module: Call security_kernel_post_load_data()

Now that there is an API for checking loaded contents for modules
loaded without a file, call into the LSM hooks.

Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: KP Singh <kpsingh@google.com>
Acked-by: Jessica Yu <jeyu@kernel.org>
Link: https://lore.kernel.org/r/20201002173828.2099543-11-keescook@chromium.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/kernel/module.c b/kernel/module.c
index f47209e..adfa21d 100644 (file)
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -3014,7 +3014,7 @@ static int copy_module_from_user(const void __user *umod, unsigned long len,
        if (info->len < sizeof(*(info->hdr)))
                return -ENOEXEC;
 
-       err = security_kernel_load_data(LOADING_MODULE, false);
+       err = security_kernel_load_data(LOADING_MODULE, true);
        if (err)
                return err;
 
@@ -3024,11 +3024,17 @@ static int copy_module_from_user(const void __user *umod, unsigned long len,
                return -ENOMEM;
 
        if (copy_chunked_from_user(info->hdr, umod, info->len) != 0) {
-               vfree(info->hdr);
-               return -EFAULT;
+               err = -EFAULT;
+               goto out;
        }
 
-       return 0;
+       err = security_kernel_post_load_data((char *)info->hdr, info->len,
+                                            LOADING_MODULE, "init_module");
+out:
+       if (err)
+               vfree(info->hdr);
+
+       return err;
 }
 
 static void free_copy(struct load_info *info)