1 /* module-verify.c: module verifier
3 * Written by David Howells (dhowells@redhat.com)
5 * This program is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU General Public License
7 * as published by the Free Software Foundation; either version
8 * 2 of the License, or (at your option) any later version.
11 #include <linux/config.h>
12 #include <linux/kernel.h>
13 #include <linux/module.h>
14 #include <linux/slab.h>
15 #include <linux/elf.h>
16 #include <linux/crypto.h>
17 #include <linux/crypto/ksign.h>
18 #include "module-verify.h"
21 #define _debug(FMT, ...) printk(FMT, ##__VA_ARGS__)
23 #define _debug(FMT, ...) do {} while (0)
26 static int module_verify_elf(struct module_verify_data *mvdata);
28 /*****************************************************************************/
30 * verify a module's integrity
31 * - check the ELF is viable
32 * - check the module's signature if it has one
34 int module_verify(const Elf_Ehdr *hdr, size_t size)
36 struct module_verify_data mvdata;
39 memset(&mvdata, 0, sizeof(mvdata));
44 ret = module_verify_elf(&mvdata);
47 printk("Module failed ELF checks\n");
51 #ifdef CONFIG_MODULE_SIG
52 ret = module_verify_signature(&mvdata);
56 kfree(mvdata.secsizes);
57 kfree(mvdata.canonlist);
60 } /* end module_verify() */
62 /*****************************************************************************/
64 * verify the ELF structure of a module
66 static int module_verify_elf(struct module_verify_data *mvdata)
68 const Elf_Ehdr *hdr = mvdata->hdr;
69 const Elf_Shdr *section, *section2, *secstop;
70 const Elf_Rela *relas, *rela, *relastop;
71 const Elf_Rel *rels, *rel, *relstop;
72 const Elf_Sym *symbol, *symstop;
73 size_t size, sssize, *secsize, tmp, tmp2;
78 mvdata->nsects = hdr->e_shnum;
81 do { if (unlikely(!(X))) { line = __LINE__; goto elfcheck_error; } } while(0)
84 do { if (unlikely(!(X))) { line = __LINE__; goto seccheck_error; } } while(0)
87 do { if (unlikely(!(X))) { line = __LINE__; goto symcheck_error; } } while(0)
90 do { if (unlikely(!(X))) { line = __LINE__; goto relcheck_error; } } while(0)
92 #define relacheck(X) \
93 do { if (unlikely(!(X))) { line = __LINE__; goto relacheck_error; } } while(0)
95 /* validate the ELF header */
96 elfcheck(hdr->e_ehsize < size);
97 elfcheck(hdr->e_entry == 0);
98 elfcheck(hdr->e_phoff == 0);
99 elfcheck(hdr->e_phnum == 0);
101 elfcheck(hdr->e_shnum < SHN_LORESERVE);
102 elfcheck(hdr->e_shoff < size);
103 elfcheck(hdr->e_shoff >= hdr->e_ehsize);
104 elfcheck((hdr->e_shoff & (sizeof(long) - 1)) == 0);
105 elfcheck(hdr->e_shstrndx > 0);
106 elfcheck(hdr->e_shstrndx < hdr->e_shnum);
107 elfcheck(hdr->e_shentsize == sizeof(Elf_Shdr));
109 tmp = (size_t) hdr->e_shentsize * (size_t) hdr->e_shnum;
110 elfcheck(tmp <= size - hdr->e_shoff);
112 /* allocate a table to hold in-file section sizes */
113 mvdata->secsizes = kmalloc(hdr->e_shnum * sizeof(size_t), GFP_KERNEL);
114 if (!mvdata->secsizes)
117 memset(mvdata->secsizes, 0, hdr->e_shnum * sizeof(size_t));
119 /* validate the ELF section headers */
120 mvdata->sections = mvdata->buffer + hdr->e_shoff;
121 secstop = mvdata->sections + mvdata->nsects;
123 sssize = mvdata->sections[hdr->e_shstrndx].sh_size;
124 elfcheck(sssize > 0);
126 section = mvdata->sections;
127 seccheck(section->sh_type == SHT_NULL);
128 seccheck(section->sh_size == 0);
129 seccheck(section->sh_offset == 0);
131 secsize = mvdata->secsizes + 1;
132 for (section++; section < secstop; secsize++, section++) {
133 seccheck(section->sh_name < sssize);
134 seccheck(section->sh_link < hdr->e_shnum);
136 if (section->sh_entsize > 0)
137 seccheck(section->sh_size % section->sh_entsize == 0);
139 seccheck(section->sh_offset >= hdr->e_ehsize);
140 seccheck(section->sh_offset < size);
142 /* determine the section's in-file size */
143 tmp = size - section->sh_offset;
144 if (section->sh_offset < hdr->e_shoff)
145 tmp = hdr->e_shoff - section->sh_offset;
147 for (section2 = mvdata->sections + 1; section2 < secstop; section2++) {
