6a9155
From: Matthew Garrett <matthew.garrett@nebula.com>
6a9155
Date: Fri, 8 Feb 2013 11:12:13 -0800
6a9155
Subject: [PATCH] x86: Restrict MSR access when module loading is restricted
6a9155
6a9155
Writing to MSRs should not be allowed if module loading is restricted,
6a9155
since it could lead to execution of arbitrary code in kernel mode. Based
6a9155
on a patch by Kees Cook.
6a9155
6a9155
Cc: Kees Cook <keescook@chromium.org>
6a9155
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
6a9155
---
6a9155
 arch/x86/kernel/msr.c | 7 +++++++
6a9155
 1 file changed, 7 insertions(+)
6a9155
6a9155
diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c
208228
index 113e70784854..26c2f83fc470 100644
6a9155
--- a/arch/x86/kernel/msr.c
6a9155
+++ b/arch/x86/kernel/msr.c
208228
@@ -105,6 +105,9 @@ static ssize_t msr_write(struct file *file, const char __user *buf,
6a9155
 	int err = 0;
6a9155
 	ssize_t bytes = 0;
6a9155
 
6a9155
+	if (secure_modules())
6a9155
+		return -EPERM;
6a9155
+
6a9155
 	if (count % 8)
6a9155
 		return -EINVAL;	/* Invalid chunk size */
6a9155
 
208228
@@ -152,6 +155,10 @@ static long msr_ioctl(struct file *file, unsigned int ioc, unsigned long arg)
6a9155
 			err = -EBADF;
6a9155
 			break;
6a9155
 		}
6a9155
+		if (secure_modules()) {
6a9155
+			err = -EPERM;
6a9155
+			break;
6a9155
+		}
6a9155
 		if (copy_from_user(&regs, uregs, sizeof regs)) {
6a9155
 			err = -EFAULT;
6a9155
 			break;