module: Invalidate signatures on force-loaded modules (1d307756) · Commits · e / devices / android_kernel_xiaomi_markw

kernel/module.c

+9 −4

Original line number	Diff line number	Diff line
		@@ -2454,13 +2454,18 @@ static inline void kmemleak_load_module(const struct module *mod,
		#endif

		#ifdef CONFIG_MODULE_SIG
		static int module_sig_check(struct load_info *info)
		static int module_sig_check(struct load_info *info, int flags)
		{
		int err = -ENOKEY;
		const unsigned long markerlen = sizeof(MODULE_SIG_STRING) - 1;
		const void *mod = info->hdr;

		if (info->len > markerlen &&
		/*
		* Require flags == 0, as a module with version information
		* removed is no longer the module that was signed
		*/
		if (flags == 0 &&
		info->len > markerlen &&
		memcmp(mod + info->len - markerlen, MODULE_SIG_STRING, markerlen) == 0) {
		/* We truncate the module to discard the signature */
		info->len -= markerlen;
		@@ -2479,7 +2484,7 @@ static int module_sig_check(struct load_info *info)
		return err;
		}
		#else /* !CONFIG_MODULE_SIG */
		static int module_sig_check(struct load_info *info)
		static int module_sig_check(struct load_info *info, int flags)
		{
		return 0;
		}
		@@ -3215,7 +3220,7 @@ static int load_module(struct load_info info, const char __user uargs,
		long err;
		char *after_dashes;

		err = module_sig_check(info);
		err = module_sig_check(info, flags);
		if (err)
		goto free_copy;