Linux-Security-Module Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH 1/2] staging: comedi: Restrict COMEDI_DEVCONFIG when the kernel is locked down
@ 2019-08-30 15:45 Ben Hutchings
  2019-08-30 15:47 ` [PATCH 2/2] mtd: phram,slram: Disable " Ben Hutchings
  2019-08-30 17:35 ` [PATCH 1/2] staging: comedi: Restrict COMEDI_DEVCONFIG " Ian Abbott
  0 siblings, 2 replies; 9+ messages in thread
From: Ben Hutchings @ 2019-08-30 15:45 UTC (permalink / raw)
  To: jmorris
  Cc: linux-security-module, Matthew Garrett, David Howells,
	Ian Abbott, H Hartley Sweeten

[-- Attachment #1: Type: text/plain, Size: 2484 bytes --]

The COMEDI_DEVCONFIG ioctl can be used to configure I/O addresses and
other hardware settings for non plug-and-play devices such as ISA
cards.  This should be disabled to preserve the kernel's integrity
when it is locked down.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Cc: Matthew Garrett <mjg59@google.com>
Cc: David Howells <dhowells@redhat.com>
Cc: Ian Abbott <abbotti@mev.co.uk>
Cc: H Hartley Sweeten <hsweeten@visionengravers.com>
---
 drivers/staging/comedi/comedi_fops.c | 6 ++++++
 include/linux/security.h             | 1 +
 security/lockdown/lockdown.c         | 1 +
 3 files changed, 8 insertions(+)

diff --git a/drivers/staging/comedi/comedi_fops.c b/drivers/staging/comedi/comedi_fops.c
index f6d1287c7b83..fdf030e53035 100644
--- a/drivers/staging/comedi/comedi_fops.c
+++ b/drivers/staging/comedi/comedi_fops.c
@@ -27,6 +27,7 @@
 
 #include <linux/io.h>
 #include <linux/uaccess.h>
+#include <linux/security.h>
 
 #include "comedi_internal.h"
 
@@ -813,11 +814,16 @@ static int do_devconfig_ioctl(struct comedi_device *dev,
 			      struct comedi_devconfig __user *arg)
 {
 	struct comedi_devconfig it;
+	int ret;
 
 	lockdep_assert_held(&dev->mutex);
 	if (!capable(CAP_SYS_ADMIN))
 		return -EPERM;
 
+	ret = security_locked_down(LOCKDOWN_COMEDI_DEVCONFIG);
+	if (ret)
+		return ret;
+
 	if (!arg) {
 		if (is_device_busy(dev))
 			return -EBUSY;
diff --git a/include/linux/security.h b/include/linux/security.h
index 429f9f03372b..b16365dccfc5 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -113,6 +113,7 @@ enum lockdown_reason {
 	LOCKDOWN_ACPI_TABLES,
 	LOCKDOWN_PCMCIA_CIS,
 	LOCKDOWN_TIOCSSERIAL,
+	LOCKDOWN_COMEDI_DEVCONFIG,
 	LOCKDOWN_MODULE_PARAMETERS,
 	LOCKDOWN_MMIOTRACE,
 	LOCKDOWN_DEBUGFS,
diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c
index 0068cec77c05..971bb99b9051 100644
--- a/security/lockdown/lockdown.c
+++ b/security/lockdown/lockdown.c
@@ -28,6 +28,7 @@ static char *lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1] = {
 	[LOCKDOWN_ACPI_TABLES] = "modifying ACPI tables",
 	[LOCKDOWN_PCMCIA_CIS] = "direct PCMCIA CIS storage",
 	[LOCKDOWN_TIOCSSERIAL] = "reconfiguration of serial port IO",
+	[LOCKDOWN_COMEDI_DEVCONFIG] = "reconfiguration of Comedi legacy device",
 	[LOCKDOWN_MODULE_PARAMETERS] = "unsafe module parameters",
 	[LOCKDOWN_MMIOTRACE] = "unsafe mmio",
 	[LOCKDOWN_DEBUGFS] = "debugfs access",


