Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge tag 'modules-7.0-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/modules/linux
Pull module updates from Sami Tolvanen:
"Module signing:
- Remove SHA-1 support for signing modules.
SHA-1 is no longer considered secure for signatures due to
vulnerabilities that can lead to hash collisions. None of the major
distributions use SHA-1 anymore, and the kernel has defaulted to
SHA-512 since v6.11.
Note that loading SHA-1 signed modules is still supported.
- Update scripts/sign-file to use only the OpenSSL CMS API for
signing.
As SHA-1 support is gone, we can drop the legacy PKCS#7 API which
was limited to SHA-1. This also cleans up support for legacy
OpenSSL versions.
Cleanups and fixes:
- Use system_dfl_wq instead of the per-cpu system_wq following the
ongoing workqueue API refactoring.
- Avoid open-coded kvrealloc() in module decompression logic by using
the standard helper.
- Improve section annotations by replacing the custom __modinit with
__init_or_module and removing several unused __INIT*_OR_MODULE
macros.
- Fix kernel-doc warnings in include/linux/moduleparam.h.
- Ensure set_module_sig_enforced is only declared when module signing
is enabled.
- Fix gendwarfksyms build failures on 32-bit hosts.
MAINTAINERS:
- Update the module subsystem entry to reflect the maintainer
rotation and update the git repository link"
* tag 'modules-7.0-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/modules/linux:
modules: moduleparam.h: fix kernel-doc comments
module: Only declare set_module_sig_enforced when CONFIG_MODULE_SIG=y
module/decompress: Avoid open-coded kvrealloc()
gendwarfksyms: Fix build on 32-bit hosts
sign-file: Use only the OpenSSL CMS API for signing
module: Remove SHA-1 support for module signing
module: replace use of system_wq with system_dfl_wq
params: Replace __modinit with __init_or_module
module: Remove unused __INIT*_OR_MODULE macros
MAINTAINERS: Update module subsystem maintainers and repository
+35
-106
+2
-2
MAINTAINERS
+2
-2
MAINTAINERS
···
17636
17636
M: Luis Chamberlain <mcgrof@kernel.org>
17637
17637
M: Petr Pavlu <petr.pavlu@suse.com>
17638
17638
M: Daniel Gomez <da.gomez@kernel.org>
17639
-
R: Sami Tolvanen <samitolvanen@google.com>
17639
+
M: Sami Tolvanen <samitolvanen@google.com>
17640
17640
R: Aaron Tomlin <atomlin@atomlin.com>
17641
17641
L: linux-modules@vger.kernel.org
17642
17642
L: linux-kernel@vger.kernel.org
17643
17643
S: Maintained
17644
-
T: git git://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux.git modules-next
17644
+
T: git git://git.kernel.org/pub/scm/linux/kernel/git/modules/linux.git modules-next
17645
17645
F: include/linux/kmod.h
17646
17646
F: include/linux/module*.h
17647
17647
F: kernel/module/
+6
-12
include/linux/module.h
+6
-12
include/linux/module.h
···
151
151
#define __init_or_module
152
152
#define __initdata_or_module
153
153
#define __initconst_or_module
154
-
#define __INIT_OR_MODULE .text
155
-
#define __INITDATA_OR_MODULE .data
156
-
#define __INITRODATA_OR_MODULE .section ".rodata","a",%progbits
157
154
#else
158
155
#define __init_or_module __init
159
156
#define __initdata_or_module __initdata
160
157
#define __initconst_or_module __initconst
161
-
#define __INIT_OR_MODULE __INIT
162
-
#define __INITDATA_OR_MODULE __INITDATA
163
-
#define __INITRODATA_OR_MODULE __INITRODATA
164
158
#endif /*CONFIG_MODULES*/
165
159
166
160
struct module_kobject *lookup_or_create_module_kobject(const char *name);
···
764
770
#endif
765
771
}
766
772
767
-
void set_module_sig_enforced(void);
768
-
769
773
void module_for_each_mod(int(*func)(struct module *mod, void *data), void *data);
770
774
771
775
#else /* !CONFIG_MODULES... */
···
858
866
}
859
867
860
868
861
-
static inline void set_module_sig_enforced(void)
862
-
{
863
-
}
864
-
865
869
/* Dereference module function descriptor */
866
870
static inline
867
871
void *dereference_module_function_descriptor(struct module *mod, void *ptr)
···
913
925
#ifdef CONFIG_MODULE_SIG
914
926
bool is_module_sig_enforced(void);
915
927
928
+
void set_module_sig_enforced(void);
929
+
916
930
static inline bool module_sig_ok(struct module *module)
917
931
{
918
932
return module->sig_ok;
···
923
933
static inline bool is_module_sig_enforced(void)
924
934
{
925
935
return false;
936
+
}
937
+
938
+
static inline void set_module_sig_enforced(void)
939
+
{
926
940
}
927
941
928
942
static inline bool module_sig_ok(struct module *module)
+6
-2
include/linux/moduleparam.h
+6
-2
include/linux/moduleparam.h
···
355
355
/**
356
356
* __core_param_cb - similar like core_param, with a set/get ops instead of type.
