During the attempt to disable the kernel module signing verification in some android kernel, I came across that the public_key_subtype in asymmetric_keys/public_key.c which has following declarations: struct asymmetric_key_subtype public_key_subtype = { ... .describe = public_key_describe, .destroy = public_key_destroy, .verify_signature = public_key_verify_signature_2, }; As long as I have root access and /dev/mem access available, it seems to be quite easy to have kernel module signing verification workarounded by just simply assign the address of public_key_describe() to the .verify_signature data member. This could be avoided by adding const to the data structure to make all the data members ready only. Signed-off-by: zibo zhao <chinabull@xxxxxxxxx> --- crypto/asymmetric_keys/public_key.c | 2 +- crypto/asymmetric_keys/public_key.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c index 2f6e4fb..bf921b8 100644 --- a/crypto/asymmetric_keys/public_key.c +++ b/crypto/asymmetric_keys/public_key.c @@ -118,7 +118,7 @@ static int public_key_verify_signature_2(const struct key *key, /* * Public key algorithm asymmetric key subtype */ -struct asymmetric_key_subtype public_key_subtype = { +const struct asymmetric_key_subtype public_key_subtype = { .owner = THIS_MODULE, .name = "public_key", .name_len = sizeof("public_key") - 1, diff --git a/crypto/asymmetric_keys/public_key.h b/crypto/asymmetric_keys/public_key.h index 5c37a22..751f5c3 100644 --- a/crypto/asymmetric_keys/public_key.h +++ b/crypto/asymmetric_keys/public_key.h @@ -13,7 +13,7 @@ #include <crypto/public_key.h> -extern struct asymmetric_key_subtype public_key_subtype; +extern const struct asymmetric_key_subtype public_key_subtype; /* * Public key algorithm definition. -- 1.9.1 -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html