diff --git a/debian/patches/bugfix/all/module-invalidate-signatures-on-force-loaded-modules.patch b/debian/patches/bugfix/all/module-invalidate-signatures-on-force-loaded-modules.patch new file mode 100644 index 000000000..e751fd11c --- /dev/null +++ b/debian/patches/bugfix/all/module-invalidate-signatures-on-force-loaded-modules.patch @@ -0,0 +1,58 @@ +From: Ben Hutchings +Date: Sun, 17 Apr 2016 22:59:03 +0100 +Subject: module: Invalidate signatures on force-loaded modules +Forwarded: http://mid.gmane.org/20160423184501.GM3348@decadent.org.uk + +Signing a module should only make it trusted by the specific kernel it +was built for, not anything else. Loading a signed module meant for a +kernel with a different ABI could have interesting effects. +Therefore, treat all signatures as invalid when a module is +force-loaded. + +Signed-off-by: Ben Hutchings +Cc: stable@vger.kernel.org +--- + kernel/module.c | 13 +++++++++---- + 1 file changed, 9 insertions(+), 4 deletions(-) + +--- a/kernel/module.c ++++ b/kernel/module.c +@@ -2597,13 +2597,18 @@ static inline void kmemleak_load_module( + #endif + + #ifdef CONFIG_MODULE_SIG +-static int module_sig_check(struct load_info *info) ++static int module_sig_check(struct load_info *info, int flags) + { + int err = -ENOKEY; + const unsigned long markerlen = sizeof(MODULE_SIG_STRING) - 1; + const void *mod = info->hdr; + +- if (info->len > markerlen && ++ /* ++ * Require flags == 0, as a module with version information ++ * removed is no longer the module that was signed ++ */ ++ if (flags == 0 && ++ info->len > markerlen && + memcmp(mod + info->len - markerlen, MODULE_SIG_STRING, markerlen) == 0) { + /* We truncate the module to discard the signature */ + info->len -= markerlen; +@@ -2622,7 +2627,7 @@ static int module_sig_check(struct load_ + return err; + } + #else /* !CONFIG_MODULE_SIG */ +-static int module_sig_check(struct load_info *info) ++static int module_sig_check(struct load_info *info, int flags) + { + return 0; + } +@@ -3429,7 +3434,7 @@ static int load_module(struct load_info + long err; + char *after_dashes; + +- err = module_sig_check(info); ++ err = module_sig_check(info, flags); + if (err) + goto free_copy; + diff --git a/debian/patches/series b/debian/patches/series index d41e771af..a1e3ced92 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -149,3 +149,4 @@ bugfix/all/tools-lib-traceevent-fix-use-of-uninitialized-variables.patch bugfix/all/scripts-fix-x.509-pem-support-in-sign-file.patch bugfix/arm/arm-dts-kirkwood-fix-sd-slot-default-configuration-f.patch bugfix/all/atl2-disable-unimplemented-scatter-gather-feature.patch +bugfix/all/module-invalidate-signatures-on-force-loaded-modules.patch