357
357
* @name: the name of the cmdline and sysfs parameter (often the same as var)
358
-
* @var: the variable
359
358
* @ops: the set & get operations for this parameter.
359
+
* @arg: the variable
360
360
* @perm: visibility in sysfs
361
361
*
362
362
* Ideally this should be called 'core_param_cb', but the name has been
···
390
390
* @name1: parameter name 1
391
391
* @name2: parameter name 2
392
392
*
393
-
* Returns true if the two parameter names are equal.
393
+
* Returns: true if the two parameter names are equal.
394
394
* Dashes (-) are considered equal to underscores (_).
395
395
*/
396
396
extern bool parameq(const char *name1, const char *name2);
···
402
402
* @n: the length to compare
403
403
*
404
404
* Similar to parameq(), except it compares @n characters.
405
+
*
406
+
* Returns: true if the first @n characters of the two parameter names
407
+
* are equal.
408
+
* Dashes (-) are considered equal to underscores (_).
405
409
*/
406
410
extern bool parameqn(const char *name1, const char *name2, size_t n);
407
411
-5
kernel/module/Kconfig
-5
kernel/module/Kconfig
···
299
299
possible to load a signed module containing the algorithm to check
300
300
the signature on that module.
301
301
302
-
config MODULE_SIG_SHA1
303
-
bool "SHA-1"
304
-
select CRYPTO_SHA1
305
-
306
302
config MODULE_SIG_SHA256
307
303
bool "SHA-256"
308
304
select CRYPTO_SHA256
···
328
332
config MODULE_SIG_HASH
329
333
string
330
334
depends on MODULE_SIG || IMA_APPRAISE_MODSIG
331
-
default "sha1" if MODULE_SIG_SHA1
332
335
default "sha256" if MODULE_SIG_SHA256
333
336
default "sha384" if MODULE_SIG_SHA384
334
337
default "sha512" if MODULE_SIG_SHA512
+5
-5
kernel/module/decompress.c
+5
-5
kernel/module/decompress.c
···
17
17
static int module_extend_max_pages(struct load_info *info, unsigned int extent)
18
18
{
19
19
struct page **new_pages;
20
+
unsigned int new_max = info->max_pages + extent;
20
21
21
-
new_pages = kvmalloc_array(info->max_pages + extent,
22
-
sizeof(info->pages), GFP_KERNEL);
22
+
new_pages = kvrealloc(info->pages,
23
+
size_mul(new_max, sizeof(*info->pages)),
24
+
GFP_KERNEL);
23
25
if (!new_pages)
24
26
return -ENOMEM;
25
27
26
-
memcpy(new_pages, info->pages, info->max_pages * sizeof(info->pages));
27
-
kvfree(info->pages);
28
28
info->pages = new_pages;
29
-
info->max_pages += extent;
29
+
info->max_pages = new_max;
30
30
31
31
return 0;
32
32
}
+2
-2
kernel/module/dups.c
+2
-2
kernel/module/dups.c
···
113
113
* let this linger forever as this is just a boot optimization for
114
114
* possible abuses of vmalloc() incurred by finit_module() thrashing.
115
115
*/
116
-
queue_delayed_work(system_wq, &kmod_req->delete_work, 60 * HZ);
116
+
queue_delayed_work(system_dfl_wq, &kmod_req->delete_work, 60 * HZ);
117
117
}
118
118
119
119
bool kmod_dup_request_exists_wait(char *module_name, bool wait, int *dup_ret)
···
240
240
* There is no rush. But we also don't want to hold the
241
241
* caller up forever or introduce any boot delays.
242
242
*/
243
-
queue_work(system_wq, &kmod_req->complete_work);
243
+
queue_work(system_dfl_wq, &kmod_req->complete_work);
244
244
245
245
out:
246
246
mutex_unlock(&kmod_dup_mutex);
+5
-10
kernel/params.c
+5
-10
kernel/params.c
···
596
596
}
597
597
#endif
598
598
599
-
#ifdef CONFIG_MODULES
600
-
#define __modinit
601
-
#else
602
-
#define __modinit __init
603
-
#endif
604
-
605
599
#ifdef CONFIG_SYSFS
606
600
void kernel_param_lock(struct module *mod)
607
601
{
···
620
626
* create file in sysfs. Returns an error on out of memory. Always cleans up
621
627
* if there's an error.
