From patchwork Thu Jun 18 23:12:12 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 1312444 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49nyQq1XSfz9sRf; Fri, 19 Jun 2020 09:13:07 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1jm3iR-0007v8-Rj; Thu, 18 Jun 2020 23:13:03 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3iQ-0007uV-Cg for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:02 +0000 Received: from mail-io1-f72.google.com ([209.85.166.72]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3iQ-0008JZ-14 for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:02 +0000 Received: by mail-io1-f72.google.com with SMTP id l22so5277333iob.23 for ; Thu, 18 Jun 2020 16:13:01 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=D7YsGSyHRip+TZFLXlLyMc+vJKnHoZ1C6gCCK6mFUz0=; b=Sm/HqCetkEFA8VhIwKgvOqKfoYQk0FLs5+Wsj8PxBo96eRTJvdHL6skI/C6rmLOOUj 2dDQ9PupePAtNZQsBZ+FWUSTLmfmon4dl6k5PVKxnFnn8s42Sc9HXLn500mWSc6udrh3 wiLG1lrCS32IZ+mEPSl0kIw/sjSsWTs+xt8/gYjUF3GlrA+vWiBz0BrHN0iF5tIaiexT ZPIDSXfBCcL16sQiS9xmH9HfFzqsqRTS53qtrqxkp0c2xSbLph3N5bAQexzzi7XInW7Z LeYhbVAM4I+bAGmAdTShvdSLKhqTbPvMZQrZDwDY3BR24gomyDraSYrtl6zBsGkc31VP BtWg== X-Gm-Message-State: AOAM5322EJfYrBpLbgXNJlJYEC0R6JHmAPU+/mINIIrFWIrhIHVtbfJV 8xtpAK0rvCDrPE0Tcw+pt2TL1joJKgnCFAyKkUUE+rIHB7e0QNWT06J1HV7UzrDlfjg7+GRMqtA 8s9eQkOFqaMZCUtligpJEuH3kMWyg0tAj0xGg7Y7Ipg== X-Received: by 2002:a02:c6a7:: with SMTP id o7mr992079jan.67.1592521980908; Thu, 18 Jun 2020 16:13:00 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz8tNNMWsVYNiPZpv0Z3sSeHtLkjDLdYCC5g/PgEo/vhXMlp5xdu5cKifbteURUE8QTp1gfIg== X-Received: by 2002:a02:c6a7:: with SMTP id o7mr992066jan.67.1592521980648; Thu, 18 Jun 2020 16:13:00 -0700 (PDT) Received: from localhost ([2605:a601:ac0f:820:f090:1573:c2fc:6389]) by smtp.gmail.com with ESMTPSA id l16sm2159131ilm.58.2020.06.18.16.13.00 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 16:13:00 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH 01/47][X] acpi: Disable ACPI table override if the kernel is locked down Date: Thu, 18 Jun 2020 18:12:12 -0500 Message-Id: <20200618231258.630575-2-seth.forshee@canonical.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200618231258.630575-1-seth.forshee@canonical.com> References: <20200618231258.630575-1-seth.forshee@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Linn Crosetto BugLink: https://bugs.launchpad.net/bugs/1884159 >From the kernel documentation (initrd_table_override.txt): If the ACPI_INITRD_TABLE_OVERRIDE compile option is true, it is possible to override nearly any ACPI table provided by the BIOS with an instrumented, modified one. When lockdown is enabled, the kernel should disallow any unauthenticated changes to kernel space. ACPI tables contain code invoked by the kernel, so do not allow ACPI tables to be overridden if the kernel is locked down. Signed-off-by: Linn Crosetto Signed-off-by: David Howells Signed-off-by: Matthew Garrett Reviewed-by: Kees Cook cc: linux-acpi@vger.kernel.org Signed-off-by: James Morris (backported from commit 6ea0e815fc5e18597724169caa6e4d46dd8e693d) Signed-off-by: Seth Forshee --- drivers/acpi/osl.