[linux] 03/03: module: Invalidate signatures on force-loaded modules
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Sat Apr 23 18:48:53 UTC 2016
This is an automated email from the git hooks/post-receive script.
benh pushed a commit to branch sid
in repository linux.
commit dff5585589dd1d7b1968b81ba7e9bb9d742a8eeb
Author: Ben Hutchings <ben at decadent.org.uk>
Date: Sat Apr 23 20:48:33 2016 +0200
module: Invalidate signatures on force-loaded modules
---
...lidate-signatures-on-force-loaded-modules.patch | 58 ++++++++++++++++++++++
debian/patches/series | 1 +
2 files changed, 59 insertions(+)
diff --git a/debian/patches/bugfix/all/module-invalidate-signatures-on-force-loaded-modules.patch b/debian/patches/bugfix/all/module-invalidate-signatures-on-force-loaded-modules.patch
new file mode 100644
index 0000000..e751fd1
--- /dev/null
+++ b/debian/patches/bugfix/all/module-invalidate-signatures-on-force-loaded-modules.patch
@@ -0,0 +1,58 @@
+From: Ben Hutchings <ben at decadent.org.uk>
+Date: Sun, 17 Apr 2016 22:59:03 +0100
+Subject: module: Invalidate signatures on force-loaded modules
+Forwarded: http://mid.gmane.org/20160423184501.GM3348@decadent.org.uk
+
+Signing a module should only make it trusted by the specific kernel it
+was built for, not anything else. Loading a signed module meant for a
+kernel with a different ABI could have interesting effects.
+Therefore, treat all signatures as invalid when a module is
+force-loaded.
+
+Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
+Cc: stable at vger.kernel.org
+---
+ kernel/module.c | 13 +++++++++----
+ 1 file changed, 9 insertions(+), 4 deletions(-)
+
+--- a/kernel/module.c
++++ b/kernel/module.c
+@@ -2597,13 +2597,18 @@ static inline void kmemleak_load_module(
+ #endif
+
+ #ifdef CONFIG_MODULE_SIG
+-static int module_sig_check(struct load_info *info)
++static int module_sig_check(struct load_info *info, int flags)
+ {
+ int err = -ENOKEY;
+ const unsigned long markerlen = sizeof(MODULE_SIG_STRING) - 1;
+ const void *mod = info->hdr;
+
+- if (info->len > markerlen &&
++ /*
++ * Require flags == 0, as a module with version information
++ * removed is no longer the module that was signed
++ */
++ if (flags == 0 &&
++ info->len > markerlen &&
+ memcmp(mod + info->len - markerlen, MODULE_SIG_STRING, markerlen) == 0) {
+ /* We truncate the module to discard the signature */
+ info->len -= markerlen;
+@@ -2622,7 +2627,7 @@ static int module_sig_check(struct load_
+ return err;
+ }
+ #else /* !CONFIG_MODULE_SIG */
+-static int module_sig_check(struct load_info *info)
++static int module_sig_check(struct load_info *info, int flags)
+ {
+ return 0;
+ }
+@@ -3429,7 +3434,7 @@ static int load_module(struct load_info
+ long err;
+ char *after_dashes;
+
+- err = module_sig_check(info);
++ err = module_sig_check(info, flags);
+ if (err)
+ goto free_copy;
+
diff --git a/debian/patches/series b/debian/patches/series
index d41e771..a1e3ced 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -149,3 +149,4 @@ bugfix/all/tools-lib-traceevent-fix-use-of-uninitialized-variables.patch
bugfix/all/scripts-fix-x.509-pem-support-in-sign-file.patch
bugfix/arm/arm-dts-kirkwood-fix-sd-slot-default-configuration-f.patch
bugfix/all/atl2-disable-unimplemented-scatter-gather-feature.patch
+bugfix/all/module-invalidate-signatures-on-force-loaded-modules.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git
More information about the Kernel-svn-changes
mailing list