Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757736AbcLAM3o (ORCPT ); Thu, 1 Dec 2016 07:29:44 -0500 Received: from mx1.redhat.com ([209.132.183.28]:40000 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753276AbcLAM3m (ORCPT ); Thu, 1 Dec 2016 07:29:42 -0500 Subject: [PATCH 00/39] Annotate hw config module params for future lockdown From: David Howells To: linux-kernel@vger.kernel.org Cc: dhowells@redhat.com, gnomes@lxorguk.ukuu.org.uk, linux-security-module@vger.kernel.org, keyrings@vger.kernel.org, minyard@acm.org Date: Thu, 01 Dec 2016 12:29:39 +0000 Message-ID: <148059537897.31612.9461043954611464597.stgit@warthog.procyon.org.uk> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Thu, 01 Dec 2016 12:29:42 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 11413 Lines: 218 Here's a set of patches that annotate module parameters that configure hardware resources including ioports, iomem addresses, irq lines and dma channels. This will be used in a future patch to prohibit the use of such module parameters so that hardware can't be abused to gain access to the running kernel image. This is done by changing: module_param(n, t, p) module_param_named(n, v, t, p) module_param_array(n, t, m, p) to: module_param_hw(n, t, hwtype, p) module_param_hw_named(n, v, t, hwtype, p) module_param_hw_array(n, t, hwtype, m, p) where hwtype specifies the type of the resource being configured. Note that the hwtype is compile checked, but not currently stored (the lockdown code probably won't require it). It is, however, there for future use. The patches can be found here also: http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=hwparam at tag: hwparam-20161201 David --- David Howells (39): Annotate module params that specify hardware parameters (eg. ioport) Annotate hardware config module parameters in arch/x86/mm/ Annotate hardware config module parameters in drivers/char/ipmi/ Annotate hardware config module parameters in drivers/char/mwave/ Annotate hardware config module parameters in drivers/char/ Annotate hardware config module parameters in drivers/clocksource/ Annotate hardware config module parameters in drivers/cpufreq/ Annotate hardware config module parameters in drivers/gpio/ Annotate hardware config module parameters in drivers/i2c/ Annotate hardware config module parameters in drivers/iio/ Annotate hardware config module parameters in drivers/input/ Annotate hardware config module parameters in drivers/isdn/ Annotate hardware config module parameters in drivers/media/ Annotate hardware config module parameters in drivers/misc/ Annotate hardware config module parameters in drivers/mmc/host/ Annotate hardware config module parameters in drivers/net/appletalk/ Annotate hardware config module parameters in drivers/net/arcnet/ Annotate hardware config module parameters in drivers/net/can/ Annotate hardware config module parameters in drivers/net/ethernet/ Annotate hardware config module parameters in drivers/net/hamradio/ Annotate hardware config module parameters in drivers/net/irda/ Annotate hardware config