{"id":2232782,"url":"http://patchwork.ozlabs.org/api/1.2/patches/2232782/?format=json","web_url":"http://patchwork.ozlabs.org/project/linuxppc-dev/patch/20260505-module-hashes-v5-10-e174a5a49fce@weissschuh.net/","project":{"id":2,"url":"http://patchwork.ozlabs.org/api/1.2/projects/2/?format=json","name":"Linux PPC development","link_name":"linuxppc-dev","list_id":"linuxppc-dev.lists.ozlabs.org","list_email":"linuxppc-dev@lists.ozlabs.org","web_url":"https://github.com/linuxppc/wiki/wiki","scm_url":"https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git","webscm_url":"https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/","list_archive_url":"https://lore.kernel.org/linuxppc-dev/","list_archive_url_format":"https://lore.kernel.org/linuxppc-dev/{}/","commit_url_format":"https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/commit/?id={}"},"msgid":"<20260505-module-hashes-v5-10-e174a5a49fce@weissschuh.net>","list_archive_url":"https://lore.kernel.org/linuxppc-dev/20260505-module-hashes-v5-10-e174a5a49fce@weissschuh.net/","date":"2026-05-05T09:05:14","name":"[v5,10/14] module: Prepare for additional module authentication mechanisms","commit_ref":null,"pull_url":null,"state":"handled-elsewhere","archived":false,"hash":"5b77d760959681aeedacd523bee8a466d2fc9d62","submitter":{"id":82751,"url":"http://patchwork.ozlabs.org/api/1.2/people/82751/?format=json","name":"Thomas Weißschuh","email":"linux@weissschuh.net"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/linuxppc-dev/patch/20260505-module-hashes-v5-10-e174a5a49fce@weissschuh.net/mbox/","series":[{"id":502791,"url":"http://patchwork.ozlabs.org/api/1.2/series/502791/?format=json","web_url":"http://patchwork.ozlabs.org/project/linuxppc-dev/list/?series=502791","date":"2026-05-05T09:05:17","name":"module: Introduce hash-based integrity checking","version":5,"mbox":"http://patchwork.ozlabs.org/series/502791/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2232782/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2232782/checks/","tags":{},"related":[],"headers":{"Return-Path":"\n <linuxppc-dev+bounces-20467-incoming=patchwork.ozlabs.org@lists.ozlabs.org>","X-Original-To":["incoming@patchwork.ozlabs.org","linuxppc-dev@lists.ozlabs.org"],"Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=weissschuh.net header.i=@weissschuh.net\n header.a=rsa-sha256 header.s=mail header.b=uSjcE3/7;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.ozlabs.org\n (client-ip=2404:9400:21b9:f100::1; helo=lists.ozlabs.org;\n envelope-from=linuxppc-dev+bounces-20467-incoming=patchwork.ozlabs.org@lists.ozlabs.org;\n receiver=patchwork.ozlabs.org)","lists.ozlabs.org;\n arc=none smtp.remote-ip=159.69.126.157","lists.ozlabs.org;\n dmarc=pass (p=quarantine dis=none) header.from=weissschuh.net","lists.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=weissschuh.net header.i=@weissschuh.net\n header.a=rsa-sha256 header.s=mail header.b=uSjcE3/7;\n\tdkim-atps=neutral","lists.