diff options
author | Justin M. Forbes <jforbes@redhat.com> | 2017-02-20 13:20:23 -0600 |
---|---|---|
committer | Justin M. Forbes <jforbes@redhat.com> | 2017-02-20 13:20:23 -0600 |
commit | a98ed5ce60a3a27dd83f47a33d8993eaaef3685e (patch) | |
tree | 2390fe67f35cf364436421355cf15e7fab72e294 /x86-Restrict-MSR-access-when-module-loading-is-restr.patch | |
parent | 7a011b1bac9aea1fdb059ef767f1445c7062b79d (diff) | |
download | kernel-a98ed5ce60a3a27dd83f47a33d8993eaaef3685e.tar.gz kernel-a98ed5ce60a3a27dd83f47a33d8993eaaef3685e.tar.xz kernel-a98ed5ce60a3a27dd83f47a33d8993eaaef3685e.zip |
Linux 4.10 rebase for stabilization
Diffstat (limited to 'x86-Restrict-MSR-access-when-module-loading-is-restr.patch')
-rw-r--r-- | x86-Restrict-MSR-access-when-module-loading-is-restr.patch | 44 |
1 files changed, 0 insertions, 44 deletions
diff --git a/x86-Restrict-MSR-access-when-module-loading-is-restr.patch b/x86-Restrict-MSR-access-when-module-loading-is-restr.patch deleted file mode 100644 index 5c91ab143..000000000 --- a/x86-Restrict-MSR-access-when-module-loading-is-restr.patch +++ /dev/null @@ -1,44 +0,0 @@ -From c076ed5eed97cba612d7efec41359815c5547f4c Mon Sep 17 00:00:00 2001 -From: Matthew Garrett <matthew.garrett@nebula.com> -Date: Fri, 8 Feb 2013 11:12:13 -0800 -Subject: [PATCH 09/20] x86: Restrict MSR access when module loading is - restricted - -Writing to MSRs should not be allowed if module loading is restricted, -since it could lead to execution of arbitrary code in kernel mode. Based -on a patch by Kees Cook. - -Cc: Kees Cook <keescook@chromium.org> -Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com> ---- - arch/x86/kernel/msr.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c -index 113e70784854..26c2f83fc470 100644 ---- a/arch/x86/kernel/msr.c -+++ b/arch/x86/kernel/msr.c -@@ -105,6 +105,9 @@ static ssize_t msr_write(struct file *file, const char __user *buf, - int err = 0; - ssize_t bytes = 0; - -+ if (secure_modules()) -+ return -EPERM; -+ - if (count % 8) - return -EINVAL; /* Invalid chunk size */ - -@@ -152,6 +155,10 @@ static long msr_ioctl(struct file *file, unsigned int ioc, unsigned long arg) - err = -EBADF; - break; - } -+ if (secure_modules()) { -+ err = -EPERM; -+ break; -+ } - if (copy_from_user(®s, uregs, sizeof regs)) { - err = -EFAULT; - break; --- -2.4.3 - |