forked from rpms/kernel
		
	
		
			
				
	
	
		
			45 lines
		
	
	
		
			1.2 KiB
		
	
	
	
		
			Diff
		
	
	
	
	
	
			
		
		
	
	
			45 lines
		
	
	
		
			1.2 KiB
		
	
	
	
		
			Diff
		
	
	
	
	
	
| From c076ed5eed97cba612d7efec41359815c5547f4c Mon Sep 17 00:00:00 2001
 | |
| From: Matthew Garrett <matthew.garrett@nebula.com>
 | |
| Date: Fri, 8 Feb 2013 11:12:13 -0800
 | |
| Subject: [PATCH 09/20] x86: Restrict MSR access when module loading is
 | |
|  restricted
 | |
| 
 | |
| Writing to MSRs should not be allowed if module loading is restricted,
 | |
| since it could lead to execution of arbitrary code in kernel mode. Based
 | |
| on a patch by Kees Cook.
 | |
| 
 | |
| Cc: Kees Cook <keescook@chromium.org>
 | |
| Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
 | |
| ---
 | |
|  arch/x86/kernel/msr.c | 7 +++++++
 | |
|  1 file changed, 7 insertions(+)
 | |
| 
 | |
| diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c
 | |
| index 113e70784854..26c2f83fc470 100644
 | |
| --- a/arch/x86/kernel/msr.c
 | |
| +++ b/arch/x86/kernel/msr.c
 | |
| @@ -105,6 +105,9 @@ static ssize_t msr_write(struct file *file, const char __user *buf,
 | |
|  	int err = 0;
 | |
|  	ssize_t bytes = 0;
 | |
|  
 | |
| +	if (secure_modules())
 | |
| +		return -EPERM;
 | |
| +
 | |
|  	if (count % 8)
 | |
|  		return -EINVAL;	/* Invalid chunk size */
 | |
|  
 | |
| @@ -152,6 +155,10 @@ static long msr_ioctl(struct file *file, unsigned int ioc, unsigned long arg)
 | |
|  			err = -EBADF;
 | |
|  			break;
 | |
|  		}
 | |
| +		if (secure_modules()) {
 | |
| +			err = -EPERM;
 | |
| +			break;
 | |
| +		}
 | |
|  		if (copy_from_user(®s, uregs, sizeof regs)) {
 | |
|  			err = -EFAULT;
 | |
|  			break;
 | |
| -- 
 | |
| 2.4.3
 | |
| 
 |