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=weissschuh.net\n (client-ip=159.69.126.157; helo=todd.t-8ch.de;\n envelope-from=linux@weissschuh.net; receiver=lists.ozlabs.org)"],"Received":["from lists.ozlabs.org (lists.ozlabs.org\n [IPv6:2404:9400:21b9:f100::1])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g8tB223MXz1yJV\n\tfor <incoming@patchwork.ozlabs.org>; Tue, 05 May 2026 19:14:18 +1000 (AEST)","from boromir.ozlabs.org (localhost [127.0.0.1])\n\tby lists.ozlabs.org (Postfix) with ESMTP id 4g8t9G6GSKz3bfY;\n\tTue, 05 May 2026 19:13:38 +1000 (AEST)","from todd.t-8ch.de (todd.t-8ch.de [159.69.126.157])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature RSA-PSS (2048 bits) server-digest\n SHA256)\n\t(No client certificate requested)\n\tby lists.ozlabs.org (Postfix) with ESMTPS id 4g8t993Pxnz30Wh\n\tfor <linuxppc-dev@lists.ozlabs.org>; Tue, 05 May 2026 19:13:33 +1000 (AEST)"],"ARC-Seal":"i=1; a=rsa-sha256; d=lists.ozlabs.org; s=201707; t=1777972418;\n\tcv=none;\n b=F2nTq9KuG7IO2qBpxfLM31cwmnp6SYiy+diO0VwYZGMK1scAPKGEuXsRU8Xbh+y9RqG4jVVaQTjD/lOfPOiVu3M//R28jUq2VMa2SdRLeUV2IPTRKMdFnvIBDE2MrwNMWJ7EJ0B8Kw+127B6sh/8wkSNXQ2ZcqIw9EYkfqY72YWFedNoax16CSU4f9NWScVkFXvFLw6rn2fvgWz2m8iihMk1lzlUEg3NMkMTYR1DjX5JI4/sVUkjCHyeQs5T0zvDtc6nHj7zvM8hTyNQFwlfo+xbfeC16z5g7hK4wmLqwyYjNsyM335zXbcleN9AD9TlxJHRXjQXG2t7OZWNyH8lPA==","ARC-Message-Signature":"i=1; a=rsa-sha256; d=lists.ozlabs.org; s=201707;\n\tt=1777972418; c=relaxed/relaxed;\n\tbh=TkDHL5U0u/T5Z96xyaJQHYwioSwZv4c3cl6dutAOr78=;\n\th=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References:\n\t In-Reply-To:To:Cc;\n b=iSROAyWK7QIGG0htO1pQwiPlmCWbO650s/fj/LlFjYQ58E03vG3EI5Pvfo9avtUVrDkDN2nqayD6UnTT6FZuQ2kGkBz9j/8YuqFcJ+NndOTGc+8E93TR7ODRPTDCY/K6OE36WXqz1zjVoz7PEzTVN9dej4gnz3PRXGlspVtcZbBreLVnkcdGXkPgnqaRHdJR038Q6tQ1Uz/Q1A2hCneYvmxTsEXuhDzkmBXUB+0wuq+qHgdvKVmJ+jeCN8h7CA5uWdTyEy5sQemD8yfYPVjlg2XaQCu7BKYNRAUwEVwXiCttvLGsDuManmQ4c0vlIHHftgepCZ6Z8Ab0n66PQ+DAKQ==","ARC-Authentication-Results":"i=1; lists.ozlabs.org;\n dmarc=pass (p=quarantine dis=none) header.from=weissschuh.net;\n dkim=pass (1024-bit key;\n unprotected) header.d=weissschuh.net header.i=@weissschuh.net\n header.a=rsa-sha256 header.s=mail header.b=uSjcE3/7; dkim-atps=neutral;\n spf=pass (client-ip=159.69.126.157; helo=todd.t-8ch.de;\n envelope-from=linux@weissschuh.net;\n receiver=lists.ozlabs.org) smtp.mailfrom=weissschuh.net","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/simple; d=weissschuh.net;\n\ts=mail; t=1777971923;\n\tbh=chCyrFKTgdh3bqAx/mQ6lIysEIJoVqpFJGF/rlIkqi4=;\n\th=From:Date:Subject:References:In-Reply-To:To:Cc:From;\n\tb=uSjcE3/7RPzqVxYeknvP09UES2PQcOS9VkYVVqueNpzecmFvo1an3XpkguzW1D0Bg\n\t nFEHj3iswoLhusE/F96Ei5XojOmHw/x30HPACKMdW35EThCzDfqEd2VucH5aOjSyPt\n\t ZadmbkICr/8be6TA7uVP9y8q16Xm891dDk9OoxpA=","From":"=?utf-8?q?Thomas_Wei=C3=9Fschuh?