queue-4.4/tty-ldisc-add-sysctl-to-prevent-autoloading-of-ldiscs.patch

   1 From 7c0cca7c847e6e019d67b7d793efbbe3b947d004 Mon Sep 17 00:00:00 2001
   2 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
   3 Date: Mon, 21 Jan 2019 17:26:42 +0100
   4 Subject: tty: ldisc: add sysctl to prevent autoloading of ldiscs
   5
   6 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
   7
   8 commit 7c0cca7c847e6e019d67b7d793efbbe3b947d004 upstream.
   9
  10 By default, the kernel will automatically load the module of any line
  11 dicipline that is asked for.  As this sometimes isn't the safest thing
  12 to do, provide a sysctl to disable this feature.
  13
  14 By default, we set this to 'y' as that is the historical way that Linux
  15 has worked, and we do not want to break working systems.  But in the
  16 future, perhaps this can default to 'n' to prevent this functionality.
  17
  18 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  19 Reviewed-by: Theodore Ts'o <tytso@mit.edu>
  20 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  21
  22 ---
  23  drivers/tty/Kconfig     |   23 +++++++++++++++++++++++
  24  drivers/tty/tty_io.c    |    3 +++
  25  drivers/tty/tty_ldisc.c |   47 +++++++++++++++++++++++++++++++++++++++++++++++
  26  3 files changed, 73 insertions(+)
  27
  28 --- a/drivers/tty/Kconfig
  29 +++ b/drivers/tty/Kconfig
  30 @@ -466,4 +466,27 @@ config MIPS_EJTAG_FDC_KGDB_CHAN
  31         help
  32           FDC channel number to use for KGDB.
  33
  34 +config LDISC_AUTOLOAD
  35 +       bool "Automatically load TTY Line Disciplines"
  36 +       default y
  37 +       help
  38 +         Historically the kernel has always automatically loaded any
  39 +         line discipline that is in a kernel module when a user asks
  40 +         for it to be loaded with the TIOCSETD ioctl, or through other
  41 +         means.  This is not always the best thing to do on systems
  42 +         where you know you will not be using some of the more
  43 +         "ancient" line disciplines, so prevent the kernel from doing
  44 +         this unless the request is coming from a process with the
  45 +         CAP_SYS_MODULE permissions.
  46 +
  47 +         Say 'Y' here if you trust your userspace users to do the right
  48 +         thing, or if you have only provided the line disciplines that
  49 +         you know you will be using, or if you wish to continue to use
  50 +         the traditional method of on-demand loading of these modules
  51 +         by any user.
  52 +
  53 +         This functionality can be changed at runtime with the
  54 +         dev.tty.ldisc_autoload sysctl, this configuration option will
  55 +         only set the default value of this functionality.
  56 +
  57  endif # TTY
  58 --- a/drivers/tty/tty_io.c
  59 +++ b/drivers/tty/tty_io.c
  60 @@ -513,6 +513,8 @@ void proc_clear_tty(struct task_struct *
  61         tty_kref_put(tty);
  62  }
  63
  64 +extern void tty_sysctl_init(void);
  65 +
  66  /**
  67   * proc_set_tty -  set the controlling terminal
  68   *
  69 @@ -3689,6 +3691,7 @@ void console_sysfs_notify(void)
  70   */
  71  int __init tty_init(void)
  72  {
  73 +       tty_sysctl_init();
  74         cdev_init(&tty_cdev, &tty_fops);
  75         if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
  76             register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
  77 --- a/drivers/tty/tty_ldisc.c
  78 +++ b/drivers/tty/tty_ldisc.c
  79 @@ -148,6 +148,13 @@ static void put_ldops(struct tty_ldisc_o
  80   *             takes tty_ldiscs_lock to guard against ldisc races
  81   */
  82
  83 +#if defined(CONFIG_LDISC_AUTOLOAD)
  84 +       #define INITIAL_AUTOLOAD_STATE  1
  85 +#else
  86 +       #define INITIAL_AUTOLOAD_STATE  0
  87 +#endif
  88 +static int tty_ldisc_autoload = INITIAL_AUTOLOAD_STATE;
  89 +
  90  static struct tty_ldisc *tty_ldisc_get(struct tty_struct *tty, int disc)
  91  {
  92         struct tty_ldisc *ld;
  93 @@ -162,6 +169,8 @@ static struct tty_ldisc *tty_ldisc_get(s
  94          */
  95         ldops = get_ldops(disc);
  96         if (IS_ERR(ldops)) {
  97 +               if (!capable(CAP_SYS_MODULE) && !tty_ldisc_autoload)
  98 +                       return ERR_PTR(-EPERM);
  99                 request_module("tty-ldisc-%d", disc);
 100                 ldops = get_ldops(disc);
 101                 if (IS_ERR(ldops))
 102 @@ -830,3 +839,41 @@ void tty_ldisc_begin(void)
 103         /* Setup the default TTY line discipline. */
 104         (void) tty_register_ldisc(N_TTY, &tty_ldisc_N_TTY);
 105  }
 106 +
 107 +static int zero;
 108 +static int one = 1;
 109 +static struct ctl_table tty_table[] = {
 110 +       {
 111 +               .procname       = "ldisc_autoload",
 112 +               .data           = &tty_ldisc_autoload,
 113 +               .maxlen         = sizeof(tty_ldisc_autoload),
 114 +               .mode           = 0644,
 115 +               .proc_handler   = proc_dointvec,
 116 +               .extra1         = &zero,
 117 +               .extra2         = &one,
 118 +       },
 119 +       { }
 120 +};
 121 +
 122 +static struct ctl_table tty_dir_table[] = {
 123 +       {
 124 +               .procname       = "tty",
 125 +               .mode           = 0555,
 126 +               .child          = tty_table,
 127 +       },
 128 +       { }
 129 +};
 130 +
 131 +static struct ctl_table tty_root_table[] = {
 132 +       {
 133 +               .procname       = "dev",
 134 +               .mode           = 0555,
 135 +               .child          = tty_dir_table,
 136 +       },
 137 +       { }
 138 +};
 139 +
 140 +void tty_sysctl_init(void)
 141 +{
 142 +       register_sysctl_table(tty_root_table);
 143 +}