]> www.infradead.org Git - users/jedix/linux-maple.git/commitdiff
projects / users / jedix / linux-maple.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d6ff7b2)
Restrict /dev/mem and /dev/kmem when securelevel is set.
authorMatthew Garrett <matthew.garrett@nebula.com>
Mon, 9 Sep 2013 22:49:39 +0000 (15:49 -0700)
committerSantosh Shilimkar <santosh.shilimkar@oracle.com>
Mon, 10 Aug 2015 16:24:05 +0000 (09:24 -0700)
Orabug: 21539498

Allowing users to write to address space provides mechanisms that may permit
modification of the kernel at runtime. Prevent this if securelevel has been
set.

Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
Signed-off-by: Santosh Shilimkar <santosh.shilimkar@oracle.com>
drivers/char/mem.c patch | blob | history

diff --git a/drivers/char/mem.c b/drivers/char/mem.c
index 93c08e3e4e33c3452dcea0945531eac836eced96..cca3ab8d89b885c66f4d459eba4ec41275cc3bd9 100644 (file)
--- a/drivers/char/mem.c
+++ b/drivers/char/mem.c
@@ -167,6 +167,9 @@ static ssize_t write_mem(struct file *file, const char __user *buf,
        if (p != *ppos)
                return -EFBIG;
 
+       if (get_securelevel() > 0)
+               return -EPERM;
+
        if (!valid_phys_addr_range(p, count))
                return -EFAULT;
 
@@ -513,6 +516,9 @@ static ssize_t write_kmem(struct file *file, const char __user *buf,
        char *kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
        int err = 0;
 
+       if (get_securelevel() > 0)
+               return -EPERM;
+
        if (p < (unsigned long) high_memory) {
                unsigned long to_write = min_t(unsigned long, count,
                                               (unsigned long)high_memory - p);
Unnamed repository; edit this file 'description' to name the repository.