diff options
Diffstat (limited to 'debian/patches/bugfix/all/module-disable-matching-missing-version-crc.patch')
| -rw-r--r-- | debian/patches/bugfix/all/module-disable-matching-missing-version-crc.patch | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/debian/patches/bugfix/all/module-disable-matching-missing-version-crc.patch b/debian/patches/bugfix/all/module-disable-matching-missing-version-crc.patch new file mode 100644 index 000000000..9c3461019 --- /dev/null +++ b/debian/patches/bugfix/all/module-disable-matching-missing-version-crc.patch @@ -0,0 +1,25 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Date: Fri, 02 Dec 2016 23:06:18 +0000 +Subject: module: Disable matching missing version CRC +Forwarded: not-needed + +This partly reverts commit cd3caefb4663e3811d37cc2afad3cce642d60061. +We want to fail closed if a symbol version CRC is missing, as the +alternative may allow subverting module signing. +--- +Index: linux/kernel/module.c +=================================================================== +--- linux.orig/kernel/module.c ++++ linux/kernel/module.c +@@ -1317,9 +1317,8 @@ static int check_version(const struct lo + goto bad_version; + } + +- /* Broken toolchain. Warn once, then let it go.. */ +- pr_warn_once("%s: no symbol version for %s\n", info->name, symname); +- return 1; ++ pr_warn("%s: no symbol version for %s\n", info->name, symname); ++ return 0; + + bad_version: + pr_warn("%s: disagrees about version of symbol %s\n", |