6a91557
From: Matthew Garrett <matthew.garrett@nebula.com>
6a91557
Date: Fri, 8 Feb 2013 11:12:13 -0800
6a91557
Subject: [PATCH] x86: Restrict MSR access when module loading is restricted
6a91557
6a91557
Writing to MSRs should not be allowed if module loading is restricted,
6a91557
since it could lead to execution of arbitrary code in kernel mode. Based
6a91557
on a patch by Kees Cook.
6a91557
6a91557
Cc: Kees Cook <keescook@chromium.org>
6a91557
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
6a91557
---
6a91557
 arch/x86/kernel/msr.c | 7 +++++++
6a91557
 1 file changed, 7 insertions(+)
6a91557
6a91557
diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c
208228c
index 113e70784854..26c2f83fc470 100644
6a91557
--- a/arch/x86/kernel/msr.c
6a91557
+++ b/arch/x86/kernel/msr.c
208228c
@@ -105,6 +105,9 @@ static ssize_t msr_write(struct file *file, const char __user *buf,
6a91557
 	int err = 0;
6a91557
 	ssize_t bytes = 0;
6a91557
 
6a91557
+	if (secure_modules())
6a91557
+		return -EPERM;
6a91557
+
6a91557
 	if (count % 8)
6a91557
 		return -EINVAL;	/* Invalid chunk size */
6a91557
 
208228c
@@ -152,6 +155,10 @@ static long msr_ioctl(struct file *file, unsigned int ioc, unsigned long arg)
6a91557
 			err = -EBADF;
6a91557
 			break;
6a91557
 		}
6a91557
+		if (secure_modules()) {
6a91557
+			err = -EPERM;
6a91557
+			break;
6a91557
+		}
6a91557
 		if (copy_from_user(&regs, uregs, sizeof regs)) {
6a91557
 			err = -EFAULT;
6a91557
 			break;