Received: by 10.223.185.116 with SMTP id b49csp7192670wrg; Thu, 1 Mar 2018 01:10:13 -0800 (PST) X-Google-Smtp-Source: AG47ELu7P+smBXD523Qq8J0kfSyMYMskKHPCsmsbMC/ASOW04FSovKleHhqCuBegVIs4Y7h4hoeS X-Received: by 10.99.44.22 with SMTP id s22mr975837pgs.111.1519895412998; Thu, 01 Mar 2018 01:10:12 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519895412; cv=none; d=google.com; s=arc-20160816; b=EehaqYCKZY2N5kQPhBuNQKZwNnXdtFFWm+S9AMzAmVvxRvP/HbamDki/2rlXi8PQm7 dtzGC1DEJXuLczli2f7f7MenllzP2BTcbM14BewDZWrrRIcIcVj2C8dch1hBP006Gtcy pGHi8D4HSqiQA1ZoYVDu4RzzkGLnzPTaObt70sjBvOM4VRTJl6aOCeZaLNIZeRZZkUOb Zjc1oGzJNDxTh1LIKsoW248x6hzTnlTxwoysUurUAStSXPa+fSe8+rtSco8+9MaK5cMx /SDl25nTvVOvXYHx7w8TqGxbVoZ37FhBWeLIb7deR07lq+NozIKeuRnZMQc8LwZjJMe0 jj+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=dVeuusu5vqHAUKoBe3S71fGdzp+ODCxSprHs5Y23IkE=; b=Pj/8f4WWullUHs0PiVVpcyLEG4w5urVDBtINziAqXAFuSclkYOhsd22st8y4X4MATO f2ygcTGqY5YqFGgNfVujCo4osTFUbw7/SlthZyPgx2ZKPVn0gzFThtkiaYdh9bZ06XTK B1eqUY4wu1JmX4mmVgQ0LsNgOxfZOF5Yrfs7ujOnTiLIjQELjaWjtM7XDMRNrkvVPD1w Za7HrgqXFoVC6eaXMiaOagX97cMFxcMxFrRo0drDzO043wEF1banbe1f9lyLQrQxQeOT IOSKaynJGLv0C2j5ZdKKaOhDM3exGqsgilwGXfXKg84xcGEyVe0UFNpp1+cNcxOKZr4U oG5w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u7si2201406pgq.796.2018.03.01.01.09.57; Thu, 01 Mar 2018 01:10:12 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S966659AbeCAJJP (ORCPT + 99 others); Thu, 1 Mar 2018 04:09:15 -0500 Received: from out30-130.freemail.mail.aliyun.com ([115.124.30.130]:41736 "EHLO out30-130.freemail.mail.aliyun.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S965026AbeCAJJN (ORCPT ); Thu, 1 Mar 2018 04:09:13 -0500 X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R151e4;CH=green;FP=0|-1|-1|-1|0|-1|-1|-1;HT=e01e07417;MF=zhang.jia@linux.alibaba.com;NM=1;PH=DS;RN=3;SR=0;TI=SMTPD_---0Sykd57i_1519895348; Received: from localhost(mailfrom:zhang.jia@linux.alibaba.com fp:106.11.233.101) by smtp.aliyun-inc.com(127.0.0.1); Thu, 01 Mar 2018 17:09:08 +0800 From: Jia Zhang To: jeyu@kernel.org Cc: zhang.jia@linux.alibaba.com, linux-kernel@vger.kernel.org Subject: [PATCH 4/4] module: Allow to upgrade to validity enforcement in unforced mode Date: Thu, 1 Mar 2018 17:09:06 +0800 Message-Id: <1519895346-7961-4-git-send-email-zhang.jia@linux.alibaba.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1519895346-7961-1-git-send-email-zhang.jia@linux.alibaba.com> References: <1519895346-7961-1-git-send-email-zhang.jia@linux.alibaba.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org If module signature verification check is enabled but the validity enforcement is configured to be disabled, it should be allowed to enable it. Once enabled, it is disallowed to disable it. Signed-off-by: Jia Zhang --- kernel/module.c | 39 ++++++++++++++++++++++++++++++++++++--- 1 file changed, 36 insertions(+), 3 deletions(-) diff --git a/kernel/module.c b/kernel/module.c index e3c6c8e..89704df 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -2806,8 +2806,37 @@ static ssize_t modsign_enforce_read(struct file *filp, char __user *ubuf, return simple_read_from_buffer(ubuf, count, offp, buf, 1); } +#ifndef CONFIG_MODULE_SIG_FORCE +static ssize_t modsign_enforce_write(struct file *filp, + const char __user *ubuf, + size_t count, loff_t *offp) +{ + char buf; + ssize_t ret; + + if (*offp > 1) + return -EFBIG; + + ret = simple_write_to_buffer(&buf, 1, offp, ubuf, count); + if (ret > 0) { + if (buf != '1') + return -EINVAL; + + sig_enforce = true; + pr_notice_once("Kernel module validity enforcement enabled\n"); + + ret = count; + } + + return ret; +} +#endif + static const struct file_operations modsign_enforce_ops = { .read = modsign_enforce_read, +#ifndef CONFIG_MODULE_SIG_FORCE + .write = modsign_enforce_write, +#endif .llseek = generic_file_llseek, }; @@ -2815,14 +2844,18 @@ static int __init securityfs_init(void) { struct dentry *modsign_dir; struct dentry *enforce; + umode_t mode; modsign_dir = securityfs_create_dir("modsign", NULL); if (IS_ERR(modsign_dir)) return -1; - enforce = securityfs_create_file("enforce", - S_IRUSR | S_IRGRP, modsign_dir, - NULL, &modsign_enforce_ops); + mode = S_IRUSR | S_IRGRP; + if (!sig_enforce) + mode |= S_IWUSR; + + enforce = securityfs_create_file("enforce", mode, modsign_dir, NULL, + &modsign_enforce_ops); if (IS_ERR(enforce)) goto out; -- 1.8.3.1