Re: [PATCH v5 07/13] module: Move extra signature support out of core code

[PATCH v5 07/13] module: Move extra signature support out of core code · Aaron Tomlin <hidden> · 2022-02-09
[PATCH v5 08/13] module: Move kmemleak support to a separate file · Aaron Tomlin <hidden> · 2022-02-09
Re: [PATCH v5 08/13] module: Move kmemleak support to a separate file · Christophe Leroy <hidden> · 2022-02-10
Re: [PATCH v5 08/13] module: Move kmemleak support to a separate file · Aaron Tomlin <atomlin@atomlin.com> · 2022-02-11
[PATCH v5 10/13] module: Move procfs support into a separate file · Aaron Tomlin <hidden> · 2022-02-09
Re: [PATCH v5 10/13] module: Move procfs support into a separate file · Christophe Leroy <hidden> · 2022-02-10
[PATCH v5 09/13] module: Move kallsyms support into a separate file · Aaron Tomlin <hidden> · 2022-02-09
Re: [PATCH v5 09/13] module: Move kallsyms support into a separate file · Christophe Leroy <hidden> · 2022-02-10
Re: [PATCH v5 09/13] module: Move kallsyms support into a separate file · Aaron Tomlin <hidden> · 2022-02-11
Re: [PATCH v5 07/13] module: Move extra signature support out of core code · Michal Suchánek <hidden> · 2022-02-09
Re: [PATCH v5 07/13] module: Move extra signature support out of core code · Aaron Tomlin <hidden> · 2022-02-10
Re: [PATCH v5 07/13] module: Move extra signature support out of core code · Christophe Leroy <hidden> · 2022-02-10
Re: [PATCH v5 07/13] module: Move extra signature support out of core code · Aaron Tomlin <hidden> · 2022-02-11

From: Christophe Leroy <hidden>
Date: 2022-02-10 13:01:50
Also in: live-patching, lkml

Why do patches 7 to 13 have a Reply-to: 
20220209170358.3266629-1-atomlin@redhat.com and not patches 1 to 6 ?

Le 09/02/2022 à 18:08, Aaron Tomlin a écrit :

quoted hunk ↗ jump to hunk

No functional change.

This patch migrates additional module signature check
code from core module code into kernel/module/signing.c.

Signed-off-by: Aaron Tomlin <redacted>
---
  include/linux/module.h   |  1 +
  kernel/module/internal.h |  9 +++++
  kernel/module/main.c     | 87 ----------------------------------------
  kernel/module/signing.c  | 75 ++++++++++++++++++++++++++++++++++
  4 files changed, 85 insertions(+), 87 deletions(-)

diff --git a/include/linux/module.h b/include/linux/module.h
index fd6161d78127..aea0ffd94a41 100644
--- a/include/linux/module.h
+++ b/include/linux/module.h

@@ -863,6 +863,7 @@ static inline bool module_sig_ok(struct module *module)
  {
  	return true;
  }
+#define sig_enforce false

Having that is module.h  it may redefine some existing symbol, like in 
security/integrity/ima/ima_main.c

sig_enforce is used only in signing.c so it should be defined there 
exclusively. This #define shouldn't be needed at all.



And checkpatch is not happy:

CHECK: Please use a blank line after function/struct/union/enum declarations
#27: FILE: include/linux/module.h:866:
  }
+#define sig_enforce false

  #endif	/* CONFIG_MODULE_SIG */
  
  int module_kallsyms_on_each_symbol(int (*fn)(void *, const char *,

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help