diff options
author | Josh Boyer <jwboyer@fedoraproject.org> | 2016-03-24 15:20:33 -0400 |
---|---|---|
committer | Josh Boyer <jwboyer@fedoraproject.org> | 2016-03-24 15:20:33 -0400 |
commit | 6a44257de77a5136f6717b7f313a77b3ca73b310 (patch) | |
tree | 32a366304a608e8304350861c20df15bbbea8c11 /x86-Lock-down-IO-port-access-when-module-security-is.patch | |
parent | ea3aaf7b014b4bd0237dd42603f56c30730f6a0d (diff) | |
download | kernel-6a44257de77a5136f6717b7f313a77b3ca73b310.tar.gz kernel-6a44257de77a5136f6717b7f313a77b3ca73b310.tar.xz kernel-6a44257de77a5136f6717b7f313a77b3ca73b310.zip |
Linux v4.5-12257-g8b97be054572
- staging, timers, perf, irq, x86, sched, locking merges
Diffstat (limited to 'x86-Lock-down-IO-port-access-when-module-security-is.patch')
-rw-r--r-- | x86-Lock-down-IO-port-access-when-module-security-is.patch | 15 |
1 files changed, 7 insertions, 8 deletions
diff --git a/x86-Lock-down-IO-port-access-when-module-security-is.patch b/x86-Lock-down-IO-port-access-when-module-security-is.patch index 708006c2e..185b1da99 100644 --- a/x86-Lock-down-IO-port-access-when-module-security-is.patch +++ b/x86-Lock-down-IO-port-access-when-module-security-is.patch @@ -1,8 +1,7 @@ -From 7a3cdd26e6d38031338a6cb591ec2f3faaa9234b Mon Sep 17 00:00:00 2001 +From 8010b5eb4680df797575e6306d4d891200e303ab Mon Sep 17 00:00:00 2001 From: Matthew Garrett <matthew.garrett@nebula.com> Date: Thu, 8 Mar 2012 10:35:59 -0500 -Subject: [PATCH 03/20] x86: Lock down IO port access when module security is - enabled +Subject: [PATCH] x86: Lock down IO port access when module security is enabled IO port access would permit users to gain access to PCI configuration registers, which in turn (on a lot of hardware) give access to MMIO register @@ -16,7 +15,7 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com> 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/ioport.c b/arch/x86/kernel/ioport.c -index 37dae792dbbe..1ecc03ca3c15 100644 +index 589b3193f102..ab8372443efb 100644 --- a/arch/x86/kernel/ioport.c +++ b/arch/x86/kernel/ioport.c @@ -15,6 +15,7 @@ @@ -36,7 +35,7 @@ index 37dae792dbbe..1ecc03ca3c15 100644 return -EPERM; /* -@@ -103,7 +104,7 @@ SYSCALL_DEFINE1(iopl, unsigned int, level) +@@ -108,7 +109,7 @@ SYSCALL_DEFINE1(iopl, unsigned int, level) return -EINVAL; /* Trying to gain more privileges? */ if (level > old) { @@ -44,9 +43,9 @@ index 37dae792dbbe..1ecc03ca3c15 100644 + if (!capable(CAP_SYS_RAWIO) || secure_modules()) return -EPERM; } - regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | (level << 12); + regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | diff --git a/drivers/char/mem.c b/drivers/char/mem.c -index 6b1721f978c2..53fe675f9bd7 100644 +index 71025c2f6bbb..86e5bfa91563 100644 --- a/drivers/char/mem.c +++ b/drivers/char/mem.c @@ -27,6 +27,7 @@ @@ -68,5 +67,5 @@ index 6b1721f978c2..53fe675f9bd7 100644 return -EFAULT; while (count-- > 0 && i < 65536) { -- -2.4.3 +2.5.5 |