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 9+ messages in thread

* [PATCH 2/2] mtd: phram,slram: Disable when the kernel is locked down
  2019-08-30 15:45 [PATCH 1/2] staging: comedi: Restrict COMEDI_DEVCONFIG when the kernel is locked down Ben Hutchings
@ 2019-08-30 15:47 ` " Ben Hutchings
  2019-09-10 14:27   ` Matthew Garrett
  2019-08-30 17:35 ` [PATCH 1/2] staging: comedi: Restrict COMEDI_DEVCONFIG " Ian Abbott
  1 sibling, 1 reply; 9+ messages in thread
From: Ben Hutchings @ 2019-08-30 15:47 UTC (permalink / raw)
  To: jmorris
  Cc: linux-security-module, Matthew Garrett, David Howells,
	Joern Engel, linux-mtd

[-- Attachment #1: Type: text/plain, Size: 2416 bytes --]

These drivers allow mapping arbitrary memory ranges as MTD devices.
This should be disabled to preserve the kernel's integrity when it is
locked down.

* Add the HWPARAM flag to the module parameters
* When slram is built-in, it uses __setup() to read kernel parameters,
  so add an explicit check security_locked_down() check

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Cc: Matthew Garrett <mjg59@google.com>
Cc: David Howells <dhowells@redhat.com>
Cc: Joern Engel <joern@lazybastard.org>
Cc: linux-mtd@lists.infradead.org
---
 drivers/mtd/devices/phram.c | 6 +++++-
 drivers/mtd/devices/slram.c | 9 ++++++++-
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/drivers/mtd/devices/phram.c b/drivers/mtd/devices/phram.c
index c467286ca007..9c18b4bb2ed9 100644
--- a/drivers/mtd/devices/phram.c
+++ b/drivers/mtd/devices/phram.c
@@ -294,7 +294,11 @@ static int phram_param_call(const char *val, const struct kernel_param *kp)
 #endif
 }
 
-module_param_call(phram, phram_param_call, NULL, NULL, 000);
+static const struct kernel_param_ops phram_param_ops = {
+	.set = phram_param_call
+};
+__module_param_call(MODULE_PARAM_PREFIX, phram, &phram_param_ops, NULL,
+		    000, -1, KERNEL_PARAM_FL_HWPARAM | hwparam_iomem);
 MODULE_PARM_DESC(phram, "Memory region to map. \"phram=<name>,<start>,<length>\"");
 
 
diff --git a/drivers/mtd/devices/slram.c b/drivers/mtd/devices/slram.c
index 28131a127d06..d92a2461e2ce 100644
--- a/drivers/mtd/devices/slram.c
+++ b/drivers/mtd/devices/slram.c
@@ -43,6 +43,7 @@
 #include <linux/ioctl.h>
 #include <linux/init.h>
 #include <linux/io.h>
+#include <linux/security.h>
 
 #include <linux/mtd/mtd.h>
 
@@ -65,7 +66,7 @@ typedef struct slram_mtd_list {
 #ifdef MODULE
 static char *map[SLRAM_MAX_DEVICES_PARAMS];
 
-module_param_array(map, charp, NULL, 0);
+module_param_hw_array(map, charp, iomem, NULL, 0);
 MODULE_PARM_DESC(map, "List of memory regions to map. \"map=<name>, <start>, <length / end>\"");
 #else
 static char *map;
@@ -281,11 +282,17 @@ static int __init init_slram(void)
 #ifndef MODULE
 	char *devstart;
 	char *devlength;
+	int ret;
 
 	if (!map) {
 		E("slram: not enough parameters.\n");
 		return(-EINVAL);
 	}
+
+	ret = security_locked_down(LOCKDOWN_MODULE_PARAMETERS);
+	if (ret)
+		return ret;
+
 	while (map) {
 		devname = devstart = devlength = NULL;
 

