From: David Howells <dhowells@redhat.com>
To: torvalds@linux-foundation.org
Cc: linux-man@vger.kernel.org, linux-api@vger.kernel.org,
jmorris@namei.org, linux-kernel@vger.kernel.org,
dhowells@redhat.com, linux-security-module@vger.kernel.org
Subject: [PATCH 18/24] Lock down module params that specify hardware parameters (eg. ioport)
Date: Wed, 11 Apr 2018 17:26:36 +0100 [thread overview]
Message-ID: <152346399627.4030.8043878470312297727.stgit@warthog.procyon.org.uk> (raw)
In-Reply-To: <152346387861.4030.4408662483445703127.stgit@warthog.procyon.org.uk>
Provided an annotation for module parameters that specify hardware
parameters (such as io ports, iomem addresses, irqs, dma channels, fixed
dma buffers and other types).
Suggested-by: Alan Cox <gnomes@lxorguk.ukuu.org.uk>
Signed-off-by: David Howells <dhowells@redhat.com>
---
kernel/params.c | 26 +++++++++++++++++++++-----
1 file changed, 21 insertions(+), 5 deletions(-)
diff --git a/kernel/params.c b/kernel/params.c
index cc9108c2a1fd..2c08c4aa376b 100644
--- a/kernel/params.c
+++ b/kernel/params.c
@@ -108,13 +108,19 @@ bool parameq(const char *a, const char *b)
return parameqn(a, b, strlen(a)+1);
}
-static void param_check_unsafe(const struct kernel_param *kp)
+static bool param_check_unsafe(const struct kernel_param *kp,
+ const char *doing)
{
if (kp->flags & KERNEL_PARAM_FL_UNSAFE) {
pr_warn("Setting dangerous option %s - tainting kernel\n",
kp->name);
add_taint(TAINT_USER, LOCKDEP_STILL_OK);
}
+
+ if (kp->flags & KERNEL_PARAM_FL_HWPARAM &&
+ kernel_is_locked_down("Command line-specified device addresses, irqs and dma channels"))
+ return false;
+ return true;
}
static int parse_one(char *param,
@@ -144,8 +150,10 @@ static int parse_one(char *param,
pr_debug("handling %s with %p\n", param,
params[i].ops->set);
kernel_param_lock(params[i].mod);
- param_check_unsafe(¶ms[i]);
- err = params[i].ops->set(val, ¶ms[i]);
+ if (param_check_unsafe(¶ms[i], doing))
+ err = params[i].ops->set(val, ¶ms[i]);
+ else
+ err = -EPERM;
kernel_param_unlock(params[i].mod);
return err;
}
@@ -553,6 +561,12 @@ static ssize_t param_attr_show(struct module_attribute *mattr,
return count;
}
+#ifdef CONFIG_MODULES
+#define mod_name(mod) (mod)->name
+#else
+#define mod_name(mod) "unknown"
+#endif
+
/* sysfs always hands a nul-terminated string in buf. We rely on that. */
static ssize_t param_attr_store(struct module_attribute *mattr,
struct module_kobject *mk,
@@ -565,8 +579,10 @@ static ssize_t param_attr_store(struct module_attribute *mattr,
return -EPERM;
kernel_param_lock(mk->mod);
- param_check_unsafe(attribute->param);
- err = attribute->param->ops->set(buf, attribute->param);
+ if (param_check_unsafe(attribute->param, mod_name(mk->mod)))
+ err = attribute->param->ops->set(buf, attribute->param);
+ else
+ err = -EPERM;
kernel_param_unlock(mk->mod);
if (!err)
return len;
next prev parent reply other threads:[~2018-04-11 16:26 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-11 16:24 [PATCH 00/24] security: Add kernel lockdown David Howells
2018-04-11 16:24 ` [PATCH 01/24] Add the ability to lock down access to the running kernel image David Howells
2018-04-11 16:44 ` Jann Horn
2018-04-11 17:37 ` Randy Dunlap
2018-04-11 18:50 ` Miguel Ojeda
2018-04-11 19:56 ` Greg KH
2018-04-11 17:49 ` David Howells
2018-04-11 18:09 ` Linus Torvalds
