mirror of https://gitee.com/openkylin/linux.git
KEYS: correct alignment of system_certificate_list content in assembly file
Apart from data-type specific alignment constraints, there are also architecture-specific alignment requirements. For example, on s390 symbols must be on even addresses implying a 2-byte alignment. If the system_certificate_list_end symbol is on an odd address and if this address is loaded, the least-significant bit is ignored. As a result, the load_system_certificate_list() fails to load the certificates because of a wrong certificate length calculation. To be safe, align system_certificate_list on an 8-byte boundary. Also improve the length calculation of the system_certificate_list content. Introduce a system_certificate_list_size (8-byte aligned because of unsigned long) variable that stores the length. Let the linker calculate this size by introducing a start and end label for the certificate content. Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com> Signed-off-by: David Howells <dhowells@redhat.com>
This commit is contained in:
parent
7cfe5b3310
commit
62226983da
|
@ -3,8 +3,18 @@
|
|||
|
||||
__INITRODATA
|
||||
|
||||
.align 8
|
||||
.globl VMLINUX_SYMBOL(system_certificate_list)
|
||||
VMLINUX_SYMBOL(system_certificate_list):
|
||||
__cert_list_start:
|
||||
.incbin "kernel/x509_certificate_list"
|
||||
.globl VMLINUX_SYMBOL(system_certificate_list_end)
|
||||
VMLINUX_SYMBOL(system_certificate_list_end):
|
||||
__cert_list_end:
|
||||
|
||||
.align 8
|
||||
.globl VMLINUX_SYMBOL(system_certificate_list_size)
|
||||
VMLINUX_SYMBOL(system_certificate_list_size):
|
||||
#ifdef CONFIG_64BIT
|
||||
.quad __cert_list_end - __cert_list_start
|
||||
#else
|
||||
.long __cert_list_end - __cert_list_start
|
||||
#endif
|
||||
|
|
|
@ -22,7 +22,7 @@ struct key *system_trusted_keyring;
|
|||
EXPORT_SYMBOL_GPL(system_trusted_keyring);
|
||||
|
||||
extern __initconst const u8 system_certificate_list[];
|
||||
extern __initconst const u8 system_certificate_list_end[];
|
||||
extern __initconst const unsigned long system_certificate_list_size;
|
||||
|
||||
/*
|
||||
* Load the compiled-in keys
|
||||
|
@ -60,8 +60,8 @@ static __init int load_system_certificate_list(void)
|
|||
|
||||
pr_notice("Loading compiled-in X.509 certificates\n");
|
||||
|
||||
end = system_certificate_list_end;
|
||||
p = system_certificate_list;
|
||||
end = p + system_certificate_list_size;
|
||||
while (p < end) {
|
||||
/* Each cert begins with an ASN.1 SEQUENCE tag and must be more
|
||||
* than 256 bytes in size.
|
||||
|
|
Loading…
Reference in New Issue