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c index 62a2a564a46e..3b6d3247a4c9 100644 --- a/drivers/acpi/osl.c +++ b/drivers/acpi/osl.c @@ -675,6 +675,11 @@ void __init acpi_initrd_override(void *data, size_t size) if (table_nr == 0) return; + if (secure_modules()) { + pr_notice("kernel is locked down, ignoring table override\n"); + return; + } + acpi_tables_addr = memblock_find_in_range(0, max_low_pfn_mapped << PAGE_SHIFT, all_tables_size, PAGE_SIZE); From patchwork Thu Jun 18 23:12:13 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 1312445 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49nyQr5n6Kz9sSJ; Fri, 19 Jun 2020 09:13:08 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1jm3iT-0007vt-2A; Thu, 18 Jun 2020 23:13:05 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3iR-0007uq-HM for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:03 +0000 Received: from mail-io1-f70.google.com ([209.85.166.70]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3iR-0008Km-6i for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:03 +0000 Received: by mail-io1-f70.google.com with SMTP id p8so5315476ios.19 for ; Thu, 18 Jun 2020 16:13:03 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=7+N/3IGNUElCMKhuqQh0YmGeJxPkGVioopUl579fCfQ=; b=TI9CbUvP955gDWXU6zKK97oOOpmNUa2UIVfD3CPsmgjkFaZLBbtr9aIbUZxpY5CDy/ ZV3ckR70tvPmVKzTzdvEsQUt36WVOOcdQ5j3+vHygAIMf8go+gx5+dsHJQiOBgTlJVwY 9L1gTkCOarfp+zWrQZnmsvF4+PFzpEi+IxYxF8KclB3/jmQN3CgpBeyHKZEW+DZrTZ1w 2ZcKjRWIKzK2vOitW+CCxUGMUBkO0p1SRHxxWG53xsLTR5wVG6mEO4buQX23rgFHwq/P bgmR9Sd/yL8MsU5T0V3o9vcJz5X4QE+QSvoq2HFgIy7VFn+IuvlDWNhLpXz0c/idQ3Qv JSuQ== X-Gm-Message-State: AOAM532d/PPF1mi4NFJHzKwqj4+CMIeHV/JUEkbpOyjAvZ1mDcu4HA32 OM5Eo5R50aOWEZFf5y2p4OQRfOZ3DRzObqI3DeLh70BR0HHvIOwKqNfcLfm/dQ134SSE7/NOpAj gDqPP8VW9e2G6sfvU7jdeyD5A1QaBHjbgkRHqkbsWHg== X-Received: by 2002:a05:6e02:4c5:: with SMTP id f5mr829766ils.68.1592521982099; Thu, 18 Jun 2020 16:13:02 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwYXOUo1L76pTJE0hkU+p0YOVLQdFFX3kIB2Rp36PRPFDj5/VD7HoxnevUQtwSCojR8faqy3Q== X-Received: by 2002:a05:6e02:4c5:: with SMTP id f5mr829740ils.68.1592521981734; Thu, 18 Jun 2020 16:13:01 -0700 (PDT) Received: from localhost ([2605:a601:ac0f:820:f090:1573:c2fc:6389]) by smtp.gmail.com with ESMTPSA id b8sm897734ilf.28.2020.06.18.16.13.01 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 16:13:01 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH 02/47][X] UBUNTU: SAUCE: (efi-lockdown) x86/mmiotrace: Lock down the testmmiotrace module Date: Thu, 18 Jun 2020 18:12:13 -0500 Message-Id: <20200618231258.630575-3-seth.forshee@canonical.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200618231258.630575-1-seth.forshee@canonical.com> References: <20200618231258.630575-1-seth.forshee@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: David Howells BugLink: https://bugs.launchpad.net/bugs/1884159 The testmmiotrace module shouldn't be permitted when the kernel is locked down as it can be used to arbitrarily read and write MMIO space. Suggested-by: Thomas Gleixner Signed-off-by: David Howells cc: Steven Rostedt cc: Ingo Molnar cc: "H. Peter Anvin" cc: x86@kernel.org (backported from commit 64ce4fc1ef16d4dd818eca47701f803e58444ab2 git://git.kernel.org/pub/scm/linux/kernel/git/jwboyer/fedora.git) Signed-off-by: Seth Forshee --- arch/x86/mm/testmmiotrace.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/x86/mm/testmmiotrace.c b/arch/x86/mm/testmmiotrace.c index 38868adf07ea..dd2a4ce7b541 100644 --- a/arch/x86/mm/testmmiotrace.c +++ b/arch/x86/mm/testmmiotrace.c @@ -115,6 +115,9 @@ static int __init init(void) { unsigned long size = (read_far) ? (8 << 20) : (16 << 10); + if (secure_modules()) + return -EPERM; + if (mmio_address == 0) { pr_err("you have to use the module argument mmio_address.