diff options
Diffstat (limited to 'x86-Lock-down-IO-port-access-when-module-security-is.patch')
| -rw-r--r-- | x86-Lock-down-IO-port-access-when-module-security-is.patch | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/x86-Lock-down-IO-port-access-when-module-security-is.patch b/x86-Lock-down-IO-port-access-when-module-security-is.patch new file mode 100644 index 000000000..4c1211d43 --- /dev/null +++ b/x86-Lock-down-IO-port-access-when-module-security-is.patch @@ -0,0 +1,67 @@ +From: Matthew Garrett <matthew.garrett@nebula.com> +Date: Thu, 8 Mar 2012 10:35:59 -0500 +Subject: [PATCH] x86: Lock down IO port access when module security is enabled + +IO port access would permit users to gain access to PCI configuration +registers, which in turn (on a lot of hardware) give access to MMIO register +space. This would potentially permit root to trigger arbitrary DMA, so lock +it down by default. + +Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com> +--- + arch/x86/kernel/ioport.c | 5 +++-- + drivers/char/mem.c | 4 ++++ + 2 files changed, 7 insertions(+), 2 deletions(-) + +diff --git a/arch/x86/kernel/ioport.c b/arch/x86/kernel/ioport.c +index 37dae792dbbe..1ecc03ca3c15 100644 +--- a/arch/x86/kernel/ioport.c ++++ b/arch/x86/kernel/ioport.c +@@ -15,6 +15,7 @@ + #include <linux/thread_info.h> + #include <linux/syscalls.h> + #include <linux/bitmap.h> ++#include <linux/module.h> + #include <asm/syscalls.h> + + /* +@@ -28,7 +29,7 @@ asmlinkage long sys_ioperm(unsigned long from, unsigned long num, int turn_on) + + if ((from + num <= from) || (from + num > IO_BITMAP_BITS)) + return -EINVAL; +- if (turn_on && !capable(CAP_SYS_RAWIO)) ++ if (turn_on && (!capable(CAP_SYS_RAWIO) || secure_modules())) + return -EPERM; + + /* +@@ -103,7 +104,7 @@ SYSCALL_DEFINE1(iopl, unsigned int, level) + return -EINVAL; + /* Trying to gain more privileges? */ + if (level > old) { +- if (!capable(CAP_SYS_RAWIO)) ++ if (!capable(CAP_SYS_RAWIO) || secure_modules()) + return -EPERM; + } + regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | (level << 12); +diff --git a/drivers/char/mem.c b/drivers/char/mem.c +index 6b1721f978c2..53fe675f9bd7 100644 +--- a/drivers/char/mem.c ++++ b/drivers/char/mem.c +@@ -27,6 +27,7 @@ + #include <linux/export.h> + #include <linux/io.h> + #include <linux/uio.h> ++#include <linux/module.h> + + #include <linux/uaccess.h> + +@@ -577,6 +578,9 @@ static ssize_t write_port(struct file *file, const char __user *buf, + unsigned long i = *ppos; + const char __user *tmp = buf; + ++ if (secure_modules()) ++ return -EPERM; ++ + if (!access_ok(VERIFY_READ, buf, count)) + return -EFAULT; + while (count-- > 0 && i < 65536) { |