1 files changed, 0 insertions, 44 deletions

diff --git a/x86-Restrict-MSR-access-when-module-loading-is-restr.patch b/x86-Restrict-MSR-access-when-module-loading-is-restr.patch
deleted file mode 100644
index 5c91ab143..000000000
--- a/x86-Restrict-MSR-access-when-module-loading-is-restr.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From c076ed5eed97cba612d7efec41359815c5547f4c Mon Sep 17 00:00:00 2001
-From: Matthew Garrett <matthew.garrett@nebula.com>
-Date: Fri, 8 Feb 2013 11:12:13 -0800
-Subject: [PATCH 09/20] x86: Restrict MSR access when module loading is
- restricted
-
-Writing to MSRs should not be allowed if module loading is restricted,
-since it could lead to execution of arbitrary code in kernel mode. Based
-on a patch by Kees Cook.
-
-Cc: Kees Cook <keescook@chromium.org>
-Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
----
- arch/x86/kernel/msr.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c
-index 113e70784854..26c2f83fc470 100644
---- a/arch/x86/kernel/msr.c
-+++ b/arch/x86/kernel/msr.c
-@@ -105,6 +105,9 @@ static ssize_t msr_write(struct file *file, const char __user *buf,
- 	int err = 0;
- 	ssize_t bytes = 0;
- 
-+	if (secure_modules())
-+		return -EPERM;
-+
- 	if (count % 8)
- 		return -EINVAL;	/* Invalid chunk size */
- 
-@@ -152,6 +155,10 @@ static long msr_ioctl(struct file *file, unsigned int ioc, unsigned long arg)
- 			err = -EBADF;
- 			break;
- 		}
-+		if (secure_modules()) {
-+			err = -EPERM;
-+			break;
-+		}
- 		if (copy_from_user(&regs, uregs, sizeof regs)) {
- 			err = -EFAULT;
- 			break;
--- 
-2.4.3
-