Home Home > GIT Browse
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJean Delvare <jdelvare@suse.de>2019-09-16 11:52:56 +0200
committerJean Delvare <jdelvare@suse.de>2019-10-03 10:06:31 +0200
commit6ab83e941e9d4a481ceea829d1f478c1e2fc5285 (patch)
tree6622f38fd2de58e44c95ea3a8d9b4369ff47c83c
parent3f5a2a56eb760ec7bc3b5fd760fb62f99c3974ce (diff)
secure boot lockdown: Fix-up backport of /dev/mem access restriction
The upstream-submitted patch set has evolved over time, align our patches (contents and description) to reflect the current status as far as /dev/mem access is concerned.
-rw-r--r--patches.suse/0043-Restrict-dev-mem-and-dev-kmem-when-the-kernel-is-loc.patch57
-rw-r--r--patches.suse/0051-x86-Lock-down-IO-port-access-when-the-kernel-is-lock.patch14
2 files changed, 26 insertions, 45 deletions
diff --git a/patches.suse/0043-Restrict-dev-mem-and-dev-kmem-when-the-kernel-is-loc.patch b/patches.suse/0043-Restrict-dev-mem-and-dev-kmem-when-the-kernel-is-loc.patch
index b444df79d3..79045c625b 100644
--- a/patches.suse/0043-Restrict-dev-mem-and-dev-kmem-when-the-kernel-is-loc.patch
+++ b/patches.suse/0043-Restrict-dev-mem-and-dev-kmem-when-the-kernel-is-loc.patch
@@ -1,46 +1,39 @@
-From 104cff827b18e35874153bd8df14eba59e5b411a Mon Sep 17 00:00:00 2001
-From: Matthew Garrett <matthew.garrett@nebula.com>
-Date: Wed, 5 Apr 2017 17:40:30 +0100
-Subject: [PATCH 43/62] Restrict /dev/mem and /dev/kmem when the kernel is
+From: Matthew Garrett <mjg59@srcf.ucam.org>
+Date: Mon, 19 Aug 2019 17:17:41 -0700
+Subject: lockdown: Restrict /dev/{mem,kmem,port} when the kernel is
locked down
-Patch-mainline: No, submitted https://patchwork.kernel.org/patch/9665599/
+Patch-mainline: No, submitted https://lkml.org/lkml/2019/8/19/1195
References: fate#314486
-Allowing users to write to address space makes it possible for the kernel to
-be subverted, avoiding module loading restrictions. Prevent this when the
-kernel has been locked down.
+Allowing users to read and write to core kernel memory makes it possible
+for the kernel to be subverted, avoiding module loading restrictions, and
+also to steal cryptographic information.
+
+Disallow /dev/mem and /dev/kmem from being opened this when the kernel has
+been locked down to prevent this.
+
+Also disallow /dev/port from being opened to prevent raw ioport access and
+thus DMA from being used to accomplish the same thing.
-Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
Signed-off-by: David Howells <dhowells@redhat.com>
+Signed-off-by: Matthew Garrett <mjg59@google.com>
+Reviewed-by: Kees Cook <keescook@chromium.org>
+Cc: x86@kernel.org
+Signed-off-by: James Morris <jmorris@namei.org>
Acked-by: Lee, Chun-Yi <jlee@suse.com>
+Acked-by: Jean Delvare <jdelvare@suse.de>
---
- drivers/char/mem.c | 6 ++++++
- 1 file changed, 6 insertions(+)
+ drivers/char/mem.c | 2 ++
+ 1 file changed, 2 insertions(+)
-diff --git a/drivers/char/mem.c b/drivers/char/mem.c
-index 6d9cc2d..f814404 100644
--- a/drivers/char/mem.c
+++ b/drivers/char/mem.c
-@@ -163,6 +163,9 @@ static ssize_t write_mem(struct file *file, const char __user *buf,
- if (p != *ppos)
- return -EFBIG;
+@@ -779,6 +779,8 @@ static loff_t memory_lseek(struct file *
+ static int open_port(struct inode *inode, struct file *filp)
+ {
+ if (kernel_is_locked_down())
+ return -EPERM;
-+
- if (!valid_phys_addr_range(p, count))
- return -EFAULT;
-
-@@ -513,6 +516,9 @@ static ssize_t write_kmem(struct file *file, const char __user *buf,
- char *kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
- int err = 0;
+ return capable(CAP_SYS_RAWIO) ? 0 : -EPERM;
+ }
-+ if (kernel_is_locked_down())
-+ return -EPERM;
-+
- if (p < (unsigned long) high_memory) {
- unsigned long to_write = min_t(unsigned long, count,
- (unsigned long)high_memory - p);
---
-2.10.2
-
diff --git a/patches.suse/0051-x86-Lock-down-IO-port-access-when-the-kernel-is-lock.patch b/patches.suse/0051-x86-Lock-down-IO-port-access-when-the-kernel-is-lock.patch
index fd28f8af05..48aec179dc 100644
--- a/patches.suse/0051-x86-Lock-down-IO-port-access-when-the-kernel-is-lock.patch
+++ b/patches.suse/0051-x86-Lock-down-IO-port-access-when-the-kernel-is-lock.patch
@@ -20,8 +20,7 @@ Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Lee, Chun-Yi <jlee@suse.com>
---
arch/x86/kernel/ioport.c | 4 ++--
- drivers/char/mem.c | 2 ++
- 2 files changed, 4 insertions(+), 2 deletions(-)
+ 1 file changed, 2 insertions(+), 2 deletions(-)
--- a/arch/x86/kernel/ioport.c
+++ b/arch/x86/kernel/ioport.c
@@ -43,14 +42,3 @@ Acked-by: Lee, Chun-Yi <jlee@suse.com>
return -EPERM;
}
regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) |
---- a/drivers/char/mem.c
-+++ b/drivers/char/mem.c
-@@ -768,6 +768,8 @@ static loff_t memory_lseek(struct file *
-
- static int open_port(struct inode *inode, struct file *filp)
- {
-+ if (kernel_is_locked_down())
-+ return -EPERM;
- return capable(CAP_SYS_RAWIO) ? 0 : -EPERM;
- }
-