x86/mmiotrace: Lock down the testmmiotrace module
The testmmiotrace module shouldn't be permitted when the kernel is locked down as it can be used to arbitrarily read and write MMIO space. This is a runtime check rather than buildtime in order to allow configurations where the same kernel may be run in both locked down or permissive modes depending on local policy. Suggested-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: David Howells <dhowells@redhat.com Signed-off-by: Matthew Garrett <mjg59@google.com> Acked-by: Steven Rostedt (VMware) <rostedt@goodmis.org> Reviewed-by: Kees Cook <keescook@chromium.org> cc: Thomas Gleixner <tglx@linutronix.de> cc: Steven Rostedt <rostedt@goodmis.org> cc: Ingo Molnar <mingo@kernel.org> cc: "H. Peter Anvin" <hpa@zytor.com> cc: x86@kernel.org Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
parent
20657f66ef
commit
906357f77a
|
@ -8,6 +8,7 @@
|
||||||
#include <linux/module.h>
|
#include <linux/module.h>
|
||||||
#include <linux/io.h>
|
#include <linux/io.h>
|
||||||
#include <linux/mmiotrace.h>
|
#include <linux/mmiotrace.h>
|
||||||
|
#include <linux/security.h>
|
||||||
|
|
||||||
static unsigned long mmio_address;
|
static unsigned long mmio_address;
|
||||||
module_param_hw(mmio_address, ulong, iomem, 0);
|
module_param_hw(mmio_address, ulong, iomem, 0);
|
||||||
|
@ -115,6 +116,10 @@ static void do_test_bulk_ioremapping(void)
|
||||||
static int __init init(void)
|
static int __init init(void)
|
||||||
{
|
{
|
||||||
unsigned long size = (read_far) ? (8 << 20) : (16 << 10);
|
unsigned long size = (read_far) ? (8 << 20) : (16 << 10);
|
||||||
|
int ret = security_locked_down(LOCKDOWN_MMIOTRACE);
|
||||||
|
|
||||||
|
if (ret)
|
||||||
|
return ret;
|
||||||
|
|
||||||
if (mmio_address == 0) {
|
if (mmio_address == 0) {
|
||||||
pr_err("you have to use the module argument mmio_address.\n");
|
pr_err("you have to use the module argument mmio_address.\n");
|
||||||
|
|
|
@ -114,6 +114,7 @@ enum lockdown_reason {
|
||||||
LOCKDOWN_PCMCIA_CIS,
|
LOCKDOWN_PCMCIA_CIS,
|
||||||
LOCKDOWN_TIOCSSERIAL,
|
LOCKDOWN_TIOCSSERIAL,
|
||||||
LOCKDOWN_MODULE_PARAMETERS,
|
LOCKDOWN_MODULE_PARAMETERS,
|
||||||
|
LOCKDOWN_MMIOTRACE,
|
||||||
LOCKDOWN_INTEGRITY_MAX,
|
LOCKDOWN_INTEGRITY_MAX,
|
||||||
LOCKDOWN_CONFIDENTIALITY_MAX,
|
LOCKDOWN_CONFIDENTIALITY_MAX,
|
||||||
};
|
};
|
||||||
|
|
|
@ -29,6 +29,7 @@ static char *lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1] = {
|
||||||
[LOCKDOWN_PCMCIA_CIS] = "direct PCMCIA CIS storage",
|
[LOCKDOWN_PCMCIA_CIS] = "direct PCMCIA CIS storage",
|
||||||
[LOCKDOWN_TIOCSSERIAL] = "reconfiguration of serial port IO",
|
[LOCKDOWN_TIOCSSERIAL] = "reconfiguration of serial port IO",
|
||||||
[LOCKDOWN_MODULE_PARAMETERS] = "unsafe module parameters",
|
[LOCKDOWN_MODULE_PARAMETERS] = "unsafe module parameters",
|
||||||
|
[LOCKDOWN_MMIOTRACE] = "unsafe mmio",
|
||||||
[LOCKDOWN_INTEGRITY_MAX] = "integrity",
|
[LOCKDOWN_INTEGRITY_MAX] = "integrity",
|
||||||
[LOCKDOWN_CONFIDENTIALITY_MAX] = "confidentiality",
|
[LOCKDOWN_CONFIDENTIALITY_MAX] = "confidentiality",
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in New Issue