From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934145AbdDEUSB (ORCPT ); Wed, 5 Apr 2017 16:18:01 -0400 Received: from mx1.redhat.com ([209.132.183.28]:43248 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S934112AbdDEURl (ORCPT ); Wed, 5 Apr 2017 16:17:41 -0400 DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 26EE33DBE2 Authentication-Results: ext-mx06.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx06.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=dhowells@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 26EE33DBE2 Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 Subject: [PATCH 21/24] scsi: Lock down the eata driver From: David Howells To: linux-kernel@vger.kernel.org Cc: gnomes@lxorguk.ukuu.org.uk, linux-efi@vger.kernel.org, "James E.J. Bottomley" , linux-scsi@vger.kernel.org, "Martin K. Petersen" , matthew.garrett@nebula.com, gregkh@linuxfoundation.org, dhowells@redhat.com, linux-security-module@vger.kernel.org, keyrings@vger.kernel.org, Dario Ballabio Date: Wed, 05 Apr 2017 21:17:34 +0100 Message-ID: <149142345473.5101.9422205244390193240.stgit@warthog.procyon.org.uk> In-Reply-To: <149142326734.5101.4596394505987813763.stgit@warthog.procyon.org.uk> References: <149142326734.5101.4596394505987813763.stgit@warthog.procyon.org.uk> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Wed, 05 Apr 2017 20:17:40 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a device to access or modify the kernel image. The eata driver takes a single string parameter that contains a slew of settings, including hardware resource configuration. Prohibit use of the parameter if the kernel is locked down. Suggested-by: Alan Cox Signed-off-by: David Howells cc: Dario Ballabio cc: "James E.J. Bottomley" cc: "Martin K. Petersen" cc: linux-scsi@vger.kernel.org --- drivers/scsi/eata.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/scsi/eata.c b/drivers/scsi/eata.c index 227dd2c2ec2f..5c036d10c18b 100644 --- a/drivers/scsi/eata.c +++ b/drivers/scsi/eata.c @@ -1552,8 +1552,13 @@ static int eata2x_detect(struct scsi_host_template *tpnt) tpnt->proc_name = "eata2x"; - if (strlen(boot_options)) + if (strlen(boot_options)) { + if (kernel_is_locked_down()) { + pr_err("Command line-specified device addresses, irqs and dma channels are not permitted when the kernel is locked down\n"); + return -EPERM; + } option_setup(boot_options); + } #if defined(MODULE) /* io_port could have been modified when loading as a module */ From mboxrd@z Thu Jan 1 00:00:00 1970 From: dhowells@redhat.com (David Howells) Date: Wed, 05 Apr 2017 21:17:34 +0100 Subject: [PATCH 21/24] scsi: Lock down the eata driver In-Reply-To: <149142326734.5101.4596394505987813763.stgit@warthog.procyon.org.uk> References: <149142326734.5101.4596394505987813763.stgit@warthog.procyon.org.uk> Message-ID: <149142345473.5101.9422205244390193240.stgit@warthog.procyon.org.uk> To: linux-security-module@vger.kernel.org List-Id: linux-security-module.vger.kernel.org When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a device to access or modify the kernel image. The eata driver takes a single string parameter that contains a slew of settings, including hardware resource configuration. Prohibit use of the parameter if the kernel is locked down. Suggested-by: Alan Cox Signed-off-by: David Howells cc: Dario Ballabio cc: "James E.J. Bottomley" cc: "Martin K. Petersen" cc: linux-scsi at vger.kernel.org --- drivers/scsi/eata.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/scsi/eata.c b/drivers/scsi/eata.c index 227dd2c2ec2f..5c036d10c18b 100644 --- a/drivers/scsi/eata.c +++ b/drivers/scsi/eata.c @@ -1552,8 +1552,13 @@ static int eata2x_detect(struct scsi_host_template *tpnt) tpnt->proc_name = "eata2x"; - if (strlen(boot_options)) + if (strlen(boot_options)) { + if (kernel_is_locked_down()) { + pr_err("Command line-specified device addresses, irqs and dma channels are not permitted when the kernel is locked down\n"); + return -EPERM; + } option_setup(boot_options); + } #if defined(MODULE) /* io_port could have been modified when loading as a module */ -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo at vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html