The standalone crypto module feature allows loading pre-built crypto modules from an external build to preserve FIPS certification across kernel updates. Since these externally built modules have different modversion CRCs than the running kernel, the module_layout and per-symbol version checks will fail.
Add a flags field to struct load_info and bypass check_version() and check_modstruct_version() for crypto modules. For fips140.ko loaded from embedded kernel memory, the MODULE_INIT_CRYPTO_FROM_MEM flag is set by the loader. For individual crypto algorithm modules (e.g., authenc.ko, ccm.ko) built with the crypto-objs-m rule, a .fips140_crypto_marker ELF section is detected during early_mod_check() and the MODULE_INIT_CRYPTO_OBJS_M flag is set accordingly. Signed-off-by: Jay Wang <[email protected]> --- include/uapi/linux/module.h | 1 + kernel/module/internal.h | 1 + kernel/module/main.c | 17 +++++++++++++++++ kernel/module/version.c | 9 +++++++++ 4 files changed, 28 insertions(+) diff --git a/include/uapi/linux/module.h b/include/uapi/linux/module.h index 6941497350893..7c6b3ae55c8d7 100644 --- a/include/uapi/linux/module.h +++ b/include/uapi/linux/module.h @@ -10,6 +10,7 @@ #ifdef __KERNEL__ /* Internal flags */ #define MODULE_INIT_CRYPTO_FROM_MEM (1 << 8) +#define MODULE_INIT_CRYPTO_OBJS_M (1 << 9) #endif #endif /* _UAPI_LINUX_MODULE_H */ diff --git a/kernel/module/internal.h b/kernel/module/internal.h index 061161cc79d90..b75b19e0b5dcf 100644 --- a/kernel/module/internal.h +++ b/kernel/module/internal.h @@ -69,6 +69,7 @@ struct load_info { char *secstrings, *strtab; unsigned long symoffs, stroffs, init_typeoffs, core_typeoffs; bool sig_ok; + int flags; #ifdef CONFIG_KALLSYMS unsigned long mod_kallsyms_init_off; #endif diff --git a/kernel/module/main.c b/kernel/module/main.c index 6152b9b39e6b1..69949069dc5f5 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -3446,6 +3446,22 @@ static int early_mod_check(struct load_info *info, int flags) if (err) return err; +#ifdef CONFIG_CRYPTO_FIPS140_EXTMOD + /* Detect crypto-objs-m modules by .fips140_crypto_marker section */ + if (!(info->flags & MODULE_INIT_CRYPTO_FROM_MEM)) { + unsigned int i; + + for (i = 1; i < info->hdr->e_shnum; i++) { + const char *sname = info->secstrings + info->sechdrs[i].sh_name; + + if (strcmp(sname, ".fips140_crypto_marker") == 0) { + info->flags |= MODULE_INIT_CRYPTO_OBJS_M; + break; + } + } + } +#endif + /* Check module struct version now, before we try to use module. */ if (!check_modstruct_version(info, info->mod)) return -ENOEXEC; @@ -3678,6 +3694,7 @@ int load_crypto_module_mem(const char *mem, size_t size) } info.sig_ok = true; + info.flags = MODULE_INIT_CRYPTO_FROM_MEM; info.hdr = (Elf_Ehdr *) mem; info.len = size; diff --git a/kernel/module/version.c b/kernel/module/version.c index 2beefeba82d94..3c5b5fceb73a9 100644 --- a/kernel/module/version.c +++ b/kernel/module/version.c @@ -8,6 +8,7 @@ #include <linux/module.h> #include <linux/string.h> #include <linux/printk.h> +#include <uapi/linux/module.h> #include "internal.h" int check_version(const struct load_info *info, @@ -21,6 +22,10 @@ int check_version(const struct load_info *info, struct modversion_info *versions; struct modversion_info_ext version_ext; + /* Skip version checks for FIPS crypto modules */ + if (info->flags & (MODULE_INIT_CRYPTO_FROM_MEM | MODULE_INIT_CRYPTO_OBJS_M)) + return 1; + /* Exporting module didn't supply crcs? OK, we're already tainted. */ if (!crc) return 1; @@ -81,6 +86,10 @@ int check_modstruct_version(const struct load_info *info, }; bool have_symbol; + /* Skip module_layout version check for FIPS crypto modules */ + if (info->flags & (MODULE_INIT_CRYPTO_FROM_MEM | MODULE_INIT_CRYPTO_OBJS_M)) + return 1; + /* * Since this should be found in kernel (which can't be removed), no * locking is necessary. Regardless use a RCU read section to keep -- 2.47.3
