| Message ID | 20190820001805.241928-15-matthewgarrett@google.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Add kernel lockdown functionality | expand |
On Tuesday, August 20, 2019 2:17:50 AM CEST Matthew Garrett wrote: > From: Matthew Garrett <mjg59@srcf.ucam.org> > > custom_method effectively allows arbitrary access to system memory, making > it possible for an attacker to circumvent restrictions on module loading. > Disable it if the kernel is locked down. > > Signed-off-by: Matthew Garrett <mjg59@google.com> > Signed-off-by: David Howells <dhowells@redhat.com> > Reviewed-by: Kees Cook <keescook@chromium.org> > cc: linux-acpi@vger.kernel.org > Signed-off-by: James Morris <jmorris@namei.org> Acked-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com> > --- > drivers/acpi/custom_method.c | 6 ++++++ > include/linux/security.h | 1 + > security/lockdown/lockdown.c | 1 + > 3 files changed, 8 insertions(+) > > diff --git a/drivers/acpi/custom_method.c b/drivers/acpi/custom_method.c > index b2ef4c2ec955..7031307becd7 100644 > --- a/drivers/acpi/custom_method.c > +++ b/drivers/acpi/custom_method.c > @@ -9,6 +9,7 @@ > #include <linux/uaccess.h> > #include <linux/debugfs.h> > #include <linux/acpi.h> > +#include <linux/security.h> > > #include "internal.h" > > @@ -29,6 +30,11 @@ static ssize_t cm_write(struct file *file, const char __user * user_buf, > > struct acpi_table_header table; > acpi_status status; > + int ret; > + > + ret = security_locked_down(LOCKDOWN_ACPI_TABLES); > + if (ret) > + return ret; > > if (!(*ppos)) { > /* parse the table header to get the table length */ > diff --git a/include/linux/security.h b/include/linux/security.h > index 010637a79eac..390e39395112 100644 > --- a/include/linux/security.h > +++ b/include/linux/security.h > @@ -110,6 +110,7 @@ enum lockdown_reason { > LOCKDOWN_PCI_ACCESS, > LOCKDOWN_IOPORT, > LOCKDOWN_MSR, > + LOCKDOWN_ACPI_TABLES, > LOCKDOWN_INTEGRITY_MAX, > LOCKDOWN_CONFIDENTIALITY_MAX, > }; > diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c > index b1c1c72440d5..6d44db0ddffa 100644 > --- a/security/lockdown/lockdown.c > +++ b/security/lockdown/lockdown.c > @@ -25,6 +25,7 @@ static char *lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1] = { > [LOCKDOWN_PCI_ACCESS] = "direct PCI access", > [LOCKDOWN_IOPORT] = "raw io port access", > [LOCKDOWN_MSR] = "raw MSR access", > + [LOCKDOWN_ACPI_TABLES] = "modifying ACPI tables", > [LOCKDOWN_INTEGRITY_MAX] = "integrity", > [LOCKDOWN_CONFIDENTIALITY_MAX] = "confidentiality", > }; >
diff --git a/drivers/acpi/custom_method.c b/drivers/acpi/custom_method.c index b2ef4c2ec955..7031307becd7 100644 --- a/drivers/acpi/custom_method.c +++ b/drivers/acpi/custom_method.c @@ -9,6 +9,7 @@ #include <linux/uaccess.h> #include <linux/debugfs.h> #include <linux/acpi.h> +#include <linux/security.h> #include "internal.h" @@ -29,6 +30,11 @@ static ssize_t cm_write(struct file *file, const char __user * user_buf, struct acpi_table_header table; acpi_status status; + int ret; + + ret = security_locked_down(LOCKDOWN_ACPI_TABLES); + if (ret) + return ret; if (!(*ppos)) { /* parse the table header to get the table length */ diff --git a/include/linux/security.h b/include/linux/security.h index 010637a79eac..390e39395112 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -110,6 +110,7 @@ enum lockdown_reason { LOCKDOWN_PCI_ACCESS, LOCKDOWN_IOPORT, LOCKDOWN_MSR, + LOCKDOWN_ACPI_TABLES, LOCKDOWN_INTEGRITY_MAX, LOCKDOWN_CONFIDENTIALITY_MAX, }; diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c index b1c1c72440d5..6d44db0ddffa 100644 --- a/security/lockdown/lockdown.c +++ b/security/lockdown/lockdown.c @@ -25,6 +25,7 @@ static char *lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1] = { [LOCKDOWN_PCI_ACCESS] = "direct PCI access", [LOCKDOWN_IOPORT] = "raw io port access", [LOCKDOWN_MSR] = "raw MSR access", + [LOCKDOWN_ACPI_TABLES] = "modifying ACPI tables", [LOCKDOWN_INTEGRITY_MAX] = "integrity", [LOCKDOWN_CONFIDENTIALITY_MAX] = "confidentiality", };