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [PATCH 1/2] staging: comedi: Restrict COMEDI_DEVCONFIG when the kernel is locked down
  2019-08-30 15:45 [PATCH 1/2] staging: comedi: Restrict COMEDI_DEVCONFIG when the kernel is locked down Ben Hutchings
  2019-08-30 15:47 ` [PATCH 2/2] mtd: phram,slram: Disable " Ben Hutchings
@ 2019-08-30 17:35 ` " Ian Abbott
  2019-08-31  9:50   ` Ben Hutchings
  1 sibling, 1 reply; 9+ messages in thread
From: Ian Abbott @ 2019-08-30 17:35 UTC (permalink / raw)
  To: Ben Hutchings, jmorris
  Cc: linux-security-module, Matthew Garrett, David Howells, H Hartley Sweeten

On 30/08/2019 16:45, Ben Hutchings wrote:
> The COMEDI_DEVCONFIG ioctl can be used to configure I/O addresses and
> other hardware settings for non plug-and-play devices such as ISA
> cards.  This should be disabled to preserve the kernel's integrity
> when it is locked down.

I haven't boned up on the lockdown mechanism yet, but just FYI, this is 
only possible if the "comedi_num_legacy_minors" module parameter is 
non-zero (which it isn't by default).

> 
> Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
> Cc: Matthew Garrett <mjg59@google.com>
> Cc: David Howells <dhowells@redhat.com>
> Cc: Ian Abbott <abbotti@mev.co.uk>
> Cc: H Hartley Sweeten <hsweeten@visionengravers.com>
> ---
>   drivers/staging/comedi/comedi_fops.c | 6 ++++++
>   include/linux/security.h             | 1 +
>   security/lockdown/lockdown.c         | 1 +
>   3 files changed, 8 insertions(+)
> 
> diff --git a/drivers/staging/comedi/comedi_fops.c b/drivers/staging/comedi/comedi_fops.c
> index f6d1287c7b83..fdf030e53035 100644
> --- a/drivers/staging/comedi/comedi_fops.c
> +++ b/drivers/staging/comedi/comedi_fops.c
> @@ -27,6 +27,7 @@
>   
>   #include <linux/io.h>
>   #include <linux/uaccess.h>
> +#include <linux/security.h>
>   
>   #include "comedi_internal.h"
>   
> @@ -813,11 +814,16 @@ static int do_devconfig_ioctl(struct comedi_device *dev,
>   			      struct comedi_devconfig __user *arg)
>   {
>   	struct comedi_devconfig it;
> +	int ret;
>   
>   	lockdep_assert_held(&dev->mutex);
>   	if (!capable(CAP_SYS_ADMIN))
>   		return -EPERM;
>   
> +	ret = security_locked_down(LOCKDOWN_COMEDI_DEVCONFIG);
> +	if (ret)
> +		return ret;
> +

You might consider moving that check to be done after the following 'if 
(!arg)' block, since that should be safe.  (It detaches an already 
configured device from the comedi core.)

>   	if (!arg) {
>   		if (is_device_busy(dev))
>   			return -EBUSY;
> diff --git a/include/linux/security.h b/include/linux/security.h
> index 429f9f03372b..b16365dccfc5 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -113,6 +113,7 @@ enum lockdown_reason {
>   	LOCKDOWN_ACPI_TABLES,
>   	LOCKDOWN_PCMCIA_CIS,
>   	LOCKDOWN_TIOCSSERIAL,
> +	LOCKDOWN_COMEDI_DEVCONFIG,
>   	LOCKDOWN_MODULE_PARAMETERS,
>   	LOCKDOWN_MMIOTRACE,
>   	LOCKDOWN_DEBUGFS,
> diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c
> index 0068cec77c05..971bb99b9051 100644
> --- a/security/lockdown/lockdown.c
> +++ b/security/lockdown/lockdown.c
> @@ -28,6 +28,7 @@ static char *lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1] = {
>   	[LOCKDOWN_ACPI_TABLES] = "modifying ACPI tables",
>   	[LOCKDOWN_PCMCIA_CIS] = "direct PCMCIA CIS storage",
>   	[LOCKDOWN_TIOCSSERIAL] = "reconfiguration of serial port IO",
> +	[LOCKDOWN_COMEDI_DEVCONFIG] = "reconfiguration of Comedi legacy device",
>   	[LOCKDOWN_MODULE_PARAMETERS] = "unsafe module parameters",
>   	[LOCKDOWN_MMIOTRACE] = "unsafe mmio",
>   	[LOCKDOWN_DEBUGFS] = "debugfs access",
> 


