From patchwork Fri Jun 19 16:15:29 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Seth Forshee <seth.forshee@canonical.com>
X-Patchwork-Id: 1313067
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com
 (client-ip=91.189.94.19; helo=huckleberry.canonical.com;
 envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
 dmarc=fail (p=none dis=none) header.from=canonical.com
Received: from huckleberry.canonical.com (huckleberry.canonical.com
 [91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 49pP7r2RDszB47R;
	Sat, 20 Jun 2020 02:16:40 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1jmJgx-0002AF-BX; Fri, 19 Jun 2020 16:16:35 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
 by huckleberry.canonical.com with esmtps
 (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2)
 (envelope-from <seth.forshee@canonical.com>) id 1jmJgt-000273-05
 for kernel-team@lists.ubuntu.com; Fri, 19 Jun 2020 16:16:31 +0000
Received: from mail-il1-f198.google.com ([209.85.166.198])
 by youngberry.canonical.com with esmtps
 (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2)
 (envelope-from <seth.forshee@canonical.com>) id 1jmJgs-0003ZY-CO
 for kernel-team@lists.ubuntu.com; Fri, 19 Jun 2020 16:16:30 +0000
Received: by mail-il1-f198.google.com with SMTP id v14so6793970ilo.19
 for <kernel-team@lists.ubuntu.com>; Fri, 19 Jun 2020 09:16:30 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=lL07rwurVYtXkhzWxKeOOQZ47YdptFYj5Aagl9IHMEQ=;
 b=VKwWzdwUavEZU+305LItkeuoevsx2YgFDQWlPIe6/+Q7HtmHZGehYYJIy917baKaM/
 Wc6Pv9mAeDoWMu6PrbsPSdDTkQOSyGA7lz1nr6HwHXgeVBljJpnz3Nf6mo6ZAgytWiHe
 6jYVIpALcoMIcvVG+P84dBAUAjAbSCA37PkcOxjyn3SCLQb6u0mQ2P6du+1c9HTNzsiM
 JmbwpnxUlVdt9s8moG7E6Y51vIiwusr4PKKx/6ImYgiH7Q+7OVa6OjhEZ/+oMiSJ5gVZ
 mGc/g4jjrH3h0Vr1xqz/tWcpq/GLULPAQQQxdq6BAkzFqy/BZ4FQcB2KioyZihFMxQJY
 xCgA==
X-Gm-Message-State: AOAM532Zk+Eu5SCgvdffnrkw8oVHwwgXjjkn4qBJch1SpNB1s0D1uL/R
 8li8QnqA+Oaxou58WdTeEZM5tMifNosvs1dwrAdSlLJbd0ZRhP5Wf+wz3/1aWHojMivmH0xo0en
 tNxQMKZiawpemlSw+vH+QF8L/hEtVxX1GSKLGZIKmLA==
X-Received: by 2002:a92:c7c6:: with SMTP id g6mr4453245ilk.49.1592583389256;
 Fri, 19 Jun 2020 09:16:29 -0700 (PDT)
X-Google-Smtp-Source: 
 ABdhPJwNIEPWM5DNZg6QRr8S69XmJ4nY22ckLajOCJH5RYlhzTu2C0Gj1IRMRLtSCNbZZGRNjzmCtQ==
X-Received: by 2002:a92:c7c6:: with SMTP id g6mr4453222ilk.49.1592583389040;
 Fri, 19 Jun 2020 09:16:29 -0700 (PDT)
Received: from localhost ([2605:a601:ac0f:820:f090:1573:c2fc:6389])
 by smtp.gmail.com with ESMTPSA id y12sm3283840ili.83.2020.06.19.09.16.28
 for <kernel-team@lists.ubuntu.com>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 19 Jun 2020 09:16:28 -0700 (PDT)
From: Seth Forshee <seth.forshee@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [PATCH v2 05/57][B] UBUNTU: SAUCE: (efi-lockdown) Restrict /dev/{mem,
 kmem, port} when the kernel is locked down
Date: Fri, 19 Jun 2020 11:15:29 -0500
Message-Id: <20200619161621.644540-6-seth.forshee@canonical.com>
X-Mailer: git-send-email 2.27.0
In-Reply-To: <20200619161621.644540-1-seth.forshee@canonical.com>
References: <20200619161621.644540-1-seth.forshee@canonical.com>
MIME-Version: 1.0
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

From: Matthew Garrett <matthew.garrett@nebula.com>

BugLink: https://bugs.launchpad.net/bugs/1884159

Allowing users to read and write to core kernel memory makes it possible
for the kernel to be subverted, avoiding module loading restrictions, and
also to steal cryptographic information.

Disallow /dev/mem and /dev/kmem from being opened this when the kernel has
been locked down to prevent this.

Also disallow /dev/port from being opened to prevent raw ioport access and
thus DMA from being used to accomplish the same thing.

Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: "Lee, Chun-Yi" <jlee@suse.com>
(backported from commit 2eada4c7af2d4e9522a47523d2a5106d96271cd9
 git://git.kernel.org/pub/scm/linux/kernel/git/jwboyer/fedora.git)
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
---
 drivers/char/mem.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/char/mem.c b/drivers/char/mem.c
index 6ebe2b86d8eb..f41ad9aa5e0a 100644
--- a/drivers/char/mem.c
+++ b/drivers/char/mem.c
@@ -8,6 +8,7 @@
  *  Shared /dev/zero mmapping support, Feb 2000, Kanoj Sarcar <kanoj@sgi.com>
  */
 
+#include <linux/module.h>
 #include <linux/mm.h>
 #include <linux/miscdevice.h>
 #include <linux/slab.h>
@@ -756,6 +757,8 @@ static loff_t memory_lseek(struct file *file, loff_t offset, int orig)
 
 static int open_port(struct inode *inode, struct file *filp)
 {
+	if (secure_modules())
+		return -EPERM;
 	return capable(CAP_SYS_RAWIO) ? 0 : -EPERM;
 }