11 05:12:57 2025 Received: from mail-yb1-f202.google.com (mail-yb1-f202.google.com [209.85.219.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B2AC91FE106 for ; Tue, 15 Oct 2024 23:17:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729034237; cv=none; b=hig6z6vE4aTwWwgntcSuffnBb7G9gCo5GoBfdTpClF3o+/Sfi+xcPvoaOkhQdD/4utV3XR8ggZ5Hc+H0htSEw7kQ1JhVoQB2vukM7Vr5nAUHxng9KL4/W2RoFFhWrSy4RSWAcodRQeVzlmqG22YIncLvtzYsVQRiGWGHWwro9PM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729034237; c=relaxed/simple; bh=iMTvib7F3dkpDDwL6WKTDohEIppYFDaWToaRVYH6puY=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=qcjntUDOkv/jqxikNq8syfmP9SlIkvD+ljDoSeraazrdrdWasWyByMzEPcLZtfcEOzJYqXUhYbuIcXdTK31iBFC3Ha341qo5ZCzRvAZ73eABERP8TwEsOz7vt/oZyQTHAvCF41biKzj4xMnneDu+/36taoItekzWNRJUcjJl9xQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=bgAbtCk8; arc=none smtp.client-ip=209.85.219.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="bgAbtCk8" Received: by mail-yb1-f202.google.com with SMTP id 3f1490d57ef6-e290b8b69f8so9815540276.2 for ; Tue, 15 Oct 2024 16:17:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1729034235; x=1729639035; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=LEQ+ZejxpX7NgK9KNR6MMy0vwkxaNZHr6sUUOlvqX4A=; b=bgAbtCk8K+t86CQRTY47TlDkErpaAiflYSmITarBmU/FrZjtLdaQOQ+OgQY4FYKP0y KVrjaJF7z0qxSnQkkSggNQvYp2I00oVrIdLRTu87CrNei5EzaKefl+sruN1m4kfPokv5 xmWsjHlYelWUVfbMZW6aDcVEuSWUcHu3otUFP1rjMr4t2EakPJMnpDP+nNpgixLMrtur w5RkDfBao6kABOU66mga3ZHMQhx/1qMJlMx+pmqyINhwEcpmfM/hoi8phyNZS67u7tH5 cY0IY39LTB4Jm7JNgCgME0a5BaD3FlS/18kK8hvkipHx3vAXLKPF6WAwdmK48OnzWsi4 mOEg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729034235; x=1729639035; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=LEQ+ZejxpX7NgK9KNR6MMy0vwkxaNZHr6sUUOlvqX4A=; b=xESUQOHxqBKat8pVRqZw1O6G1mgsIO7u8sF56B//ZiG7T4rjD/Wjv+eqdNQLeTp5q6 icO4bjFKhtra7BMPLLoI76P6Wcw/HGSN4YAbLbwhbOt1JR722eehLo4sfLiuSNIsOXBV BgmNY9ePIPd+AJ4cHyzOZSQQK0ZHG758+Nc7+EfgG0ixBpdsoWxjxkqG3gZtVyLYW0RR xowzPedjZXrlNbwEhAkKaxzy6Gg4AnBYsJzpN1Qf/HSYBvyFZhE/XnAUlAhlPnUyfbSe HXBqdllcBNFVCQnPFYStwLH5LXw76hYUOUKbJS3gCZXGQxozb24iZRXDzu0ykSlXSfxl pZ4g== X-Gm-Message-State: AOJu0Yx4asIys6ULLzpcgRNy4pxUJZ+6HcdEpZFR9LXgRlQ/Hq8TeNWn giUz8lfFlV6fTEgu1oVpuCNewOEiyvzzMNG2nkU3UaRnQu4Izhd/YUUUlb0WTKykWLq1vsThH35 4VwHhmQ== X-Google-Smtp-Source: AGHT+IFEb1A4zshho6J3INntrbo6VVyAUQkYlnk9sPxI4pRfxvsDhI95XyVYv09ejjcvutWvtOoxTc0vMwAx X-Received: from anyblade.c.googlers.com ([fda3:e722:ac3:cc00:20:ed76:c0a8:1791]) (user=mmaurer job=sendgmr) by 2002:a25:a287:0:b0:e28:fdfc:b788 with SMTP id 3f1490d57ef6-e2978597020mr1157276.9.1729034234867; Tue, 15 Oct 2024 16:17:14 -0700 (PDT) Date: Tue, 15 Oct 2024 23:16:42 +0000 In-Reply-To: <20241015231651.3851138-1-mmaurer@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241015231651.3851138-1-mmaurer@google.com> X-Mailer: git-send-email 2.47.0.rc1.288.g06298d1525-goog Message-ID: <20241015231651.3851138-9-mmaurer@google.com> Subject: [PATCH 08/12] module: Factor out elf_validity_cache_index_str From: Matthew Maurer To: mcgrof@kernel.org Cc: linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, samitolvanen@google.com, Matthew Maurer , Petr Pavlu , Daniel Gomez Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Pull out index validation for the symbol string section. Note that this does not validate