subject:"\[PATCH 05\/24\] Restrict \/dev\/mem and \/dev\/kmem when the kernel is locked down"

[PATCH 05/24] Restrict /dev/mem and /dev/kmem when the kernel is locked down

2017-04-05 Thread David Howells

From: Matthew Garrett 

Allowing users to write to address space makes it possible for the kernel to
be subverted, avoiding module loading restrictions.  Prevent this when the
kernel has been locked down.

Signed-off-by: Matthew Garrett 
Signed-off-by: David Howells 
---

 drivers/char/mem.c |6 ++
 1 file changed, 6 insertions(+)

diff --git a/drivers/char/mem.c b/drivers/char/mem.c
index 6d9cc2d39d22..f8144049bda3 100644
--- a/drivers/char/mem.c
+++ b/drivers/char/mem.c
@@ -163,6 +163,9 @@ static ssize_t write_mem(struct file *file, const char 
__user *buf,
if (p != *ppos)
return -EFBIG;
 
+   if (kernel_is_locked_down())
+   return -EPERM;
+
if (!valid_phys_addr_range(p, count))
return -EFAULT;
 
@@ -513,6 +516,9 @@ static ssize_t write_kmem(struct file *file, const char 
__user *buf,
char *kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
int err = 0;
 
+   if (kernel_is_locked_down())
+   return -EPERM;
+
if (p < (unsigned long) high_memory) {
unsigned long to_write = min_t(unsigned long, count,
   (unsigned long)high_memory - p);

[PATCH 05/24] Restrict /dev/mem and /dev/kmem when the kernel is locked down

2017-04-05 Thread David Howells

From: Matthew Garrett 

Allowing users to write to address space makes it possible for the kernel to
be subverted, avoiding module loading restrictions.  Prevent this when the
kernel has been locked down.

Signed-off-by: Matthew Garrett 
Signed-off-by: David Howells 
---

 drivers/char/mem.c |6 ++
 1 file changed, 6 insertions(+)

diff --git a/drivers/char/mem.c b/drivers/char/mem.c
index 6d9cc2d39d22..f8144049bda3 100644
--- a/drivers/char/mem.c
+++ b/drivers/char/mem.c
@@ -163,6 +163,9 @@ static ssize_t write_mem(struct file *file, const char 
__user *buf,
if (p != *ppos)
return -EFBIG;
 
+   if (kernel_is_locked_down())
+   return -EPERM;
+
if (!valid_phys_addr_range(p, count))
return -EFAULT;
 
@@ -513,6 +516,9 @@ static ssize_t write_kmem(struct file *file, const char 
__user *buf,
char *kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
int err = 0;
 
+   if (kernel_is_locked_down())
+   return -EPERM;
+
if (p < (unsigned long) high_memory) {
unsigned long to_write = min_t(unsigned long, count,
   (unsigned long)high_memory - p);

[PATCH 05/24] Restrict /dev/mem and /dev/kmem when the kernel is locked down

2017-04-05 Thread David Howells

From: Matthew Garrett 

Allowing users to write to address space makes it possible for the kernel to
be subverted, avoiding module loading restrictions.  Prevent this when the
kernel has been locked down.

Signed-off-by: Matthew Garrett 
Signed-off-by: David Howells 
---

 drivers/char/mem.c |6 ++
 1 file changed, 6 insertions(+)

diff --git a/drivers/char/mem.c b/drivers/char/mem.c
index 6d9cc2d39d22..f8144049bda3 100644
--- a/drivers/char/mem.c
+++ b/drivers/char/mem.c
@@ -163,6 +163,9 @@ static ssize_t write_mem(struct file *file, const char 
__user *buf,
if (p != *ppos)
return -EFBIG;
 
+   if (kernel_is_locked_down())
+   return -EPERM;
+
if (!valid_phys_addr_range(p, count))
return -EFAULT;
 
@@ -513,6 +516,9 @@ static ssize_t write_kmem(struct file *file, const char 
__user *buf,
char *kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
int err = 0;
 
+   if (kernel_is_locked_down())
+   return -EPERM;
+
if (p < (unsigned long) high_memory) {
unsigned long to_write = min_t(unsigned long, count,
   (unsigned long)high_memory - p);

[PATCH 05/24] Restrict /dev/mem and /dev/kmem when the kernel is locked down

2017-04-05 Thread David Howells

From: Matthew Garrett 

Allowing users to write to address space makes it possible for the kernel to
be subverted, avoiding module loading restrictions.  Prevent this when the
kernel has been locked down.