-- 
-=( Ian Abbott <abbotti@mev.co.uk> || Web: www.mev.co.uk )=-
-=( MEV Ltd. is a company registered in England & Wales. )=-
-=( Registered number: 02862268.  Registered address:    )=-
-=( 15 West Park Road, Bramhall, STOCKPORT, SK7 3JZ, UK. )=-

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [PATCH 1/2] staging: comedi: Restrict COMEDI_DEVCONFIG when the kernel is locked down
  2019-08-30 17:35 ` [PATCH 1/2] staging: comedi: Restrict COMEDI_DEVCONFIG " Ian Abbott
@ 2019-08-31  9:50   ` Ben Hutchings
  2019-09-02  9:26     ` Ian Abbott
  0 siblings, 1 reply; 9+ messages in thread
From: Ben Hutchings @ 2019-08-31  9:50 UTC (permalink / raw)
  To: Ian Abbott, jmorris
  Cc: linux-security-module, Matthew Garrett, David Howells, H Hartley Sweeten

[-- Attachment #1: Type: text/plain, Size: 2359 bytes --]

On Fri, 2019-08-30 at 18:35 +0100, Ian Abbott wrote:
> On 30/08/2019 16:45, Ben Hutchings wrote:
> > The COMEDI_DEVCONFIG ioctl can be used to configure I/O addresses and
> > other hardware settings for non plug-and-play devices such as ISA
> > cards.  This should be disabled to preserve the kernel's integrity
> > when it is locked down.
> 
> I haven't boned up on the lockdown mechanism yet, but just FYI, this is 
> only possible if the "comedi_num_legacy_minors" module parameter is 
> non-zero (which it isn't by default).

So do you think would it make more sense to set the HWPARAM flag on
that module parameter?  That should have the same effect although it
doesn't seem to quite fit the intent of that flag.

> > Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
> > Cc: Matthew Garrett <mjg59@google.com>
> > Cc: David Howells <dhowells@redhat.com>
> > Cc: Ian Abbott <abbotti@mev.co.uk>
> > Cc: H Hartley Sweeten <hsweeten@visionengravers.com>
> > ---
> >   drivers/staging/comedi/comedi_fops.c | 6 ++++++
> >   include/linux/security.h             | 1 +
> >   security/lockdown/lockdown.c         | 1 +
> >   3 files changed, 8 insertions(+)
> > 
> > diff --git a/drivers/staging/comedi/comedi_fops.c b/drivers/staging/comedi/comedi_fops.c
> > index f6d1287c7b83..fdf030e53035 100644
> > --- a/drivers/staging/comedi/comedi_fops.c
> > +++ b/drivers/staging/comedi/comedi_fops.c
> > @@ -27,6 +27,7 @@
> >   
> >   #include <linux/io.h>
> >   #include <linux/uaccess.h>
> > +#include <linux/security.h>
> >   
> >   #include "comedi_internal.h"
> >   
> > @@ -813,11 +814,16 @@ static int do_devconfig_ioctl(struct comedi_device *dev,
> >   			      struct comedi_devconfig __user *arg)
> >   {
> >   	struct comedi_devconfig it;
> > +	int ret;
> >   
> >   	lockdep_assert_held(&dev->mutex);
> >   	if (!capable(CAP_SYS_ADMIN))
> >   		return -EPERM;
> >   
> > +	ret = security_locked_down(LOCKDOWN_COMEDI_DEVCONFIG);
> > +	if (ret)
> > +		return ret;
> > +
> 
> You might consider moving that check to be done after the following 'if 
> (!arg)' block, since that should be safe.  (It detaches an already 
> configured device from the comedi core.)
[...]

How would it have been configured, though?

Ben.

-- 
Ben Hutchings
You can't have everything.  Where would you put it?



