Hi, On Fri, Sep 5, 2025 at 6:38 AM Coder <rootuserhere@xxxxxxxxx> wrote: > > From: Fidal Palamparambil <rootuserhere@xxxxxxxxx> > Date: Fri, 5 Sep 2025 17:16:01 +0400 > Subject: [PATCH] module: harden module signature checking > Cc: mcgrof@xxxxxxxxxx, petr.pavlu@xxxxxxxx, da.gomez@xxxxxxxxxx, samitolvanen@xxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx > > module: harden module signature checking > > This patch makes small defensive and style improvements to the > module signature checker: > > - avoid void * arithmetic by casting module header to const u8 * > - add an explicit bounds check for ms.sig_len before using it > - restore info->len to its original value when verification fails so > the loader does not observe a truncated length unexpectedly > - use READ_ONCE/WRITE_ONCE for sig_enforce to avoid rare SMP visibility > races > > These changes are intended to improve clarity and robustness; they do not > change the signature verification policy or behavior. > > Signed-off-by: Fidal Palamparambil <rootuserhere@xxxxxxxxx> > > --- > > diff --git a/kernel/module-signing.c b/kernel/module-signing.c > index abcdef1..1234567 100644 > --- a/kernel/module-signing.c > +++ b/kernel/module-signing.c We used to have kernel/module_signing.c before v5.19, but I'm not sure if kernel/module-signing.c has ever existed. How exactly did you generate this patch? Sami
