brain-hackers_pepepper-mirror
/
linux-brain
mirror of https://github.com/brain-hackers/linux-brain.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Linux kernel source tree for SHARP Brain series (PW-SH1 or later)
885,619 Commits 19 Branches 467 Tags 3.3 GiB
C 97.8%
Assembly 1.4%
Makefile 0.3%
Shell 0.2%
Python 0.1%
Other 0.1%
Go to file
Frank van der Linden 05d891e76d module: harden ELF info handling 
[ Upstream commit ec2a29593c83ed71a7f16e3243941ebfcf75fdf6 ]

5fdc7db644 ("module: setup load info before module_sig_check()")
moved the ELF setup, so that it was done before the signature
check. This made the module name available to signature error
messages.

However, the checks for ELF correctness in setup_load_info
are not sufficient to prevent bad memory references due to
corrupted offset fields, indices, etc.

So, there's a regression in behavior here: a corrupt and unsigned
(or badly signed) module, which might previously have been rejected
immediately, can now cause an oops/crash.

Harden ELF handling for module loading by doing the following:

- Move the signature check back up so that it comes before ELF
  initialization. It's best to do the signature check to see
  if we can trust the module, before using the ELF structures
  inside it. This also makes checks against info->len
  more accurate again, as this field will be reduced by the
  length of the signature in mod_check_sig().

  The module name is now once again not available for error
  messages during the signature check, but that seems like
  a fair tradeoff.

- Check if sections have offset / size fields that at least don't
  exceed the length of the module.

- Check if sections have section name offsets that don't fall
  outside the section name table.

- Add a few other sanity checks against invalid section indices,
  etc.

This is not an exhaustive consistency check, but the idea is to
at least get through the signature and blacklist checks without
crashing because of corrupted ELF info, and to error out gracefully
for most issues that would have caused problems later on.

Fixes: 5fdc7db644 ("module: setup load info before module_sig_check()")
Signed-off-by: Frank van der Linden <fllinden@amazon.com>
Signed-off-by: Jessica Yu <jeyu@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2021-04-07 14:47:38 +02:00
Documentation KVM: arm64: Reject VM creation when the default IPA size is unsupported 2021-03-17 17:03:57 +01:00
LICENSES LICENSES: Rename other to deprecated 2019-05-03 06:34:32 -06:00
arch x86/mem_encrypt: Correct physical address calculation in __set_clr_pte_enc() 2021-03-30 14:35:29 +02:00
block block: recalculate segment count for multi-segment discards correctly 2021-03-30 14:35:28 +02:00
certs certs: Fix blacklist flag type confusion 2021-03-04 10:26:29 +01:00
crypto crypto: x86 - Regularize glue function prototypes 2021-03-20 10:39:47 +01:00
drivers xen-blkback: don't leak persistent grants from xen_blkbk_map() 2021-03-30 14:35:30 +02:00
fs ext4: add reclaim checks to xattr code 2021-03-30 14:35:29 +02:00
include can: dev: Move device back to init netns on owning netns delete 2021-03-30 14:35:29 +02:00
init fgraph: Initialize tracing_graph_pause at task creation 2021-02-10 09:25:29 +01:00
ipc ipc/util.c: sysvipc_find_ipc() incorrectly updates position index 2020-05-20 08:20:16 +02:00
kernel module: harden ELF info handling 2021-04-07 14:47:38 +02:00
lib PCI: Fix pci_register_io_range() memory leak 2021-03-17 17:03:44 +01:00
mm hugetlbfs: hugetlb_fault_mutex_hash() cleanup 2021-03-30 14:35:19 +02:00
net ipv6: weaken the v4mapped source check 2021-04-07 14:47:38 +02:00
samples samples, bpf: Add missing munmap in xdpsock 2021-03-17 17:03:33 +01:00
scripts ftrace: Have recordmcount use w8 to read relp->r_info in arm64_is_fake_mcount 2021-03-09 11:09:39 +01:00
security integrity: double check iint_cache was initialized 2021-03-30 14:35:24 +02:00
sound ALSA: hda: ignore invalid NHLT table 2021-03-30 14:35:20 +02:00
tools perf auxtrace: Fix auxtrace queue conflict 2021-03-30 14:35:28 +02:00
usr initramfs: restore default compression behavior 2020-04-08 09:08:38 +02:00
virt KVM: arm64: Ensure I-cache isolation between vcpus of a same VM 2021-03-17 17:03:57 +01:00
.clang-format clang-format: Update with the latest for_each macro list 2019-08-31 10:00:51 +02:00
.cocciconfig scripts: add Linux .cocciconfig for coccinelle 2016-07-22 12:13:39 +02:00
.get_maintainer.ignore Opt out of scripts/get_maintainer.pl 2019-05-16 10:53:40 -07:00
.gitattributes .gitattributes: set git diff driver for C source code files 2016-10-07 18:46:30 -07:00
.gitignore Modules updates for v5.4 2019-09-22 10:34:46 -07:00
.mailmap ARM: SoC fixes 2019-11-10 13:41:59 -08:00
COPYING COPYING: use the new text with points to the license files 2018-03-23 12:41:45 -06:00
CREDITS MAINTAINERS: Remove Simon as Renesas SoC Co-Maintainer 2019-10-10 08:12:51 -07:00
Kbuild kbuild: do not descend to ./Kbuild when cleaning 2019-08-21 21:03:58 +09:00
Kconfig docs: kbuild: convert docs to ReST and rename to *.rst 2019-06-14 14:21:21 -06:00
MAINTAINERS Documentation/llvm: add documentation on building w/ Clang/LLVM 2020-08-26 10:40:46 +02:00
Makefile Linux 5.4.109 2021-03-30 14:35:30 +02:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.