fix-lpp: Add version 1.0

[donald]

Add fix-lpp ("legacy_parse_param"), which adds mitigation modules for CVE-2022-0185 for kernels 5.10.92-421, 5.10.82-414, 5.10.70-403, 5.10.47-390, 5.10.24-375, 5.4.97-368, 5.4.72-349, 5.4.57-340, 5.4.39-334

[pmenzel]

For the record, the Linux kernel logs an error:

[ 1280.659051] fix_lpp: loading out-of-tree module taints kernel.
[ 1280.664943] fix_lpp: module verification failed: signature and/or required key missing - tainting kernel
[ 1280.685514] fix-lpp: installed

[donald]

Right. But I don't regard that an error, but just a notice about the fact, that we are using an out-of-tree module.

[thomas]

I agree with Donald, and this reminds me that we really should drop CONFIG_MODULE_SIG, since it is pointless in our scenario. They are self-signed, great, there is no benefit. We also do not deliver our modules to some else. And, if we use it, shouldn't we also prohibit loading of unsignend modules in consequence? (and set MODULE_SIG_FORCE :)

But what we need from time to time is a hotfix, and I don't think that it is worth the effort to sign every piece with the certs from the individual kernel builds.