linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: James Morris <jmorris@namei.org>
To: Matthew Garrett <matthew.garrett@nebula.com>
Cc: linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org,
	keescook@chromium.org, hpa@zytor.com
Subject: Re: [PATCH V3 03/11] x86: Lock down IO port access when module security is enabled
Date: Wed, 4 Sep 2013 10:45:57 +1000 (EST)	[thread overview]
Message-ID: <alpine.LRH.2.02.1309041045470.20116@tundra.namei.org> (raw)
In-Reply-To: <1378252218-18798-4-git-send-email-matthew.garrett@nebula.com>

On Tue, 3 Sep 2013, Matthew Garrett wrote:

> IO port access would permit users to gain access to PCI configuration
> registers, which in turn (on a lot of hardware) give access to MMIO register
> space. This would potentially permit root to trigger arbitrary DMA, so lock
> it down by default.
> 
> Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>


Reviewed-by: James Morris <jmorris@namei.org>




> ---
>  arch/x86/kernel/ioport.c | 5 +++--
>  drivers/char/mem.c       | 4 ++++
>  2 files changed, 7 insertions(+), 2 deletions(-)
> 
> diff --git a/arch/x86/kernel/ioport.c b/arch/x86/kernel/ioport.c
> index 4ddaf66..00b4403 100644
> --- a/arch/x86/kernel/ioport.c
> +++ b/arch/x86/kernel/ioport.c
> @@ -15,6 +15,7 @@
>  #include <linux/thread_info.h>
>  #include <linux/syscalls.h>
>  #include <linux/bitmap.h>
> +#include <linux/module.h>
>  #include <asm/syscalls.h>
>  
>  /*
> @@ -28,7 +29,7 @@ asmlinkage long sys_ioperm(unsigned long from, unsigned long num, int turn_on)
>  
>  	if ((from + num <= from) || (from + num > IO_BITMAP_BITS))
>  		return -EINVAL;
> -	if (turn_on && !capable(CAP_SYS_RAWIO))
> +	if (turn_on && (!capable(CAP_SYS_RAWIO) || secure_modules()))
>  		return -EPERM;
>  
>  	/*
> @@ -103,7 +104,7 @@ SYSCALL_DEFINE1(iopl, unsigned int, level)
>  		return -EINVAL;
>  	/* Trying to gain more privileges? */
>  	if (level > old) {
> -		if (!capable(CAP_SYS_RAWIO))
> +		if (!capable(CAP_SYS_RAWIO) || secure_modules())
>  			return -EPERM;
>  	}
>  	regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | (level << 12);
> diff --git a/drivers/char/mem.c b/drivers/char/mem.c
> index f895a8c..1af8664 100644
> --- a/drivers/char/mem.c
> +++ b/drivers/char/mem.c
> @@ -28,6 +28,7 @@
>  #include <linux/export.h>
>  #include <linux/io.h>
>  #include <linux/aio.h>
> +#include <linux/module.h>
>  
>  #include <asm/uaccess.h>
>  
> @@ -563,6 +564,9 @@ static ssize_t write_port(struct file *file, const char __user *buf,
>  	unsigned long i = *ppos;
>  	const char __user *tmp = buf;
>  
> +	if (secure_modules())
> +		return -EPERM;
> +
>  	if (!access_ok(VERIFY_READ, buf, count))
>  		return -EFAULT;
>  	while (count-- > 0 && i < 65536) {
> -- 
> 1.8.3.1
> 
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
> 

-- 
James Morris
<jmorris@namei.org>

  reply	other threads:[~2013-09-04  0:44 UTC|newest]