the *contents* of the string table, only shape and presence of the section. Signed-off-by: Matthew Maurer Reviewed-by: Sami Tolvanen --- kernel/module/main.c | 37 ++++++++++++++++++++++++++++--------- 1 file changed, 28 insertions(+), 9 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index 955746649f37..a6bed293d97b 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -2047,6 +2047,31 @@ static int elf_validity_cache_index_sym(struct load_= info *info) return 0; } =20 +/** + * elf_validity_cache_index_str() - Validate and cache strtab index + * @info: Load info to cache strtab index in. + * Must have &load_info->sechdrs and &load_info->secstrings populat= ed. + * Must have &load_info->index.sym populated. + * + * Looks at the symbol table's associated string table, makes sure it is + * in-bounds, and caches it. + * + * Return: %0 if valid, %-ENOEXEC on failure. + */ +static int elf_validity_cache_index_str(struct load_info *info) +{ + unsigned int str_idx =3D info->sechdrs[info->index.sym].sh_link; + + if (str_idx =3D=3D SHN_UNDEF || str_idx >=3D info->hdr->e_shnum) { + pr_err("Invalid ELF sh_link!=3DSHN_UNDEF(%d) or (sh_link(%d) >=3D hdr->e= _shnum(%d)\n", + str_idx, str_idx, info->hdr->e_shnum); + return -ENOEXEC; + } + + info->index.str =3D str_idx; + return 0; +} + /* * Check userspace passed ELF module against our expectations, and cache * useful variables for further processing as we go. @@ -2070,7 +2095,6 @@ static int elf_validity_cache_index_sym(struct load_i= nfo *info) static int elf_validity_cache_copy(struct load_info *info, int flags) { int err; - int str_idx; =20 err =3D elf_validity_cache_sechdrs(info); if (err < 0) @@ -2087,16 +2111,11 @@ static int elf_validity_cache_copy(struct load_info= *info, int flags) err =3D elf_validity_cache_index_sym(info); if (err < 0) return err; - - str_idx =3D info->sechdrs[info->index.sym].sh_link; - if (str_idx =3D=3D SHN_UNDEF || str_idx >=3D info->hdr->e_shnum) { - pr_err("Invalid ELF sh_link!=3DSHN_UNDEF(%d) or (sh_link(%d) >=3D hdr->e= _shnum(%d)\n", - str_idx, str_idx, info->hdr->e_shnum); - return -ENOEXEC; - } + err =3D elf_validity_cache_index_str(info); + if (err < 0) + return err; =20 /* Sets internal strings. */ - info->index.str =3D str_idx; info->strtab =3D (char *)info->hdr + info->sechdrs[info->index.str].sh_of= fset; =20 /* This is temporary: point mod into copy of data. */ --=20 2.47.0.rc1.288.g06298d1525-goog From nobody Tue Mar 11 05:12:57 2025 Received: from mail-yb1-f201.google.com (mail-yb1-f201.google.com [209.85.219.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8EC3F1FF026 for ; Tue, 15 Oct 2024 23:17:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729034239; cv=none; b=KjUP4gKKnrjYivmVaJfEeLaXfOlLBTB3SKGOYTQ3drBbH45hBf2Dng2fH9C6dGDjO8Ne3hxb85XPK2rHvO8DyjtS4Sh7j6pnkgdwXAXACHsfxq0AZXQzHBVXUHxH1TjpSOmTp0wv3KrNAB0rF1ATMWbATn2WiDLmzRaRm+PUDQA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729034239; c=relaxed/simple; bh=hjDQXeiUX95J1QXpCz5oPWaRB52qH/la5DEMemSKDsg=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=kjSiiQ75CEOtV7STFT2fJpoEBgqoBEhhBZN6VuGZ/d+OnRDYTXG4ftYQVL+HgfhNOg2dikVLnAyL+ITeYLxyOGXNgI1tMRXsnnfMjVUHPPJuLWCsn0TDQgz7SKBbGzydmOwavUE36iOxggn+K30r5pE8UBoRnJitg531ITs9N/o= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=qR0cowVi; arc=none smtp.client-ip=209.85.219.