module parameters in drivers/net/wan/ Annotate hardware config module parameters in drivers/net/wireless/ Annotate hardware config module parameters in drivers/parport/ Annotate hardware config module parameters in drivers/pci/hotplug/ Annotate hardware config module parameters in drivers/pcmcia/ Annotate hardware config module parameters in drivers/scsi/ Annotate hardware config module parameters in drivers/staging/i4l/ Annotate hardware config module parameters in drivers/staging/media/ Annotate hardware config module parameters in drivers/staging/speakup/ Annotate hardware config module parameters in drivers/staging/vme/ Annotate hardware config module parameters in drivers/tty/ Annotate hardware config module parameters in drivers/video/ Annotate hardware config module parameters in drivers/watchdog/ Annotate hardware config module parameters in fs/pstore/ Annotate hardware config module parameters in sound/drivers/ Annotate hardware config module parameters in sound/isa/ Annotate hardware config module parameters in sound/oss/ Annotate hardware config module parameters in sound/pci/ arch/x86/mm/testmmiotrace.c | 2 - drivers/char/applicom.c | 4 +- drivers/char/ipmi/ipmi_si_intf.c | 14 +++--- drivers/char/mwave/mwavedd.c | 8 ++- drivers/clocksource/cs5535-clockevt.c | 2 - drivers/cpufreq/speedstep-smi.c | 2 - drivers/gpio/gpio-104-dio-48e.c | 4 +- drivers/gpio/gpio-104-idi-48.c | 4 +- drivers/gpio/gpio-104-idio-16.c | 4 +- drivers/gpio/gpio-gpio-mm.c | 2 - drivers/gpio/gpio-ws16c48.c | 4 +- drivers/i2c/busses/i2c-elektor.c | 6 +- drivers/i2c/busses/i2c-parport-light.c | 4 +- drivers/i2c/busses/i2c-pca-isa.c | 4 +- drivers/i2c/busses/scx200_acb.c | 2 - drivers/iio/adc/stx104.c | 2 - drivers/iio/dac/cio-dac.c | 2 - drivers/input/mouse/inport.c | 2 - drivers/input/mouse/logibm.c | 2 - drivers/input/touchscreen/mk712.c | 4 +- drivers/isdn/hardware/avm/b1isa.c | 4 +- drivers/isdn/hardware/avm/t1isa.c | 4 +- drivers/isdn/hisax/config.c | 10 ++-- drivers/media/pci/zoran/zoran_card.c | 2 - drivers/misc/dummy-irq.c | 2 - drivers/mmc/host/wbsd.c | 8 ++- drivers/net/appletalk/cops.c | 6 +- drivers/net/appletalk/ltpc.c | 6 +- drivers/net/arcnet/com20020-isa.c | 4 +- drivers/net/arcnet/com90io.c | 4 +- drivers/net/arcnet/com90xx.c | 4 +- drivers/net/can/cc770/cc770_isa.c | 8 ++- drivers/net/can/sja1000/sja1000_isa.c | 8 ++- drivers/net/ethernet/3com/3c509.c | 2 - drivers/net/ethernet/3com/3c59x.c | 4 +- drivers/net/ethernet/8390/ne.c | 4 +- drivers/net/ethernet/8390/smc-ultra.c | 4 +- drivers/net/ethernet/8390/wd.c | 8 ++- drivers/net/ethernet/amd/lance.c | 6 +- drivers/net/ethernet/amd/ni65.c | 6 +- drivers/net/ethernet/cirrus/cs89x0.c | 6 +- drivers/net/ethernet/dec/tulip/de4x5.c | 2 - drivers/net/ethernet/hp/hp100.c | 2 - drivers/net/ethernet/realtek/atp.c | 4 +- drivers/net/ethernet/smsc/smc9194.c | 4 +- drivers/net/hamradio/baycom_epp.c | 2 - drivers/net/hamradio/baycom_par.c | 2 - drivers/net/hamradio/baycom_ser_fdx.c | 4 +- drivers/net/hamradio/baycom_ser_hdx.c | 4 +- drivers/net/hamradio/dmascc.c | 2 - drivers/net/irda/ali-ircc.c | 6 +- drivers/net/irda/nsc-ircc.c | 6 +- drivers/net/irda/smsc-ircc2.c | 10 ++-- drivers/net/irda/w83977af_ir.c | 4 +- drivers/net/wan/cosa.c | 6 +- drivers/net/wan/hostess_sv11.c | 6 +- drivers/net/wan/sbni.c | 4 +- drivers/net/wan/sealevel.c | 8 ++- drivers/net/wireless/cisco/airo.c | 4 +- drivers/parport/parport_pc.c | 8 ++- drivers/pci/hotplug/cpcihp_generic.c | 2 - drivers/pcmcia/i82365.c | 8 ++- drivers/pcmcia/tcic.c | 8 ++- drivers/scsi/aha152x.c | 4 +- drivers/scsi/aha1542.c | 2 - drivers/scsi/g_NCR5380.c | 8 ++- drivers/scsi/gdth.c | 2 - drivers/scsi/qlogicfas.c | 4 +- drivers/staging/i4l/act2000/module.c | 6 +- drivers/staging/i4l/icn/icn.c | 4 +- drivers/staging/i4l/pcbit/module.c | 4 +- drivers/staging/media/lirc/lirc_parallel.c | 4 +- drivers/staging/media/lirc/lirc_serial.c | 10 ++-- drivers/staging/media/lirc/lirc_sir.c | 4 +- drivers/staging/speakup/speakup_acntpc.c | 2 - drivers/staging/speakup/speakup_dtlk.c | 2 - drivers/staging/speakup/speakup_keypc.c | 2 - drivers/staging/vme/devices/vme_pio2_core.c | 8 ++- drivers/tty/cyclades.c | 4 +- drivers/tty/moxa.c | 2 - drivers/tty/mxser.c | 2 - drivers/tty/rocket.c | 10 ++-- drivers/tty/serial/8250/8250_core.c | 4 +- drivers/tty/synclink.c | 6 +- drivers/video/fbdev/arcfb.c | 8 ++- drivers/video/fbdev/n411.c | 6 +- drivers/watchdog/cpu5wdt.c | 2 - drivers/watchdog/eurotechwdt.c | 4 +- drivers/watchdog/pc87413_wdt.c | 2 - drivers/watchdog/sc1200wdt.c | 2 - drivers/watchdog/wdt.c | 4 +- fs/pstore/ram.c | 2 - include/linux/moduleparam.h | 65 +++++++++++++++++++++++++++ sound/drivers/mpu401/mpu401.c | 4 +- sound/drivers/mtpav.c | 4 +- sound/drivers/serial-u16550.c | 4 +- sound/isa/ad1848/ad1848.c | 6 +- sound/isa/adlib.c | 2 - sound/isa/cmi8328.c | 12 ++--- sound/isa/cmi8330.c | 20 ++++---- sound/isa/cs423x/cs4231.c | 12 ++--- sound/isa/cs423x/cs4236.c | 18 ++++--- sound/isa/es1688/es1688.c | 12 ++--- sound/isa/es18xx.c | 12 ++--- sound/isa/galaxy/galaxy.c | 16 +++---- sound/isa/gus/gusclassic.c | 8 ++- sound/isa/gus/gusextreme.c | 16 +++---- sound/isa/gus/gusmax.c | 8 ++- sound/isa/gus/interwave.c | 10 ++-- sound/isa/msnd/msnd_pinnacle.c | 20 ++++---- sound/isa/opl3sa2.c | 16 +++---- sound/isa/opti9xx/miro.c | 14 +++--- sound/isa/opti9xx/opti92x-ad1848.c | 14 +++--- sound/isa/sb/jazz16.c | 12 ++--- sound/isa/sb/sb16.c | 14 +++--- sound/isa/sb/sb8.c | 6 +- sound/isa/sc6000.c | 12 ++--- sound/isa/sscape.c | 12 ++--- sound/isa/wavefront/wavefront.c | 18 ++++--- sound/oss/ad1848.c | 8 ++- sound/oss/aedsp16.c | 12 ++--- sound/oss/mpu401.c | 4 +- sound/oss/msnd_pinnacle.c | 20 ++++---- sound/oss/opl3.c | 2 - sound/oss/pas2_card.c | 18 ++++--- sound/oss/pss.c | 14 +++--- sound/oss/sb_card.c | 10 ++-- sound/oss/trix.c | 18 ++++--- sound/oss/uart401.c | 4 +- sound/oss/uart6850.c | 4 +- sound/oss/waveartist.c | 8 ++- sound/pci/als4000.c | 2 - sound/pci/cmipci.c | 6 +- sound/pci/ens1370.c | 2 - sound/pci/riptide/riptide.c | 6 +- sound/pci/sonicvibes.c | 2 - sound/pci/via82xx.c | 2 - sound/pci/ymfpci/ymfpci.c | 6 +- 138 files changed, 498 insertions(+), 435 deletions(-)