Fix module blacklist patch to not leak a reference to the blacklist keyring

This commit is contained in:
Josh Boyer 2012-10-30 14:10:49 -04:00
parent e12c503006
commit 23aad7f77f
2 changed files with 7 additions and 4 deletions

View File

@ -62,7 +62,7 @@ Summary: The Linux kernel
# For non-released -rc kernels, this will be appended after the rcX and
# gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
#
%global baserelease 1
%global baserelease 2
%global fedora_build %{baserelease}
# base_sublevel is the kernel version we're starting with and patching
@ -2317,7 +2317,10 @@ fi
# ||----w |
# || ||
%changelog
* Tue Oct 30 2012 Josh Boyer <jwboyer@gmail.com> - 3.7.0-0.rc3.git0.1
* Tue Oct 30 2012 Josh Boyer <jwboyer@redhat.com>
- Fix module blacklist patch to not leak a reference to the blacklist keyring
* Tue Oct 30 2012 Josh Boyer <jwboyer@redhat.com> - 3.7.0-0.rc3.git0.1
- Disable debugging options.
- Linux v3.7-rc3
- enable CONFIG_MEDIA_{USB,PCI}_SUPPORT (rhbz 870457)

View File

@ -1118,7 +1118,7 @@ index ea1b1df..602aa24 100644
+ if (!IS_ERR(blacklist)) {
+ /* module is signed with a cert in the blacklist. reject */
+ pr_err("Module key '%s' is in blacklist\n", id);
+ /*key_put(blacklist);*/
+ key_ref_put(blacklist);
+ kfree(id);
+ return ERR_PTR(-EKEYREJECTED);
+ }
@ -1227,7 +1227,7 @@ index 0000000..049669d
+#include <keys/asymmetric-type.h>
+#include "module-internal.h"
+
+static void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, unsigned long *size)
+static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, unsigned long *size)
+{
+ efi_status_t status;
+ unsigned long lsize = 4;