Lines Matching +full:core +full:- +full:module

6 When a module is attempted to be removed its reference counter is always
8 module to be unloaded even if another module depends on it.
10 This may lead to a use-after-free scenario allowing an attacker to execute
11 arbitrary code and by-pass the UEFI Secure Boot protection.
16 Fixes: CVE-2020-25632
18 Reported-by: Chris Coulson <chris.coulson@canonical.com>
19 Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
20 Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
21 Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
22 ---
23  grub-core/commands/minicmd.c | 7 +++++--
24  grub-core/kern/dl.c          | 9 +++++++++
25  include/grub/dl.h            | 8 +++++---
26  3 files changed, 19 insertions(+), 5 deletions(-)
28 diff --git a/grub-core/commands/minicmd.c b/grub-core/commands/minicmd.c
30 --- a/grub-core/commands/minicmd.c
31 +++ b/grub-core/commands/minicmd.c
32 @@ -140,8 +140,11 @@ grub_mini_cmd_rmmod (struct grub_command *cmd __attribute__ ((unused)),
34      return grub_error (GRUB_ERR_BAD_ARGUMENT, "cannot unload persistent module");
36 -  if (grub_dl_unref (mod) <= 0)
37 -    grub_dl_unload (mod);
39 +    return grub_error (GRUB_ERR_BAD_ARGUMENT, "cannot unload referenced module");
46 diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
48 --- a/grub-core/kern/dl.c
49 +++ b/grub-core/kern/dl.c
50 @@ -549,6 +549,15 @@ grub_dl_unref (grub_dl_t mod)
51    return --mod->ref_count;
60 +  return mod->ref_count;
66 diff --git a/include/grub/dl.h b/include/grub/dl.h
68 --- a/include/grub/dl.h
70 @@ -203,9 +203,11 @@ grub_dl_t EXPORT_FUNC(grub_dl_load) (const char *name);
74 -void grub_dl_unload_unneeded (void);
75 -int EXPORT_FUNC(grub_dl_ref) (grub_dl_t mod);
76 -int EXPORT_FUNC(grub_dl_unref) (grub_dl_t mod);
85 --