module: Invalidate signatures on force-loaded modules
This commit is contained in:
parent
5f6cfd0660
commit
dff5585589
58
debian/patches/bugfix/all/module-invalidate-signatures-on-force-loaded-modules.patch
vendored
Normal file
58
debian/patches/bugfix/all/module-invalidate-signatures-on-force-loaded-modules.patch
vendored
Normal file
|
@ -0,0 +1,58 @@
|
|||
From: Ben Hutchings <ben@decadent.org.uk>
|
||||
Date: Sun, 17 Apr 2016 22:59:03 +0100
|
||||
Subject: module: Invalidate signatures on force-loaded modules
|
||||
Forwarded: http://mid.gmane.org/20160423184501.GM3348@decadent.org.uk
|
||||
|
||||
Signing a module should only make it trusted by the specific kernel it
|
||||
was built for, not anything else. Loading a signed module meant for a
|
||||
kernel with a different ABI could have interesting effects.
|
||||
Therefore, treat all signatures as invalid when a module is
|
||||
force-loaded.
|
||||
|
||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||
Cc: stable@vger.kernel.org
|
||||
---
|
||||
kernel/module.c | 13 +++++++++----
|
||||
1 file changed, 9 insertions(+), 4 deletions(-)
|
||||
|
||||
--- a/kernel/module.c
|
||||
+++ b/kernel/module.c
|
||||
@@ -2597,13 +2597,18 @@ static inline void kmemleak_load_module(
|
||||
#endif
|
||||
|
||||
#ifdef CONFIG_MODULE_SIG
|
||||
-static int module_sig_check(struct load_info *info)
|
||||
+static int module_sig_check(struct load_info *info, int flags)
|
||||
{
|
||||
int err = -ENOKEY;
|
||||
const unsigned long markerlen = sizeof(MODULE_SIG_STRING) - 1;
|
||||
const void *mod = info->hdr;
|
||||
|
||||
- if (info->len > markerlen &&
|
||||
+ /*
|
||||
+ * Require flags == 0, as a module with version information
|
||||
+ * removed is no longer the module that was signed
|
||||
+ */
|
||||
+ if (flags == 0 &&
|
||||
+ info->len > markerlen &&
|
||||
memcmp(mod + info->len - markerlen, MODULE_SIG_STRING, markerlen) == 0) {
|
||||
/* We truncate the module to discard the signature */
|
||||
info->len -= markerlen;
|
||||
@@ -2622,7 +2627,7 @@ static int module_sig_check(struct load_
|
||||
return err;
|
||||
}
|
||||
#else /* !CONFIG_MODULE_SIG */
|
||||
-static int module_sig_check(struct load_info *info)
|
||||
+static int module_sig_check(struct load_info *info, int flags)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
@@ -3429,7 +3434,7 @@ static int load_module(struct load_info
|
||||
long err;
|
||||
char *after_dashes;
|
||||
|
||||
- err = module_sig_check(info);
|
||||
+ err = module_sig_check(info, flags);
|
||||
if (err)
|
||||
goto free_copy;
|
||||
|
|
@ -149,3 +149,4 @@ bugfix/all/tools-lib-traceevent-fix-use-of-uninitialized-variables.patch
|
|||
bugfix/all/scripts-fix-x.509-pem-support-in-sign-file.patch
|
||||
bugfix/arm/arm-dts-kirkwood-fix-sd-slot-default-configuration-f.patch
|
||||
bugfix/all/atl2-disable-unimplemented-scatter-gather-feature.patch
|
||||
bugfix/all/module-invalidate-signatures-on-force-loaded-modules.patch
|
||||
|
|
Loading…
Reference in New Issue