\n"); pr_err("DO NOT LOAD THIS MODULE UNLESS YOU REALLY KNOW WHAT YOU ARE DOING!\n"); From patchwork Thu Jun 18 23:12:14 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 1312449 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49nyR36BMVz9sRW; Fri, 19 Jun 2020 09:13:19 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1jm3id-000830-2t; Thu, 18 Jun 2020 23:13:15 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3iS-0007vk-Rk for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:04 +0000 Received: from mail-io1-f69.google.com ([209.85.166.69]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3iS-0008Lq-AU for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:04 +0000 Received: by mail-io1-f69.google.com with SMTP id d197so5354837iog.3 for ; Thu, 18 Jun 2020 16:13:04 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=AiOPnvOwqnyUNLD7jFJAgnOTqSxAvEOwg9Op5kONhfo=; b=YywxjIaeIUSYutGgeM2HtCV4NHUeYQY+fNraqoLIuX6C0a74SFhMQW+iJcCNcjqA8t xGq7d9S1OEZ0hZKGVCgbzrcaMpvJBnV1svlwdu9MaholQC/rSoSgvy9NmHTsfD7U9T8w zicFl/888Az8l3oitWodwaeMl5CojQoQ6rnVpWUn3PiYIuzDWFC3YJ2rFTA9X/brEiLR yQ6IPcWeuO/R3IZL2ELJPu5U5HGArN1VZTUzPqdtjFDG0ssf9DrgsvKpiO6X6iGQXUvt Wqpp5qmP9NLp/POLLqgid9gGxSBtJnssl8rhb0CAUUNB4JUaMTbJ28Lg9Z4X6CJ0wCWT VSnA== X-Gm-Message-State: AOAM530gYXP68Uu24kePG0YYVHECqg425+vrOSBmYBU480mR7KHn46p0 QOLd0I3jjm1BMpy0btqKYNf9fv/TojGJflNHUBBcmgIGXMRbgksd9Dwx7h1Xd20wDV/xNMKV7gP wPaBglVPkzJhSiLwmzMgyt2M+QLWGwfC88xCmZtY3Jw== X-Received: by 2002:a92:d94c:: with SMTP id l12mr962568ilq.106.1592521983233; Thu, 18 Jun 2020 16:13:03 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyA6H3jl1YQdzjXvZouQh6KjaN/zyeQOxR1kIJGt64+r96OpPfl04RN+cd6SOZf14uS0du2JQ== X-Received: by 2002:a92:d94c:: with SMTP id l12mr962539ilq.106.1592521982928; Thu, 18 Jun 2020 16:13:02 -0700 (PDT) Received: from localhost ([2605:a601:ac0f:820:f090:1573:c2fc:6389]) by smtp.gmail.com with ESMTPSA id v11sm2262804ile.61.2020.06.18.16.13.02 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 16:13:02 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH 03/47][X] Revert "Restrict /dev/mem and /dev/kmem when module loading is restricted" Date: Thu, 18 Jun 2020 18:12:14 -0500 Message-Id: <20200618231258.630575-4-seth.forshee@canonical.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200618231258.630575-1-seth.forshee@canonical.com> References: <20200618231258.630575-1-seth.forshee@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" BugLink: https://bugs.launchpad.net/bugs/1884159 This reverts commit 517d6c3a5c1454115dd705e084a88818df3ad7e2 to backport an updated version. Signed-off-by: Seth Forshee --- drivers/char/mem.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/drivers/char/mem.c b/drivers/char/mem.c index a59fe7264c39..76997a645da8 100644 --- a/drivers/char/mem.c +++ b/drivers/char/mem.c @@ -188,9 +188,6 @@ static ssize_t write_mem(struct file *file, const char __user *buf, if (p != *ppos) return -EFBIG; - if (secure_modules()) - return -EPERM; - if (!valid_phys_addr_range(p, count)) return -EFAULT; @@ -558,9 +555,6 @@ static ssize_t write_kmem(struct file *file, const char __user *buf, char *kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */ int err = 0; - if (secure_modules()) - return -EPERM; - if (p < (unsigned long) high_memory) { unsigned long to_write = min_t(unsigned long, count, (unsigned long)high_memory - p); From patchwork Thu Jun 18 23:12:15 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 1312447 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49nyQw5bKVz9sRk; Fri, 19 Jun 2020 09:13:12 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1jm3iW-0007yg-Vk; Thu, 18 Jun 2020 23:13:08 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3iU-0007wh-9u for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:06 +0000 Received: from mail-il1-f199.google.com ([209.85.166.199]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3iT-0008N5-K7 for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:05 +0000 Received: by mail-il1-f199.google.com with SMTP id c29so5136203ilf.20 for ; Thu, 18 Jun 2020 16:13:05 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=WEuf8q9Ui1Qo38StPYjSnD8jVS7icNLfdBHhJabzpDk=; b=t7vhV37mS4nPJoYux0Qb729hz6lKhnOlIUc+q0FZ1YGmGiS+26rYIxwPVo+DxvPqUE RBnEiv00LGVpwt3VawDdzusOFzkmbrKS6E4rTSlB3bEF8p4YHD7zkRtxscrhztwdYbBV 1rIkEjMfZVlhPjv/OXMfJbAuUuZI5GXRRoPw5IDzhsGr07L7yOslFaJq/n3BReIJvlj2 lffbtyyB8xXAw6/GuRWP1gBlRRnUvQnVSfgDg4s7hsLX71rOACDAEfjMY6KgZ8M73XSI NAmbo0DwqSzjLQHeSBFKjPwea/ZdTPt75s2pa5jXXSda8I/DIL+Hjb0HoUdTWbIAOs53 T7/A== X-Gm-Message-State: AOAM532AAG8IZ+cWHJXYHKf1EylqVgWC9WIughlbZGS9ON3+hXe/Uu4J iVyMm6dU7saWE5JyPCfS0O9jJXxdg7G2RYSKYfP5HOylcQaBxbZEZQ4N50AIGvrP3FtgN6gpJia Iqs1lgldK8Qd0rPrlK6PsFeIT3AY9kFvfUcT+GktW3Q== X-Received: by 2002:a92:c746:: with SMTP id y6mr916250ilp.116.1592521984418; Thu, 18 Jun 2020 16:13:04 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxk9pUvgQvocQCAdGmOFelqLLAiOrcEwi06yXN3QPbV/TC3eI2TIeXFKkZys3zKEJoSXugX5w== X-Received: by 2002:a92:c746:: with SMTP id y6mr916233ilp.116.1592521984165; Thu, 18 Jun 2020 16:13:04 -0700 (PDT) Received: from localhost ([2605:a601:ac0f:820:f090:1573:c2fc:6389]) by smtp.gmail.com with ESMTPSA id z4sm2205408ilm.72.2020.06.18.16.13.03 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 16:13:03 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH 04/47][X] Revert "x86: Lock down IO port access when module security is enabled" Date: Thu, 18 Jun 2020 18:12:15 -0500 Message-Id: <20200618231258.630575-5-seth.forshee@canonical.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200618231258.630575-1-seth.forshee@canonical.com> References: <20200618231258.630575-1-seth.forshee@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" BugLink: https://bugs.launchpad.net/bugs/1884159 This reverts commit cc223b88b8e59fca362b426b0cccfe580fd8a68e to backport an updated version. Signed-off-by: Seth Forshee --- arch/x86/kernel/ioport.c | 5 ++--- drivers/char/mem.c | 4 ---- 2 files changed, 2 insertions(+), 7 deletions(-) diff --git a/arch/x86/kernel/ioport.c b/arch/x86/kernel/ioport.c index ab8372443efb..589b3193f102 100644 --- a/arch/x86/kernel/ioport.c +++ b/arch/x86/kernel/ioport.c @@ -15,7 +15,6 @@ #include #include #include -#include #include /* @@ -29,7 +28,7 @@ asmlinkage long sys_ioperm(unsigned long from, unsigned long num, int turn_on) if ((from + num <= from) || (from + num > IO_BITMAP_BITS)) return -EINVAL; - if (turn_on && (!capable(CAP_SYS_RAWIO) || secure_modules())) + if (turn_on && !capable(CAP_SYS_RAWIO)) return -EPERM; /* @@ -109,7 +108,7 @@ SYSCALL_DEFINE1(iopl, unsigned int, level) return -EINVAL; /* Trying