From: Jiri Slaby <jslaby@suse.cz>
Date: Tue, 7 May 2019 08:43:30 +0200
Subject: tty: make R3964 line discipline fail
Patch-mainline: never, upstream disabled the driver
References: bnc#1133188 CVE-2019-11486

Upstream commit c7084edc3f6d67750f50d4183134c4fb5712a5c8 marked this
driver as BROKEN. It disabled a driver we used to distribute so we
reverted it in branches where it was applied. In this patch, we make the
driver only fail on load and open. The latter is only for the case this
will turned also into a live patch. Both failures are dependent on a
module param called force_load.

Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
 drivers/tty/n_r3964.c |   16 ++++++++++++++++
 1 file changed, 16 insertions(+)

--- a/drivers/tty/n_r3964.c
+++ b/drivers/tty/n_r3964.c
@@ -194,10 +194,20 @@ static void __exit r3964_exit(void)
 	}
 }
 
+static bool force_load;
+module_param(force_load, bool, 0);
+MODULE_PARM_DESC(force_load, "Force module load, despite CVE holes");
+
 static int __init r3964_init(void)
 {
 	int status;
 
+	if (!force_load) {
+		pr_err("Refusing to load r3964 due to holes in this line discipline (see bnc#1133188)!\n");
+		pr_err("You can still force-load the driver by passing force_load=1 module parameter\n");
+		return -EINVAL;
+	}
+
 	printk("r3964: Philips r3964 Driver $Revision: 1.10 $\n");
 
 	/*
@@ -943,6 +953,12 @@ static int r3964_open(struct tty_struct
 {
 	struct r3964_info *pInfo;
 
+	if (!force_load) {
+		pr_err("Refusing to open r3964 due to holes in this line discipline (see bnc#1133188)!\n");
+		pr_err("You can still force-open the discipline by passing force_load=1 module parameter\n");
+		return -EINVAL;
+	}
+
 	TRACE_L("open");
 	TRACE_L("tty=%p, PID=%d, disc_data=%p",
 		tty, current->pid, tty->disc_data);