diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2012-10-14 13:39:34 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2012-10-14 13:39:34 -0700 |
commit | d25282d1c9b9bc4cda7f9d3c0205108e99aa7a9d (patch) | |
tree | f414482d768b015a609924293b779b4ad0b8f764 /arch | |
parent | b6eea87fc6850d3531a64a27d2323a4498cd4e43 (diff) | |
parent | dbadc17683e6c673a69b236c0f041b931cc55c42 (diff) |
Merge branch 'modules-next' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux
Pull module signing support from Rusty Russell:
"module signing is the highlight, but it's an all-over David Howells frenzy..."
Hmm "Magrathea: Glacier signing key". Somebody has been reading too much HHGTTG.
* 'modules-next' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux: (37 commits)
X.509: Fix indefinite length element skip error handling
X.509: Convert some printk calls to pr_devel
asymmetric keys: fix printk format warning
MODSIGN: Fix 32-bit overflow in X.509 certificate validity date checking
MODSIGN: Make mrproper should remove generated files.
MODSIGN: Use utf8 strings in signer's name in autogenerated X.509 certs
MODSIGN: Use the same digest for the autogen key sig as for the module sig
MODSIGN: Sign modules during the build process
MODSIGN: Provide a script for generating a key ID from an X.509 cert
MODSIGN: Implement module signature checking
MODSIGN: Provide module signing public keys to the kernel
MODSIGN: Automatically generate module signing keys if missing
MODSIGN: Provide Kconfig options
MODSIGN: Provide gitignore and make clean rules for extra files
MODSIGN: Add FIPS policy
module: signature checking hook
X.509: Add a crypto key parser for binary (DER) X.509 certificates
MPILIB: Provide a function to read raw data into an MPI
X.509: Add an ASN.1 decoder
X.509: Add simple ASN.1 grammar compiler
...
Diffstat (limited to 'arch')
55 files changed, 245 insertions, 312 deletions
diff --git a/arch/Kconfig b/arch/Kconfig index a79a1ad8bb9..366ec06a518 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -322,4 +322,23 @@ config HAVE_IRQ_TIME_ACCOUNTING config HAVE_ARCH_TRANSPARENT_HUGEPAGE bool +config HAVE_MOD_ARCH_SPECIFIC + bool + help + The arch uses struct mod_arch_specific to store data. Many arches + just need a simple module loader without arch specific data - those + should not enable this. + +config MODULES_USE_ELF_RELA + bool + help + Modules only use ELF RELA relocations. Modules with ELF REL + relocations will give an error. + +config MODULES_USE_ELF_REL + bool + help + Modules only use ELF REL relocations. Modules with ELF RELA + relocations will give an error. + source "kernel/gcov/Kconfig" diff --git a/arch/alpha/Kconfig b/arch/alpha/Kconfig index 7a08cfb80ee..5dd7f5db24d 100644 --- a/arch/alpha/Kconfig +++ b/arch/alpha/Kconfig @@ -22,6 +22,8 @@ config ALPHA select GENERIC_STRNLEN_USER select GENERIC_KERNEL_THREAD select GENERIC_KERNEL_EXECVE + select HAVE_MOD_ARCH_SPECIFIC + select