| Message ID | 20200619165010.645925-5-seth.forshee@canonical.com |
|---|---|
| State | New |
| Headers | show
Return-Path: <kernel-team-bounces@lists.ubuntu.com> X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=<UNKNOWN>) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49pPtm2HpczB4CF; Sat, 20 Jun 2020 02:50:24 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from <kernel-team-bounces@lists.ubuntu.com>) id 1jmKDc-0006ka-BD; Fri, 19 Jun 2020 16:50:20 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from <seth.forshee@canonical.com>) id 1jmKDa-0006jK-IA for kernel-team@lists.ubuntu.com; Fri, 19 Jun 2020 16:50:18 +0000 Received: from mail-io1-f69.google.com ([209.85.166.69]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from <seth.forshee@canonical.com>) id 1jmKDa-0006Jj-7G for kernel-team@lists.ubuntu.com; Fri, 19 Jun 2020 16:50:18 +0000 Received: by mail-io1-f69.google.com with SMTP id t23so7209579iog.21 for <kernel-team@lists.ubuntu.com>; Fri, 19 Jun 2020 09:50:18 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=WEuf8q9Ui1Qo38StPYjSnD8jVS7icNLfdBHhJabzpDk=; b=WyWJtKiJw1dKY8FVs90k6s8B0iHbZdE4q0xaF4TF9UOFhOSd9mlOTNqamCGKMwXs29 AS5J8QpkTX0wa37Re1+b1YuxdPFLJasSGuLsLr2OyhcbnDjvwGmmuG0wubqdthOBrr+v sRo7X8M6z0IDOIt918Ouk6lL7BKBS/qbm65xi2StNWA82njGrQdzhwWENq3Zy+6n+jzy 3EzKygh7YrvH6zoqEYNudcW8EWCsrzkePA4obcjEmqLALWfrO5HJq10BQveAy8GLppkZ w0CeJ/oLC1iOA69bIdLM4mzjasRYwfA2sDlA+w03e4AB/SqCRktwRLa0QDNMXk04fMt9 2tIg== X-Gm-Message-State: AOAM530t43JRkOmNwtiw5YQG+XGQrRl93E3A4f8O2jnBuiy/Jj2PrSbx eNtXsSZva7hMD3sWZjwevNdkT4V+sR7++32GB5IATof357VXQsQvqWDZLhrYMm/lHD06u6RB1Z+ GOUlg/iKGAVEjffF28eo8BeCOTmeZEp1cmCPlQJqrCQ== X-Received: by 2002:a92:8488:: with SMTP id y8mr4520386ilk.262.1592585417026; Fri, 19 Jun 2020 09:50:17 -0700 (PDT) X-Google-Smtp-Source: ABdhPJznkXcVB0mV1lHOJCCfHT1PYnEslW/m17ppIhkAcYCdF0UbctagISSyHhcj2n65j+o8DqsinQ== X-Received: by 2002:a92:8488:: with SMTP id y8mr4520373ilk.262.1592585416795; Fri, 19 Jun 2020 09:50:16 -0700 (PDT) Received: from localhost ([2605:a601:ac0f:820:f090:1573:c2fc:6389]) by smtp.gmail.com with ESMTPSA id u11sm1594237iob.43.2020.06.19.09.50.16 for <kernel-team@lists.ubuntu.com> (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Jun 2020 09:50:16 -0700 (PDT) From: Seth Forshee <seth.forshee@canonical.com> To: kernel-team@lists.ubuntu.com Subject: [PATCH v2 04/57][X] Revert "x86: Lock down IO port access when module security is enabled" Date: Fri, 19 Jun 2020 11:49:17 -0500 Message-Id: <20200619165010.645925-5-seth.forshee@canonical.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200619165010.645925-1-seth.forshee@canonical.com> References: <20200619165010.645925-1-seth.forshee@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com> List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>, <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe> List-Archive: <https://lists.ubuntu.com/archives/kernel-team> List-Post: <mailto:kernel-team@lists.ubuntu.com> List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help> List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>, <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com> |
| Series |
Lockdown updates
|
expand
|
diff --git a/arch/x86/kernel/ioport.c b/arch/x86/kernel/ioport.c index ab8372443efb..589b3193f102 100644 --- a/arch/x86/kernel/ioport.c +++ b/arch/x86/kernel/ioport.c @@ -15,7 +15,6 @@ #include <linux/thread_info.h> #include <linux/syscalls.h> #include <linux/bitmap.h> -#include <linux/module.h> #include <asm/syscalls.h> /* @@ -29,7 +28,7 @@ asmlinkage long sys_ioperm(unsigned long from, unsigned long num, int turn_on) if ((from + num <= from) || (from + num > IO_BITMAP_BITS)) return -EINVAL; - if (turn_on && (!capable(CAP_SYS_RAWIO) || secure_modules())) + if (turn_on && !capable(CAP_SYS_RAWIO)) return -EPERM; /* @@ -109,7 +108,7 @@ SYSCALL_DEFINE1(iopl, unsigned int, level) return -EINVAL; /* Trying to gain more privileges? */ if (level > old) { - if (!capable(CAP_SYS_RAWIO) || secure_modules()) + if (!capable(CAP_SYS_RAWIO)) return -EPERM; } regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | diff --git a/drivers/char/mem.c b/drivers/char/mem.c index 76997a645da8..6ebe2b86d8eb 100644 --- a/drivers/char/mem.c +++ b/drivers/char/mem.c @@ -27,7 +27,6 @@ #include <linux/export.h> #include <linux/io.h> #include <linux/uio.h> -#include <linux/module.h> #include <linux/uaccess.h> @@ -622,9 +621,6 @@ static ssize_t write_port(struct file *file, const char __user *buf, unsigned long i = *ppos; const char __user *tmp = buf; - if (secure_modules()) - return -EPERM; - if (!access_ok(VERIFY_READ, buf, count)) return -EFAULT; while (count-- > 0 && i < 65536) {
BugLink: https://bugs.launchpad.net/bugs/1884159 This reverts commit cc223b88b8e59fca362b426b0cccfe580fd8a68e to backport an updated version. Signed-off-by: Seth Forshee <seth.forshee@canonical.com> --- arch/x86/kernel/ioport.c | 5 ++--- drivers/char/mem.c | 4 ---- 2 files changed, 2 insertions(+), 7 deletions(-)