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="qR0cowVi" Received: by mail-yb1-f201.google.com with SMTP id 3f1490d57ef6-e28fc60660dso7634575276.0 for ; Tue, 15 Oct 2024 16:17:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1729034237; x=1729639037; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=1uwZjjsLk0MIG36tHEbuTh0oExV8i1gjaEov3sAmvfo=; b=qR0cowVijVl+7tBWjBpajUVhFgopifQqX9m1kqLycTJqCQyQawkaMg0jtnctU9ty1Z HcOI8dcLZEePBlV49ah2rKzypqySz8pNB7f+N8GKsccnR34YEhSyts9ULrPG3TluY9FZ fJVcRm3NPI4/dDMfFO0nK2azMBpbLuhwQZ0PiKASjPWHkzHSXn04GMdHpP49aCrD3One l5y7NBnpXQqtAcTxTXM2pNNzRQZy8t8+sFLjWARoTWHpjOusiUaCZ+0IBMGc712/dTGx zbIW7buXcfWBVgkC0Xwb43F6tGiZcfjd0nyeQcUE6YW5M+zFdg04X5ngd8rKTDcIZnrg s5qw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729034237; x=1729639037; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=1uwZjjsLk0MIG36tHEbuTh0oExV8i1gjaEov3sAmvfo=; b=UBlSaER9+5ZPM2hB9e65JD4QVj5NLOQfYcn7bqxJMUz/9LMrtwOyORlM2FlzlijSe0 HxAjGmBpT8HYDtgGlmC4EX/rZ6M+WJwZQgC8I0AUCDe2y3PviEZjOp97mjVtlzV6KVWJ LOSn4FRG94rek0B7covShaLH/igZUzt2hD2mfSo9f9gqzvu9KSYVNHfM51ieIyxkIBCF 25JAIB9bgD4qn+OK6IbhCKm3ph6BIbd7nUmANaEp9tAEd7G/XDrJWD0Pxis5ghYqPzX9 CJOfs7NUQCOgKnrvazrt+01WwpiH3ZFiBbbq9FOweWid30qR9nSPNL6aeZgTV7+Mz+80 t6xg== X-Gm-Message-State: AOJu0Yx0yRQ+S+6NFhLDBsdOX7DmxtMw8kuvbG85j6I1ETFlsPwl/ag4 W5l13FFQf77aG3pm11VfDptK5IUs6TXaHjV2I/X5GwRBfpathsEaHL8JDPi5gzLmsRidLJHuuSZ v2wd8+g== X-Google-Smtp-Source: AGHT+IFgckrRNMXFF24rFhgTtnbQoAnZBnt81LEcyNJagNruc4+MU3SMi75f9nEJkDNi/O4B6WflF8vc2KSQ X-Received: from anyblade.c.googlers.com ([fda3:e722:ac3:cc00:20:ed76:c0a8:1791]) (user=mmaurer job=sendgmr) by 2002:a05:6902:112:b0:e29:7587:66db with SMTP id 3f1490d57ef6-e29782b20edmr2157276.2.1729034236773; Tue, 15 Oct 2024 16:17:16 -0700 (PDT) Date: Tue, 15 Oct 2024 23:16:43 +0000 In-Reply-To: <20241015231651.3851138-1-mmaurer@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241015231651.3851138-1-mmaurer@google.com> X-Mailer: git-send-email 2.47.0.rc1.288.g06298d1525-goog Message-ID: <20241015231651.3851138-10-mmaurer@google.com> Subject: [PATCH 09/12] module: Group section index calculations together From: Matthew Maurer To: mcgrof@kernel.org Cc: linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, samitolvanen@google.com, Matthew Maurer , Petr Pavlu , Daniel Gomez Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Group all the index detection together to make the parent function easier to read. Signed-off-by: Matthew Maurer Reviewed-by: Sami Tolvanen --- kernel/module/main.c | 68 +++++++++++++++++++++++++++++++++----------- 1 file changed, 51 insertions(+), 17 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index a6bed293d97b..f352c73b6f40 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -2072,6 +2072,56 @@ static int elf_validity_cache_index_str(struct load_= info *info) return 0; } =20 +/** + * elf_validity_cache_index() - Resolve, validate, cache section indices + * @info: Load info to read from and update. + * &load_info->sechdrs and &load_info->secstrings must be populate= d. + * @flags: Load flags, relevant to suppress version loading, see + * uapi/linux/module.h + * + * Populates &load_info->index, validating as it goes. + * See child functions for per-field validation: + * + * * elf_validity_cache_index_info() + * * elf_validity_cache_index_mod() + * * elf_validity_cache_index_sym() + * * elf_validity_cache_index_str() + * + * If versioning is not suppressed via flags, load the version index from + * a section called "__versions" with no validation. + * + * If CONFIG_SMP is enabled, load the percpu section by name with no + * validation. + * + * Return: 0 on success, negative error code if an index failed validation. + */ +static int elf_validity_cache_index(struct load_info *info, int flags) +{ + int err; + + err =3D elf_validity_cache_index_info(info); + if (err < 0) + return err; + err =3D elf_validity_cache_index_mod(info); + if (err < 0) + return err; + err =3D elf_validity_cache_index_sym(info); + if (err < 0) + return err; + err =3D elf_validity_cache_index_str(info); + if (err < 0) + return err; + + if (flags & MODULE_INIT_IGNORE_MODVERSIONS) + info->index.vers =3D 0; /* Pretend no __versions section! */ + else + info->index.vers =3D find_sec(info, "__versions"); + + info->index.pcpu =3D find_pcpusec(info); + + return 0; +} + /* * Check userspace passed ELF module against our expectations, and cache * useful variables for further processing as we go. @@ -2102,16 +2152,7 @@ static int elf_validity_cache_copy(struct load_info = *info, int flags) err =3D elf_validity_cache_secstrings(info); if (err < 0) return err; - err =3D elf_validity_cache_index_info(info); - if (err < 0) - return err; - err =3D elf_validity_cache_index_mod(info); - if (err < 0) - return err; - err =3D elf_validity_cache_index_sym(info); - if (err < 0) - return err; - err =3D elf_validity_cache_index_str(info); + err =3D elf_validity_cache_index(info, flags); if (err < 0) return err; =20 @@ -2128,13 +2169,6 @@ static int elf_validity_cache_copy(struct load_info = *info, int flags) if (!info->name) info->name =3D info->mod->name; =20 - if (flags & MODULE_INIT_IGNORE_MODVERSIONS) - info->index.vers =3D 0; /* Pretend no __versions section! */ - else - info->index.vers =3D find_sec(info, "__versions"); - - info->index.pcpu =3D find_pcpusec(info); - return 0; } =20 --=20 2.47.0.rc1.288.g06298d1525-goog From nobody Tue Mar 11 05:12:57 2025 Received: from mail-yw1-f202.google.com (mail-yw1-f202.google.com [209.85.128.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A672A1FF058 for ; Tue, 15 Oct 2024 23:17:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729034241; cv=none; b=uWoZNTi2KIylS93qNhEd4Mzs/sHnnqvAHyLcOIQPx0P4cW3sqksAgWDUzcZmzSmVBuZXHlGe+ErUVyVoNWnTgez4KT27TCLgzhig5XMLNjg51zCDyQaW/MAUm9alMDBZvRRiCnaXMJJVluZ6ZbrJf4ob39QAMtUe2ME05ASB+Nk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729034241; c=relaxed/simple; bh=kUK8aIbTJLs/ZpUSV/Sgdam8B7A+nd5Jkp5BRGlA5qk=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=QhDuGIaEjc0ZyzKiYV0QIkIl9J3Rfv90YjpmjarmJVQQmf7qrpZFVM8KfebGVtAeGi663+Gt26BL2WHve84gfLyDZr39X5H7ChIGeXAYEr04QEAoX2aKhm28saxmMsJ8oM5+QGP4MBc/gQzBJ2YaHI3kycxQWjyZONnrdp5HYd8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=1GZzfYY7; arc=none smtp.client-ip=209.85.128.