[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [PATCH 1/2] staging: comedi: Restrict COMEDI_DEVCONFIG when the kernel is locked down
  2019-08-31  9:50   ` Ben Hutchings
@ 2019-09-02  9:26     ` Ian Abbott
  0 siblings, 0 replies; 9+ messages in thread
From: Ian Abbott @ 2019-09-02  9:26 UTC (permalink / raw)
  To: Ben Hutchings, jmorris
  Cc: linux-security-module, Matthew Garrett, David Howells, H Hartley Sweeten

On 31/08/2019 10:50, Ben Hutchings wrote:
> On Fri, 2019-08-30 at 18:35 +0100, Ian Abbott wrote:
>> On 30/08/2019 16:45, Ben Hutchings wrote:
>>> The COMEDI_DEVCONFIG ioctl can be used to configure I/O addresses and
>>> other hardware settings for non plug-and-play devices such as ISA
>>> cards.  This should be disabled to preserve the kernel's integrity
>>> when it is locked down.
>>
>> I haven't boned up on the lockdown mechanism yet, but just FYI, this is
>> only possible if the "comedi_num_legacy_minors" module parameter is
>> non-zero (which it isn't by default).
> 
> So do you think would it make more sense to set the HWPARAM flag on
> that module parameter?  That should have the same effect although it
> doesn't seem to quite fit the intent of that flag.

HWPARAM would prohibit the creation of a few special comedi devices such 
as those created by the "comedi_test" and "comedi_bond" drivers. 
(Although one dummy device does get created by the "comedi_test" module 
when it is loaded, and I don't know if anyone actually uses the 
"comedi_bond" driver!)

But then again, the changes to COMEDI_DEVCONFIG also prohibits the 
creation of those special devices, so I don't suppose it matters either way.

> 
>>> Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
>>> Cc: Matthew Garrett <mjg59@google.com>
>>> Cc: David Howells <dhowells@redhat.com>
>>> Cc: Ian Abbott <abbotti@mev.co.uk>
>>> Cc: H Hartley Sweeten <hsweeten@visionengravers.com>
>>> ---
>>>    drivers/staging/comedi/comedi_fops.c | 6 ++++++
>>>    include/linux/security.h             | 1 +
>>>    security/lockdown/lockdown.c         | 1 +
>>>    3 files changed, 8 insertions(+)
>>>
>>> diff --git a/drivers/staging/comedi/comedi_fops.c b/drivers/staging/comedi/comedi_fops.c
>>> index f6d1287c7b83..fdf030e53035 100644
>>> --- a/drivers/staging/comedi/comedi_fops.c
>>> +++ b/drivers/staging/comedi/comedi_fops.c
>>> @@ -27,6 +27,7 @@
>>>    
>>>    #include <linux/io.h>
>>>    #include <linux/uaccess.h>
>>> +#include <linux/security.h>
>>>    
>>>    #include "comedi_internal.h"
>>>    
>>> @@ -813,11 +814,16 @@ static int do_devconfig_ioctl(struct comedi_device *dev,
>>>    			      struct comedi_devconfig __user *arg)
>>>    {
>>>    	struct comedi_devconfig it;
>>> +	int ret;
>>>    
>>>    	lockdep_assert_held(&dev->mutex);
>>>    	if (!capable(CAP_SYS_ADMIN))
>>>    		return -EPERM;
>>>    
>>> +	ret = security_locked_down(LOCKDOWN_COMEDI_DEVCONFIG);
>>> +	if (ret)
>>> +		return ret;
>>> +
>>
>> You might consider moving that check to be done after the following 'if
>> (!arg)' block, since that should be safe.  (It detaches an already
>> configured device from the comedi core.)
> [...]
> 
> How would it have been configured, though?

It works on automatically registered comedi devices too.  I suppose that 
could be done via the "unbind" file in the driver, but that goes through 
a different path and is a bit harder to use.

