[Kernel] Re: [PATCH OpenHarmony-4.19 15/17] module: limit enabling module.sig_enforce

2 Aug 2021


      在 2021/7/31 11:14, Yu Changchun 写道:
...
From: Mimi Zohar 
stable inclusion
from linux-4.19.196
commit ff660863628fb144badcb3395cde7821c82c13a6
category: bugfix
issue: #I42HL9
CVE: CVE-2021-35039
--------------------------------
[ Upstream commit 0c18f29aae7ce3dadd26d8ee3505d07cc982df75 ]
Irrespective as to whether CONFIG_MODULE_SIG is configured, specifying
"module.sig_enforce=1" on the boot command line sets "sig_enforce".
Only allow "sig_enforce" to be set when CONFIG_MODULE_SIG is configured.
This patch makes the presence of /sys/module/module/parameters/sig_enforce
dependent on CONFIG_MODULE_SIG=y.
Fixes: fda784e50aac ("module: export module signature enforcement status")
Reported-by: Nayna Jain 
Tested-by: Mimi Zohar 
Tested-by: Jessica Yu 
Signed-off-by: Mimi Zohar 
Signed-off-by: Jessica Yu 
Signed-off-by: Linus Torvalds 
Signed-off-by: Sasha Levin 
Signed-off-by: Yang Yingliang 
Signed-off-by: Yu Changchun 
---
  kernel/module.c | 9 +++++++++
  1 file changed, 9 insertions(+)
Looks good to me

[Kernel] Re: [PATCH OpenHarmony-4.19 15/17] module: limit enabling module.sig_enforce

weiyongjun (A)