Re: [PATCH v2 2/5] modules: Refactor + kdoc elf_validity_cached_copy

[PATCH v2 0/5] MODVERSIONS + RUST Redux · Matthew Maurer <hidden> · 2023-11-18
[PATCH v2 1/5] export_report: Rehabilitate script · Matthew Maurer <hidden> · 2023-11-18
Re: [PATCH v2 1/5] export_report: Rehabilitate script · Greg KH <gregkh@linuxfoundation.org> · 2023-11-18
[PATCH v2 3/5] modpost: Extended modversion support · Matthew Maurer <hidden> · 2023-11-18
Re: [PATCH v2 3/5] modpost: Extended modversion support · kernel test robot <hidden> · 2023-11-18
[PATCH v2 2/5] modules: Refactor + kdoc elf_validity_cached_copy · Matthew Maurer <hidden> · 2023-11-18
Re: [PATCH v2 2/5] modules: Refactor + kdoc elf_validity_cached_copy · Greg KH <hidden> · 2023-11-18
[PATCH v2 4/5] rust: Allow MODVERSIONS · Matthew Maurer <hidden> · 2023-11-18
[PATCH v2 5/5] export_report: Use new version info format · Matthew Maurer <hidden> · 2023-11-18
Re: [PATCH v2 0/5] MODVERSIONS + RUST Redux · Masahiro Yamada <masahiroy@kernel.org> · 2023-11-22
Re: [PATCH v2 0/5] MODVERSIONS + RUST Redux · Matthew Maurer <hidden> · 2023-11-22
Re: [PATCH v2 0/5] MODVERSIONS + RUST Redux · Greg KH <gregkh@linuxfoundation.org> · 2023-11-23
Re: [PATCH v2 0/5] MODVERSIONS + RUST Redux · Masahiro Yamada <masahiroy@kernel.org> · 2023-11-23
Re: [PATCH v2 0/5] MODVERSIONS + RUST Redux · Greg KH <gregkh@linuxfoundation.org> · 2023-11-23
Re: [PATCH v2 0/5] MODVERSIONS + RUST Redux · Matthew Maurer <hidden> · 2023-11-27
Re: [PATCH v2 0/5] MODVERSIONS + RUST Redux · Greg KH <gregkh@linuxfoundation.org> · 2023-11-28
Re: [PATCH v2 0/5] MODVERSIONS + RUST Redux · Greg KH <gregkh@linuxfoundation.org> · 2023-11-28

From: Greg KH <hidden>
Date: 2023-11-18 11:45:50
Also in: linux-kbuild, linux-modules, lkml, rust-for-linux

On Sat, Nov 18, 2023 at 02:54:43AM +0000, Matthew Maurer wrote:

Functionality is almost identical, just structured for better
documentation and readability. Changes:

* Section names are checked for *all* non-SHT_NULL sections, not just
  SHF_ALLOC sections. We have code that accesses section names of
  non-SHF_ALLOC sections (see find_any_sec for example)
* The section name check occurs *before* strcmping on section names.
  Previously, it was possible to use an out-of-bounds offset to strcmp
  against ".modinfo" or ".gnu.linkonce.this_module"
* strtab is checked for NUL lead+termination and nonzero size
* The symbol table is swept to ensure offsets are inbounds of strtab

While some of these oversights would normally be worrying, all of the
potentially unverified accesses occur after signature check, and only in
response to a user who can load a kernel module.

Signed-off-by: Matthew Maurer <redacted>
---
 kernel/module/internal.h |   7 +-
 kernel/module/main.c     | 585 +++++++++++++++++++++++++++++----------
 2 files changed, 444 insertions(+), 148 deletions(-)

Again, this needs to be broken into much smaller pieces before we can
even review it.  Would you want to review this?

thanks,

greg "think of the reviewers" k-h

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help