lockdown: Lock down module params that specify hardware parameters (eg. ioport)
Provided an annotation for module parameters that specify hardware parameters (such as io ports, iomem addresses, irqs, dma channels, fixed dma buffers and other types). Suggested-by: Alan Cox <gnomes@lxorguk.ukuu.org.uk> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Matthew Garrett <mjg59@google.com> Reviewed-by: Kees Cook <keescook@chromium.org> Cc: Jessica Yu <jeyu@kernel.org> Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
parent
794edf30ee
commit
20657f66ef
|
@ -113,6 +113,7 @@ enum lockdown_reason {
|
|||
LOCKDOWN_ACPI_TABLES,
|
||||
LOCKDOWN_PCMCIA_CIS,
|
||||
LOCKDOWN_TIOCSSERIAL,
|
||||
LOCKDOWN_MODULE_PARAMETERS,
|
||||
LOCKDOWN_INTEGRITY_MAX,
|
||||
LOCKDOWN_CONFIDENTIALITY_MAX,
|
||||
};
|
||||
|
|
|
@ -12,6 +12,7 @@
|
|||
#include <linux/err.h>
|
||||
#include <linux/slab.h>
|
||||
#include <linux/ctype.h>
|
||||
#include <linux/security.h>
|
||||
|
||||
#ifdef CONFIG_SYSFS
|
||||
/* Protects all built-in parameters, modules use their own param_lock */
|
||||
|
@ -96,13 +97,19 @@ bool parameq(const char *a, const char *b)
|
|||
return parameqn(a, b, strlen(a)+1);
|
||||
}
|
||||
|
||||
static void param_check_unsafe(const struct kernel_param *kp)
|
||||
static bool param_check_unsafe(const struct kernel_param *kp)
|
||||
{
|
||||
if (kp->flags & KERNEL_PARAM_FL_HWPARAM &&
|
||||
security_locked_down(LOCKDOWN_MODULE_PARAMETERS))
|
||||
return false;
|
||||
|
||||
if (kp->flags & KERNEL_PARAM_FL_UNSAFE) {
|
||||
pr_notice("Setting dangerous option %s - tainting kernel\n",
|
||||
kp->name);
|
||||
add_taint(TAINT_USER, LOCKDEP_STILL_OK);
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
static int parse_one(char *param,
|
||||
|
@ -132,8 +139,10 @@ static int parse_one(char *param,
|
|||
pr_debug("handling %s with %p\n", param,
|
||||
params[i].ops->set);
|
||||
kernel_param_lock(params[i].mod);
|
||||
param_check_unsafe(¶ms[i]);
|
||||
err = params[i].ops->set(val, ¶ms[i]);
|
||||
if (param_check_unsafe(¶ms[i]))
|
||||
err = params[i].ops->set(val, ¶ms[i]);
|
||||
else
|
||||
err = -EPERM;
|
||||
kernel_param_unlock(params[i].mod);
|
||||
return err;
|
||||
}
|
||||
|
@ -553,8 +562,10 @@ static ssize_t param_attr_store(struct module_attribute *mattr,
|
|||
return -EPERM;
|
||||
|
||||
kernel_param_lock(mk->mod);
|
||||
param_check_unsafe(attribute->param);
|
||||
err = attribute->param->ops->set(buf, attribute->param);
|
||||
if (param_check_unsafe(attribute->param))
|
||||
err = attribute->param->ops->set(buf, attribute->param);
|
||||
else
|
||||
err = -EPERM;
|
||||
kernel_param_unlock(mk->mod);
|
||||
if (!err)
|
||||
return len;
|
||||
|
|
|
@ -28,6 +28,7 @@ static char *lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1] = {
|
|||
[LOCKDOWN_ACPI_TABLES] = "modifying ACPI tables",
|
||||
[LOCKDOWN_PCMCIA_CIS] = "direct PCMCIA CIS storage",
|
||||
[LOCKDOWN_TIOCSSERIAL] = "reconfiguration of serial port IO",
|
||||
[LOCKDOWN_MODULE_PARAMETERS] = "unsafe module parameters",
|
||||
[LOCKDOWN_INTEGRITY_MAX] = "integrity",
|
||||
[LOCKDOWN_CONFIDENTIALITY_MAX] = "confidentiality",
|
||||
};
|
||||
|
|
Loading…
Reference in New Issue