leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
38bd94b8a1
linux/drivers/char
History
Matthew Garrett 9b9d8dda1e lockdown: Restrict /dev/{mem,kmem,port} when the kernel is locked down 
Allowing users to read and write to core kernel memory makes it possible
for the kernel to be subverted, avoiding module loading restrictions, and
also to steal cryptographic information.

Disallow /dev/mem and /dev/kmem from being opened this when the kernel has
been locked down to prevent this.

Also disallow /dev/port from being opened to prevent raw ioport access and
thus DMA from being used to accomplish the same thing.

Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Matthew Garrett <mjg59@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Cc: x86@kernel.org
Signed-off-by: James Morris <jmorris@namei.org>
2019-08-19 21:54:15 -07:00
..
agp treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
hw_random treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
ipmi treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
mwave treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
pcmcia treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 18 2019-05-21 11:28:46 +02:00
tpm treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 505 2019-06-19 17:11:22 +02:00
xilinx_hwicap treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
xillybus treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 402 2019-06-05 17:37:13 +02:00
adi.c char: sparc64: Add privileged ADI driver 2018-06-05 11:24:55 -07:00
apm-emulation.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
applicom.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
applicom.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
bsr.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
ds1620.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
dsp56k.c vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
dtlk.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
efirtc.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
hangcheck-timer.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 405 2019-06-05 17:37:13 +02:00
hpet.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
Kconfig tty: mark Siemens R3964 line discipline as BROKEN 2019-04-05 05:56:44 -10:00
lp.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
Makefile char/generic_nvram: Remove as unused 2019-01-22 10:21:45 +01:00
mbcs.c mbcs: add .owner to mbcs struct file_operations 2019-01-22 14:56:00 +01:00
mbcs.h
mem.c lockdown: Restrict /dev/{mem,kmem,port} when the kernel is locked down 2019-08-19 21:54:15 -07:00
misc.c proc: introduce proc_create_seq{,_data} 2018-05-16 07:23:35 +02:00
mspec.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 206 2019-05-30 11:29:53 -07:00
nsc_gpio.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
nvram.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
nwbutton.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
nwbutton.h treewide: Switch DEFINE_TIMER callbacks to struct timer_list * 2017-11-21 15:57:05 -08:00
nwflash.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
pc8736x_gpio.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
powernv-op-panel.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
ppdev.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
ps3flash.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 164 2019-05-30 11:26:38 -07:00
random.c random: fix soft lockup when trying to read from an uninitialized blocking pool 2019-05-26 00:11:49 -04:00
raw.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
rtc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
scx200_gpio.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
snsc_event.c sched/headers: Prepare for new header dependencies before moving code to <linux/sched/signal.h> 2017-03-02 08:42:29 +01:00
snsc.c vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
snsc.h
sonypi.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 61 2019-05-24 17:36:45 +02:00
tb0219.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
tlclk.c tlclk: clean an indentation issue, remove extraneous tabs 2018-11-11 12:58:27 -08:00
toshiba.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 129 2019-05-30 11:25:14 -07:00
ttyprintk.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 402 2019-06-05 17:37:13 +02:00
uv_mmtimer.c
virtio_console.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00