Received: by 10.192.165.156 with SMTP id m28csp937427imm; Wed, 11 Apr 2018 09:33:04 -0700 (PDT) X-Google-Smtp-Source: AIpwx4/+23ptGQWQZrwYJGDSK7l8PQRMjkKN34APrXf9sNpcNn0BKmj05QXKGFK17M3AIPHPt36G X-Received: by 10.99.185.28 with SMTP id z28mr4002272pge.59.1523464384255; Wed, 11 Apr 2018 09:33:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523464384; cv=none; d=google.com; s=arc-20160816; b=fozYBxB66fRD+3HIKGCT8lp3FEAwNl/k0ISNhwqmRTxOCLsrhxQerDrPWKsO1XauhV xjOx/BO5G6jsEMqtfNg/rdWY+mv2NuSpu4/ftDKOXtMuftb69GpT9wByDeHWQwzcJWkX Udud5Ile9FLO1kJZbJZt4zyoKf1ZXHx6clDXbEetZlak2sMcUqkOEwVz/ToUea1cHDJC wf2wdV/Yr72uCVkUVgI/LwVykfECymkIxiqEE49t3cEkynUZfKSyac0YvLwL5LyPQzeH 9h7jH3foFzz1NNGRqviGKBAb/7Aw81H+acyZwm8A8zF+8Cgqx3rFm1ax1tWKxTqzMMcs uvaA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:cc:to:from :subject:organization:arc-authentication-results; bh=YKIFFFhGqbQ8gD9QUUHGPGmTr/ZdaZM2iJtCZ2RewJ8=; b=jSWoJdbtTGI52eVuGW8PgwqCgoWLTnzYprZ9ekWkIyM5RMjuCbLDxa6jjEEyZ86z8P Zv652+bBSz96vcD0HDaUfjs6/OuEpPoiYvZezU+ALHVJ+8cKRmIYcJv4+ejQCiEr9nKn a9H+i246k1OH7d8ARGdejbshtVZi7VJhWno2S+FVCN2bHU3MVBSU29SMdnAsg1tHQjRd Dug+I+JrCMxULpK66txtnl/bfHGQ2ytYKChEgEctBw75AylHjoMxSwutiJn/jw+a26hS 6oqJ3Bbz3MRWGzQPjPnmlGQ+eTJvqgFnmbjqBW3QvmF6eTwsABWeUqNYpdeprdO7fdsD l2yg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 66-v6si1417503pld.315.2018.04.11.09.32.23; Wed, 11 Apr 2018 09:33:04 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754142AbeDKQZu (ORCPT + 99 others); Wed, 11 Apr 2018 12:25:50 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:54040 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1754127AbeDKQZq (ORCPT ); Wed, 11 Apr 2018 12:25:46 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 218F4400786D; Wed, 11 Apr 2018 16:25:46 +0000 (UTC) Received: from warthog.procyon.org.uk (ovpn-120-8.rdu2.redhat.com [10.10.120.8]) by smtp.corp.redhat.com (Postfix) with ESMTP id 46A162024CA4; Wed, 11 Apr 2018 16:25:45 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 Subject: [PATCH 10/24] x86: Lock down IO port access when the kernel is locked down From: David Howells To: torvalds@linux-foundation.org Cc: linux-man@vger.kernel.org, linux-api@vger.kernel.org, jmorris@namei.org, linux-kernel@vger.kernel.org, dhowells@redhat.com, linux-security-module@vger.kernel.org Date: Wed, 11 Apr 2018 17:25:44 +0100 Message-ID: <152346394480.4030.1320576522708821046.stgit@warthog.procyon.org.uk> In-Reply-To: <152346387861.4030.4408662483445703127.stgit@warthog.procyon.org.uk> References: <152346387861.4030.4408662483445703127.stgit@warthog.procyon.org.uk> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.6]); Wed, 11 Apr 2018 16:25:46 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.6]); Wed, 11 Apr 2018 16:25:46 +0000 (UTC) for IP:'10.11.54.4' DOMAIN:'int-mx04.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'dhowells@redhat.com' RCPT:'' Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Matthew Garrett IO port access would permit users to gain access to PCI configuration registers, which in turn (on a lot of hardware) give access to MMIO register space. This would potentially permit root to trigger arbitrary DMA, so lock it down by default. This also implicitly locks down the KDADDIO, KDDELIO, KDENABIO and KDDISABIO console ioctls. Signed-off-by: Matthew Garrett Signed-off-by: David Howells Reviewed-by: Thomas Gleixner Reviewed-by: "Lee, Chun-Yi" cc: x86@kernel.org --- arch/x86/kernel/ioport.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/ioport.c b/arch/x86/kernel/ioport.c index 0fe1c8782208..abc702a6ae9c 100644 --- a/arch/x86/kernel/ioport.c +++ b/arch/x86/kernel/ioport.c @@ -31,7 +31,8 @@ long ksys_ioperm(unsigned long from, unsigned long num, int turn_on) if ((from + num <= from) || (from + num > IO_BITMAP_BITS)) return -EINVAL; - if (turn_on && !capable(CAP_SYS_RAWIO)) + if (turn_on && (!capable(CAP_SYS_RAWIO) || + kernel_is_locked_down("ioperm"))) return -EPERM; /* @@ -126,7 +127,8 @@ SYSCALL_DEFINE1(iopl, unsigned int, level) return -EINVAL; /* Trying to gain more privileges? */ if (level > old) { - if (!capable(CAP_SYS_RAWIO)) + if (!capable(CAP_SYS_RAWIO) || + kernel_is_locked_down("iopl")) return -EPERM; } regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) |