= <linux@weissschuh.net>","Date":"Tue, 05 May 2026 11:05:14 +0200","Subject":"[PATCH v5 10/14] module: Prepare for additional module\n authentication mechanisms","X-Mailing-List":"linuxppc-dev@lists.ozlabs.org","List-Id":"<linuxppc-dev.lists.ozlabs.org>","List-Help":"<mailto:linuxppc-dev+help@lists.ozlabs.org>","List-Owner":"<mailto:linuxppc-dev+owner@lists.ozlabs.org>","List-Post":"<mailto:linuxppc-dev@lists.ozlabs.org>","List-Archive":"<https://lore.kernel.org/linuxppc-dev/>,\n  <https://lists.ozlabs.org/pipermail/linuxppc-dev/>","List-Subscribe":"<mailto:linuxppc-dev+subscribe@lists.ozlabs.org>,\n  <mailto:linuxppc-dev+subscribe-digest@lists.ozlabs.org>,\n  <mailto:linuxppc-dev+subscribe-nomail@lists.ozlabs.org>","List-Unsubscribe":"<mailto:linuxppc-dev+unsubscribe@lists.ozlabs.org>","Precedence":"list","MIME-Version":"1.0","Content-Type":"text/plain; charset=\"utf-8\"","Content-Transfer-Encoding":"8bit","Message-Id":"<20260505-module-hashes-v5-10-e174a5a49fce@weissschuh.net>","References":"<20260505-module-hashes-v5-0-e174a5a49fce@weissschuh.net>","In-Reply-To":"<20260505-module-hashes-v5-0-e174a5a49fce@weissschuh.net>","To":"Alexei Starovoitov <ast@kernel.org>,\n Daniel Borkmann <daniel@iogearbox.net>, Andrii Nakryiko <andrii@kernel.org>,\n Eduard Zingerman <eddyz87@gmail.com>,\n Kumar Kartikeya Dwivedi <memxor@gmail.com>,\n Nathan Chancellor <nathan@kernel.org>, Nicolas Schier <nsc@kernel.org>,\n Arnd Bergmann <arnd@arndb.de>, Luis Chamberlain <mcgrof@kernel.org>,\n Petr Pavlu <petr.pavlu@suse.com>, Sami Tolvanen <samitolvanen@google.com>,\n Daniel Gomez <da.gomez@samsung.com>, Paul Moore <paul@paul-moore.com>,\n James Morris <jmorris@namei.org>, \"Serge E. Hallyn\" <serge@hallyn.com>,\n Jonathan Corbet <corbet@lwn.net>, Madhavan Srinivasan <maddy@linux.ibm.com>,\n Michael Ellerman <mpe@ellerman.id.au>, Nicholas Piggin <npiggin@gmail.com>,\n Naveen N Rao <naveen@kernel.org>, Mimi Zohar <zohar@linux.ibm.com>,\n Roberto Sassu <roberto.sassu@huawei.com>,\n Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,\n Eric Snowberg <eric.snowberg@oracle.com>,\n Nicolas Schier <nicolas.schier@linux.dev>,\n Daniel Gomez <da.gomez@kernel.org>, Aaron Tomlin <atomlin@atomlin.com>,\n \"Christophe Leroy (CS GROUP)\" <chleroy@kernel.org>,\n Nicolas Bouchinet <nicolas.bouchinet@oss.cyber.gouv.fr>,\n Xiu Jianfeng <xiujianfeng@huawei.com>,\n Christophe Leroy <chleroy@kernel.org>","Cc":"Martin KaFai Lau <martin.lau@linux.dev>, Song Liu <song@kernel.org>,\n  Yonghong Song <yonghong.song@linux.dev>, Jiri Olsa <jolsa@kernel.org>,\n  bpf@vger.kernel.org,\n =?utf-8?q?Fabian_Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com>,\n  Arnout Engelen <arnout@bzzt.net>, Mattia Rizzolo <mattia@mapreri.org>,\n  kpcyrd <kpcyrd@archlinux.org>, Christian Heusel <christian@heusel.eu>,\n\t=?utf-8?q?C=C3=A2ju_Mihai-Drosi?= <mcaju95@gmail.com>,\n  Eric Biggers <ebiggers@kernel.org>,\n  Sebastian Andrzej Siewior <bigeasy@linutronix.de>,\n  linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org,\n  linux-arch@vger.kernel.org, linux-modules@vger.kernel.org,\n  linux-security-module@vger.kernel.org, linux-doc@vger.kernel.org,\n  linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org,\n  debian-kernel@lists.debian.org,\n =?utf-8?q?Thomas_Wei=C3=9Fschuh?