tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

module: Give MODULE_SIG_STRING a more descriptive name

The purpose of the constant it is not entirely clear from its name.

As this constant is going to be exposed in a UAPI header, give it a more
specific name for clarity. As all its users call it 'marker', use that
wording in the constant itself.

Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de>
Reviewed-by: Petr Pavlu <petr.pavlu@suse.com>
Reviewed-by: Nicolas Schier <nsc@kernel.org>
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>

authored by

Thomas Weißschuh and committed by
Sami Tolvanen 2ae4ea2d acd87264

+8 -8
+2 -2
arch/s390/kernel/machine_kexec_file.c
··· 28 28 #ifdef CONFIG_KEXEC_SIG 29 29 int s390_verify_sig(const char *kernel, unsigned long kernel_len) 30 30 { 31 - const unsigned long marker_len = sizeof(MODULE_SIG_STRING) - 1; 31 + const unsigned long marker_len = sizeof(MODULE_SIGNATURE_MARKER) - 1; 32 32 struct module_signature *ms; 33 33 unsigned long sig_len; 34 34 int ret; ··· 40 40 if (marker_len > kernel_len) 41 41 return -EKEYREJECTED; 42 42 43 - if (memcmp(kernel + kernel_len - marker_len, MODULE_SIG_STRING, 43 + if (memcmp(kernel + kernel_len - marker_len, MODULE_SIGNATURE_MARKER, 44 44 marker_len)) 45 45 return -EKEYREJECTED; 46 46 kernel_len -= marker_len;
+1 -1
include/linux/module_signature.h
··· 12 12 #include <linux/types.h> 13 13 14 14 /* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */ 15 - #define MODULE_SIG_STRING "~Module signature appended~\n" 15 + #define MODULE_SIGNATURE_MARKER "~Module signature appended~\n" 16 16 17 17 enum module_signature_type { 18 18 MODULE_SIGNATURE_TYPE_PKCS7 = 2, /* Signature in PKCS#7 message */
+2 -2
kernel/module/signing.c
··· 70 70 int module_sig_check(struct load_info *info, int flags) 71 71 { 72 72 int err = -ENODATA; 73 - const unsigned long markerlen = sizeof(MODULE_SIG_STRING) - 1; 73 + const unsigned long markerlen = sizeof(MODULE_SIGNATURE_MARKER) - 1; 74 74 const char *reason; 75 75 const void *mod = info->hdr; 76 76 bool mangled_module = flags & (MODULE_INIT_IGNORE_MODVERSIONS | ··· 81 81 */ 82 82 if (!mangled_module && 83 83 info->len > markerlen && 84 - memcmp(mod + info->len - markerlen, MODULE_SIG_STRING, markerlen) == 0) { 84 + memcmp(mod + info->len - markerlen, MODULE_SIGNATURE_MARKER, markerlen) == 0) { 85 85 /* We truncate the module to discard the signature */ 86 86 info->len -= markerlen; 87 87 err = mod_verify_sig(mod, info);
+3 -3
security/integrity/ima/ima_modsig.c
··· 40 40 int ima_read_modsig(enum ima_hooks func, const void *buf, loff_t buf_len, 41 41 struct modsig **modsig) 42 42 { 43 - const size_t marker_len = strlen(MODULE_SIG_STRING); 43 + const size_t marker_len = strlen(MODULE_SIGNATURE_MARKER); 44 44 const struct module_signature *sig; 45 45 struct modsig *hdr; 46 46 size_t sig_len; ··· 51 51 return -ENOENT; 52 52 53 53 p = buf + buf_len - marker_len; 54 - if (memcmp(p, MODULE_SIG_STRING, marker_len)) 54 + if (memcmp(p, MODULE_SIGNATURE_MARKER, marker_len)) 55 55 return -ENOENT; 56 56 57 57 buf_len -= marker_len; ··· 105 105 * Provide the file contents (minus the appended sig) so that the PKCS7 106 106 * code can calculate the file hash. 107 107 */ 108 - size -= modsig->raw_pkcs7_len + strlen(MODULE_SIG_STRING) + 108 + size -= modsig->raw_pkcs7_len + strlen(MODULE_SIGNATURE_MARKER) + 109 109 sizeof(struct module_signature); 110 110 rc = pkcs7_supply_detached_data(modsig->pkcs7_msg, buf, size); 111 111 if (rc)