Thread overview: 59+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-09-03 23:50 Matthew Garrett
2013-09-03 23:50 ` [PATCH V3 01/11] Add secure_modules() call Matthew Garrett
2013-09-04  0:45   ` James Morris
2013-09-05  2:14   ` joeyli
2013-09-03 23:50 ` [PATCH V3 02/11] PCI: Lock down BAR access when module security is enabled Matthew Garrett
2013-09-04  0:45   ` James Morris
2013-09-04 16:57   ` David Woodhouse
2013-09-04 17:04     ` Matthew Garrett
2013-09-04 18:58       ` David Woodhouse
2013-09-04 19:01         ` Matthew Garrett
2013-09-04 19:31           ` David Woodhouse
2013-09-03 23:50 ` [PATCH V3 03/11] x86: Lock down IO port " Matthew Garrett
2013-09-04  0:45   ` James Morris [this message]
2013-09-05  3:52   ` H. Peter Anvin
2013-09-05  3:58     ` Matthew Garrett
2013-09-05 15:36       ` H. Peter Anvin
2013-09-03 23:50 ` [PATCH V3 04/11] ACPI: Limit access to custom_method Matthew Garrett
2013-09-04  0:46   ` James Morris
2013-09-03 23:50 ` [PATCH V3 05/11] asus-wmi: Restrict debugfs interface when module loading is restricted Matthew Garrett
2013-09-04  0:46   ` James Morris
2013-09-03 23:50 ` [PATCH V3 06/11] Restrict /dev/mem and /dev/kmem " Matthew Garrett
2013-09-04  0:47   ` James Morris
2013-09-03 23:50 ` [PATCH V3 07/11] acpi: Ignore acpi_rsdp kernel parameter " Matthew Garrett
2013-09-03 23:50 ` [PATCH V3 08/11] kexec: Disable at runtime if the kernel enforces module loading restrictions Matthew Garrett
2013-09-04  0:48   ` James Morris
2013-09-04 20:09   ` jerry.hoemann
2013-09-04 20:12     ` Matthew Garrett
2013-09-04 20:14     ` Josh Boyer
2013-09-08  6:40   ` Greg KH
2013-09-08  6:44     ` Matthew Garrett
2013-09-08  7:24       ` Greg KH
2013-09-08 14:40         ` Matthew Garrett
2013-09-08 15:51         ` Kees Cook
2013-09-08 16:18           ` Greg KH
2013-09-08 16:24             ` Matthew Garrett
2013-09-08 16:39               ` Greg KH
2013-09-08 16:59                 ` Matthew Garrett
2013-09-08 17:22                   ` Greg KH
2013-09-08 17:25                     ` Matthew Garrett
2013-09-08 17:11           ` James Bottomley
2013-09-08 17:15             ` Matthew Garrett
2013-09-08 17:22               ` James Bottomley
2013-09-08 17:27                 ` Matthew Garrett
2013-09-08 17:32                   ` James Bottomley
2013-09-08 17:38                     ` Matthew Garrett
2013-09-03 23:50 ` [PATCH V3 09/11] uswsusp: Disable when module loading is restricted Matthew Garrett
2013-09-04  0:48   ` James Morris
2013-09-05  3:20   ` joeyli
2013-09-03 23:50 ` [PATCH V3 10/11] x86: Restrict MSR access " Matthew Garrett
2013-09-04  0:49   ` James Morris
2013-09-03 23:50 ` [PATCH V3 11/11] Add option to automatically enforce module signatures when in Secure Boot mode Matthew Garrett
2013-09-04  1:42   ` James Morris
2013-09-04  1:42     ` Matthew Garrett
2013-09-05  3:13   ` joeyli
2013-09-05  8:24   ` joeyli
2013-09-05 10:16   ` Matt Fleming
2013-09-05 12:54     ` Matthew Garrett
2013-09-04 15:53 ` Kees Cook
2013-09-04 16:05   ` Re: Josh Boyer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=alpine.LRH.2.02.1309041045470.20116@tundra.namei.org \
    --to=jmorris@namei.org \
    --cc=hpa@zytor.com \
    --cc=keescook@chromium.org \
    --cc=linux-efi@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=matthew.garrett@nebula.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).