148 if (section->sh_offset < section2->sh_offset) {
149 tmp2 = section2->sh_offset - section->sh_offset;
156 _debug("Section %ld: %zx bytes at %lx\n",
157 section - mvdata->sections,
161 /* perform section type specific checks */
162 switch (section->sh_type) {
167 seccheck(section->sh_entsize == sizeof(Elf_Rel));
168 goto more_rel_checks;
171 seccheck(section->sh_entsize == sizeof(Elf_Rela));
173 seccheck(section->sh_info > 0);
174 seccheck(section->sh_info < hdr->e_shnum);
175 goto more_sec_checks;
178 seccheck(section->sh_entsize == sizeof(Elf_Sym));
179 goto more_sec_checks;
183 /* most types of section must be contained entirely
185 seccheck(section->sh_size <= *secsize);
190 /* validate the ELF section names */
191 section = &mvdata->sections[hdr->e_shstrndx];
193 seccheck(section->sh_offset != hdr->e_shoff);
195 mvdata->secstrings = mvdata->buffer + section->sh_offset;
198 for (section = mvdata->sections + 1; section < secstop; section++) {
200 tmp = sssize - section->sh_name;
201 secname = mvdata->secstrings + section->sh_name;
202 seccheck(secname[0] != 0);
203 if (section->sh_name > last)
204 last = section->sh_name;
209 elfcheck(memchr(mvdata->secstrings + last, 0, tmp) != NULL);
212 /* look for various sections in the module */
213 for (section = mvdata->sections + 1; section < secstop; section++) {
214 switch (section->sh_type) {
216 if (strcmp(mvdata->secstrings + section->sh_name,
219 seccheck(mvdata->symbols == NULL);
221 mvdata->buffer + section->sh_offset;
223 section->sh_size / sizeof(Elf_Sym);
224 seccheck(section->sh_size > 0);
229 if (strcmp(mvdata->secstrings + section->sh_name,
232 seccheck(mvdata->strings == NULL);
234 mvdata->buffer + section->sh_offset;
235 sssize = mvdata->nstrings = section->sh_size;
236 seccheck(section->sh_size > 0);
242 if (!mvdata->symbols) {
243 printk("Couldn't locate module symbol table\n");
247 if (!mvdata->strings) {
248 printk("Couldn't locate module strings table\n");
252 /* validate the symbol table */
253 symstop = mvdata->symbols + mvdata->nsyms;
255 symbol = mvdata->symbols;
256 symcheck(ELF_ST_TYPE(symbol[0].st_info) == STT_NOTYPE);
257 symcheck(symbol[0].st_shndx == SHN_UNDEF);
258 symcheck(symbol[0].st_value == 0);
259 symcheck(symbol[0].st_size == 0);
262 for (symbol++; symbol < symstop; symbol++) {
263 symcheck(symbol->st_name < sssize);
264 if (symbol->st_name > last)
265 last = symbol->st_name;
266 symcheck(symbol->st_shndx < mvdata->nsects ||
267 symbol->st_shndx >= SHN_LORESERVE);
272 elfcheck(memchr(mvdata->strings + last, 0, tmp) != NULL);
275 /* validate each relocation table as best we can */
276 for (section = mvdata->sections + 1; section < secstop; section++) {
277 section2 = mvdata->sections + section->sh_info;
279 switch (section->sh_type) {
281 rels = mvdata->buffer + section->sh_offset;
282 relstop = mvdata->buffer + section->sh_offset + section->sh_size;
284 for (rel = rels; rel < relstop; rel++) {
285 relcheck(rel->r_offset < section2->sh_size);
286 relcheck(ELF_R_SYM(rel->r_info) < mvdata->nsyms);
292 relas = mvdata->buffer + section->sh_offset;
293 relastop = mvdata->buffer + section->sh_offset + section->sh_size;
295 for (rela = relas; rela < relastop; rela++) {
296 relacheck(rela->r_offset < section2->sh_size);
297 relacheck(ELF_R_SYM(rela->r_info) < mvdata->nsyms);
308 _debug("ELF okay\n");
312 printk("Verify ELF error (assertion %d)\n", line);
316 printk("Verify ELF error [sec %ld] (assertion %d)\n",
317 (long)(section - mvdata->sections), line);
321 printk("Verify ELF error [sym %ld] (assertion %d)\n",
322 (long)(symbol - mvdata->symbols), line);
326 printk("Verify ELF error [sec %ld rel %ld] (assertion %d)\n",
327 (long)(section - mvdata->sections),
328 (long)(rel - rels), line);
332 printk("Verify ELF error [sec %ld rela %ld] (assertion %d)\n",
333 (long)(section - mvdata->sections),
334 (long)(rela - relas), line);
340 } /* end module_verify_elf() */
git://git.onelab.eu / linux-2.6.git / blob