[PATCH v5 6/6] module: Move duplicate mod_check_sig users code to mod_parse_sig

Luis Chamberlain mcgrof at kernel.org
Tue Jan 25 12:27:13 PST 2022


On Tue, Jan 11, 2022 at 12:37:48PM +0100, Michal Suchanek wrote:
> Multiple users of mod_check_sig check for the marker, then call
> mod_check_sig, extract signature length, and remove the signature.
> 
> Put this code in one place together with mod_check_sig.
> 
> This changes the error from ENOENT to ENODATA for ima_read_modsig in the
> case the signature marker is missing.
> 
> This also changes the buffer length in ima_read_modsig from size_t to
> unsigned long. This reduces the possible value range on 32bit but the
> length refers to kernel in-memory buffer which cannot be longer than
> ULONG_MAX.
> 
> Also change mod_check_sig to unsigned long while at it.
> 
> Signed-off-by: Michal Suchanek <msuchanek at suse.de>

Reviewed-by: Luis Chamberlain <mcgrof at kernel.org>

  Luis



More information about the kexec mailing list