Commit 62226983 authored by Hendrik Brueckner's avatar Hendrik Brueckner Committed by David Howells

KEYS: correct alignment of system_certificate_list content in assembly file

Apart from data-type specific alignment constraints, there are also
architecture-specific alignment requirements.
For example, on s390 symbols must be on even addresses implying a 2-byte
alignment.  If the system_certificate_list_end symbol is on an odd address
and if this address is loaded, the least-significant bit is ignored.  As a
result, the load_system_certificate_list() fails to load the certificates
because of a wrong certificate length calculation.

To be safe, align system_certificate_list on an 8-byte boundary.  Also improve
the length calculation of the system_certificate_list content.  Introduce a
system_certificate_list_size (8-byte aligned because of unsigned long) variable
that stores the length.  Let the linker calculate this size by introducing
a start and end label for the certificate content.
Signed-off-by: default avatarHendrik Brueckner <brueckner@linux.vnet.ibm.com>
Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
parent 7cfe5b33
...@@ -3,8 +3,18 @@ ...@@ -3,8 +3,18 @@
__INITRODATA __INITRODATA
.align 8
.globl VMLINUX_SYMBOL(system_certificate_list) .globl VMLINUX_SYMBOL(system_certificate_list)
VMLINUX_SYMBOL(system_certificate_list): VMLINUX_SYMBOL(system_certificate_list):
__cert_list_start:
.incbin "kernel/x509_certificate_list" .incbin "kernel/x509_certificate_list"
.globl VMLINUX_SYMBOL(system_certificate_list_end) __cert_list_end:
VMLINUX_SYMBOL(system_certificate_list_end):
.align 8
.globl VMLINUX_SYMBOL(system_certificate_list_size)
VMLINUX_SYMBOL(system_certificate_list_size):
#ifdef CONFIG_64BIT
.quad __cert_list_end - __cert_list_start
#else
.long __cert_list_end - __cert_list_start
#endif
...@@ -22,7 +22,7 @@ struct key *system_trusted_keyring; ...@@ -22,7 +22,7 @@ struct key *system_trusted_keyring;
EXPORT_SYMBOL_GPL(system_trusted_keyring); EXPORT_SYMBOL_GPL(system_trusted_keyring);
extern __initconst const u8 system_certificate_list[]; extern __initconst const u8 system_certificate_list[];
extern __initconst const u8 system_certificate_list_end[]; extern __initconst const unsigned long system_certificate_list_size;
/* /*
* Load the compiled-in keys * Load the compiled-in keys
...@@ -60,8 +60,8 @@ static __init int load_system_certificate_list(void) ...@@ -60,8 +60,8 @@ static __init int load_system_certificate_list(void)
pr_notice("Loading compiled-in X.509 certificates\n"); pr_notice("Loading compiled-in X.509 certificates\n");
end = system_certificate_list_end;
p = system_certificate_list; p = system_certificate_list;
end = p + system_certificate_list_size;
while (p < end) { while (p < end) {
/* Each cert begins with an ASN.1 SEQUENCE tag and must be more /* Each cert begins with an ASN.1 SEQUENCE tag and must be more
* than 256 bytes in size. * than 256 bytes in size.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment