From patchwork Thu Jun 18 23:12:54 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 1312487 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49nyV652tMz9sRW; Fri, 19 Jun 2020 09:15:58 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1jm3lC-0001Gd-3w; Thu, 18 Jun 2020 23:15:54 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3jP-0000AQ-Nw for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:14:03 +0000 Received: from mail-io1-f70.google.com ([209.85.166.70]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3jO-0008WR-9F for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:14:02 +0000 Received: by mail-io1-f70.google.com with SMTP id l204so5342419ioa.4 for ; Thu, 18 Jun 2020 16:14:02 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=AF+rvn3cPMdyW88bulT7E3dojOzpYjLcJmi/uh0A8Vo=; b=CYgkav+Mf1o6npCvwfECIoRDgSRdQJVEXirK4XKBFoosUpHRM/Dv725CkOKWJsESpW c+vzVcb0ZwSmRwJFYeGRhAN/cBaju/oP3jq6w6FXjQaGG+GD8XMD+iI430gRYP30hytG T1KbCJjt8rUjBGCSAi+bETNhyH5J/tQrSHd2FMu/w/4b0kGuiAYAMBGAJPyUNLpgsxa5 tqo0fHmYVCqNa5BdLoju3EwouDiqre+Y1oZ8QcueDC/JbAhE+NoUpTcQZyZI15AEPgND D/deOUHCTCyZlUt+z2ihFi08WuaXytFJsWbHlLDSn8aInMVtlXV5ovZ6Wte+Saj04WOD z87w== X-Gm-Message-State: AOAM530mYsn+naqHkR6toNdA1W9zZr4vNDRpaAt6BKyFwKoC4UkL9Dch OYgoMAqwyPwJG94cecqOyF3S1irQASCtGPXV0zbruKoBra+jLDzYiHZ/Y2oj7svzBTPz1zLsnbc eomQOT+byTlMvVlCg1sKbmwOq5kZ9mipY9dvEp4ABvQ== X-Received: by 2002:a05:6e02:1313:: with SMTP id g19mr850957ilr.91.1592522041168; Thu, 18 Jun 2020 16:14:01 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwFusoFiO08mK20UBoHIDURCgCG8V02FpqtHy9sLMTLh7ImhrV2QCjp9/pgWTri7QciLRMVRQ== X-Received: by 2002:a05:6e02:1313:: with SMTP id g19mr850950ilr.91.1592522040913; Thu, 18 Jun 2020 16:14:00 -0700 (PDT) Received: from localhost ([2605:a601:ac0f:820:f090:1573:c2fc:6389]) by smtp.gmail.com with ESMTPSA id u20sm2409383iom.30.2020.06.18.16.14.00 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 16:14:00 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH 43/47][X] UBUNTU: SAUCE: (efi-lockdown) Lock down module params that specify hardware parameters (eg. ioport) Date: Thu, 18 Jun 2020 18:12:54 -0500 Message-Id: <20200618231258.630575-44-seth.forshee@canonical.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200618231258.630575-1-seth.forshee@canonical.com> References: <20200618231258.630575-1-seth.forshee@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: David Howells BugLink: https://bugs.launchpad.net/bugs/1884159 Provided an annotation for module parameters that specify hardware parameters (such as io ports, iomem addresses, irqs, dma channels, fixed dma buffers and other types). Suggested-by: Alan Cox Signed-off-by: David Howells (backported from commit 33a38c67ed53106458e1858a2101cae3026486e4 git://git.kernel.org/pub/scm/linux/kernel/git/jwboyer/fedora.git) Signed-off-by: Seth Forshee --- kernel/params.c | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/kernel/params.c b/kernel/params.c index a6d6149c0fe6..87bbf2bdc09e 100644 --- a/kernel/params.c +++ b/kernel/params.c @@ -108,13 +108,18 @@ bool parameq(const char *a, const char *b) return parameqn(a, b, strlen(a)+1); } -static void param_check_unsafe(const struct kernel_param *kp) +static bool param_check_unsafe(const struct kernel_param *kp, + const char *doing) { if (kp->flags & KERNEL_PARAM_FL_UNSAFE) { pr_warn("Setting dangerous option %s - tainting kernel\n", kp->name); add_taint(TAINT_USER, LOCKDEP_STILL_OK); } + + if (kp->flags & KERNEL_PARAM_FL_HWPARAM && secure_modules()) + return false; + return true; } static int parse_one(char *param, @@ -144,8 +149,10 @@ static int parse_one(char *param, pr_debug("handling %s with %p\n", param, params[i].ops->set); kernel_param_lock(params[i].mod); - param_check_unsafe(¶ms[i]); - err = params[i].ops->set(val, ¶ms[i]); + if (param_check_unsafe(¶ms[i], doing)) + err = params[i].ops->set(val, ¶ms[i]); + else + err = -EPERM; kernel_param_unlock(params[i].mod); return err; } @@ -608,6 +615,12 @@ static ssize_t param_attr_show(struct module_attribute *mattr, return count; } +#ifdef CONFIG_MODULES +#define mod_name(mod) (mod)->name +#else +#define mod_name(mod) "unknown" +#endif + /* sysfs always hands a nul-terminated string in buf. We rely on that. */ static ssize_t param_attr_store(struct module_attribute *mattr, struct module_kobject *mk, @@ -620,8 +633,10 @@ static ssize_t param_attr_store(struct module_attribute *mattr, return -EPERM; kernel_param_lock(mk->mod); - param_check_unsafe(attribute->param); - err = attribute->param->ops->set(buf, attribute->param); + if (param_check_unsafe(attribute->param, mod_name(mk->mod))) + err = attribute->param->ops->set(buf, attribute->param); + else + err = -EPERM; kernel_param_unlock(mk->mod); if (!err) return len;