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="1GZzfYY7" Received: by mail-yw1-f202.google.com with SMTP id 00721157ae682-690404fd230so112065457b3.3 for ; Tue, 15 Oct 2024 16:17:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1729034239; x=1729639039; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=Z9Tw4bS4pnyP2pGgxAbp4S//c+Yt3zbDzg79HSFcXU4=; b=1GZzfYY7Ss7IbH+XlPT8XeOiUDlHH61N0JXfJ0iyS58bfKbqLgbOuZuuSz4qAd1Rxl eTQAS5WirPEG8w/yLJJiY8DU1kgdTzytbcPyQd4B6tO26jcrP/b33/hheQ508GWdwJEB FLaNx8liAgl0wJ2KJeghoXQKThUy+9zaCLmUMRAMpV1VFUw7RT4I3XS0XShK9IQ6kQ/w 3RofZkAS1pWxMAN1mCTr1U+wJ7xDshPjATM1jWG70e7Bec7PISl0lsK4ALbAgCQfiOZF zZhJInDurOXNyIOuPgsaalk8zcX3RKGZwq6p+MKNteBXyVNQjNiBCZOM4M3fiHtZJ5jn Yttg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729034239; x=1729639039; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Z9Tw4bS4pnyP2pGgxAbp4S//c+Yt3zbDzg79HSFcXU4=; b=p4yjCe/Qol4SAxae2s7ERSGKvi6G/sIydaCiVcnYltTHL8KfhJ2ygH9wWxEfjjJLbo XYfn8pLv7rTSV782v8HsqjyhYWAf5mF6zlIu/g1Op7CZyHHLEmJbIAKpXK+FMgW4urxs 2923qE6izb8Me9hdmWwCQHYVw/Bu3eRyzunfBx3F+19YXjtL/nz4UE6n/nDHME83DHvl dWRiYkd6Q9sm1hW1yFcA489MBqOPCY2dQz+zGYEjdtv+ylIGjnljMTMcQCMdxLZkURGY q/xDcEqWH2TzI6PBxp+ZjpoEaAdO8lyemUrYNj+CAyB73WJkcDYbDawRPmhhsNMKGVMk J2eQ== X-Gm-Message-State: AOJu0YwtGtYW0gXKhcmIvq4KGjl2TaVuEiMyUyGhMYxqzgZfyxx1W3jD ycOUdgcWEDloiOZdUw1cHfTPY1+xyxLM4yoRPeJKy9zZu9J59ohE28aaqu1UWO9lnagcGhl/+Ny mevsEBA== X-Google-Smtp-Source: AGHT+IHxHydqVygYJSAlM1hXzYrW1tI+LxpAid3o6T70JQYXfz7gH/go6iSJb2G3Op8awUnbncbIAIXUGVU+ X-Received: from anyblade.c.googlers.com ([fda3:e722:ac3:cc00:20:ed76:c0a8:1791]) (user=mmaurer job=sendgmr) by 2002:a05:690c:6703:b0:6e2:1713:bdb5 with SMTP id 00721157ae682-6e3d41e6748mr30417b3.5.1729034238606; Tue, 15 Oct 2024 16:17:18 -0700 (PDT) Date: Tue, 15 Oct 2024 23:16:44 +0000 In-Reply-To: <20241015231651.3851138-1-mmaurer@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241015231651.3851138-1-mmaurer@google.com> X-Mailer: git-send-email 2.47.0.rc1.288.g06298d1525-goog Message-ID: <20241015231651.3851138-11-mmaurer@google.com> Subject: [PATCH 10/12] module: Factor out elf_validity_cache_strtab From: Matthew Maurer To: mcgrof@kernel.org Cc: linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, samitolvanen@google.com, Matthew Maurer , Petr Pavlu , Daniel Gomez Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" This patch only moves the existing strtab population to a function. Validation comes in a following patch, this is split out to make the new validation checks more clearly separated. Signed-off-by: Matthew Maurer Reviewed-by: Sami Tolvanen --- kernel/module/main.c | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index f352c73b6f40..22aa5eb4e4f4 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -2122,6 +2122,23 @@ static int elf_validity_cache_index(struct load_info= *info, int flags) return 0; } =20 +/** + * elf_validity_cache_strtab() - Cache symbol string table + * @info: Load info to read from and update. + * Must have &load_info->sechdrs and &load_info->secstrings populat= ed. + * Must have &load_info->index populated. + * + * Return: 0 on success, negative error code if a check failed. + */ +static int elf_validity_cache_strtab(struct load_info *info) +{ + Elf_Shdr *str_shdr =3D &info->sechdrs[info->index.str]; + char *strtab =3D (char *)info->hdr + str_shdr->sh_offset; + + info->strtab =3D strtab; + return 0; +} + /* * Check userspace passed ELF module against our expectations, and cache * useful variables for further processing as we go. @@ -2155,9 +2172,9 @@ static int elf_validity_cache_copy(struct load_info *= info, int flags) err =3D elf_validity_cache_index(info, flags); if (err < 0) return err; - - /* Sets internal strings. */ - info->strtab =3D (char *)info->hdr + info->sechdrs[info->index.str].sh_of= fset; + err =3D elf_validity_cache_strtab(info); + if (err < 0) + return err; =20 /* This is temporary: point mod into copy of data. */ info->mod =3D (void *)info->hdr + info->sechdrs[info->index.mod].sh_offse= t; --=20 2.47.0.rc1.288.g06298d1525-goog From nobody Tue Mar 11 05:12:57 2025 Received: from mail-yb1-f202.google.com (mail-yb1-f202.google.com [209.85.219.