| From c076ed5eed97cba612d7efec41359815c5547f4c Mon Sep 17 00:00:00 2001 |
| From: Matthew Garrett <matthew.garrett@nebula.com> |
| Date: Fri, 8 Feb 2013 11:12:13 -0800 |
| Subject: [PATCH 09/20] x86: Restrict MSR access when module loading is |
| restricted |
| |
| Writing to MSRs should not be allowed if module loading is restricted, |
| since it could lead to execution of arbitrary code in kernel mode. Based |
| on a patch by Kees Cook. |
| |
| Cc: Kees Cook <keescook@chromium.org> |
| Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com> |
| |
| arch/x86/kernel/msr.c | 7 +++++++ |
| 1 file changed, 7 insertions(+) |
| |
| diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c |
| index 113e70784854..26c2f83fc470 100644 |
| |
| |
| @@ -105,6 +105,9 @@ static ssize_t msr_write(struct file *file, const char __user *buf, |
| int err = 0; |
| ssize_t bytes = 0; |
| |
| + if (secure_modules()) |
| + return -EPERM; |
| + |
| if (count % 8) |
| return -EINVAL; /* Invalid chunk size */ |
| |
| @@ -152,6 +155,10 @@ static long msr_ioctl(struct file *file, unsigned int ioc, unsigned long arg) |
| err = -EBADF; |
| break; |
| } |
| + if (secure_modules()) { |
| + err = -EPERM; |
| + break; |
| + } |
| if (copy_from_user(®s, uregs, sizeof regs)) { |
| err = -EFAULT; |
| break; |
| -- |
| 2.4.3 |
| |