module: Call security_kernel_post_load_data()

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Now that there is an API for checking loaded contents for modules
loaded without a file, call into the LSM hooks.

Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: KP Singh <kpsingh@google.com>
Acked-by: Jessica Yu <jeyu@kernel.org>
Link: https://lore.kernel.org/r/20201002173828.2099543-11-keescook@chromium.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

authored by

Kees Cook and committed by

Greg Kroah-Hartman 5 years ago 38f90173 4f2d99b0

+10 -4

1 changed file

expand all

kernel

module.c

+10 -4

kernel/module.c

··· 3014 3014 if (info->len < sizeof(*(info->hdr))) 3015 3015 return -ENOEXEC; 3016 3016 3017 - err = security_kernel_load_data(LOADING_MODULE, false); 3017 + err = security_kernel_load_data(LOADING_MODULE, true); 3018 3018 if (err) 3019 3019 return err; 3020 3020 ··· 3024 3024 return -ENOMEM; 3025 3025 3026 3026 if (copy_chunked_from_user(info->hdr, umod, info->len) != 0) { 3027 - vfree(info->hdr); 3028 - return -EFAULT; 3027 + err = -EFAULT; 3028 + goto out; 3029 3029 } 3030 3030 3031 - return 0; 3031 + err = security_kernel_post_load_data((char *)info->hdr, info->len, 3032 + LOADING_MODULE, "init_module"); 3033 + out: 3034 + if (err) 3035 + vfree(info->hdr); 3036 + 3037 + return err; 3032 3038 } 3033 3039 3034 3040 static void free_copy(struct load_info *info)