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 991272003AE for ; Tue, 15 Oct 2024 23:17:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729034243; cv=none; b=GmPZOb/npNX3MDlLNRcQSX/GC1fz7LQbPPUr6UZwNmp7Vqk2Vp5DKVgTEn0wQGHSAi0vtckMYL+cs6jmopj2F8M9OHX4+cWEFdVrdtOxOvaFIduMRNOvvBcEtzJ6y1eXJksd4+ol5cUXUKzSuUgY56XHVH2Fi5+1FTr77HW8R1s= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729034243; c=relaxed/simple; bh=GPb1TpKFNjVVCpW2qIAL8wvN9CirdjY1ZpdtVrcA0Wo=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=SmwUOvadEmdj8OVy9qE5L6EHoCgyIV8j5Im4cuXlnswxN6j4NX6HK7by3OHkAC5xEQB+R/ctp35rKubrl5VjXyOibblukg7evd39jEAOb5Hhz5B3dWNVAh2y4p/WMF+qG6nS/sMb7WvZyhEPSo2ej93RLzk2k/ziwV7F19NmLJk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=UVeqJ2LV; arc=none smtp.client-ip=209.85.219.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="UVeqJ2LV" Received: by mail-yb1-f202.google.com with SMTP id 3f1490d57ef6-e28fdb4f35fso9300123276.0 for ; Tue, 15 Oct 2024 16:17:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1729034241; x=1729639041; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=MnoeOJ9yqvZhu5BOCvDTuTGU7w1wCrt97NAeyTTyfDc=; b=UVeqJ2LVWz1wTIuAVy+fx69TM7ZWqALtDu2AuE2B9dpm3VkBB/Wh4xl7+TUTOA7FcZ Nj0aUdFuo+z5dD+JqCt+4mupbMymOtDzkvjMutytSEXu1WhGy47doAD4tZRCmh3rBKKm JgjwuDvgohtnhvkysml0PCpGF8UzkM4FKI/I4cMm1oDO4jfOmr4fhWG8Rabcr7sCRqt5 d6RYUyfpRCJXTPEo0Ru4UiAaV8WdiKDbJIHuN8HIHZC3Vt853Jlr/OqYVPbAHkm7WVxL IKaDk3Ti0ZgnB7XaXjCC0K6++HkGkDP4lK1afdQmrWM5P7nKHR/PrxZBso2rHrgihCmp u+VA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729034241; x=1729639041; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=MnoeOJ9yqvZhu5BOCvDTuTGU7w1wCrt97NAeyTTyfDc=; b=u/oxSYLNyvMxfWRG3w0tDZKdC5NqaU/JOhpnceABgbUEpnOH9Hh/FOD2IImxgYk1QH fOjroZ0DK6MqArPJUSXSXY6ULi7n7Qj0FRe7gUGe+U5Jvj1xZFn3RmwclNVF3NO+2xuF BR4jmr8ekLNl0FWB3f/VDxGt3qwTMQbrPGYdIuADwPXaOam4vM8WMBEHGvIMlN6hN52W PDfz2a/D7Jew1JR2+6aPE0yhyGy4f/LayAGlZFyevufedEqCmyXqnhsa1kTafmPcKqq3 rN2fivL58BdSfq99FmGQzEKhXKKfT/Pupso4Wap/PzUPONJ17JXyLvXsmXSFQgQL8HGl JKJA== X-Gm-Message-State: AOJu0YwYB1hB4AxOJCMW88jOwE0TxtI0i/BXvr8v3JCY3+QaaLlOGxbi wSeeBfoaFSxdZvniWTA76oP+EMOlCpWpe5ejLbPFJn1s6Hki3gyNas1yr8UVLSPORQTZhw58aHd FVUibAg== X-Google-Smtp-Source: AGHT+IGHz6HPifKuNrMT95HK5iMWP8yOrgiK3ZaaQuMaSy1FjZCKCjGsfCmky7q8W2xsP6eERZaKJdG2Y8g2 X-Received: from anyblade.c.googlers.com ([fda3:e722:ac3:cc00:20:ed76:c0a8:1791]) (user=mmaurer job=sendgmr) by 2002:a5b:80e:0:b0:e28:f6f6:81a5 with SMTP id 3f1490d57ef6-e29780d7669mr1444276.0.1729034240688; Tue, 15 Oct 2024 16:17:20 -0700 (PDT) Date: Tue, 15 Oct 2024 23:16:45 +0000 In-Reply-To: <20241015231651.3851138-1-mmaurer@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241015231651.3851138-1-mmaurer@google.com> X-Mailer: git-send-email 2.47.0.rc1.288.g06298d1525-goog Message-ID: <20241015231651.3851138-12-mmaurer@google.com> Subject: [PATCH 11/12] module: Additional validation in elf_validity_cache_strtab From: Matthew Maurer To: mcgrof@kernel.org Cc: linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, samitolvanen@google.com, Matthew Maurer , Petr Pavlu , Daniel Gomez Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Validate properties of the strtab that are depended on elsewhere, but were previously unchecked: * String table nonempty (offset 0 is valid) * String table has a leading NUL (offset 0 corresponds to "") * String table is NUL terminated (strfoo functions won't run out of the table while reading). * All symbols names are inbounds of the string table. Signed-off-by: Matthew Maurer Reviewed-by: Sami Tolvanen --- kernel/module/main.c | 38 +++++++++++++++++++++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index 22aa5eb4e4f4..3db9ff544c09 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -2123,17 +2123,53 @@ static int elf_validity_cache_index(struct load_inf= o *info, int flags) } =20 /** - * elf_validity_cache_strtab() - Cache symbol string table + * elf_validity_cache_strtab() - Validate and cache symbol string table * @info: Load info to read from and update. * Must have &load_info->sechdrs and &load_info->secstrings populat= ed. * Must have &load_info->index populated. * + * Checks: + * + * * The string table is not empty. + * * The string table starts and ends with NUL (required by ELF spec). + * * Every &Elf_Sym->st_name offset in the symbol table is inbounds of the + * string table. + * + * And caches the pointer as &load_info->strtab in @info. + * * Return: 0 on success, negative error code if a check failed. */ static int elf_validity_cache_strtab(struct load_info *info) { Elf_Shdr *str_shdr =3D &info->sechdrs[info->index.str]; + Elf_Shdr *sym_shdr =3D &info->sechdrs[info->index.sym]; char *strtab =3D (char *)info->hdr + str_shdr->sh_offset; + Elf_Sym *syms =3D (void *)info->hdr + sym_shdr->sh_offset; + int i; + + if (str_shdr->sh_size =3D=3D 0) { + pr_err("empty symbol string table\n"); + return -ENOEXEC; + } + if (strtab[0] !=3D '\0') { + pr_err("symbol string table missing leading NUL\n"); + return -ENOEXEC; + } + if (strtab[str_shdr->sh_size - 1] !=3D '\0') { + pr_err("symbol string table isn't NUL terminated\n"); + return -ENOEXEC; + } + + /* + * Now that we know strtab is correctly structured, check symbol + * starts are inbounds before they're used later. + */ + for (i =3D 0; i < sym_shdr->sh_size / sizeof(*syms); i++) { + if (syms[i].st_name >=3D str_shdr->sh_size) { + pr_err("symbol name out of bounds in string table"); + return -ENOEXEC; + } + } =20 info->strtab =3D strtab; return 0; --=20 2.47.0.rc1.288.g06298d1525-goog From nobody Tue Mar 11 05:12:57 2025 Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com [209.85.128.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 62FB02003C8 for ; Tue, 15 Oct 2024 23:17:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729034244; cv=none; b=OJAq8hC6ExuEW1F7GJmQ04evg7YGOKPEJdDCyh1bN0dCk/PGWniNbuhG6IG6R7uu1TMH0q95HsHr0I96w7lzUrwN5ZKy0Hw/gMEN0SX73fpP9GnbnWKRwooUnqfc9JyL5d7eh5BAA2j5pObHP9EOi0l3vWQqf8CnJKXNMexOvxE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729034244; c=relaxed/simple; bh=jjYUVOo8O6xgO1JMXuNPLyUgwBl2/CZLZSSP4VVGvZs=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=QEcnXCYGxGFbT/XRuQ8uMxyfI2qfQu95vg8OggHNXz+JZN/mlDDfsCGEGBD+WaF7UPHQl8kij7UaxpbaVWO0QCgz0NcqiAdSF9VkIMgydABsE10ukMspSpEBTDhPmgRLhsEOgOauuN+cuT5qpyeDxPnS/IsOS1vmSDIi0XQIv7s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=ocnF3+jZ; arc=none smtp.client-ip=209.85.128.