From: Kees Cook <keescook@chromium.org> To: linux-kernel@vger.kernel.org Cc: Matthew Garrett <matthew.garrett@nebula.com>, "H. Peter Anvin" <hpa@zytor.com>, Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>, x86@kernel.org, linux-efi@vger.kernel.org, linux-security-module@vger.kernel.org Subject: [PATCH] x86: Lock down MSR writing in secure boot Date: Fri, 8 Feb 2013 11:12:13 -0800 [thread overview] Message-ID: <20130208191213.GA25081@www.outflux.net> (raw) Writing to MSRs should not be allowed unless CAP_COMPROMISE_KERNEL is set since it could lead to execution of arbitrary code in kernel mode. Signed-off-by: Kees Cook <keescook@chromium.org> --- This would be used on top of Matthew Garrett's existing "Secure boot policy support" patch series. --- arch/x86/kernel/msr.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c index 4929502..adaab3d 100644 --- a/arch/x86/kernel/msr.c +++ b/arch/x86/kernel/msr.c @@ -103,6 +103,9 @@ static ssize_t msr_write(struct file *file, const char __user *buf, int err = 0; ssize_t bytes = 0; + if (!capable(CAP_COMPROMISE_KERNEL)) + return -EPERM; + if (count % 8) return -EINVAL; /* Invalid chunk size */ @@ -150,6 +153,10 @@ static long msr_ioctl(struct file *file, unsigned int ioc, unsigned long arg) err = -EBADF; break; } + if (!capable(CAP_COMPROMISE_KERNEL)) { + err = -EPERM; + break; + } if (copy_from_user(®s, uregs, sizeof regs)) { err = -EFAULT; break; -- 1.7.9.5 -- Kees Cook Chrome OS Security
next reply other threads:[~2013-02-08 19:12 UTC|newest] Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top 2013-02-08 19:12 Kees Cook [this message] 2013-02-08 19:17 ` H. Peter Anvin 2013-02-08 19:18 ` Kees Cook 2013-02-08 19:42 ` H. Peter Anvin 2013-02-08 20:14 ` Kees Cook 2013-02-08 20:18 ` H. Peter Anvin 2013-02-08 20:28 ` Kees Cook 2013-02-08 20:34 ` Matthew Garrett 2013-02-08 21:02 ` Kees Cook 2013-02-08 21:07 ` Matthew Garrett 2013-02-08 21:14 ` Josh Boyer 2013-02-08 23:09 ` Andy Lutomirski 2013-02-08 22:30 ` H. Peter Anvin 2013-02-08 23:06 ` Borislav Petkov 2013-02-08 23:26 ` Matthew Garrett 2013-02-09 1:22 ` H. Peter Anvin 2013-02-09 1:29 ` Matthew Garrett 2013-02-09 6:45 ` Kees Cook 2013-02-09 9:29 ` Borislav Petkov 2013-02-09 15:10 ` Kees Cook 2013-02-09 15:11 ` Matthew Garrett 2013-02-13 0:48 ` H. Peter Anvin 2013-02-13 5:39 ` Matthew Garrett 2013-02-13 6:12 ` H. Peter Anvin 2013-02-13 6:27 ` Matthew Garrett 2013-02-13 6:33 ` H. Peter Anvin 2013-02-13 6:41 ` Matthew Garrett 2013-02-13 17:20 ` H. Peter Anvin 2013-02-13 17:26 ` Matthew Garrett 2013-02-13 17:51 ` Casey Schaufler 2013-02-13 17:56 ` Matthew Garrett 2013-02-13 18:44 ` H. Peter Anvin 2013-02-13 18:51 ` Matthew Garrett 2013-02-13 22:26 ` H. Peter Anvin 2013-02-13 22:58 ` Casey Schaufler 2013-02-14 0:25 ` H. Peter Anvin 2013-02-14 0:44 ` Casey Schaufler 2013-02-14 1:04 ` Matthew Garrett 2013-02-14 1:08 ` H. Peter Anvin 2013-02-14 2:46 ` Matthew Garrett 2013-02-14 1:34 ` Casey Schaufler 2013-02-13 8:27 ` Paolo Bonzini 2013-02-13 17:21 ` H. Peter Anvin 2013-02-13 17:22 ` H. Peter Anvin 2013-02-13 19:55 ` Paolo Bonzini 2013-02-13 22:24 ` H. Peter Anvin 2013-02-08 19:17 ` Matthew Garrett 2013-02-08 19:21 ` Kees Cook 2013-02-08 19:27 ` Matthew Garrett
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20130208191213.GA25081@www.outflux.net \ --to=keescook@chromium.org \ --cc=hpa@zytor.com \ --cc=linux-efi@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-security-module@vger.kernel.org \ --cc=matthew.garrett@nebula.com \ --cc=mingo@redhat.com \ --cc=tglx@linutronix.de \ --cc=x86@kernel.org \ --subject='Re: [PATCH] x86: Lock down MSR writing in secure boot' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).