tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'modules-7.0-rc3.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/modules/linux

Pull module fixes from Sami Tolvanen:

- Fix a potential kernel panic in the module loader by adding a bounds
check for the ELF section index. This prevents crashes if attempting
to load a module that uses SHN_XINDEX or is corrupted.

- Fix the Kconfig menu layout for module versioning, signing, and
compression options so they correctly appear as submenus in
menuconfig.

- Remove a redundant lockdep_free_key_range() call in the load_module()
error path. This is already handled by module_deallocate() calling
free_mod_mem() since the module_memory rework.

* tag 'modules-7.0-rc3.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/modules/linux:
module: Fix kernel panic when a symbol st_shndx is out of bounds
module: Fix the modversions and signing submenus
module: Remove duplicate freeing of lockdep classes

Linus Torvalds c107785c 0b3bb205

+20 -16
+13 -10
kernel/module/Kconfig
··· 169 169 make them incompatible with the kernel you are running. If 170 170 unsure, say N. 171 171 172 + if MODVERSIONS 173 + 172 174 choice 173 175 prompt "Module versioning implementation" 174 - depends on MODVERSIONS 175 176 help 176 177 Select the tool used to calculate symbol versions for modules. 177 178 ··· 207 206 208 207 config ASM_MODVERSIONS 209 208 bool 210 - default HAVE_ASM_MODVERSIONS && MODVERSIONS 209 + default HAVE_ASM_MODVERSIONS 211 210 help 212 211 This enables module versioning for exported symbols also from 213 212 assembly. This can be enabled only when the target architecture ··· 215 214 216 215 config EXTENDED_MODVERSIONS 217 216 bool "Extended Module Versioning Support" 218 - depends on MODVERSIONS 219 217 help 220 218 This enables extended MODVERSIONs support, allowing long symbol 221 219 names to be versioned. ··· 224 224 225 225 config BASIC_MODVERSIONS 226 226 bool "Basic Module Versioning Support" 227 - depends on MODVERSIONS 228 227 default y 229 228 help 230 229 This enables basic MODVERSIONS support, allowing older tools or ··· 235 236 236 237 This is enabled by default when MODVERSIONS are enabled. 237 238 If unsure, say Y. 239 + 240 + endif # MODVERSIONS 238 241 239 242 config MODULE_SRCVERSION_ALL 240 243 bool "Source checksum for all modules" ··· 278 277 Reject unsigned modules or signed modules for which we don't have a 279 278 key. Without this, such modules will simply taint the kernel. 280 279 280 + if MODULE_SIG || IMA_APPRAISE_MODSIG 281 + 281 282 config MODULE_SIG_ALL 282 283 bool "Automatically sign all modules" 283 284 default y 284 - depends on MODULE_SIG || IMA_APPRAISE_MODSIG 285 285 help 286 286 Sign all modules during make modules_install. Without this option, 287 287 modules must be signed manually, using the scripts/sign-file tool. ··· 292 290 293 291 choice 294 292 prompt "Hash algorithm to sign modules" 295 - depends on MODULE_SIG || IMA_APPRAISE_MODSIG 296 293 default MODULE_SIG_SHA512 297 294 help 298 295 This determines which sort of hashing algorithm will be used during ··· 328 327 329 328 config MODULE_SIG_HASH 330 329 string 331 - depends on MODULE_SIG || IMA_APPRAISE_MODSIG 332 330 default "sha256" if MODULE_SIG_SHA256 333 331 default "sha384" if MODULE_SIG_SHA384 334 332 default "sha512" if MODULE_SIG_SHA512 335 333 default "sha3-256" if MODULE_SIG_SHA3_256 336 334 default "sha3-384" if MODULE_SIG_SHA3_384 337 335 default "sha3-512" if MODULE_SIG_SHA3_512 336 + 337 + endif # MODULE_SIG || IMA_APPRAISE_MODSIG 338 338 339 339 config MODULE_COMPRESS 340 340 bool "Module compression" ··· 352 350 353 351 If unsure, say N. 354 352 353 + if MODULE_COMPRESS 354 + 355 355 choice 356 356 prompt "Module compression type" 357 - depends on MODULE_COMPRESS 358 357 help 359 358 Choose the supported algorithm for module compression. 360 359 ··· 382 379 config MODULE_COMPRESS_ALL 383 380 bool "Automatically compress all modules" 384 381 default y 385 - depends on MODULE_COMPRESS 386 382 help 387 383 Compress all modules during 'make modules_install'. 388 384 ··· 391 389 392 390 config MODULE_DECOMPRESS 393 391 bool "Support in-kernel module decompression" 394 - depends on MODULE_COMPRESS 395 392 select ZLIB_INFLATE if MODULE_COMPRESS_GZIP 396 393 select XZ_DEC if MODULE_COMPRESS_XZ 397 394 select ZSTD_DECOMPRESS if MODULE_COMPRESS_ZSTD ··· 400 399 load pinning security policy is enabled. 401 400 402 401 If unsure, say N. 402 + 403 + endif # MODULE_COMPRESS 403 404 404 405 config MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS 405 406 bool "Allow loading of modules with missing namespace imports"
+7 -6
kernel/module/main.c
··· 1568 1568 break; 1569 1569 1570 1570 default: 1571 + if (sym[i].st_shndx >= info->hdr->e_shnum) { 1572 + pr_err("%s: Symbol %s has an invalid section index %u (max %u)\n", 1573 + mod->name, name, sym[i].st_shndx, info->hdr->e_shnum - 1); 1574 + ret = -ENOEXEC; 1575 + break; 1576 + } 1577 + 1571 1578 /* Divert to percpu allocation if a percpu var. */ 1572 1579 if (sym[i].st_shndx == info->index.pcpu) 1573 1580 secbase = (unsigned long)mod_percpu(mod); ··· 3551 3544 mutex_unlock(&module_mutex); 3552 3545 free_module: 3553 3546 mod_stat_bump_invalid(info, flags); 3554 - /* Free lock-classes; relies on the preceding sync_rcu() */ 3555 - for_class_mod_mem_type(type, core_data) { 3556 - lockdep_free_key_range(mod->mem[type].base, 3557 - mod->mem[type].size); 3558 - } 3559 - 3560 3547 module_memory_restore_rox(mod); 3561 3548 module_deallocate(mod, info); 3562 3549 free_copy: