Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752231AbcDWSpJ (ORCPT ); Sat, 23 Apr 2016 14:45:09 -0400 Received: from shadbolt.e.decadent.org.uk ([88.96.1.126]:33854 "EHLO shadbolt.e.decadent.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752082AbcDWSpH (ORCPT ); Sat, 23 Apr 2016 14:45:07 -0400 Date: Sat, 23 Apr 2016 19:45:01 +0100 From: Ben Hutchings To: Rusty Russell Cc: David Howells , David Woodhouse , keyrings@vger.kernel.org, linux-kernel@vger.kernel.org Message-ID: <20160423184501.GM3348@decadent.org.uk> References: <20160423184421.GL3348@decadent.org.uk> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="XlS4q8O07AKt4+K1" Content-Disposition: inline In-Reply-To: <20160423184421.GL3348@decadent.org.uk> User-Agent: Mutt/1.5.23 (2014-03-12) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: ben@decadent.org.uk Subject: [PATCH 1/3] module: Invalidate signatures on force-loaded modules X-SA-Exim-Version: 4.2.1 (built Mon, 26 Dec 2011 16:24:06 +0000) X-SA-Exim-Scanned: Yes (on shadbolt.decadent.org.uk) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2935 Lines: 89 --XlS4q8O07AKt4+K1 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Signing a module should only make it trusted by the specific kernel it was built for, not anything else. Loading a signed module meant for a kernel with a different ABI could have interesting effects. Therefore, treat all signatures as invalid when a module is force-loaded. Signed-off-by: Ben Hutchings Cc: stable@vger.kernel.org --- kernel/module.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/kernel/module.c b/kernel/module.c index 66426f743c29..649b1827ed15 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -2599,13 +2599,18 @@ static inline void kmemleak_load_module(const struc= t module *mod, #endif =20 #ifdef CONFIG_MODULE_SIG -static int module_sig_check(struct load_info *info) +static int module_sig_check(struct load_info *info, int flags) { int err =3D -ENOKEY; const unsigned long markerlen =3D sizeof(MODULE_SIG_STRING) - 1; const void *mod =3D info->hdr; =20 - if (info->len > markerlen && + /* + * Require flags =3D=3D 0, as a module with version information + * removed is no longer the module that was signed + */ + if (flags =3D=3D 0 && + info->len > markerlen && memcmp(mod + info->len - markerlen, MODULE_SIG_STRING, markerlen) =3D= =3D 0) { /* We truncate the module to discard the signature */ info->len -=3D markerlen; @@ -2624,7 +2629,7 @@ static int module_sig_check(struct load_info *info) return err; } #else /* !CONFIG_MODULE_SIG */ -static int module_sig_check(struct load_info *info) +static int module_sig_check(struct load_info *info, int flags) { return 0; } @@ -3386,7 +3391,7 @@ static int load_module(struct load_info *info, const = char __user *uargs, long err; char *after_dashes; =20 - err =3D module_sig_check(info); + err =3D module_sig_check(info, flags); if (err) goto free_copy; =20 --XlS4q8O07AKt4+K1 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBVxvCree/yOyVhhEJAQqcBQ/+Pmu6uyXIJ6zDdzce5lXpuMPZiUTK+UzO 8Hl+DbwqoY9H0Yrszu3UFFjMWoKUNn44ff05C2trRzvbJt14KrFzxnYCZuRd6cqA 9WFo7GNIaPOd4KmGiHTcNqMEUEEZZ6vgJ1HyKLDnn3gwO11L8ZX81lg8gQamttBI 3W2NPHCO7PFW44xrLwMxbTFivBMYaA9qNiKk64Z0yIIJZGQU/p2wzYtlS5GujgY0 NY7HSRjVenDOnFTvMbe/k47mh0AV/zF4RcuNlnOT2aw0WA/sB/P8i2wtxt5k1dcP oNi7oqVdOTk78mWV0gcVhgtW1EwluPoJPYu6g1zgDYuBSYbZk0BiP4oMswHVQ40W fr9HRqI9bKB17bpgWevaaawW1WncITYu4Lkk6iYNrex7y0XDIDVnZ1tfPmMcmYkH WdO7GIrnrDxla76StspeL32vg3NDrAIoBgEazh1CE3+ybGtJY2UBrnzWz5uu9080 AIzP+KlKf/Fd1JfpzeIMqeBOHNuKWzqd7mFgkP8+7h0j8R/skXCxMV6hK4W3pPgW rbCgbpEUTabeCKyZfEm8TMkAfEQWhjDrMJPYIthUW7m57fF9ADa+VpLt/C0xbU5S 4n6w3uoj0qNQ5kHgvI3fFsgprlrT09HvKtJ2urQhP+7ux6WFec6eBklqq/DF9YnC Kv9jET/PT0k= =o5f6 -----END PGP SIGNATURE----- --XlS4q8O07AKt4+K1--