diff options
| author | Thomas Weißschuh <thomas.weissschuh@linutronix.de> | 2026-03-05 12:31:40 +0300 |
|---|---|---|
| committer | Sami Tolvanen <samitolvanen@google.com> | 2026-03-25 00:42:37 +0300 |
| commit | 2ae4ea2d9aaf25cb74fbc23450b1b8f0a5b7aa89 (patch) | |
| tree | ce6184d3177ad5c16fabed5b8b3270fc04756bb8 | |
| parent | acd87264af525dba6e9355310e8acdf066a5f6b5 (diff) | |
| download | linux-2ae4ea2d9aaf25cb74fbc23450b1b8f0a5b7aa89.tar.xz | |
module: Give MODULE_SIG_STRING a more descriptive name
The purpose of the constant it is not entirely clear from its name.
As this constant is going to be exposed in a UAPI header, give it a more
specific name for clarity. As all its users call it 'marker', use that
wording in the constant itself.
Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de>
Reviewed-by: Petr Pavlu <petr.pavlu@suse.com>
Reviewed-by: Nicolas Schier <nsc@kernel.org>
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
| -rw-r--r-- | arch/s390/kernel/machine_kexec_file.c | 4 | ||||
| -rw-r--r-- | include/linux/module_signature.h | 2 | ||||
| -rw-r--r-- | kernel/module/signing.c | 4 | ||||
| -rw-r--r-- | security/integrity/ima/ima_modsig.c | 6 |
4 files changed, 8 insertions, 8 deletions
diff --git a/arch/s390/kernel/machine_kexec_file.c b/arch/s390/kernel/machine_kexec_file.c index 667ee9279e23..6f0852d5a3a9 100644 --- a/arch/s390/kernel/machine_kexec_file.c +++ b/arch/s390/kernel/machine_kexec_file.c @@ -28,7 +28,7 @@ const struct kexec_file_ops * const kexec_file_loaders[] = { #ifdef CONFIG_KEXEC_SIG int s390_verify_sig(const char *kernel, unsigned long kernel_len) { - const unsigned long marker_len = sizeof(MODULE_SIG_STRING) - 1; + const unsigned long marker_len = sizeof(MODULE_SIGNATURE_MARKER) - 1; struct module_signature *ms; unsigned long sig_len; int ret; @@ -40,7 +40,7 @@ int s390_verify_sig(const char *kernel, unsigned long kernel_len) if (marker_len > kernel_len) return -EKEYREJECTED; - if (memcmp(kernel + kernel_len - marker_len, MODULE_SIG_STRING, + if (memcmp(kernel + kernel_len - marker_len, MODULE_SIGNATURE_MARKER, marker_len)) return -EKEYREJECTED; kernel_len -= marker_len; diff --git a/include/linux/module_signature.h b/include/linux/module_signature.h index c3a05d4cfe67..915549c779dc 100644 --- a/include/linux/module_signature.h +++ b/include/linux/module_signature.h @@ -12,7 +12,7 @@ #include <linux/types.h> /* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */ -#define MODULE_SIG_STRING "~Module signature appended~\n" +#define MODULE_SIGNATURE_MARKER "~Module signature appended~\n" enum module_signature_type { MODULE_SIGNATURE_TYPE_PKCS7 = 2, /* Signature in PKCS#7 message */ diff --git a/kernel/module/signing.c b/kernel/module/signing.c index a2ff4242e623..590ba29c85ab 100644 --- a/kernel/module/signing.c +++ b/kernel/module/signing.c @@ -70,7 +70,7 @@ int mod_verify_sig(const void *mod, struct load_info *info) int module_sig_check(struct load_info *info, int flags) { int err = -ENODATA; - const unsigned long markerlen = sizeof(MODULE_SIG_STRING) - 1; + const unsigned long markerlen = sizeof(MODULE_SIGNATURE_MARKER) - 1; const char *reason; const void *mod = info->hdr; bool mangled_module = flags & (MODULE_INIT_IGNORE_MODVERSIONS | @@ -81,7 +81,7 @@ int module_sig_check(struct load_info *info, int flags) */ if (!mangled_module && info->len > markerlen && - memcmp(mod + info->len - markerlen, MODULE_SIG_STRING, markerlen) == 0) { + memcmp(mod + info->len - markerlen, MODULE_SIGNATURE_MARKER, markerlen) == 0) { /* We truncate the module to discard the signature */ info->len -= markerlen; err = mod_verify_sig(mod, info); diff --git a/security/integrity/ima/ima_modsig.c b/security/integrity/ima/ima_modsig.c index 9aa92fd35a03..632c746fd81e 100644 --- a/security/integrity/ima/ima_modsig.c +++ b/security/integrity/ima/ima_modsig.c @@ -40,7 +40,7 @@ struct modsig { int ima_read_modsig(enum ima_hooks func, const void *buf, loff_t buf_len, struct modsig **modsig) { - const size_t marker_len = strlen(MODULE_SIG_STRING); + const size_t marker_len = strlen(MODULE_SIGNATURE_MARKER); const struct module_signature *sig; struct modsig *hdr; size_t sig_len; @@ -51,7 +51,7 @@ int ima_read_modsig(enum ima_hooks func, const void *buf, loff_t buf_len, return -ENOENT; p = buf + buf_len - marker_len; - if (memcmp(p, MODULE_SIG_STRING, marker_len)) + if (memcmp(p, MODULE_SIGNATURE_MARKER, marker_len)) return -ENOENT; buf_len -= marker_len; @@ -105,7 +105,7 @@ void ima_collect_modsig(struct modsig *modsig, const void *buf, loff_t size) * Provide the file contents (minus the appended sig) so that the PKCS7 * code can calculate the file hash. */ - size -= modsig->raw_pkcs7_len + strlen(MODULE_SIG_STRING) + + size -= modsig->raw_pkcs7_len + strlen(MODULE_SIGNATURE_MARKER) + sizeof(struct module_signature); rc = pkcs7_supply_detached_data(modsig->pkcs7_msg, buf, size); if (rc) |