622
628
*/
623
-
static __modinit int add_sysfs_param(struct module_kobject *mk,
624
-
const struct kernel_param *kp,
625
-
const char *name)
629
+
static __init_or_module int add_sysfs_param(struct module_kobject *mk,
630
+
const struct kernel_param *kp,
631
+
const char *name)
626
632
{
627
633
struct module_param_attrs *new_mp;
628
634
struct attribute **new_attrs;
···
755
761
params[i].ops->free(params[i].arg);
756
762
}
757
763
758
-
struct module_kobject __modinit * lookup_or_create_module_kobject(const char *name)
764
+
struct module_kobject * __init_or_module
765
+
lookup_or_create_module_kobject(const char *name)
759
766
{
760
767
struct module_kobject *mk;
761
768
struct kobject *kobj;
+3
-1
scripts/gendwarfksyms/dwarf.c
+3
-1
scripts/gendwarfksyms/dwarf.c
···
750
750
Dwarf_Die *die)
751
751
{
752
752
bool overridden = false;
753
+
unsigned long override;
753
754
Dwarf_Word value;
754
755
755
756
if (stable) {
···
762
761
return;
763
762
764
763
overridden = kabi_get_enumerator_value(
765
-
state->expand.current_fqn, cache->fqn, &value);
764
+
state->expand.current_fqn, cache->fqn, &override);
765
+
value = override;
766
766
}
767
767
768
768
process_list_comma(state, cache);
+3
-2
scripts/gendwarfksyms/symbols.c
+3
-2
scripts/gendwarfksyms/symbols.c
···
3
3
* Copyright (C) 2024 Google LLC
4
4
*/
5
5
6
+
#include <inttypes.h>
6
7
#include "gendwarfksyms.h"
7
8
8
9
#define SYMBOL_HASH_BITS 12
···
243
242
error("elf_getdata failed: %s", elf_errmsg(-1));
244
243
245
244
if (shdr->sh_entsize != sym_size)
246
-
error("expected sh_entsize (%lu) to be %zu",
245
+
error("expected sh_entsize (%" PRIu64 ") to be %zu",
247
246
shdr->sh_entsize, sym_size);
248
247
249
248
nsyms = shdr->sh_size / shdr->sh_entsize;
···
293
292
hash_add(symbol_addrs, &sym->addr_hash,
294
293
symbol_addr_hash(&sym->addr));
295
294
296
-
debug("%s -> { %u, %lx }", sym->name, sym->addr.section,
295
+
debug("%s -> { %u, %" PRIx64 " }", sym->name, sym->addr.section,
297
296
sym->addr.address);
298
297
} else if (sym->addr.section != addr->section ||
299
298
sym->addr.address != addr->address) {
+3
-65
scripts/sign-file.c
+3
-65
scripts/sign-file.c
···
24
24
#include <arpa/inet.h>
25
25
#include <openssl/opensslv.h>
26
26
#include <openssl/bio.h>
27
+
#include <openssl/cms.h>
27
28
#include <openssl/evp.h>
28
29
#include <openssl/pem.h>
29
30
#include <openssl/err.h>
···
39
38
# endif
40
39
#endif
41
40
#include "ssl-common.h"
42
-
43
-
/*
44
-
* Use CMS if we have openssl-1.0.0 or newer available - otherwise we have to
45
-
* assume that it's not available and its header file is missing and that we
46
-
* should use PKCS#7 instead. Switching to the older PKCS#7 format restricts
47
-
* the options we have on specifying the X.509 certificate we want.
48
-
*
49
-
* Further, older versions of OpenSSL don't support manually adding signers to
50
-
* the PKCS#7 message so have to accept that we get a certificate included in
51
-
* the signature message. Nor do such older versions of OpenSSL support
52
-
* signing with anything other than SHA1 - so we're stuck with that if such is
53
-
* the case.
