iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/drivers/char
History
Matthew Garrett 9b9d8dda1e lockdown: Restrict /dev/{mem,kmem,port} when the kernel is locked down 
Allowing users to read and write to core kernel memory makes it possible
for the kernel to be subverted, avoiding module loading restrictions, and
also to steal cryptographic information.

Disallow /dev/mem and /dev/kmem from being opened this when the kernel has
been locked down to prevent this.

Also disallow /dev/port from being opened to prevent raw ioport access and
thus DMA from being used to accomplish the same thing.

Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Matthew Garrett <mjg59@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Cc: x86@kernel.org
Signed-off-by: James Morris <jmorris@namei.org>
2019-08-19 21:54:15 -07:00
..
agp
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
hw_random
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
ipmi
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
mwave
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
pcmcia
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 18
2019-05-21 11:28:46 +02:00
tpm
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 505
2019-06-19 17:11:22 +02:00
xilinx_hwicap
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
xillybus
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 402
2019-06-05 17:37:13 +02:00
adi.c
char: sparc64: Add privileged ADI driver
2018-06-05 11:24:55 -07:00
apm-emulation.c
treewide: Add SPDX license identifier for more missed files
2019-05-21 10:50:45 +02:00
applicom.c
treewide: Add SPDX license identifier for more missed files
2019-05-21 10:50:45 +02:00
applicom.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
bsr.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156
2019-05-30 11:26:35 -07:00
ds1620.c
treewide: Add SPDX license identifier for more missed files
2019-05-21 10:50:45 +02:00
dsp56k.c
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
dtlk.c
treewide: Add SPDX license identifier for more missed files
2019-05-21 10:50:45 +02:00
efirtc.c
treewide: Add SPDX license identifier for more missed files
2019-05-21 10:50:45 +02:00
hangcheck-timer.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 405
2019-06-05 17:37:13 +02:00
hpet.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
Kconfig
tty: mark Siemens R3964 line discipline as BROKEN
2019-04-05 05:56:44 -10:00
lp.c
treewide: Add SPDX license identifier for more missed files
2019-05-21 10:50:45 +02:00
Makefile
char/generic_nvram: Remove as unused
2019-01-22 10:21:45 +01:00
mbcs.c
mbcs: add .owner to mbcs struct file_operations
2019-01-22 14:56:00 +01:00
mbcs.h
mem.c
lockdown: Restrict /dev/{mem,kmem,port} when the kernel is locked down
2019-08-19 21:54:15 -07:00
misc.c
proc: introduce proc_create_seq{,_data}
2018-05-16 07:23:35 +02:00
mspec.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 206
2019-05-30 11:29:53 -07:00
nsc_gpio.c
treewide: Add SPDX license identifier for more missed files
2019-05-21 10:50:45 +02:00
nvram.c
treewide: Add SPDX license identifier for more missed files
2019-05-21 10:50:45 +02:00
nwbutton.c
treewide: Add SPDX license identifier for more missed files
2019-05-21 10:50:45 +02:00
nwbutton.h
treewide: Switch DEFINE_TIMER callbacks to struct timer_list *
2017-11-21 15:57:05 -08:00
nwflash.c
treewide: Add SPDX license identifier for more missed files
2019-05-21 10:50:45 +02:00
pc8736x_gpio.c
treewide: Add SPDX license identifier for more missed files
2019-05-21 10:50:45 +02:00
powernv-op-panel.c
treewide: Add SPDX license identifier for more missed files
2019-05-21 10:50:45 +02:00
ppdev.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
ps3flash.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 164
2019-05-30 11:26:38 -07:00
random.c
random: fix soft lockup when trying to read from an uninitialized blocking pool
2019-05-26 00:11:49 -04:00
raw.c
treewide: Add SPDX license identifier for more missed files
2019-05-21 10:50:45 +02:00
rtc.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
scx200_gpio.c
treewide: Add SPDX license identifier for more missed files
2019-05-21 10:50:45 +02:00
snsc_event.c
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/signal.h>
2017-03-02 08:42:29 +01:00
snsc.c
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
snsc.h
sonypi.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 61
2019-05-24 17:36:45 +02:00
tb0219.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156
2019-05-30 11:26:35 -07:00
tlclk.c
tlclk: clean an indentation issue, remove extraneous tabs
2018-11-11 12:58:27 -08:00
toshiba.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 129
2019-05-30 11:25:14 -07:00
ttyprintk.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 402
2019-06-05 17:37:13 +02:00
uv_mmtimer.c
virtio_console.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156
2019-05-30 11:26:35 -07:00