module: fix signature check failures when using in-kernel decompression

The new flag MODULE_INIT_COMPRESSED_FILE unintentionally trips check in
module_sig_check(). The check was supposed to catch case when version
info or magic was removed from a signed module, making signature
invalid, but it was coded too broadly and was catching this new flag as
well.

Change the check to only test the 2 particular flags affecting signature
validity.

Fixes: b1ae6dc41eaa ("module: add in-kernel support for decompressing")
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>

diff --git a/kernel/module.c b/kernel/module.c
index 34fe282..387ee77 100644 (file)
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -2883,12 +2883,13 @@ static int module_sig_check(struct load_info *info, int flags)
        const unsigned long markerlen = sizeof(MODULE_SIG_STRING) - 1;
        const char *reason;
        const void *mod = info->hdr;
-
+       bool mangled_module = flags & (MODULE_INIT_IGNORE_MODVERSIONS |
+                                      MODULE_INIT_IGNORE_VERMAGIC);
        /*
-        * Require flags == 0, as a module with version information
-        * removed is no longer the module that was signed
+        * Do not allow mangled modules as a module with version information
+        * removed is no longer the module that was signed.
         */
-       if (flags == 0 &&
+       if (!mangled_module &&
            info->len > markerlen &&
            memcmp(mod + info->len - markerlen, MODULE_SIG_STRING, markerlen) == 0) {
                /* We truncate the module to discard the signature */