Signed-off-by: Matthew Garrett 
Signed-off-by: David Howells 
---

 drivers/char/mem.c |6 ++
 1 file changed, 6 insertions(+)

diff --git a/drivers/char/mem.c b/drivers/char/mem.c
index 6d9cc2d39d22..f8144049bda3 100644
--- a/drivers/char/mem.c
+++ b/drivers/char/mem.c
@@ -163,6 +163,9 @@ static ssize_t write_mem(struct file *file, const char 
__user *buf,
if (p != *ppos)
return -EFBIG;
 
+   if (kernel_is_locked_down())
+   return -EPERM;
+
if (!valid_phys_addr_range(p, count))
return -EFAULT;
 
@@ -513,6 +516,9 @@ static ssize_t write_kmem(struct file *file, const char 
__user *buf,
char *kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
int err = 0;
 
+   if (kernel_is_locked_down())
+   return -EPERM;
+
if (p < (unsigned long) high_memory) {
unsigned long to_write = min_t(unsigned long, count,
   (unsigned long)high_memory - p);

[PATCH 05/24] Restrict /dev/mem and /dev/kmem when the kernel is locked down

2017-04-05 Thread David Howells

From: Matthew Garrett 

Allowing users to write to address space makes it possible for the kernel to
be subverted, avoiding module loading restrictions.  Prevent this when the
kernel has been locked down.

Signed-off-by: Matthew Garrett 
Signed-off-by: David Howells 
---

 drivers/char/mem.c |6 ++
 1 file changed, 6 insertions(+)

diff --git a/drivers/char/mem.c b/drivers/char/mem.c
index 6d9cc2d39d22..f8144049bda3 100644
--- a/drivers/char/mem.c
+++ b/drivers/char/mem.c
@@ -163,6 +163,9 @@ static ssize_t write_mem(struct file *file, const char 
__user *buf,
if (p != *ppos)
return -EFBIG;
 
+   if (kernel_is_locked_down())
+   return -EPERM;
+
if (!valid_phys_addr_range(p, count))
return -EFAULT;
 
@@ -513,6 +516,9 @@ static ssize_t write_kmem(struct file *file, const char 
__user *buf,
char *kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
int err = 0;
 
+   if (kernel_is_locked_down())
+   return -EPERM;
+
if (p < (unsigned long) high_memory) {
unsigned long to_write = min_t(unsigned long, count,
   (unsigned long)high_memory - p);

[PATCH 05/24] Restrict /dev/mem and /dev/kmem when the kernel is locked down

2017-04-05 Thread David Howells

From: Matthew Garrett 

Allowing users to write to address space makes it possible for the kernel to
be subverted, avoiding module loading restrictions.  Prevent this when the
kernel has been locked down.

Signed-off-by: Matthew Garrett 
Signed-off-by: David Howells 
---

 drivers/char/mem.c |6 ++
 1 file changed, 6 insertions(+)

diff --git a/drivers/char/mem.c b/drivers/char/mem.c
index 6d9cc2d39d22..f8144049bda3 100644
--- a/drivers/char/mem.c
+++ b/drivers/char/mem.c
@@ -163,6 +163,9 @@ static ssize_t write_mem(struct file *file, const char 
__user *buf,
if (p != *ppos)
return -EFBIG;
 
+   if (kernel_is_locked_down())
+   return -EPERM;
+
if (!valid_phys_addr_range(p, count))
return -EFAULT;
 
@@ -513,6 +516,9 @@ static ssize_t write_kmem(struct file *file, const char 
__user *buf,
char *kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
int err = 0;
 
+   if (kernel_is_locked_down())
+   return -EPERM;
+
if (p < (unsigned long) high_memory) {
unsigned long to_write = min_t(unsigned long, count,
   (unsigned long)high_memory - p);

[PATCH 05/24] Restrict /dev/mem and /dev/kmem when the kernel is locked down

[PATCH 05/24] Restrict /dev/mem and /dev/kmem when the kernel is locked down

[PATCH 05/24] Restrict /dev/mem and /dev/kmem when the kernel is locked down

[PATCH 05/24] Restrict /dev/mem and /dev/kmem when the kernel is locked down

[PATCH 05/24] Restrict /dev/mem and /dev/kmem when the kernel is locked down

[PATCH 05/24] Restrict /dev/mem and /dev/kmem when the kernel is locked down

6 matches

Site Navigation

Mail list logo

Footer information