to gain more privileges? */ if (level > old) { - if (!capable(CAP_SYS_RAWIO) || secure_modules()) + if (!capable(CAP_SYS_RAWIO)) return -EPERM; } regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | diff --git a/drivers/char/mem.c b/drivers/char/mem.c index 76997a645da8..6ebe2b86d8eb 100644 --- a/drivers/char/mem.c +++ b/drivers/char/mem.c @@ -27,7 +27,6 @@ #include #include #include -#include #include @@ -622,9 +621,6 @@ static ssize_t write_port(struct file *file, const char __user *buf, unsigned long i = *ppos; const char __user *tmp = buf; - if (secure_modules()) - return -EPERM; - if (!access_ok(VERIFY_READ, buf, count)) return -EFAULT; while (count-- > 0 && i < 65536) { From patchwork Thu Jun 18 23:12:16 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 1312448 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49nyR22DfWz9sNR; Fri, 19 Jun 2020 09:13:18 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1jm3ia-00081W-L5; Thu, 18 Jun 2020 23:13:12 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3iV-0007xM-3x for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:07 +0000 Received: from mail-il1-f198.google.com ([209.85.166.198]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3iU-0008O1-Nt for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:06 +0000 Received: by mail-il1-f198.google.com with SMTP id t69so5148384ilk.13 for ; Thu, 18 Jun 2020 16:13:06 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=lL07rwurVYtXkhzWxKeOOQZ47YdptFYj5Aagl9IHMEQ=; b=J94jGUYcU9pCOp8DSnBQ34O9Rff8cK2iGryiLGcChSa2k5NOlqU3gctMlv/ngp24xK J04Wip8u17/BnxbFqVLPIVceuU8YEdccBTuLzBqqWcTZOpnstaL09eDExuIyWvXOcQww N0HZng3KnD1bzpZ2fRnsvgAb6ExJp7Me6w0HJbWJq3BCWYkvoaL2grs2KVrYmriGy/lT TIzdIW11a0/0FJNDJ0lYip9cA5vg2cDXofZ9tQo4F6s3pFQk5x+A+R6s3LtusWqw+7fy bTLOcyOIl+cD2LHKpZ2jYhudMrF8vpr0jNtupT6KVIVAXe1K3upctJTS1wDNreqR4YhN /WNg== X-Gm-Message-State: AOAM5305czjhicgCZT7Ct8XZdHQHKXpMpPrIbCKx5w1mxMrBglQLi36u rtwMQEhTLPWk+pDJN9fvuO8MYXTjPEDUMBGTAL4/cS2hJaKClPE9yR/VnUoy3GGu7i0ojRaOfNw P49GIodL+eCM32cblZM+ke5lboq2dFcWoQ2GkAxFYxQ== X-Received: by 2002:a5e:c112:: with SMTP id v18mr1207944iol.37.1592521985599; Thu, 18 Jun 2020 16:13:05 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwUiMKpq1X+69Dg8flfeKDsekXWWA9Oz7Ccxf4rgvk3foI7FmeEKZnPRUqqwnd6GOOXRT7Vuw== X-Received: by 2002:a5e:c112:: with SMTP id v18mr1207925iol.37.1592521985376; Thu, 18 Jun 2020 16:13:05 -0700 (PDT) Received: from localhost ([2605:a601:ac0f:820:f090:1573:c2fc:6389]) by smtp.gmail.com with ESMTPSA id l12sm2206458ilj.8.2020.06.18.16.13.04 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 16:13:04 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH 05/47][X] UBUNTU: SAUCE: (efi-lockdown) Restrict /dev/{mem, kmem, port} when the kernel is locked down Date: Thu, 18 Jun 2020 18:12:16 -0500 Message-Id: <20200618231258.630575-6-seth.forshee@canonical.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200618231258.630575-1-seth.forshee@canonical.com> References: <20200618231258.630575-1-seth.forshee@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Matthew Garrett BugLink: https://bugs.launchpad.net/bugs/1884159 Allowing users to read and write to core kernel memory makes it possible for the kernel to be subverted, avoiding module loading restrictions, and also to steal cryptographic information. Disallow /dev/mem and /dev/kmem from being opened this when the kernel has been locked down to prevent this. Also disallow /dev/port from being opened to prevent raw ioport access and thus DMA from being used to accomplish the same thing. Signed-off-by: Matthew Garrett Signed-off-by: David Howells Reviewed-by: "Lee, Chun-Yi" (backported from commit 2eada4c7af2d4e9522a47523d2a5106d96271cd9 git://git.kernel.org/pub/scm/linux/kernel/git/jwboyer/fedora.git) Signed-off-by: Seth Forshee --- drivers/char/mem.