Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 906357f7 authored by David Howells's avatar David Howells Committed by James Morris
Browse files

x86/mmiotrace: Lock down the testmmiotrace module 



The testmmiotrace module shouldn't be permitted when the kernel is locked
down as it can be used to arbitrarily read and write MMIO space. This is
a runtime check rather than buildtime in order to allow configurations
where the same kernel may be run in both locked down or permissive modes
depending on local policy.

Suggested-by: default avatarThomas Gleixner <tglx@linutronix.de>
Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
Signed-off-by: default avatarMatthew Garrett <mjg59@google.com>
Acked-by: default avatarSteven Rostedt (VMware) <rostedt@goodmis.org>
Reviewed-by: default avatarKees Cook <keescook@chromium.org>
cc: Thomas Gleixner <tglx@linutronix.de>
cc: Steven Rostedt <rostedt@goodmis.org>
cc: Ingo Molnar <mingo@kernel.org>
cc: "H. Peter Anvin" <hpa@zytor.com>
cc: x86@kernel.org
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent 20657f66

arch/x86/mm/testmmiotrace.c

+5 −0
Original line number Diff line number Diff line
@@ -8,6 +8,7 @@ 
#include <linux/module.h>

#include <linux/io.h>

#include <linux/mmiotrace.h>

#include <linux/security.h>



static unsigned long mmio_address;

module_param_hw(mmio_address, ulong, iomem, 0);
@@ -115,6 +116,10 @@ static void do_test_bulk_ioremapping(void) 
static int __init init(void)

{

	unsigned long size = (read_far) ? (8 << 20) : (16 << 10);

	int ret = security_locked_down(LOCKDOWN_MMIOTRACE);



	if (ret)

		return ret;



	if (mmio_address == 0) {

		pr_err("you have to use the module argument mmio_address.\n");

include/linux/security.h

+1 −0
Original line number Diff line number Diff line
@@ -114,6 +114,7 @@ enum lockdown_reason { 
	LOCKDOWN_PCMCIA_CIS,

	LOCKDOWN_TIOCSSERIAL,

	LOCKDOWN_MODULE_PARAMETERS,

	LOCKDOWN_MMIOTRACE,

	LOCKDOWN_INTEGRITY_MAX,

	LOCKDOWN_CONFIDENTIALITY_MAX,

};

security/lockdown/lockdown.c

+1 −0
Original line number Diff line number Diff line
@@ -29,6 +29,7 @@ static char *lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1] = { 
	[LOCKDOWN_PCMCIA_CIS] = "direct PCMCIA CIS storage",

	[LOCKDOWN_TIOCSSERIAL] = "reconfiguration of serial port IO",

	[LOCKDOWN_MODULE_PARAMETERS] = "unsafe module parameters",

	[LOCKDOWN_MMIOTRACE] = "unsafe mmio",

	[LOCKDOWN_INTEGRITY_MAX] = "integrity",

	[LOCKDOWN_CONFIDENTIALITY_MAX] = "confidentiality",

};