Re: [PATCH v4 11/17] module: Call security_kernel_post_load_data()

2020-08-06 Thread KP Singh 
On Wed, Aug 5, 2020 at 4:53 PM Jessica Yu  wrote:
>
> +++ Kees Cook [29/07/20 10:58 -0700]:
> >Now that there is an API for checking loaded contents for modules
> >loaded without a file, call into the LSM hooks.
> >
> >Cc: Jessica Yu 
> >Signed-off-by: Kees Cook 
>
> Acked-by: Jessica Yu 

Thanks!

Reviewed-by: KP Singh

Re: [PATCH v4 11/17] module: Call security_kernel_post_load_data()

2020-08-05 Thread Jessica Yu 

+++ Kees Cook [29/07/20 10:58 -0700]:

Now that there is an API for checking loaded contents for modules
loaded without a file, call into the LSM hooks.

Cc: Jessica Yu 
Signed-off-by: Kees Cook 


Acked-by: Jessica Yu

[PATCH v4 11/17] module: Call security_kernel_post_load_data()

2020-07-29 Thread Kees Cook 
Now that there is an API for checking loaded contents for modules
loaded without a file, call into the LSM hooks.

Cc: Jessica Yu 
Signed-off-by: Kees Cook 
---
 kernel/module.c | 14 ++
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/kernel/module.c b/kernel/module.c
index d773f32f8dfd..72e33e25d7b9 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -2970,7 +2970,7 @@ static int copy_module_from_user(const void __user *umod, 
unsigned long len,
if (info->len < sizeof(*(info->hdr)))
return -ENOEXEC;
 
-   err = security_kernel_load_data(LOADING_MODULE, false);
+   err = security_kernel_load_data(LOADING_MODULE, true);
if (err)
return err;
 
@@ -2980,11 +2980,17 @@ static int copy_module_from_user(const void __user 
*umod, unsigned long len,
return -ENOMEM;
 
if (copy_chunked_from_user(info->hdr, umod, info->len) != 0) {
-   vfree(info->hdr);
-   return -EFAULT;
+   err = -EFAULT;
+   goto out;
}
 
-   return 0;
+   err = security_kernel_post_load_data((char *)info->hdr, info->len,
+LOADING_MODULE);
+out:
+   if (err)
+   vfree(info->hdr);
+
+   return err;
 }
 
 static void free_copy(struct load_info *info)
-- 
2.25.1