Re: [PATCH v5 6/6] module: Move duplicate mod_check_sig users code to mod_parse_sig

[PATCH v5 0/6] KEXEC_SIG with appended signature · Michal Suchanek <hidden> · 2022-01-11
[PATCH v5 3/6] kexec_file: Don't opencode appended signature verification. · Michal Suchanek <hidden> · 2022-01-11
Re: [PATCH v5 3/6] kexec_file: Don't opencode appended signature verification. · Luis Chamberlain <mcgrof@kernel.org> · 2022-01-25
Re: [PATCH v5 3/6] kexec_file: Don't opencode appended signature verification. · Michal Suchánek <hidden> · 2022-02-03
[PATCH v5 2/6] powerpc/kexec_file: Add KEXEC_SIG support. · Michal Suchanek <hidden> · 2022-01-11
Re: [PATCH v5 2/6] powerpc/kexec_file: Add KEXEC_SIG support. · Michael Ellerman <mpe@ellerman.id.au> · 2022-02-09
Re: [PATCH v5 2/6] powerpc/kexec_file: Add KEXEC_SIG support. · Paul Menzel <hidden> · 2022-02-09
Re: [PATCH v5 2/6] powerpc/kexec_file: Add KEXEC_SIG support. · Michal Suchánek <hidden> · 2022-02-09
Re: [PATCH v5 2/6] powerpc/kexec_file: Add KEXEC_SIG support. · Paul Menzel <hidden> · 2022-02-11
Re: [PATCH v5 2/6] powerpc/kexec_file: Add KEXEC_SIG support. · Mimi Zohar <zohar@linux.ibm.com> · 2022-02-13
Re: [PATCH v5 2/6] powerpc/kexec_file: Add KEXEC_SIG support. · Mimi Zohar <zohar@linux.ibm.com> · 2022-02-14
Re: [PATCH v5 2/6] powerpc/kexec_file: Add KEXEC_SIG support. · Mimi Zohar <zohar@linux.ibm.com> · 2022-02-14
Re: [PATCH v5 2/6] powerpc/kexec_file: Add KEXEC_SIG support. · Michal Suchánek <hidden> · 2022-02-14
Re: [PATCH v5 2/6] powerpc/kexec_file: Add KEXEC_SIG support. · Mimi Zohar <zohar@linux.ibm.com> · 2022-02-14
[PATCH v5 4/6] module: strip the signature marker in the verification function. · Michal Suchanek <hidden> · 2022-01-11
Re: [PATCH v5 4/6] module: strip the signature marker in the verification function. · Luis Chamberlain <mcgrof@kernel.org> · 2022-01-25
[PATCH v5 5/6] module: Use key_being_used_for for log messages in verify_appended_signature · Michal Suchanek <hidden> · 2022-01-11
Re: [PATCH v5 5/6] module: Use key_being_used_for for log messages in verify_appended_signature · Luis Chamberlain <mcgrof@kernel.org> · 2022-01-25
[PATCH v5 1/6] s390/kexec_file: Don't opencode appended signature check. · Michal Suchanek <hidden> · 2022-01-11
[PATCH v5 6/6] module: Move duplicate mod_check_sig users code to mod_parse_sig · Michal Suchanek <hidden> · 2022-01-11
Re: [PATCH v5 6/6] module: Move duplicate mod_check_sig users code to mod_parse_sig · Luis Chamberlain <mcgrof@kernel.org> · 2022-01-25
Re: [PATCH v5 0/6] KEXEC_SIG with appended signature · Luis Chamberlain <mcgrof@kernel.org> · 2022-01-25
Re: [PATCH v5 0/6] KEXEC_SIG with appended signature · Michael Ellerman <mpe@ellerman.id.au> · 2022-02-09
Re: [PATCH v5 0/6] KEXEC_SIG with appended signature · Luis Chamberlain <mcgrof@kernel.org> · 2022-02-10
Re: [PATCH v5 0/6] KEXEC_SIG with appended signature · Mimi Zohar <zohar@linux.ibm.com> · 2022-02-13
Re: [PATCH v5 0/6] KEXEC_SIG with appended signature · Mimi Zohar <zohar@linux.ibm.com> · 2022-02-13

From: Luis Chamberlain <mcgrof@kernel.org>
Date: 2022-01-25 20:27:17
Also in: kexec, keyrings, linux-crypto, linux-integrity, linux-s390, linux-security-module, lkml

On Tue, Jan 11, 2022 at 12:37:48PM +0100, Michal Suchanek wrote:

Multiple users of mod_check_sig check for the marker, then call
mod_check_sig, extract signature length, and remove the signature.

Put this code in one place together with mod_check_sig.

This changes the error from ENOENT to ENODATA for ima_read_modsig in the
case the signature marker is missing.

This also changes the buffer length in ima_read_modsig from size_t to
unsigned long. This reduces the possible value range on 32bit but the
length refers to kernel in-memory buffer which cannot be longer than
ULONG_MAX.

Also change mod_check_sig to unsigned long while at it.

Signed-off-by: Michal Suchanek <redacted>

Reviewed-by: Luis Chamberlain <mcgrof@kernel.org>

  Luis

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help