MODULES_USE_ELF_RELA help The Alpha is a 64-bit general-purpose processor designed and marketed by the Digital Equipment Corporation of blessed memory, diff --git a/arch/alpha/include/asm/module.h b/arch/alpha/include/asm/module.h index 7b63743c534..9cd13b55155 100644 --- a/arch/alpha/include/asm/module.h +++ b/arch/alpha/include/asm/module.h @@ -1,19 +1,13 @@ #ifndef _ALPHA_MODULE_H #define _ALPHA_MODULE_H +#include <asm-generic/module.h> + struct mod_arch_specific { unsigned int gotsecindex; }; -#define Elf_Sym Elf64_Sym -#define Elf_Shdr Elf64_Shdr -#define Elf_Ehdr Elf64_Ehdr -#define Elf_Phdr Elf64_Phdr -#define Elf_Dyn Elf64_Dyn -#define Elf_Rel Elf64_Rel -#define Elf_Rela Elf64_Rela - #define ARCH_SHF_SMALL SHF_ALPHA_GPREL #ifdef MODULE diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index 261fdd085bb..73067efd484 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig @@ -53,6 +53,8 @@ config ARM select PERF_USE_VMALLOC select RTC_LIB select SYS_SUPPORTS_APM_EMULATION + select HAVE_MOD_ARCH_SPECIFIC if ARM_UNWIND + select MODULES_USE_ELF_REL help The ARM series is a line of low-power-consumption RISC chip designs licensed by ARM Ltd and targeted at embedded applications and diff --git a/arch/arm/include/asm/module.h b/arch/arm/include/asm/module.h index 6c6809f982f..0d3a28dbc8e 100644 --- a/arch/arm/include/asm/module.h +++ b/arch/arm/include/asm/module.h @@ -1,9 +1,7 @@ #ifndef _ASM_ARM_MODULE_H #define _ASM_ARM_MODULE_H -#define Elf_Shdr Elf32_Shdr -#define Elf_Sym Elf32_Sym -#define Elf_Ehdr Elf32_Ehdr +#include <asm-generic/module.h> struct unwind_table; @@ -16,13 +14,11 @@ enum { ARM_SEC_DEVEXIT, ARM_SEC_MAX, }; -#endif struct mod_arch_specific { -#ifdef CONFIG_ARM_UNWIND struct unwind_table *unwind[ARM_SEC_MAX]; -#endif }; +#endif /* * Add the ARM architecture version to the version magic string diff --git a/arch/avr32/Kconfig b/arch/avr32/Kconfig index 5ade51c8a87..06e73bf665e 100644 --- a/arch/avr32/Kconfig +++ b/arch/avr32/Kconfig @@ -15,6 +15,8 @@ config AVR32 select ARCH_WANT_IPC_PARSE_VERSION select ARCH_HAVE_NMI_SAFE_CMPXCHG select GENERIC_CLOCKEVENTS + select HAVE_MOD_ARCH_SPECIFIC + select MODULES_USE_ELF_RELA help AVR32 is a high-performance 32-bit RISC microprocessor core, designed for cost-sensitive embedded applications, with particular diff --git a/arch/avr32/include/asm/module.h b/arch/avr32/include/asm/module.h index 451444538a1..3f083d385a6 100644 --- a/arch/avr32/include/asm/module.h +++ b/arch/avr32/include/asm/module.h @@ -1,6 +1,8 @@ #ifndef __ASM_AVR32_MODULE_H #define __ASM_AVR32_MODULE_H +#include <asm-generic/module.h> + struct mod_arch_syminfo { unsigned long got_offset; int got_initialized; @@ -17,10 +19,6 @@ struct mod_arch_specific { struct mod_arch_syminfo *syminfo; }; -#define Elf_Shdr Elf32_Shdr -#define Elf_Sym Elf32_Sym -#define Elf_Ehdr Elf32_Ehdr - #define MODULE_PROC_FAMILY "AVR32v1" #define MODULE_ARCH_VERMAGIC MODULE_PROC_FAMILY diff --git