From patchwork Fri Oct 26 17:55:16 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 989709 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42hWqp3sftz9sLw; Sat, 27 Oct 2018 04:55:34 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1gG6KU-0006Sh-Mq; Fri, 26 Oct 2018 17:55:26 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.86_2) (envelope-from ) id 1gG6KT-0006S3-A8 for kernel-team@lists.ubuntu.com; Fri, 26 Oct 2018 17:55:25 +0000 Received: from mail-pg1-f200.google.com ([209.85.215.200]) by youngberry.canonical.com with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1gG6KS-0000bO-Ug for kernel-team@lists.ubuntu.com; Fri, 26 Oct 2018 17:55:25 +0000 Received: by mail-pg1-f200.google.com with SMTP id b7-v6so1050609pgt.10 for ; Fri, 26 Oct 2018 10:55:24 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Mf5+KAGR1MNp+txcPdsyGGtojkTpiTE/o3R37v9yb4Q=; b=eVuwZ7F8IeQ6CVs+VYGd06tYJvQJWcx3yQolFepsFFsqYLtm4nSdRxu+3uDazyTqom mDAiutfX8F1/xwgYSVfkpbvwhUT7P1hJXb/SeSsx2mb8fgCGbECyNf4eGEe93BQnaSJb ra5i4ZiLZyDF1M3R3yGQWEXh640jX6pCpqre+1HR/gUFbnjrVUQqFyDLBf3IlKyVWpFi jxLvuY4UWVeqfwK6e2IEzHIKoqGoBZOdWGRerkLVcOV6XpIVMTKcBV3rBkFytaBoeqAH nPmdVEZRvW+rgYlr3sw6XBVOh3PtGWQRDyGnHgnxRcHwd13naxNayFgjADBM0gEmDP1S Q+3A== X-Gm-Message-State: AGRZ1gJZqkY7OHg185rk874HHWGDmMuwhrRHOBLZFdp/0EnqI1gcwFzN yg5v/3lxBPE3HCpAn9svC83/DxYDOWM8c0hgPQm5h10HBPp+MlctpWhpb+v7mMGuXe3O6pWohWi ZFn7wv7QlfikrKHcICQMwp77iJfIXkmNF+lD+1yDwMA== X-Received: by 2002:a63:561b:: with SMTP id k27mr4415253pgb.271.1540576523258; Fri, 26 Oct 2018 10:55:23 -0700 (PDT) X-Google-Smtp-Source: AJdET5eUSvANgy/AZuEU6MSUNXCQRNFdX7IEbgN/NGUPgNOl3IVyv+bOMwGzhN4vRTateplDVbhA+Q== X-Received: by 2002:a63:561b:: with SMTP id k27mr4415228pgb.271.1540576522824; Fri, 26 Oct 2018 10:55:22 -0700 (PDT) Received: from localhost (h59.232.132.40.static.ip.windstream.net. [40.132.232.59]) by smtp.gmail.com with ESMTPSA id i6-v6sm2167945pfb.135.2018.10.26.10.55.22 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Fri, 26 Oct 2018 10:55:22 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH 2/2][Cosmic] UBUNTU: SAUCE: (efi-lockdown) module: remove support for deferring module signature verification to IMA Date: Fri, 26 Oct 2018 11:55:16 -0600 Message-Id: <20181026175516.21251-3-seth.forshee@canonical.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181026175516.21251-1-seth.forshee@canonical.com> References: <20181026175516.21251-1-seth.forshee@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" BugLink: https://bugs.launchpad.net/bugs/1798863 Recent versions of the "secure boot lockdown" patches introduced support for using IMA signatures for module signing instead of the standard mechanism. This was causing issues and was removed, but the code was missed which actually defers the verification to IMA when IMA enforcement is enabled. With our config this means that by default module signatures are not being enforced under kernel lockdown. Remove the remaining code to restore module signature enforcement under lockdown. CVE-2018-18653 Signed-off-by: Seth Forshee Acked-by: Thadeu Lima de Souza Cascardo Acked-by: Tyler Hicks --- kernel/module.c | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/kernel/module.c b/kernel/module.c index 9af04eebd711..a767bd326b43 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -2760,8 +2760,7 @@ static inline void kmemleak_load_module(const struct module *mod, #endif #ifdef CONFIG_MODULE_SIG -static int module_sig_check(struct load_info *info, int flags, - bool can_do_ima_check) +static int module_sig_check(struct load_info *info, int flags) { int err = -ENODATA; const unsigned long markerlen = sizeof(MODULE_SIG_STRING) - 1; @@ -2803,8 +2802,6 @@ static int module_sig_check(struct load_info *info, int flags, return -EKEYREJECTED; } - if (can_do_ima_check && is_ima_appraise_enabled()) - return 0; if (kernel_is_locked_down(reason)) return -EPERM; return 0; @@ -2818,8 +2815,7 @@ static int module_sig_check(struct load_info *info, int flags, } } #else /* !CONFIG_MODULE_SIG */ -static int module_sig_check(struct load_info *info, int flags, - bool can_do_ima_check) +static int module_sig_check(struct load_info *info, int flags) { return 0; } @@ -3684,13 +3680,13 @@ static int unknown_module_param_cb(char *param, char *val, const char *modname, /* Allocate and load the module: note that size of section 0 is always zero, and we rely on this for optional sections. */ static int load_module(struct load_info *info, const char __user *uargs, - int flags, bool can_do_ima_check) + int flags) { struct module *mod; long err; char *after_dashes; - err = module_sig_check(info, flags, can_do_ima_check); + err = module_sig_check(info, flags); if (err) goto free_copy; @@ -3879,7 +3875,7 @@ SYSCALL_DEFINE3(init_module, void __user *, umod, if (err) return err; - return load_module(&info, uargs, 0, false); + return load_module(&info, uargs, 0); } SYSCALL_DEFINE3(finit_module, int, fd, const char __user *, uargs, int, flags) @@ -3906,7 +3902,7 @@ SYSCALL_DEFINE3(finit_module, int, fd, const char __user *, uargs, int, flags) info.hdr = hdr; info.len = size; - return load_module(&info, uargs, flags, true); + return load_module(&info, uargs, flags); } static inline int within(unsigned long addr, void *start, unsigned long size)