x86/msr: Restrict MSR access when the kernel is locked down
Writing to MSRs should not be allowed if the kernel is locked down, since it could lead to execution of arbitrary code in kernel mode. Based on a patch by Kees Cook. Signed-off-by: Matthew Garrett <mjg59@google.com> Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Kees Cook <keescook@chromium.org> Reviewed-by: Thomas Gleixner <tglx@linutronix.de> cc: x86@kernel.org Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
parent
96c4f67293
commit
95f5e95f41
|
@ -34,6 +34,7 @@
|
|||
#include <linux/notifier.h>
|
||||
#include <linux/uaccess.h>
|
||||
#include <linux/gfp.h>
|
||||
#include <linux/security.h>
|
||||
|
||||
#include <asm/cpufeature.h>
|
||||
#include <asm/msr.h>
|
||||
|
@ -79,6 +80,10 @@ static ssize_t msr_write(struct file *file, const char __user *buf,
|
|||
int err = 0;
|
||||
ssize_t bytes = 0;
|
||||
|
||||
err = security_locked_down(LOCKDOWN_MSR);
|
||||
if (err)
|
||||
return err;
|
||||
|
||||
if (count % 8)
|
||||
return -EINVAL; /* Invalid chunk size */
|
||||
|
||||
|
@ -130,6 +135,9 @@ static long msr_ioctl(struct file *file, unsigned int ioc, unsigned long arg)
|
|||
err = -EFAULT;
|
||||
break;
|
||||
}
|
||||
err = security_locked_down(LOCKDOWN_MSR);
|
||||
if (err)
|
||||
break;
|
||||
err = wrmsr_safe_regs_on_cpu(cpu, regs);
|
||||
if (err)
|
||||
break;
|
||||
|
|
|
@ -109,6 +109,7 @@ enum lockdown_reason {
|
|||
LOCKDOWN_HIBERNATION,
|
||||
LOCKDOWN_PCI_ACCESS,
|
||||
LOCKDOWN_IOPORT,
|
||||
LOCKDOWN_MSR,
|
||||
LOCKDOWN_INTEGRITY_MAX,
|
||||
LOCKDOWN_CONFIDENTIALITY_MAX,
|
||||
};
|
||||
|
|
|
@ -24,6 +24,7 @@ static char *lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1] = {
|
|||
[LOCKDOWN_HIBERNATION] = "hibernation",
|
||||
[LOCKDOWN_PCI_ACCESS] = "direct PCI access",
|
||||
[LOCKDOWN_IOPORT] = "raw io port access",
|
||||
[LOCKDOWN_MSR] = "raw MSR access",
|
||||
[LOCKDOWN_INTEGRITY_MAX] = "integrity",
|
||||
[LOCKDOWN_CONFIDENTIALITY_MAX] = "confidentiality",
|
||||
};
|
||||
|
|
Loading…
Reference in New Issue
Block a user