= <linux@weissschuh.net>","X-Mailer":"b4 0.15.2","X-Developer-Signature":"v=1; a=ed25519-sha256; t=1777971921; l=2563;\n i=linux@weissschuh.net; s=20221212; h=from:subject:message-id;\n bh=chCyrFKTgdh3bqAx/mQ6lIysEIJoVqpFJGF/rlIkqi4=;\n b=AghgISpSvC9jFLJMASwIQ2fl2y7giwEV7IIPQJiNe92PMZ8lKZf0qC99jV/SdHmNA1NchS945\n I53O1yr0Ve6Cw+2TVu7rpkv9iMeNkP/+D4AMPAnvVv3dujuIZnIrT4f","X-Developer-Key":"i=linux@weissschuh.net; a=ed25519;\n pk=KcycQgFPX2wGR5azS7RhpBqedglOZVgRPfdFSPB1LNw=","X-Spam-Status":"No, score=-0.2 required=3.0 tests=DKIM_SIGNED,DKIM_VALID,\n\tDKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=disabled\n\tversion=4.0.1 OzLabs 8","X-Spam-Checker-Version":"SpamAssassin 4.0.1 (2024-03-25) on lists.ozlabs.org"},"content":"Reorganize the code to make it easier to add the new hash-based module\nauthentication.\n\nAlso drop the now unnecessary stub for module_sig_check().\n\nSigned-off-by: Thomas Weißschuh <linux@weissschuh.net>\n---\n kernel/module/auth.c     | 17 ++++++++++++++---\n kernel/module/internal.h |  8 --------\n 2 files changed, 14 insertions(+), 11 deletions(-)","diff":"diff --git a/kernel/module/auth.c b/kernel/module/auth.c\nindex 21e49eb4967c..2ee512d26790 100644\n--- a/kernel/module/auth.c\n+++ b/kernel/module/auth.c\n@@ -37,6 +37,14 @@ void set_module_sig_enforced(void)\n \tsig_enforce = true;\n }\n \n+static __always_inline bool mod_sig_type_valid(enum module_signature_type id_type)\n+{\n+\tif (id_type == MODULE_SIGNATURE_TYPE_PKCS7 && IS_ENABLED(CONFIG_MODULE_SIG))\n+\t\treturn true;\n+\n+\treturn false;\n+}\n+\n static int mod_verify_sig(const void *mod, struct load_info *info)\n {\n \tstruct module_signature ms;\n@@ -48,8 +56,8 @@ static int mod_verify_sig(const void *mod, struct load_info *info)\n \n \tmemcpy(&ms, mod + (modlen - sizeof(ms)), sizeof(ms));\n \n-\tif (ms.id_type != MODULE_SIGNATURE_TYPE_PKCS7) {\n-\t\tpr_err(\"module: not signed with expected PKCS#7 message\\n\");\n+\tif (!mod_sig_type_valid(ms.id_type)) {\n+\t\tpr_err(\"module: not signed with expected signature\\n\");\n \t\treturn -ENOPKG;\n \t}\n \n@@ -61,7 +69,10 @@ static int mod_verify_sig(const void *mod, struct load_info *info)\n \tmodlen -= sig_len + sizeof(ms);\n \tinfo->len = modlen;\n \n-\treturn module_sig_check(mod, modlen, mod + modlen, sig_len);\n+\tif (ms.id_type == MODULE_SIGNATURE_TYPE_PKCS7 && IS_ENABLED(CONFIG_MODULE_SIG))\n+\t\treturn module_sig_check(mod, modlen, mod + modlen, sig_len);\n+\n+\treturn 0;\n }\n \n int module_auth_check(struct load_info *info, int flags)\ndiff --git a/kernel/module/internal.h b/kernel/module/internal.h\nindex d923e31a5d8e..aabe7f8e1af4 100644\n--- a/kernel/module/internal.h\n+++ b/kernel/module/internal.h\n@@ -335,15 +335,7 @@ int module_enforce_rwx_sections(const Elf_Ehdr *hdr, const Elf_Shdr *sechdrs,\n void module_mark_ro_after_init(const Elf_Ehdr *hdr, Elf_Shdr *sechdrs,\n \t\t\t       const char *secstrings);\n \n-#ifdef CONFIG_MODULE_SIG\n int module_sig_check(const void *mod, size_t mod_len, const void *sig, size_t sig_len);\n-#else /* !CONFIG_MODULE_SIG */\n-static inline int module_sig_check(const void *mod, size_t mod_len,\n-\t\t\t\t   const void *sig, size_t sig_len)\n-{\n-\treturn 0;\n-}\n-#endif /* !CONFIG_MODULE_SIG */\n \n #ifdef CONFIG_MODULE_AUTH\n int module_auth_check(struct load_info *info, int flags);\n","prefixes":["v5","10/14"]}