diff options
Diffstat (limited to 'x86-Restrict-MSR-access-when-module-loading-is-restr.patch')
-rw-r--r-- | x86-Restrict-MSR-access-when-module-loading-is-restr.patch | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/x86-Restrict-MSR-access-when-module-loading-is-restr.patch b/x86-Restrict-MSR-access-when-module-loading-is-restr.patch new file mode 100644 index 000000000..143ccf149 --- /dev/null +++ b/x86-Restrict-MSR-access-when-module-loading-is-restr.patch @@ -0,0 +1,43 @@ +From 81f5d112eeb6998c51c7c0410bf277bf49e66a8a Mon Sep 17 00:00:00 2001 +From: Matthew Garrett <matthew.garrett@nebula.com> +Date: Fri, 8 Feb 2013 11:12:13 -0800 +Subject: [PATCH] x86: Restrict MSR access when module loading is restricted + +Writing to MSRs should not be allowed if module loading is restricted, +since it could lead to execution of arbitrary code in kernel mode. Based +on a patch by Kees Cook. + +Cc: Kees Cook <keescook@chromium.org> +Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com> +--- + arch/x86/kernel/msr.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c +index c9603ac80de5..8bef43fc3f40 100644 +--- a/arch/x86/kernel/msr.c ++++ b/arch/x86/kernel/msr.c +@@ -103,6 +103,9 @@ static ssize_t msr_write(struct file *file, const char __user *buf, + int err = 0; + ssize_t bytes = 0; + ++ if (secure_modules()) ++ return -EPERM; ++ + if (count % 8) + return -EINVAL; /* Invalid chunk size */ + +@@ -150,6 +153,10 @@ static long msr_ioctl(struct file *file, unsigned int ioc, unsigned long arg) + err = -EBADF; + break; + } ++ if (secure_modules()) { ++ err = -EPERM; ++ break; ++ } + if (copy_from_user(®s, uregs, sizeof regs)) { + err = -EFAULT; + break; +-- +1.9.3 + |