| commit | 6ac9857245bfb71d836f46db817b0c11e3e4bf69 | |
| author | Ben Hutchings <ben@decadent.org.uk> | |
| Wed, 27 Apr 2016 23:54:01 +0000 (28 09:24 +0930) | ||
| committer | Sasha Levin <alexander.levin@verizon.com> | |
| Sat, 20 Aug 2016 03:07:58 +0000 (19 23:07 -0400) | ||
| tree | 7d9e37d7adeb4599c25e712f816f4c50d1f261d2 | treesnapshot (tar.gz zip) |
| parent | 7e6f0e1e3091dc9aada9d067aac7adbb5a9d9b06 | commitdiff |
module: Invalidate signatures on force-loaded modules
[ Upstream commit bca014caaa6130e57f69b5bf527967aa8ee70fdd ]
Signing a module should only make it trusted by the specific kernel it
was built for, not anything else. Loading a signed module meant for a
kernel with a different ABI could have interesting effects.
Therefore, treat all signatures as invalid when a module is
force-loaded.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Cc: stable@vger.kernel.org
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
[ Upstream commit bca014caaa6130e57f69b5bf527967aa8ee70fdd ]
Signing a module should only make it trusted by the specific kernel it
was built for, not anything else. Loading a signed module meant for a
kernel with a different ABI could have interesting effects.
Therefore, treat all signatures as invalid when a module is
force-loaded.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Cc: stable@vger.kernel.org
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
| kernel/module.c | diffblobblamehistory |