Mitigate CVE-2017-2636 (LPE)

Originally created by @cypherpunks on #12315 (Redmine)

Since Tails has CONFIG_N_HDLC=m in its kernel config, it is vulnerable to CVE-2017-2636. Calling TIOCSETD against a pseudoterminal will autoload the vulnerable module, allowing any user to escalate their privileges. See: https://security-tracker.debian.org/tracker/CVE-2017-2636

A mitigation is to blacklist n_hdlc in an /etc/modprobe.d/ entry.

Bug details:

>N_HDLC line discipline uses a self-made singly linked lists for data
>buffers and has n_hdlc.tbuf pointer for buffer retransmitting after
>an error. If sending of a data buffer is not successful, then its
>address is saved in n_hdlc.tbuf and the next time n_hdlc_send_frames()
>will try to resend it first of all.

>But the commit be10eb7589337e5defbe214dae038a53dd21add8 (“tty: n_hdlc add
>buffer flushing”) introduced racy access to n_hdlc.tbuf.

>After transmission error concurrent flush_tx_queue() and n_hdlc_send_frames()
>can put a buffer pointed by n_hdlc.tbuf to tx_free_buf_list twice. That
>causes an exploitable double free error in n_hdlc_release().

>To fix the issue I used a standard kernel linked list protected by a spinlock
>and got rid of n_hdlc.tbuf. In case of transmission error the current data
>buffer is put after the head of tx_buf_list.

Feature Branch: bugfix/12315-CVE-2017-2636