54
-
*/
55
-
#if defined(LIBRESSL_VERSION_NUMBER) || \
56
-
OPENSSL_VERSION_NUMBER < 0x10000000L || \
57
-
defined(OPENSSL_NO_CMS)
58
-
#define USE_PKCS7
59
-
#endif
60
-
#ifndef USE_PKCS7
61
-
#include <openssl/cms.h>
62
-
#else
63
-
#include <openssl/pkcs7.h>
64
-
#endif
65
41
66
42
struct module_signature {
67
43
uint8_t algo; /* Public-key crypto algorithm [0] */
···
206
228
bool raw_sig = false;
207
229
unsigned char buf[4096];
208
230
unsigned long module_size, sig_size;
209
-
unsigned int use_signed_attrs;
210
231
const EVP_MD *digest_algo;
211
232
EVP_PKEY *private_key;
212
-
#ifndef USE_PKCS7
213
233
CMS_ContentInfo *cms = NULL;
214
234
unsigned int use_keyid = 0;
215
-
#else
216
-
PKCS7 *pkcs7 = NULL;
217
-
#endif
218
235
X509 *x509;
219
236
BIO *bd, *bm;
220
237
int opt, n;
···
219
246
220
247
key_pass = getenv("KBUILD_SIGN_PIN");
221
248
222
-
#ifndef USE_PKCS7
223
-
use_signed_attrs = CMS_NOATTR;
224
-
#else
225
-
use_signed_attrs = PKCS7_NOATTR;
226
-
#endif
227
-
228
249
do {
229
250
opt = getopt(argc, argv, "sdpk");
230
251
switch (opt) {
231
252
case 's': raw_sig = true; break;
232
253
case 'p': save_sig = true; break;
233
254
case 'd': sign_only = true; save_sig = true; break;
234
-
#ifndef USE_PKCS7
235
255
case 'k': use_keyid = CMS_USE_KEYID; break;
236
-
#endif
237
256
case -1: break;
238
257
default: format();
239
258
}
···
254
289
replace_orig = true;
255
290
}
256
291
257
-
#ifdef USE_PKCS7
258
-
if (strcmp(hash_algo, "sha1") != 0) {
259
-
fprintf(stderr, "sign-file: %s only supports SHA1 signing\n",
260
-
OPENSSL_VERSION_TEXT);
261
-
exit(3);
262
-
}
263
-
#endif
264
-
265
292
/* Open the module file */
266
293
bm = BIO_new_file(module_name, "rb");
267
294
ERR(!bm, "%s", module_name);
···
271
314
digest_algo = EVP_get_digestbyname(hash_algo);
272
315
ERR(!digest_algo, "EVP_get_digestbyname");
273
316
274
-
#ifndef USE_PKCS7
275
-
276
317
unsigned int flags =
277
318
CMS_NOCERTS |
319
+
CMS_NOATTR |
278
320
CMS_PARTIAL |
279
321
CMS_BINARY |
280
322
CMS_DETACHED |
···
291
335
/* ML-DSA + CMS_NOATTR is not supported in openssl-3.5
292
336
* and before.
293
337
*/
294
-
use_signed_attrs = 0;
338
+
flags &= ~CMS_NOATTR;
295
339
}
296
340
#endif
297
-
298
-
flags |= use_signed_attrs;
299
341
300
342
/* Load the signature message from the digest buffer. */
301
343
cms = CMS_sign(NULL, NULL, NULL, NULL, flags);
···
304
350
ERR(CMS_final(cms, bm, NULL, flags) != 1,
305
351
"CMS_final");
306
352
307
-
#else
308
-
pkcs7 = PKCS7_sign(x509, private_key, NULL, bm,
309
-
PKCS7_NOCERTS | PKCS7_BINARY |
310
-
PKCS7_DETACHED | use_signed_attrs);
311
-
ERR(!pkcs7, "PKCS7_sign");
312
-
#endif
313
-
314
353
if (save_sig) {
315
354
char *sig_file_name;
316
355
BIO *b;
···
312
365
"asprintf");
313
366
b = BIO_new_file(sig_file_name, "wb");
314
367
ERR(!b, "%s", sig_file_name);
315
-
#ifndef USE_PKCS7
316
368
ERR(i2d_CMS_bio_stream(b, cms, NULL, 0) != 1,
317
369
"%s", sig_file_name);
318
-
#else
319
-
ERR(i2d_PKCS7_bio(b, pkcs7) != 1,
320
-
"%s", sig_file_name);
321
-
#endif
322
370
BIO_free(b);
323
371
}
324
372
···
340
398
module_size = BIO_number_written(bd);
341
399
342
400
if (!raw_sig) {
343
-
#ifndef USE_PKCS7
344
401
ERR(i2d_CMS_bio_stream(bd, cms, NULL, 0) != 1, "%s", dest_name);
345
-
#else
346
-
ERR(i2d_PKCS7_bio(bd, pkcs7) != 1, "%s", dest_name);
347
-
#endif
348
402
} else {
349
403
BIO *b;
350
404