a/arch/blackfin/Kconfig b/arch/blackfin/Kconfig index ccd9193932b..b6f3ad5441c 100644 --- a/arch/blackfin/Kconfig +++ b/arch/blackfin/Kconfig @@ -43,6 +43,8 @@ config BLACKFIN select HAVE_NMI_WATCHDOG if NMI_WATCHDOG select GENERIC_SMP_IDLE_THREAD select ARCH_USES_GETTIMEOFFSET if !GENERIC_CLOCKEVENTS + select HAVE_MOD_ARCH_SPECIFIC + select MODULES_USE_ELF_RELA config GENERIC_CSUM def_bool y diff --git a/arch/blackfin/include/asm/module.h b/arch/blackfin/include/asm/module.h index ed5689b82c9..231a149b3f7 100644 --- a/arch/blackfin/include/asm/module.h +++ b/arch/blackfin/include/asm/module.h @@ -7,9 +7,7 @@ #ifndef _ASM_BFIN_MODULE_H #define _ASM_BFIN_MODULE_H -#define Elf_Shdr Elf32_Shdr -#define Elf_Sym Elf32_Sym -#define Elf_Ehdr Elf32_Ehdr +#include <asm-generic/module.h> struct mod_arch_specific { Elf_Shdr *text_l1; diff --git a/arch/c6x/Kconfig b/arch/c6x/Kconfig index 45268b50c0c..aee1b569ee6 100644 --- a/arch/c6x/Kconfig +++ b/arch/c6x/Kconfig @@ -18,6 +18,7 @@ config C6X select OF_EARLY_FLATTREE select GENERIC_CLOCKEVENTS select GENERIC_KERNEL_THREAD + select MODULES_USE_ELF_RELA config MMU def_bool n diff --git a/arch/c6x/include/asm/module.h b/arch/c6x/include/asm/module.h index a453f9744f4..5c7269c7ef7 100644 --- a/arch/c6x/include/asm/module.h +++ b/arch/c6x/include/asm/module.h @@ -13,17 +13,7 @@ #ifndef _ASM_C6X_MODULE_H #define _ASM_C6X_MODULE_H -#define Elf_Shdr Elf32_Shdr -#define Elf_Sym Elf32_Sym -#define Elf_Ehdr Elf32_Ehdr -#define Elf_Addr Elf32_Addr -#define Elf_Word Elf32_Word - -/* - * This file contains the C6x architecture specific module code. - */ -struct mod_arch_specific { -}; +#include <asm-generic/module.h> struct loaded_sections { unsigned int new_vaddr; diff --git a/arch/cris/Kconfig b/arch/cris/Kconfig index a118163b04e..a67244473a3 100644 --- a/arch/cris/Kconfig +++ b/arch/cris/Kconfig @@ -48,6 +48,7 @@ config CRIS select GENERIC_IOMAP select GENERIC_SMP_IDLE_THREAD if ETRAX_ARCH_V32 select GENERIC_CMOS_UPDATE + select MODULES_USE_ELF_RELA config HZ int diff --git a/arch/cris/include/asm/Kbuild b/arch/cris/include/asm/Kbuild index ff1bf7fcae8..6d43a951b5e 100644 --- a/arch/cris/include/asm/Kbuild +++ b/arch/cris/include/asm/Kbuild @@ -10,3 +10,4 @@ header-y += sync_serial.h generic-y += clkdev.h generic-y += exec.h +generic-y += module.h diff --git a/arch/cris/include/asm/module.h b/arch/cris/include/asm/module.h deleted file mode 100644 index 7ee72311bd7..00000000000 --- a/arch/cris/include/asm/module.h +++ /dev/null @@ -1,9 +0,0 @@ -#ifndef _ASM_CRIS_MODULE_H -#define _ASM_CRIS_MODULE_H -/* cris is simple */ -struct mod_arch_specific { }; - -#define Elf_Shdr Elf32_Shdr -#define Elf_Sym Elf32_Sym -#define Elf_Ehdr Elf32_Ehdr -#endif /* _ASM_CRIS_MODULE_H */ diff --git a/arch/frv/include/asm/module.h b/arch/frv/include/asm/module.h index 3d5c6360289..a8848f09a21 100644 --- a/arch/frv/include/asm/module.h +++ b/arch/frv/include/asm/module.h @@ -11,13 +11,7 @@ #ifndef _ASM_MODULE_H #define _ASM_MODULE_H -struct mod_arch_specific -{ -}; - -#define Elf_Shdr Elf32_Shdr -#define Elf_Sym Elf32_Sym -#define Elf_Ehdr Elf32_Ehdr +#include <asm-generic/module.h> /* * Include the architecture version. diff --git a/arch/h8300/Kconfig b/arch/h8300/Kconfig index 90462eb23d0..98fabd10e95 100644 --- a/arch/h8300/Kconfig +++ b/arch/h8300/Kconfig @@ -7,6 +7,7 @@ config H8300 select ARCH_WANT_IPC_PARSE_VERSION select GENERIC_IRQ_SHOW select GENERIC_CPU_DEVICES + select MODULES_USE_ELF_RELA config SYMBOL_PREFIX string diff --git a/arch/h8300/include/asm/Kbuild b/arch/h8300/include/asm/Kbuild index fccd81eddff..50bbf387b2f 100644 --- a/arch/h8300/include/asm/Kbuild +++ b/arch/h8300/include/asm/Kbuild @@ -2,3 +2,4 @@ include include/asm-generic/Kbuild.asm generic-y += clkdev.h generic-y += exec.h +generic-y += module.h diff --git a/arch/h8300/include/asm/module.h b/arch/h8300/include/asm/module.h deleted file mode 100644 index 8e46724b7c0..00000000000 --- a/arch/h8300/include/asm/module.h +++ /dev/null @@ -1,11 +0,0 @@ -#ifndef _ASM_H8300_MODULE_H -#define _ASM_H8300_MODULE_H -/* - * This file contains the H8/300 architecture specific module code. - */ -struct mod_arch_specific { }; -#define Elf_Shdr Elf32_Shdr -#define Elf_Sym Elf32_Sym -#define Elf_Ehdr Elf32_Ehdr - -#endif /* _ASM_H8/300_MODULE_H */ diff --git a/arch/hexagon/Kconfig b/arch/hexagon/Kconfig index b2fdfb700f5..0744f7d7b1f 100644 --- a/arch/hexagon/Kconfig +++ b/arch/hexagon/Kconfig @@ -30,6 +30,7 @@ config HEXAGON select KTIME_SCALAR select GENERIC_CLOCKEVENTS select GENERIC_CLOCKEVENTS_BROADCAST + select MODULES_USE_ELF_RELA ---help--- Qualcomm Hexagon is a processor architecture designed for high performance and low power across a wide variety of applications. diff --git a/arch/ia64/Kconfig b/arch/ia64/Kconfig index 4c10e607c90..3279646120e 100644 --- a/arch/ia64/Kconfig +++ b/arch/ia64/Kconfig @@ -40,6 +40,8 @@ config IA64 select ARCH_THREAD_INFO_ALLOCATOR select ARCH_CLOCKSOURCE_DATA select GENERIC_TIME_VSYSCALL_OLD + select HAVE_MOD_ARCH_SPECIFIC + select MODULES_USE_ELF_RELA default y help The Itanium Processor Family is Intel's 64-bit successor to diff --git a/arch/ia64/include/asm/module.h b/arch/ia64/include/asm/module.h index 908eaef42a0..dfba22a872c 100644 --- a/arch/ia64/include/asm/module.h +++ b/arch/ia64/include/asm/module.h @@ -1,6 +1,8 @@ #ifndef _ASM_IA64_MODULE_H #define _ASM_IA64_MODULE_H +#include <asm-generic/module.h> + /* * IA-64-specific support for kernel module loader. * @@ -29,10 +31,6 @@ struct mod_arch_specific { unsigned int next_got_entry; /* index of next available got entry */ }; -#define Elf_Shdr Elf64_Shdr -#define Elf_Sym Elf64_Sym -#define Elf_Ehdr Elf64_Ehdr - #define MODULE_PROC_FAMILY "ia64" #define MODULE_ARCH_VERMAGIC MODULE_PROC_FAMILY \ "gcc-" __stringify(__GNUC__) "." __stringify(__GNUC_MINOR__) diff --git a/arch/m32r/Kconfig b/arch/m32r/Kconfig index