linuxkm/linuxkm_memory.c: in wc_fips_generate_hash(), fix handling of failed hmac_update() in text segment loop;

linuxkm/module_hooks.c: in wolfssl_init() DEBUG_LINUXKM_PIE_SUPPORT section, render stabilized_rodata_hash;

in my_kallsyms_lookup_name(), gate kprobe failure messages behind WOLFSSL_LINUXKM_VERBOSE_DEBUG.
This commit is contained in:
Daniel Pouzzner
2026-04-29 17:35:11 -05:00
parent 1d21858be1
commit 5dbf2e7382
2 changed files with 17 additions and 4 deletions
+10 -2
View File
@@ -865,6 +865,11 @@ int wc_fips_generate_hash(
text_p += progress;
}
if (ret) {
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
goto out;
}
cur_reloc_index = -1;
while (rodata_p < (const byte *)seg_map->fips_rodata_end) {
size_t rodata_in_out_len = min(WOLFSSL_SEGMENT_CANONICALIZER_BUFSIZ,
@@ -905,6 +910,9 @@ int wc_fips_generate_hash(
}
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (ret)
goto out;
}
#else /* ! (WC_SYM_RELOC_TABLES || WC_SYM_RELOC_TABLES_SUPPORT) */
@@ -936,14 +944,14 @@ int wc_fips_generate_hash(
WC_SANITIZE_ENABLE();
#endif /* ! (WC_SYM_RELOC_TABLES || WC_SYM_RELOC_TABLES_SUPPORT) */
if (ret) {
RELOC_DEBUG_PRINTF("ERROR: hmac_update failed: err %d\n", ret);
ret = BAD_STATE_E;
goto out;
}
#endif /* ! (WC_SYM_RELOC_TABLES || WC_SYM_RELOC_TABLES_SUPPORT) */
ret = hmac_final(hmac_ctx, hash, digest_size);
if (ret) {
RELOC_DEBUG_PRINTF("ERROR: hmac_final failed: err %d\n", ret);
+7 -2
View File
@@ -778,12 +778,13 @@ static int wolfssl_init(void)
* the true module start address, which is potentially useful to an
* attacker.
*/
pr_info("wolfCrypt segment hashes (spans): text 0x%x (%llu), rodata 0x%x (%llu), offset %c0x%llx, canon text 0x%x\n",
pr_info("wolfCrypt segment hashes (spans): text 0x%x (%llu), rodata 0x%x (%llu), offset %c0x%llx, canon text 0x%x, canon rodata 0x%x\n",
text_hash, (unsigned long long)((uintptr_t)__wc_text_end - (uintptr_t)__wc_text_start),
rodata_hash, (unsigned long long)((uintptr_t)__wc_rodata_end - (uintptr_t)__wc_rodata_start),
(uintptr_t)__wc_text_start < (uintptr_t)&__wc_rodata_start[0] ? '+' : '-',
(uintptr_t)__wc_text_start < (uintptr_t)&__wc_rodata_start[0] ? (unsigned long long)((uintptr_t)&__wc_rodata_start[0] - (uintptr_t)__wc_text_start) : (unsigned long long)((uintptr_t)__wc_text_start - (uintptr_t)&__wc_rodata_start[0]),
stabilized_text_hash);
stabilized_text_hash,
stabilized_rodata_hash);
pr_info("wolfCrypt segments: text=%llx-%llx, rodata=%llx-%llx, "
"rwdata=%llx-%llx, bss=%llx-%llx\n",
@@ -1847,13 +1848,17 @@ static WC_MAYBE_UNUSED void *my_kallsyms_lookup_name(const char *name) {
int ret;
kallsyms_lookup_name_kp.addr = NULL;
if ((ret = register_kprobe(&kallsyms_lookup_name_kp)) != 0) {
#ifdef WOLFSSL_LINUXKM_VERBOSE_DEBUG
pr_err_once("ERROR: register_kprobe(&kallsyms_lookup_name_kp) failed: %d\n", ret);
#endif
return 0;
}
kallsyms_lookup_name_ptr = (typeof(kallsyms_lookup_name_ptr))kallsyms_lookup_name_kp.addr;
unregister_kprobe(&kallsyms_lookup_name_kp);
if (! kallsyms_lookup_name_ptr) {
#ifdef WOLFSSL_LINUXKM_VERBOSE_DEBUG
pr_err_once("ERROR: kallsyms_lookup_name_kp.addr is null.\n");
#endif
return 0;
}
}