summaryrefslogtreecommitdiffstats
path: root/x86-Restrict-MSR-access-when-module-loading-is-restr.patch
diff options
context:
space:
mode:
Diffstat (limited to 'x86-Restrict-MSR-access-when-module-loading-is-restr.patch')
-rw-r--r--x86-Restrict-MSR-access-when-module-loading-is-restr.patch43
1 files changed, 43 insertions, 0 deletions
diff --git a/x86-Restrict-MSR-access-when-module-loading-is-restr.patch b/x86-Restrict-MSR-access-when-module-loading-is-restr.patch
new file mode 100644
index 000000000..143ccf149
--- /dev/null
+++ b/x86-Restrict-MSR-access-when-module-loading-is-restr.patch
@@ -0,0 +1,43 @@
+From 81f5d112eeb6998c51c7c0410bf277bf49e66a8a Mon Sep 17 00:00:00 2001
+From: Matthew Garrett <matthew.garrett@nebula.com>
+Date: Fri, 8 Feb 2013 11:12:13 -0800
+Subject: [PATCH] x86: Restrict MSR access when module loading is restricted
+
+Writing to MSRs should not be allowed if module loading is restricted,
+since it could lead to execution of arbitrary code in kernel mode. Based
+on a patch by Kees Cook.
+
+Cc: Kees Cook <keescook@chromium.org>
+Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
+---
+ arch/x86/kernel/msr.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c
+index c9603ac80de5..8bef43fc3f40 100644
+--- a/arch/x86/kernel/msr.c
++++ b/arch/x86/kernel/msr.c
+@@ -103,6 +103,9 @@ static ssize_t msr_write(struct file *file, const char __user *buf,
+ int err = 0;
+ ssize_t bytes = 0;
+
++ if (secure_modules())
++ return -EPERM;
++
+ if (count % 8)
+ return -EINVAL; /* Invalid chunk size */
+
+@@ -150,6 +153,10 @@ static long msr_ioctl(struct file *file, unsigned int ioc, unsigned long arg)
+ err = -EBADF;
+ break;
+ }
++ if (secure_modules()) {
++ err = -EPERM;
++ break;
++ }
+ if (copy_from_user(&regs, uregs, sizeof regs)) {
+ err = -EFAULT;
+ break;
+--
+1.9.3
+