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/char/mem.c b/drivers/char/mem.c index 6ebe2b86d8eb..f41ad9aa5e0a 100644 --- a/drivers/char/mem.c +++ b/drivers/char/mem.c @@ -8,6 +8,7 @@ * Shared /dev/zero mmapping support, Feb 2000, Kanoj Sarcar */ +#include #include #include #include @@ -756,6 +757,8 @@ static loff_t memory_lseek(struct file *file, loff_t offset, int orig) static int open_port(struct inode *inode, struct file *filp) { + if (secure_modules()) + return -EPERM; return capable(CAP_SYS_RAWIO) ? 0 : -EPERM; } From patchwork Thu Jun 18 23:12:17 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 1312456 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49nyRc0tM6z9sRW; Fri, 19 Jun 2020 09:13:48 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1jm3j2-0008M5-N3; Thu, 18 Jun 2020 23:13:40 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3iW-0007yI-NR for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:08 +0000 Received: from mail-io1-f72.google.com ([209.85.166.72]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3iW-0008Os-0h for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:08 +0000 Received: by mail-io1-f72.google.com with SMTP id c17so5315449ioi.10 for ; Thu, 18 Jun 2020 16:13:07 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=natZifhHBRSPfPEq8XSBeJqGGzLOpuiO7hOp7iGnnug=; b=sYnsN/+HxHp+s9Ld1vTA4Gx/5j/4DS77HWTPIHt9XRB+tKn5ZsZr1WEE4qw4cXajN9 7GX9G8MRBEuEOTruvxtXGftXeOvwpsv74iPTxGCLs31olEQOIAoXMhF/i+XskOy/kVvW pag+lWpmiZV5oKBG7wcQDBwxEi0NtmX7+kvJXkal75+JorfLbRMo3VTq1s2nxfBVFjn2 rA29OIXlpljYf7iAJlns1fA+MXQlRExoizXPSc4IGkcaiS4f4VDpkW/lSmnIP9anU4T8 TRrZ0CgYHJ60Rp0kBHaemh3Syy9ikv0KdUE1krjbnlB+a9+iEQWdou+b4GiCu4SF5wq7 i5Sg== X-Gm-Message-State: AOAM531oKrcyl64CwXGjZCEr/NkzNb3NvpGvgSuEcsq0a5KYetm8hQtn slhHAaUWjZL62J8AtUe2horeWQISi6WGPaNslhNJrll0aEMtjWLLYg4L9a8aiCpi4510FgjIa0j SMkK4TAXYZnL7PPH0m/ZWjaXeRluXNLm76ukyRMNgpw== X-Received: by 2002:a5e:dd07:: with SMTP id t7mr1210216iop.21.1592521986894; Thu, 18 Jun 2020 16:13:06 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyarUn5diK05zXI/4CLGeneuJW+HFJAu4+f4+GRl0b2ZoA4h2yne/TMDKCWUQ3xSfvNr7VHag== X-Received: by 2002:a5e:dd07:: with SMTP id t7mr1210198iop.21.1592521986549; Thu, 18 Jun 2020 16:13:06 -0700 (PDT) Received: from localhost ([2605:a601:ac0f:820:f090:1573:c2fc:6389]) by smtp.gmail.com with ESMTPSA id 13sm2229755ilg.24.2020.06.18.16.13.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 16:13:06 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH 06/47][X] Annotate module params that specify hardware parameters (eg. ioport) Date: Thu, 18 Jun 2020 18:12:17 -0500 Message-Id: <20200618231258.630575-7-seth.forshee@canonical.