e875fc3ce9c..f807721e19a 100644 --- a/arch/m32r/Kconfig +++ b/arch/m32r/Kconfig @@ -14,6 +14,7 @@ config M32R select GENERIC_IRQ_SHOW select GENERIC_ATOMIC64 select ARCH_USES_GETTIMEOFFSET + select MODULES_USE_ELF_RELA config SBUS bool diff --git a/arch/m32r/include/asm/Kbuild b/arch/m32r/include/asm/Kbuild index fccd81eddff..50bbf387b2f 100644 --- a/arch/m32r/include/asm/Kbuild +++ b/arch/m32r/include/asm/Kbuild @@ -2,3 +2,4 @@ include include/asm-generic/Kbuild.asm generic-y += clkdev.h generic-y += exec.h +generic-y += module.h diff --git a/arch/m32r/include/asm/module.h b/arch/m32r/include/asm/module.h deleted file mode 100644 index eb73ee01121..00000000000 --- a/arch/m32r/include/asm/module.h +++ /dev/null @@ -1,10 +0,0 @@ -#ifndef _ASM_M32R_MODULE_H -#define _ASM_M32R_MODULE_H - -struct mod_arch_specific { }; - -#define Elf_Shdr Elf32_Shdr -#define Elf_Sym Elf32_Sym -#define Elf_Ehdr Elf32_Ehdr - -#endif /* _ASM_M32R_MODULE_H */ diff --git a/arch/m32r/kernel/module.c b/arch/m32r/kernel/module.c index 3071fe83ffc..38233b6596b 100644 --- a/arch/m32r/kernel/module.c +++ b/arch/m32r/kernel/module.c @@ -201,18 +201,3 @@ int apply_relocate_add(Elf32_Shdr *sechdrs, } return 0; } - -int apply_relocate(Elf32_Shdr *sechdrs, - const char *strtab, - unsigned int symindex, - unsigned int relsec, - struct module *me) -{ -#if 0 - printk(KERN_ERR "module %s: REL RELOCATION unsupported\n", - me->name); - return -ENOEXEC; -#endif - return 0; - -} diff --git a/arch/m68k/Kconfig b/arch/m68k/Kconfig index 76fd6e2f71d..e7c161433ea 100644 --- a/arch/m68k/Kconfig +++ b/arch/m68k/Kconfig @@ -16,6 +16,9 @@ config M68K select ARCH_WANT_IPC_PARSE_VERSION select ARCH_USES_GETTIMEOFFSET if MMU && !COLDFIRE select GENERIC_KERNEL_THREAD + select HAVE_MOD_ARCH_SPECIFIC + select MODULES_USE_ELF_REL + select MODULES_USE_ELF_RELA config RWSEM_GENERIC_SPINLOCK bool diff --git a/arch/m68k/include/asm/module.h b/arch/m68k/include/asm/module.h index edffe66b7f4..8b58fce843d 100644 --- a/arch/m68k/include/asm/module.h +++ b/arch/m68k/include/asm/module.h @@ -1,6 +1,8 @@ #ifndef _ASM_M68K_MODULE_H #define _ASM_M68K_MODULE_H +#include <asm-generic/module.h> + enum m68k_fixup_type { m68k_fixup_memoffset, m68k_fixup_vnode_shift, @@ -36,8 +38,4 @@ struct module; extern void module_fixup(struct module *mod, struct m68k_fixup_info *start, struct m68k_fixup_info *end); -#define Elf_Shdr Elf32_Shdr -#define Elf_Sym Elf32_Sym -#define Elf_Ehdr Elf32_Ehdr - #endif /* _ASM_M68K_MODULE_H */ diff --git a/arch/microblaze/Kconfig b/arch/microblaze/Kconfig index 53fd94ab60f..4cba7439f9d 100644 --- a/arch/microblaze/Kconfig +++ b/arch/microblaze/Kconfig @@ -25,6 +25,7 @@ config MICROBLAZE select GENERIC_CPU_DEVICES select GENERIC_ATOMIC64 select GENERIC_CLOCKEVENTS + select MODULES_USE_ELF_RELA config SWAP def_bool n diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig index 35453eaeffb..aae16cdfe30 100644 --- a/arch/mips/Kconfig +++ b/arch/mips/Kconfig @@ -37,6 +37,9 @@ config MIPS select BUILDTIME_EXTABLE_SORT select GENERIC_CLOCKEVENTS select GENERIC_CMOS_UPDATE + select HAVE_MOD_ARCH_SPECIFIC + select MODULES_USE_ELF_REL + select MODULES_USE_ELF_RELA if 64BIT menu "Machine selection" diff --git a/arch/mips/include/asm/module.h b/arch/mips/include/asm/module.h index dca8bce8c7a..26137da1c71 100644 --- a/arch/mips/include/asm/module.h +++ b/arch/mips/include/asm/module.h @@ -35,11 +35,14 @@ typedef struct { } Elf64_Mips_Rela; #ifdef CONFIG_32BIT - #define Elf_Shdr Elf32_Shdr #define Elf_Sym Elf32_Sym #define Elf_Ehdr Elf32_Ehdr #define Elf_Addr Elf32_Addr +#define Elf_Rel Elf32_Rel +#define Elf_Rela Elf32_Rela +#define ELF_R_TYPE(X) ELF32_R_TYPE(X) +#define ELF_R_SYM(X) ELF32_R_SYM(X) #define Elf_Mips_Rel Elf32_Rel #define Elf_Mips_Rela Elf32_Rela @@ -50,11 +53,14 @@ typedef struct { #endif #ifdef CONFIG_64BIT - #define Elf_Shdr Elf64_Shdr #define Elf_Sym Elf64_Sym #define Elf_Ehdr Elf64_Ehdr #define Elf_Addr Elf64_Addr +#define Elf_Rel Elf64_Rel +#define Elf_Rela Elf64_Rela +#define ELF_R_TYPE(X) ELF64_R_TYPE(X) +#define ELF_R_SYM(X) ELF64_R_SYM(X) #define Elf_Mips_Rel Elf64_Mips_Rel #define Elf_Mips_Rela Elf64_Mips_Rela diff --git a/arch/mips/kernel/Makefile b/arch/mips/kernel/Makefile index d6c2a7476ba..414c26920df 100644 --- a/arch/mips/kernel/Makefile +++ b/arch/mips/kernel/Makefile @@ -31,6 +31,7 @@ obj-$(CONFIG_SYNC_R4K) += sync-r4k.o obj-$(CONFIG_STACKTRACE) += stacktrace.o obj-$(CONFIG_MODULES) += mips_ksyms.o module.o +obj-$(CONFIG_MODULES_USE_ELF_RELA) += module-rela.o obj-$(CONFIG_FUNCTION_TRACER) += mcount.o ftrace.o diff --git a/arch/mips/kernel/module-rela.c b/arch/mips/kernel/module-rela.c new file mode 100644 index 00000000000..61d60028b88 --- /dev/null +++ b/arch/mips/kernel/module-rela.c @@ -0,0 +1,145 @@ +/* + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + * Copyright (C) 2001 Rusty Russell. + * Copyright (C) 2003, 2004 Ralf Baechle (ralf@linux-mips.org) + * Copyright (C) 2005 Thiemo Seufer + */ + +#include <linux/elf.h> +#include <linux/err.h> +#include <linux/errno.h> +#include <linux/moduleloader.h> + +extern int apply_r_mips_none(struct module *me, u32 *location, Elf_Addr v); + +static int apply_r_mips_32_rela(struct module *me, u32 *location, Elf_Addr v) +{ + *location = v; + + return 0; +} + +static int apply_r_mips_26_rela(struct module *me, u32 *location, Elf_Addr v) +{ + if (v % 4) { + pr_err("module %s: dangerous R_MIPS_26 RELArelocation\n", + me->name); + return -ENOEXEC; + } + + if ((v & 0xf0000000) != (((unsigned long)location + 4) & 0xf0000000)) { + printk(KERN_ERR + "module %s: relocation overflow\n", + me->name); + return -ENOEXEC; + } + + *location = (*location & ~0x03ffffff) | ((v >> 2) & 0x03ffffff); + + return 0; +} + +static int apply_r_mips_hi16_rela(struct module *me, u32 *location, Elf_Addr v) +{ + *location = (*location & 0xffff0000) | + ((((long long) v + 0x8000LL) >> 16) & 0xffff); + |