On 2026-01-29 15:41:43+0100, Petr Pavlu wrote: > On 1/13/26 1:28 PM, Thomas Weißschuh wrote: > > The signature splitting will also be used by CONFIG_MODULE_HASHES. > > > > Move it up the callchain, so the result can be reused. > > > > Signed-off-by: Thomas Weißschuh <[email protected]> > > --- > > [...] > > diff --git a/kernel/module/main.c b/kernel/module/main.c > > index c09b25c0166a..d65bc300a78c 100644 > > --- a/kernel/module/main.c > > +++ b/kernel/module/main.c > > @@ -3346,10 +3346,21 @@ static int early_mod_check(struct load_info *info, > > int flags) > > > > static int module_integrity_check(struct load_info *info, int flags) > > { > > + bool mangled_module = flags & (MODULE_INIT_IGNORE_MODVERSIONS | > > + MODULE_INIT_IGNORE_VERMAGIC); > > + size_t sig_len; > > + const u8 *sig; > > int err = 0; > > > > + if (IS_ENABLED(CONFIG_MODULE_SIG_POLICY)) { > > + err = mod_split_sig(info->hdr, &info->len, mangled_module, > > + &sig_len, &sig, "module"); > > + if (err) > > + return err; > > + } > > + > > if (IS_ENABLED(CONFIG_MODULE_SIG)) > > - err = module_sig_check(info, flags); > > + err = module_sig_check(info, sig, sig_len); > > > > if (err) > > return err; > > I suggest moving the IS_ENABLED(CONFIG_MODULE_SIG) block under the > new IS_ENABLED(CONFIG_MODULE_SIG_POLICY) section. I realize that > CONFIG_MODULE_SIG implies CONFIG_MODULE_SIG_POLICY, but I believe this > change makes it more apparent that this it the case. Otherwise, one > might for example wonder if sig_len in the module_sig_check() call can > be undefined. > > if (IS_ENABLED(CONFIG_MODULE_SIG_POLICY)) { > err = mod_split_sig(info->hdr, &info->len, mangled_module, > &sig_len, &sig, "module"); > if (err) > return err; > > if (IS_ENABLED(CONFIG_MODULE_SIG)) > err = module_sig_check(info, sig, sig_len); > }
Ack.