-- 
-=( Ian Abbott <abbotti@mev.co.uk> || Web: www.mev.co.uk )=-
-=( MEV Ltd. is a company registered in England & Wales. )=-
-=( Registered number: 02862268.  Registered address:    )=-
-=( 15 West Park Road, Bramhall, STOCKPORT, SK7 3JZ, UK. )=-

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [PATCH 2/2] mtd: phram,slram: Disable when the kernel is locked down
  2019-08-30 15:47 ` [PATCH 2/2] mtd: phram,slram: Disable " Ben Hutchings
@ 2019-09-10 14:27   ` Matthew Garrett
  2019-09-10 15:17     ` James Morris
  0 siblings, 1 reply; 9+ messages in thread
From: Matthew Garrett @ 2019-09-10 14:27 UTC (permalink / raw)
  To: Ben Hutchings
  Cc: James Morris, LSM List, David Howells, Joern Engel, linux-mtd

On Fri, Aug 30, 2019 at 11:47 AM Ben Hutchings <ben@decadent.org.uk> wrote:
>
> These drivers allow mapping arbitrary memory ranges as MTD devices.
> This should be disabled to preserve the kernel's integrity when it is
> locked down.
>
> * Add the HWPARAM flag to the module parameters
> * When slram is built-in, it uses __setup() to read kernel parameters,
>   so add an explicit check security_locked_down() check
>
> Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
> Cc: Matthew Garrett <mjg59@google.com>
> Cc: David Howells <dhowells@redhat.com>
> Cc: Joern Engel <joern@lazybastard.org>
> Cc: linux-mtd@lists.infradead.org

Reviewed-by: Matthew Garrett <mjg59@google.com>

James, should I pick patches like this up and send them to you, or
will you queue them directly after they're acked?

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [PATCH 2/2] mtd: phram,slram: Disable when the kernel is locked down
  2019-09-10 14:27   ` Matthew Garrett
@ 2019-09-10 15:17     ` James Morris
  2019-09-10 22:18       ` Richard Weinberger
  0 siblings, 1 reply; 9+ messages in thread
From: James Morris @ 2019-09-10 15:17 UTC (permalink / raw)
  To: Matthew Garrett
  Cc: Ben Hutchings, LSM List, David Howells, Joern Engel, linux-mtd

On Tue, 10 Sep 2019, Matthew Garrett wrote:

> On Fri, Aug 30, 2019 at 11:47 AM Ben Hutchings <ben@decadent.org.uk> wrote:
> >
> > These drivers allow mapping arbitrary memory ranges as MTD devices.
> > This should be disabled to preserve the kernel's integrity when it is
> > locked down.
> >
> > * Add the HWPARAM flag to the module parameters
> > * When slram is built-in, it uses __setup() to read kernel parameters,
> >   so add an explicit check security_locked_down() check
> >
> > Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
> > Cc: Matthew Garrett <mjg59@google.com>
> > Cc: David Howells <dhowells@redhat.com>
> > Cc: Joern Engel <joern@lazybastard.org>
> > Cc: linux-mtd@lists.infradead.org
> 
> Reviewed-by: Matthew Garrett <mjg59@google.com>
> 
> James, should I pick patches like this up and send them to you, or
> will you queue them directly after they're acked?

As long as I'm on the to or cc when they're acked, I can grab them.


-- 
James Morris
<jmorris@namei.org>


^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [PATCH 2/2] mtd: phram,slram: Disable when the kernel is locked down
  2019-09-10 15:17     ` James Morris
@ 2019-09-10 22:18       ` Richard Weinberger
  2019-09-10 23:43         ` Ben Hutchings
  0 siblings, 1 reply; 9+ messages in thread
From: Richard Weinberger @ 2019-09-10 22:18 UTC (permalink / raw)
  To: James Morris
  Cc: Matthew Garrett, David Howells, Joern Engel, LSM List,
	Ben Hutchings, linux-mtd

On Tue, Sep 10, 2019 at 5:17 PM James Morris <jmorris@namei.org> wrote:
>
> On Tue, 10 Sep 2019, Matthew Garrett wrote:
>
> > On Fri, Aug 30, 2019 at 11:47 AM Ben Hutchings <ben@decadent.org.uk> wrote:
> > >
> > > These drivers allow mapping arbitrary memory ranges as MTD devices.
> > > This should be disabled to preserve the kernel's integrity when it is
> > > locked down.
> > >
> > > * Add the HWPARAM flag to the module parameters
> > > * When slram is built-in, it uses __setup() to read kernel parameters,
> > >   so add an explicit check security_locked_down() check
> > >
> > > Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
> > > Cc: Matthew Garrett <mjg59@google.com>
> > > Cc: David Howells <dhowells@redhat.com>
> > > Cc: Joern Engel <joern@lazybastard.org>
> > > Cc: linux-mtd@lists.infradead.org
> >
> > Reviewed-by: Matthew Garrett <mjg59@google.com>
> >
> > James, should I pick patches like this up and send them to you, or
> > will you queue them directly after they're acked?
>
> As long as I'm on the to or cc when they're acked, I can grab them.

