diff options
author | Josh Boyer <jwboyer@fedoraproject.org> | 2014-08-20 13:22:24 -0400 |
---|---|---|
committer | Josh Boyer <jwboyer@fedoraproject.org> | 2014-08-20 13:22:24 -0400 |
commit | 6a91557e4cd508858eca5aba5406a9109861d4de (patch) | |
tree | c57990ccc4a28a9933db2aebba1006f46c619f44 /x86-Lock-down-IO-port-access-when-module-security-is.patch | |
parent | a99be7d4cf2fae68a0562a7687d89ee61c6b9f98 (diff) | |
download | kernel-6a91557e4cd508858eca5aba5406a9109861d4de.tar.gz kernel-6a91557e4cd508858eca5aba5406a9109861d4de.tar.xz kernel-6a91557e4cd508858eca5aba5406a9109861d4de.zip |
Patch file cleanup
Do a couple things here:
- Split the mega-patches into individual patches. Should help with rebasing.
- Make all patches 'git am' acceptable.
There should be no functional or actual code differences from before
Diffstat (limited to 'x86-Lock-down-IO-port-access-when-module-security-is.patch')
-rw-r--r-- | x86-Lock-down-IO-port-access-when-module-security-is.patch | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/x86-Lock-down-IO-port-access-when-module-security-is.patch b/x86-Lock-down-IO-port-access-when-module-security-is.patch new file mode 100644 index 000000000..7f54e1cb5 --- /dev/null +++ b/x86-Lock-down-IO-port-access-when-module-security-is.patch @@ -0,0 +1,71 @@ +From d27eea3ac26af4673f829ab50c90f8879715d739 Mon Sep 17 00:00:00 2001 +From: Matthew Garrett <matthew.garrett@nebula.com> +Date: Thu, 8 Mar 2012 10:35:59 -0500 +Subject: [PATCH] x86: Lock down IO port access when module security is enabled + +IO port access would permit users to gain access to PCI configuration +registers, which in turn (on a lot of hardware) give access to MMIO register +space. This would potentially permit root to trigger arbitrary DMA, so lock +it down by default. + +Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com> +--- + arch/x86/kernel/ioport.c | 5 +++-- + drivers/char/mem.c | 4 ++++ + 2 files changed, 7 insertions(+), 2 deletions(-) + +diff --git a/arch/x86/kernel/ioport.c b/arch/x86/kernel/ioport.c +index 4ddaf66ea35f..00b440307419 100644 +--- a/arch/x86/kernel/ioport.c ++++ b/arch/x86/kernel/ioport.c +@@ -15,6 +15,7 @@ + #include <linux/thread_info.h> + #include <linux/syscalls.h> + #include <linux/bitmap.h> ++#include <linux/module.h> + #include <asm/syscalls.h> + + /* +@@ -28,7 +29,7 @@ asmlinkage long sys_ioperm(unsigned long from, unsigned long num, int turn_on) + + if ((from + num <= from) || (from + num > IO_BITMAP_BITS)) + return -EINVAL; +- if (turn_on && !capable(CAP_SYS_RAWIO)) ++ if (turn_on && (!capable(CAP_SYS_RAWIO) || secure_modules())) + return -EPERM; + + /* +@@ -103,7 +104,7 @@ SYSCALL_DEFINE1(iopl, unsigned int, level) + return -EINVAL; + /* Trying to gain more privileges? */ + if (level > old) { +- if (!capable(CAP_SYS_RAWIO)) ++ if (!capable(CAP_SYS_RAWIO) || secure_modules()) + return -EPERM; + } + regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | (level << 12); +diff --git a/drivers/char/mem.c b/drivers/char/mem.c +index 917403fe10da..cdf839f9defe 100644 +--- a/drivers/char/mem.c ++++ b/drivers/char/mem.c +@@ -27,6 +27,7 @@ + #include <linux/export.h> + #include <linux/io.h> + #include <linux/aio.h> ++#include <linux/module.h> + + #include <asm/uaccess.h> + +@@ -568,6 +569,9 @@ static ssize_t write_port(struct file *file, const char __user *buf, + unsigned long i = *ppos; + const char __user *tmp = buf; + ++ if (secure_modules()) ++ return -EPERM; ++ + if (!access_ok(VERIFY_READ, buf, count)) + return -EFAULT; + while (count-- > 0 && i < 65536) { +-- +1.9.3 + |