From d07b889185195409a6090ed3e12fff475b4258f4 Mon Sep 17 00:00:00 2001 From: Laura Abbott Date: Tue, 1 Sep 2015 15:03:08 -0700 Subject: Linux v4.2 This is a squashed patch of the history from F22 + the 4.2 rebase --- ...t-MSR-access-when-module-loading-is-restr.patch | 39 ++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 x86-Restrict-MSR-access-when-module-loading-is-restr.patch (limited to 'x86-Restrict-MSR-access-when-module-loading-is-restr.patch') diff --git a/x86-Restrict-MSR-access-when-module-loading-is-restr.patch b/x86-Restrict-MSR-access-when-module-loading-is-restr.patch new file mode 100644 index 000000000..9053f2aea --- /dev/null +++ b/x86-Restrict-MSR-access-when-module-loading-is-restr.patch @@ -0,0 +1,39 @@ +From: Matthew Garrett +Date: Fri, 8 Feb 2013 11:12:13 -0800 +Subject: [PATCH] x86: Restrict MSR access when module loading is restricted + +Writing to MSRs should not be allowed if module loading is restricted, +since it could lead to execution of arbitrary code in kernel mode. Based +on a patch by Kees Cook. + +Cc: Kees Cook +Signed-off-by: Matthew Garrett +--- + arch/x86/kernel/msr.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c +index 113e70784854..26c2f83fc470 100644 +--- a/arch/x86/kernel/msr.c ++++ b/arch/x86/kernel/msr.c +@@ -105,6 +105,9 @@ static ssize_t msr_write(struct file *file, const char __user *buf, + int err = 0; + ssize_t bytes = 0; + ++ if (secure_modules()) ++ return -EPERM; ++ + if (count % 8) + return -EINVAL; /* Invalid chunk size */ + +@@ -152,6 +155,10 @@ static long msr_ioctl(struct file *file, unsigned int ioc, unsigned long arg) + err = -EBADF; + break; + } ++ if (secure_modules()) { ++ err = -EPERM; ++ break; ++ } + if (copy_from_user(®s, uregs, sizeof regs)) { + err = -EFAULT; + break; -- cgit