Acked-by: Richard Weinberger <richard@nod.at>

BTW: I don't have 1/2 in my inbox, is it also MTD related?

-- 
Thanks,
//richard

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [PATCH 2/2] mtd: phram,slram: Disable when the kernel is locked down
  2019-09-10 22:18       ` Richard Weinberger
@ 2019-09-10 23:43         ` Ben Hutchings
  0 siblings, 0 replies; 9+ messages in thread
From: Ben Hutchings @ 2019-09-10 23:43 UTC (permalink / raw)
  To: Richard Weinberger, James Morris
  Cc: Matthew Garrett, David Howells, Joern Engel, LSM List, linux-mtd

[-- Attachment #1: Type: text/plain, Size: 1666 bytes --]

On Wed, 2019-09-11 at 00:18 +0200, Richard Weinberger wrote:
> On Tue, Sep 10, 2019 at 5:17 PM James Morris <jmorris@namei.org> wrote:
> > On Tue, 10 Sep 2019, Matthew Garrett wrote:
> > 
> > > On Fri, Aug 30, 2019 at 11:47 AM Ben Hutchings <ben@decadent.org.uk> wrote:
> > > > These drivers allow mapping arbitrary memory ranges as MTD devices.
> > > > This should be disabled to preserve the kernel's integrity when it is
> > > > locked down.
> > > > 
> > > > * Add the HWPARAM flag to the module parameters
> > > > * When slram is built-in, it uses __setup() to read kernel parameters,
> > > >   so add an explicit check security_locked_down() check
> > > > 
> > > > Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
> > > > Cc: Matthew Garrett <mjg59@google.com>
> > > > Cc: David Howells <dhowells@redhat.com>
> > > > Cc: Joern Engel <joern@lazybastard.org>
> > > > Cc: linux-mtd@lists.infradead.org
> > > 
> > > Reviewed-by: Matthew Garrett <mjg59@google.com>
> > > 
> > > James, should I pick patches like this up and send them to you, or
> > > will you queue them directly after they're acked?
> > 
> > As long as I'm on the to or cc when they're acked, I can grab them.
> 
> Acked-by: Richard Weinberger <richard@nod.at>
> 
> BTW: I don't have 1/2 in my inbox, is it also MTD related?

No, that was for some other drivers (comedi) that allow setting I/O
addresses from user-space.

Ben.

-- 
Ben Hutchings
The obvious mathematical breakthrough [to break modern encryption]
would be development of an easy way to factor large prime numbers.
                                                           - Bill Gates



[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 9+ messages in thread

end of thread, back to index

Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-08-30 15:45 [PATCH 1/2] staging: comedi: Restrict COMEDI_DEVCONFIG when the kernel is locked down Ben Hutchings
2019-08-30 15:47 ` [PATCH 2/2] mtd: phram,slram: Disable " Ben Hutchings
2019-09-10 14:27   ` Matthew Garrett
2019-09-10 15:17     ` James Morris
2019-09-10 22:18       ` Richard Weinberger
2019-09-10 23:43         ` Ben Hutchings
2019-08-30 17:35 ` [PATCH 1/2] staging: comedi: Restrict COMEDI_DEVCONFIG " Ian Abbott
2019-08-31  9:50   ` Ben Hutchings
2019-09-02  9:26     ` Ian Abbott

Linux-Security-Module Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-security-module/0 linux-security-module/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-security-module linux-security-module/ https://lore.kernel.org/linux-security-module \
		linux-security-module@vger.kernel.org linux-security-module@archiver.kernel.org
	public-inbox-index linux-security-module


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-security-module


AGPL code for this site: git clone https://public-inbox.org/ public-inbox