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="ocnF3+jZ" Received: by mail-yw1-f201.google.com with SMTP id 00721157ae682-6e315a5b199so83767497b3.2 for ; Tue, 15 Oct 2024 16:17:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1729034242; x=1729639042; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=RxByLhjkeevK1C1+d5cK3mr42AdVb5Xt4M/2ryRxmdU=; b=ocnF3+jZGm6iT9YXCIOB6bVD8Jwb7MyoSTGRkBLz7mUllxnrShwQFoCgN0sinRsc/F eoWoqahg3npSHRLDjBLSQ0VezP74RpxryDqwcLHuF6R9WJhfBOwUdrilPlAClpCI7ALM fYfKH9iIya147OtVBsj7NRorMbHOeKRbGDOKsSKxdhB7e/9xCfv/mNAKk52gx9nx8B8Y zja8cRnCUvYpHPAJostxXNM6Db8eU80rvV9uH77ijQqCqxF2hTHJUpfYdTZZ0JWKNegj ECkmZrDoLK6yqLCbrcYXGnGzN5NTkDFLD9AS4rv8UQCLR/0qSPAD7v+K7CdUo5VsvPfF RIaA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729034242; x=1729639042; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=RxByLhjkeevK1C1+d5cK3mr42AdVb5Xt4M/2ryRxmdU=; b=kVZZHMbMVvU1uFka/ox7je5eXog2GWI3u+t4FaJ0ztsaZSqbSZKBTrDnuZAyAleCjo iG8cZ5w5JDgpV7qYe+qJhYX/uI/k6je2CEk4in96jq1bk4XyJxzW/KOtgY+KTf6X7mMS tgIkD4zuMk7Cpp980u0dp6fndiKRq3te1B+Gc0+qbieqJPwgCOhHoOegslWxeGiB5d9+ +uewoifSbvA/TOgxaeng66jTDdWh4WkYsfNeG3Pq93YWg3twSBneKB/PXp7rPpST9WP+ 2SjjJgfA8wOJ5Ds6v3i04ZucAIfg6muuk6a+Q89CMZN6vcZgPIxdKSmH16KUe3nqBuGW BghQ== X-Gm-Message-State: AOJu0Yx4HG5n2f8cvWOapJ6ItB6uW6eQshD6o+fyMqXFhSK76GEpaUlB 2ZM1VnI9C0AlV0tMrdRLIFGL7YL1qJmnjGkQAxgL94SWqQdt82Lk3WZhtZJJLFd7evOqqsgz+cn KS22UeQ== X-Google-Smtp-Source: AGHT+IF56C+QSLsngMnwtUK1W1CaxTzGVo4aC5OUnQ07RdsmKUeWwVjXP9OEcZk8DuforTmZRqhlEuXncnap X-Received: from anyblade.c.googlers.com ([fda3:e722:ac3:cc00:20:ed76:c0a8:1791]) (user=mmaurer job=sendgmr) by 2002:a25:d614:0:b0:e03:53a4:1a7 with SMTP id 3f1490d57ef6-e29785a421amr1470276.10.1729034242400; Tue, 15 Oct 2024 16:17:22 -0700 (PDT) Date: Tue, 15 Oct 2024 23:16:46 +0000 In-Reply-To: <20241015231651.3851138-1-mmaurer@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241015231651.3851138-1-mmaurer@google.com> X-Mailer: git-send-email 2.47.0.rc1.288.g06298d1525-goog Message-ID: <20241015231651.3851138-13-mmaurer@google.com> Subject: [PATCH 12/12] module: Reformat struct for code style From: Matthew Maurer To: mcgrof@kernel.org Cc: linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, samitolvanen@google.com, Matthew Maurer , Petr Pavlu , Daniel Gomez Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Using commas to declare struct members makes adding new members to this struct not as nice with patch management. Signed-off-by: Matthew Maurer Reviewed-by: Sami Tolvanen --- kernel/module/internal.h | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/kernel/module/internal.h b/kernel/module/internal.h index 2ebece8a789f..daef2be83902 100644 --- a/kernel/module/internal.h +++ b/kernel/module/internal.h @@ -80,7 +80,12 @@ struct load_info { unsigned int used_pages; #endif struct { - unsigned int sym, str, mod, vers, info, pcpu; + unsigned int sym; + unsigned int str; + unsigned int mod; + unsigned int vers; + unsigned int info; + unsigned int pcpu; } index; }; =20 --=20 2.47.0.rc1.288.g06298d1525-goog