2018-04-11 18:35 ` Justin Forbes
2018-04-11 21:05 ` Jordan Glover
2018-04-11 22:38 ` Linus Torvalds
2018-04-12 13:09 ` Justin Forbes
2018-04-12 16:52 ` Linus Torvalds
2018-04-12 2:57 ` Andy Lutomirski
2018-04-11 16:24 ` [PATCH 02/24] Add a SysRq option to lift kernel lockdown David Howells
2018-04-11 17:05 ` Jann Horn
2018-04-13 20:22 ` Pavel Machek
2018-04-11 16:24 ` [PATCH 03/24] ima: require secure_boot rules in lockdown mode David Howells
2018-04-11 16:25 ` [PATCH 04/24] Enforce module signatures if the kernel is locked down David Howells
2018-04-11 16:25 ` [PATCH 05/24] Restrict /dev/{mem, kmem, port} when " David Howells
2018-04-11 16:25 ` [PATCH 06/24] kexec_load: Disable at runtime if " David Howells
2018-04-11 19:00 ` Eric W. Biederman
2018-04-11 20:09 ` Mimi Zohar
2018-04-12 11:38 ` Mimi Zohar
2018-04-11 20:05 ` David Howells
2018-04-11 16:25 ` [PATCH 07/24] hibernate: Disable when " David Howells
2018-04-13 20:22 ` Pavel Machek
2018-04-19 14:38 ` David Howells
2018-04-22 14:34 ` Andy Lutomirski
2018-04-26 7:26 ` Pavel Machek
2018-04-26 7:34 ` Rafael J. Wysocki
2018-04-26 8:20 ` Jiri Kosina
2018-05-23 8:46 ` joeyli
2018-04-11 16:25 ` [PATCH 08/24] uswsusp: " David Howells
2018-04-11 16:25 ` [PATCH 09/24] PCI: Lock down BAR access " David Howells
2018-04-11 16:25 ` [PATCH 10/24] x86: Lock down IO port " David Howells
2018-04-11 16:25 ` [PATCH 11/24] x86/msr: Restrict MSR " David Howells
2018-04-11 16:25 ` [PATCH 12/24] ACPI: Limit access to custom_method " David Howells
2018-04-11 16:26 ` [PATCH 13/24] acpi: Ignore acpi_rsdp kernel param when the kernel has been " David Howells
2018-04-11 16:26 ` [PATCH 14/24] acpi: Disable ACPI table override if the kernel is " David Howells
2018-04-11 16:26 ` [PATCH 15/24] acpi: Disable APEI error injection " David Howells
2018-04-11 16:26 ` [PATCH 16/24] Prohibit PCMCIA CIS storage when " David Howells
2018-04-11 16:26 ` [PATCH 17/24] Lock down TIOCSSERIAL David Howells
2018-04-11 16:26 ` David Howells [this message]
2018-04-11 17:22 ` [PATCH 18/24] Lock down module params that specify hardware parameters (eg. ioport) Randy Dunlap
2018-04-11 16:26 ` [PATCH 19/24] x86/mmiotrace: Lock down the testmmiotrace module David Howells
2018-04-11 16:26 ` [PATCH 20/24] Lock down /proc/kcore David Howells
2018-04-11 16:26 ` [PATCH 21/24] Lock down kprobes David Howells
2018-04-11 16:27 ` [PATCH 22/24] bpf: Restrict kernel image access functions when the kernel is locked down David Howells
2018-04-11 16:27 ` [PATCH 23/24] Lock down perf David Howells
2018-04-11 16:27 ` [PATCH 24/24] debugfs: Restrict debugfs when the kernel is locked down David Howells
2018-04-11 17:26 ` Randy Dunlap
2018-04-11 18:50 ` Eric W. Biederman
2018-04-11 19:54 ` Greg KH
2018-04-11 20:08 ` David Howells
2018-04-11 20:09 ` David Howells
2018-04-11 20:33 ` Greg KH
2018-04-12 2:54 ` Andy Lutomirski
2018-04-12 8:23 ` Greg KH
2018-04-12 14:19 ` Andy Lutomirski
2018-04-13 20:22 ` Pavel Machek
2018-04-19 14:35 ` David Howells
2018-05-10 11:01 ` Pavel Machek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=152346399627.4030.8043878470312297727.stgit@warthog.procyon.org.uk \
--to=dhowells@redhat.com \
--cc=jmorris@namei.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-man@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).