diff options
Diffstat (limited to 'common/recipes-kernel/linux/linux-yocto-4.9.21/0083-module-Add-retpoline-tag-to-VERMAGIC.patch')
-rw-r--r-- | common/recipes-kernel/linux/linux-yocto-4.9.21/0083-module-Add-retpoline-tag-to-VERMAGIC.patch | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/common/recipes-kernel/linux/linux-yocto-4.9.21/0083-module-Add-retpoline-tag-to-VERMAGIC.patch b/common/recipes-kernel/linux/linux-yocto-4.9.21/0083-module-Add-retpoline-tag-to-VERMAGIC.patch new file mode 100644 index 00000000..becd5732 --- /dev/null +++ b/common/recipes-kernel/linux/linux-yocto-4.9.21/0083-module-Add-retpoline-tag-to-VERMAGIC.patch @@ -0,0 +1,55 @@ +From 6d7e28033f88af1e16f0ed63395fd246791e5857 Mon Sep 17 00:00:00 2001 +From: Andi Kleen <ak@linux.intel.com> +Date: Tue, 16 Jan 2018 12:52:28 -0800 +Subject: [PATCH 083/103] module: Add retpoline tag to VERMAGIC + +commit 6cfb521ac0d5b97470883ff9b7facae264b7ab12 upstream. + +Add a marker for retpoline to the module VERMAGIC. This catches the case +when a non RETPOLINE compiled module gets loaded into a retpoline kernel, +making it insecure. + +It doesn't handle the case when retpoline has been runtime disabled. Even +in this case the match of the retcompile status will be enforced. This +implies that even with retpoline run time disabled all modules loaded need +to be recompiled. + +Signed-off-by: Andi Kleen <ak@linux.intel.com> +Signed-off-by: Thomas Gleixner <tglx@linutronix.de> +Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +Acked-by: David Woodhouse <dwmw@amazon.co.uk> +Cc: rusty@rustcorp.com.au +Cc: arjan.van.de.ven@intel.com +Cc: jeyu@kernel.org +Cc: torvalds@linux-foundation.org +Link: https://lkml.kernel.org/r/20180116205228.4890-1-andi@firstfloor.org +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + include/linux/vermagic.h | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/include/linux/vermagic.h b/include/linux/vermagic.h +index 6f8fbcf..a3d0493 100644 +--- a/include/linux/vermagic.h ++++ b/include/linux/vermagic.h +@@ -24,10 +24,16 @@ + #ifndef MODULE_ARCH_VERMAGIC + #define MODULE_ARCH_VERMAGIC "" + #endif ++#ifdef RETPOLINE ++#define MODULE_VERMAGIC_RETPOLINE "retpoline " ++#else ++#define MODULE_VERMAGIC_RETPOLINE "" ++#endif + + #define VERMAGIC_STRING \ + UTS_RELEASE " " \ + MODULE_VERMAGIC_SMP MODULE_VERMAGIC_PREEMPT \ + MODULE_VERMAGIC_MODULE_UNLOAD MODULE_VERMAGIC_MODVERSIONS \ +- MODULE_ARCH_VERMAGIC ++ MODULE_ARCH_VERMAGIC \ ++ MODULE_VERMAGIC_RETPOLINE + +-- +2.7.4 + |