6a9155
From: Matthew Garrett <matthew.garrett@nebula.com>
6a9155
Date: Fri, 9 Mar 2012 09:28:15 -0500
6a9155
Subject: [PATCH] Restrict /dev/mem and /dev/kmem when module loading is
6a9155
 restricted
6a9155
6a9155
Allowing users to write to address space makes it possible for the kernel
6a9155
to be subverted, avoiding module loading restrictions. Prevent this when
6a9155
any restrictions have been imposed on loading modules.
6a9155
6a9155
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
6a9155
---
6a9155
 drivers/char/mem.c | 6 ++++++
6a9155
 1 file changed, 6 insertions(+)
6a9155
6a9155
diff --git a/drivers/char/mem.c b/drivers/char/mem.c
84326c
index 53fe675f9bd7..b52c88860532 100644
6a9155
--- a/drivers/char/mem.c
6a9155
+++ b/drivers/char/mem.c
208228
@@ -167,6 +167,9 @@ static ssize_t write_mem(struct file *file, const char __user *buf,
6a9155
 	if (p != *ppos)
6a9155
 		return -EFBIG;
6a9155
 
6a9155
+	if (secure_modules())
6a9155
+		return -EPERM;
6a9155
+
6a9155
 	if (!valid_phys_addr_range(p, count))
6a9155
 		return -EFAULT;
6a9155
 
f1193f
@@ -513,6 +516,9 @@ static ssize_t write_kmem(struct file *file, const char __user *buf,
6a9155
 	char *kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
6a9155
 	int err = 0;
6a9155
 
6a9155
+	if (secure_modules())
6a9155
+		return -EPERM;
6a9155
+
6a9155
 	if (p < (unsigned long) high_memory) {
6a9155
 		unsigned long to_write = min_t(unsigned long, count,
6a9155
 					       (unsigned long)high_memory - p);