Bug 158974

Summary: [Patch] modprobling a module signed with a key not known to the kernel can result in a panic.
Product: Red Hat Enterprise Linux 4 Reporter: Neil Horman <nhorman>
Component: kernelAssignee: David Howells <dhowells>
Status: CLOSED ERRATA QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.0CC: davej, poelstra
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: RHSA-2005-514 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-10-05 13:21:18 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 156322    
Attachments:
Description Flags
patch to have ksign_get_public_key return NULL on a failed key search none

Description Neil Horman 2005-05-27 12:11:09 UTC 
Description of problem:
If a module that is signed with a key that is not installed in the kernel
keyring in insmodded/modprobed, the kernel will crash

Version-Release number of selected component (if applicable):
2.6.x

How reproducible:
Customer reports always

Steps to Reproduce:
1.build a module 
2.sign the module with a key not known to the kernel
3.insmod/modprobe the module
  
Actual results:
The following oops:
Backtrace is shown below:
PID: 2391   TASK: e0000040c1228000  CPU: 3   COMMAND: "modprobe"
#0 [BSP:e0000040c12293f0] start_disk_dump at a000000200370b10
#1 [BSP:e0000040c12293d0] try_crashdump at a0000001000a6a90
#2 [BSP:e0000040c1229390] die at a00000010003c980
#3 [BSP:e0000040c1229328] ia64_do_page_fault at a00000010005db10
#4 [BSP:e0000040c1229328] ia64_leave_kernel at a00000010000f480
#5 [BSP:e0000040c1229310] mpi_normalize at a000000100214bb0
#6 [BSP:e0000040c12292e0] mpi_cmp at a000000100216aa0
#7 [BSP:e0000040c1229260] DSA_verify at a000000100211ac0
#8 [BSP:e0000040c1229200] ksign_verify_signature at a00000010020e900
#9 [BSP:e0000040c12290a8] module_verify_signature at a0000001000b29c0
#10 [BSP:e0000040c1229008] module_verify at a0000001000b1750
#11 [BSP:e0000040c1228ed0] load_module at a0000001000ac7d0
#12 [BSP:e0000040c1228e60] sys_init_module at a0000001000af230
#13 [BSP:e0000040c1228e60] ia64_ret_from_syscall at a00000010000f320
#14 [BSP:e0000040c1228e60] __kernel_syscall_via_break at a000000000010640

Expected results:
An error message regarding the unknown nature of the key, and a failure to
install the module

Additional info:
This appears to be a problem in ksign_get_public_key.  When this function goes
to search for the key to match the signature of the module, a failed search will
result in the return of a pointer to the list head structure.  The calling
function expects a failed search to return NULL.  Since the list head of the
keyring has no surrounding ksign_public_key structure the calling function may
access unallocated memory, which can result in an oops.  Since we need to cross
a page boundary into an unallocated page to force this oops to happen, its
presentation is dependent on the linkers placement of the list head strucutre in
the kernel address space.  As such this may not present on all arches.  It was
origionally reported by Fujitsu on ia64 in Issue Tracker number 72903
Comment 1 Neil Horman 2005-05-27 12:11:10 UTC 
Created attachment 114907 [details]
patch to have ksign_get_public_key return NULL on a failed key search
Comment 11 Red Hat Bugzilla 2005-10-05 13:21:18 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-514.html