[linux] 03/03: module: Invalidate signatures on force-loaded modules

debian-kernel at lists.debian.org debian-kernel at lists.debian.org
Sat Apr 23 18:48:53 UTC 2016


This is an automated email from the git hooks/post-receive script.

benh pushed a commit to branch sid
in repository linux.

commit dff5585589dd1d7b1968b81ba7e9bb9d742a8eeb
Author: Ben Hutchings <ben at decadent.org.uk>
Date:   Sat Apr 23 20:48:33 2016 +0200

    module: Invalidate signatures on force-loaded modules
---
 ...lidate-signatures-on-force-loaded-modules.patch | 58 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 2 files changed, 59 insertions(+)

diff --git a/debian/patches/bugfix/all/module-invalidate-signatures-on-force-loaded-modules.patch b/debian/patches/bugfix/all/module-invalidate-signatures-on-force-loaded-modules.patch
new file mode 100644
index 0000000..e751fd1
--- /dev/null
+++ b/debian/patches/bugfix/all/module-invalidate-signatures-on-force-loaded-modules.patch
@@ -0,0 +1,58 @@
+From: Ben Hutchings <ben at decadent.org.uk>
+Date: Sun, 17 Apr 2016 22:59:03 +0100
+Subject: module: Invalidate signatures on force-loaded modules
+Forwarded: http://mid.gmane.org/20160423184501.GM3348@decadent.org.uk
+
+Signing a module should only make it trusted by the specific kernel it
+was built for, not anything else.  Loading a signed module meant for a
+kernel with a different ABI could have interesting effects.
+Therefore, treat all signatures as invalid when a module is
+force-loaded.
+
+Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
+Cc: stable at vger.kernel.org
+---
+ kernel/module.c | 13 +++++++++----
+ 1 file changed, 9 insertions(+), 4 deletions(-)
+
+--- a/kernel/module.c
++++ b/kernel/module.c
+@@ -2597,13 +2597,18 @@ static inline void kmemleak_load_module(
+ #endif
+ 
+ #ifdef CONFIG_MODULE_SIG
+-static int module_sig_check(struct load_info *info)
++static int module_sig_check(struct load_info *info, int flags)
+ {
+ 	int err = -ENOKEY;
+ 	const unsigned long markerlen = sizeof(MODULE_SIG_STRING) - 1;
+ 	const void *mod = info->hdr;
+ 
+-	if (info->len > markerlen &&
++	/*
++	 * Require flags == 0, as a module with version information
++	 * removed is no longer the module that was signed
++	 */
++	if (flags == 0 &&
++	    info->len > markerlen &&
+ 	    memcmp(mod + info->len - markerlen, MODULE_SIG_STRING, markerlen) == 0) {
+ 		/* We truncate the module to discard the signature */
+ 		info->len -= markerlen;
+@@ -2622,7 +2627,7 @@ static int module_sig_check(struct load_
+ 	return err;
+ }
+ #else /* !CONFIG_MODULE_SIG */
+-static int module_sig_check(struct load_info *info)
++static int module_sig_check(struct load_info *info, int flags)
+ {
+ 	return 0;
+ }
+@@ -3429,7 +3434,7 @@ static int load_module(struct load_info
+ 	long err;
+ 	char *after_dashes;
+ 
+-	err = module_sig_check(info);
++	err = module_sig_check(info, flags);
+ 	if (err)
+ 		goto free_copy;
+ 
diff --git a/debian/patches/series b/debian/patches/series
index d41e771..a1e3ced 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -149,3 +149,4 @@ bugfix/all/tools-lib-traceevent-fix-use-of-uninitialized-variables.patch
 bugfix/all/scripts-fix-x.509-pem-support-in-sign-file.patch
 bugfix/arm/arm-dts-kirkwood-fix-sd-slot-default-configuration-f.patch
 bugfix/all/atl2-disable-unimplemented-scatter-gather-feature.patch
+bugfix/all/module-invalidate-signatures-on-force-loaded-modules.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git



More information about the Kernel-svn-changes mailing list