dbc4a9
From: Matthew Garrett <matthew.garrett@nebula.com>
dbc4a9
Date: Fri, 8 Feb 2013 11:12:13 -0800
dbc4a9
Subject: [PATCH] x86: Restrict MSR access when module loading is restricted
dbc4a9
dbc4a9
Writing to MSRs should not be allowed if module loading is restricted,
dbc4a9
since it could lead to execution of arbitrary code in kernel mode. Based
dbc4a9
on a patch by Kees Cook.
dbc4a9
dbc4a9
Cc: Kees Cook <keescook@chromium.org>
dbc4a9
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
dbc4a9
---
dbc4a9
 arch/x86/kernel/msr.c | 7 +++++++
dbc4a9
 1 file changed, 7 insertions(+)
dbc4a9
dbc4a9
diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c
dbc4a9
index c9603ac80de5..8bef43fc3f40 100644
dbc4a9
--- a/arch/x86/kernel/msr.c
dbc4a9
+++ b/arch/x86/kernel/msr.c
dbc4a9
@@ -103,6 +103,9 @@ static ssize_t msr_write(struct file *file, const char __user *buf,
dbc4a9
 	int err = 0;
dbc4a9
 	ssize_t bytes = 0;
dbc4a9
 
dbc4a9
+	if (secure_modules())
dbc4a9
+		return -EPERM;
dbc4a9
+
dbc4a9
 	if (count % 8)
dbc4a9
 		return -EINVAL;	/* Invalid chunk size */
dbc4a9
 
dbc4a9
@@ -150,6 +153,10 @@ static long msr_ioctl(struct file *file, unsigned int ioc, unsigned long arg)
dbc4a9
 			err = -EBADF;
dbc4a9
 			break;
dbc4a9
 		}
dbc4a9
+		if (secure_modules()) {
dbc4a9
+			err = -EPERM;
dbc4a9
+			break;
dbc4a9
+		}
dbc4a9
 		if (copy_from_user(®s, uregs, sizeof regs)) {
dbc4a9
 			err = -EFAULT;
dbc4a9
 			break;
dbc4a9
-- 
c47527
2.1.0
dbc4a9