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200618231258.630575-1-seth.forshee@canonical.com> References: <20200618231258.630575-1-seth.forshee@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: David Howells BugLink: https://bugs.launchpad.net/bugs/1884159 Provided an annotation for module parameters that specify hardware parameters (such as io ports, iomem addresses, irqs, dma channels, fixed dma buffers and other types). This will enable such parameters to be locked down in the core parameter parser for secure boot support. I've also included annotations as to what sort of hardware configuration each module is dealing with for future use. Some of these are straightforward (ioport, iomem, irq, dma), but there are also: (1) drivers that switch the semantics of a parameter between ioport and iomem depending on a second parameter, (2) drivers that appear to reserve a CPU memory buffer at a fixed address, (3) other parameters, such as bus types and irq selection bitmasks. For the moment, the hardware configuration type isn't actually stored, though its validity is checked. Signed-off-by: David Howells (cherry picked from commit bf616d21f41174389c6d720ae21bf40f154474c8) Signed-off-by: Seth Forshee --- include/linux/moduleparam.h | 65 ++++++++++++++++++++++++++++++++++++- 1 file changed, 64 insertions(+), 1 deletion(-) diff --git a/include/linux/moduleparam.h b/include/linux/moduleparam.h index 52666d90ca94..6be1949ebcdf 100644 --- a/include/linux/moduleparam.h +++ b/include/linux/moduleparam.h @@ -60,9 +60,11 @@ struct kernel_param_ops { * Flags available for kernel_param * * UNSAFE - the parameter is dangerous and setting it will taint the kernel + * HWPARAM - Hardware param not permitted in lockdown mode */ enum { - KERNEL_PARAM_FL_UNSAFE = (1 << 0) + KERNEL_PARAM_FL_UNSAFE = (1 << 0), + KERNEL_PARAM_FL_HWPARAM = (1 << 1), }; struct kernel_param { @@ -451,6 +453,67 @@ extern int param_set_bint(const char *val, const struct kernel_param *kp); perm, -1, 0); \ __MODULE_PARM_TYPE(name, "array of " #type) +enum hwparam_type { + hwparam_ioport, /* Module parameter configures an I/O port */ + hwparam_iomem, /* Module parameter configures an I/O mem address */ + hwparam_ioport_or_iomem, /* Module parameter could be either, depending on other option */ + hwparam_irq, /* Module parameter configures an I/O port */ + hwparam_dma, /* Module parameter configures a DMA channel */ + hwparam_dma_addr, /* Module parameter configures a DMA buffer address */ + hwparam_other, /* Module parameter configures some other value */ +}; + +/** + * module_param_hw_named - A parameter representing a hw parameters + * @name: a valid C identifier which is the parameter name. + * @value: the actual lvalue to alter. + * @type: the type of the parameter + * @hwtype: what the value represents (enum hwparam_type) + * @perm: visibility in sysfs. + * + * Usually it's a good idea to have variable names and user-exposed names the + * same, but that's harder if the variable must be non-static or is inside a + * structure. This allows exposure under a different name. + */ +#define module_param_hw_named(name, value, type, hwtype, perm) \ + param_check_##type(name, &(value)); \ + __module_param_call(MODULE_PARAM_PREFIX, name, \ + ¶m_ops_##type, &value, \ + perm, -1, \ + KERNEL_PARAM_FL_HWPARAM | (hwparam_##hwtype & 0)); \ + __MODULE_PARM_TYPE(name, #type) + +#define module_param_hw(name, type, hwtype, perm) \ + module_param_hw_named(name, name, type, hwtype, perm) + +/** + * module_param_hw_array - A parameter representing an array of hw parameters + * @name: the name of the array variable + * @type: the type, as per module_param() + * @hwtype: what the value represents (enum hwparam_type) + * @nump: optional pointer filled in with the number written + * @perm: visibility in sysfs + * + * Input and output are as comma-separated values. Commas inside values + * don't work properly (eg. an array of charp). + * + * ARRAY_SIZE(@name) is used to determine the number of elements in the + * array, so the definition must be visible. + */ +#define module_param_hw_array(name, type, hwtype, nump, perm) \ + param_check_##type(name, &(name)[0]); \ + static const struct kparam_array __param_arr_##name \ + = { .max = ARRAY_SIZE(name), .num = nump, \ + .ops = ¶m_ops_##type, \ + .elemsize = sizeof(name[0]), .elem = name }; \ + __module_param_call(MODULE_PARAM_PREFIX, name, \ + ¶m_array_ops, \ + .arr = &__param_arr_##name, \ + perm, -1, \ + KERNEL_PARAM_FL_HWPARAM | (hwparam_##hwtype & 0)); \ + __MODULE_PARM_TYPE(name, "array of " #type) + + extern const struct kernel_param_ops param_array_ops; extern const struct kernel_param_ops param_ops_string; From patchwork Thu Jun 18 23:12:18 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 1312457 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49nyRg0StXz9sR4; Fri, 19 Jun 2020 09:13:51 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1jm3j5-0008OK-Bz; Thu, 18 Jun 2020 23:13:43 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3iY-0007zP-Kj for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:10 +0000 Received: from mail-il1-f199.google.com ([209.85.166.199]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3iX-0008Ox-Ah for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:09 +0000 Received: by mail-il1-f199.google.com with SMTP id j71so5151938ilg.9 for ; Thu, 18 Jun 2020 16:13:09 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=dLvxkhn3bA30ypWAEYKfeHm/e/CerthZlVTzfMbd5yw=; b=JmmxqU/hSRWODYKuLmLznJQeVSQDKdigYLR+ZabLPa+4+1GwqnP6M5he0+8IaEXFsu ZKTtCrKy023rl0Beu+1FK+u8ZYB789N7NeKiJVBuUoxzUNkB7/9w2IItPYRn/ZQgDSlH InsQa8Z2f6p2Vbg6/lDwq2c8GpagE1nXmnOAcyB6wFtZX2178sSYEomdRyM6tvOIPd43 ZWQ13oqE2BdGlw52NfvxIIDMtTx9OnrzwIw0izLm24f6onbWyYC8VLQ6AXqErPXH7Jvc 5DV0DGhWaJKCNRsNHhWtNYzWadHYldJrxlAMbdg2RHpOkp5FVZnrubH2BAKZl2yqIPhq ETcA== X-Gm-Message-State: AOAM530/z5xCwNX7F/gLU9yAXvvSb7EXEL8+3DxfSybwfCEy1wIsoaPy 8BXkOsGNKNZuyV2SKDQ6rGqAus3omhsyxkeykHeThVVjaP0La8BbwOKhcEEFfR8FMi464yCN3mL kNvt2tsGXadh9xliciNttGArWJ6W9sXbT1LhjwY2LNw== X-Received: by 2002:a92:7309:: with SMTP id o9mr897821ilc.205.1592521988132; Thu, 18 Jun 2020 16:13:08 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyEYpzcgkhY4eo6lN/aFg8Luaxo+I7tp0Zud5HF8slJfaac0UHN5HzdYOiLYRaX/Sgu8YYxCg== X-Received: by 2002:a92:7309:: with SMTP id o9mr897805ilc.205.1592521987876; Thu, 18 Jun 2020 16:13:07 -0700 (PDT) Received: from localhost ([2605:a601:ac0f:820:f090:1573:c2fc:6389]) by smtp.gmail.com with ESMTPSA id p10sm2187933ilm.32.2020.06.18.16.13.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 16:13:07 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH 07/47][X] Annotate hardware config module parameters in arch/x86/mm/ Date: Thu, 18 Jun 2020 18:12:18 -0500 Message-Id: <20200618231258.630575-8-seth.forshee@canonical.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200618231258.630575-1-seth.forshee@canonical.com> References: <20200618231258.630575-1-seth.forshee@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: David Howells BugLink: https://bugs.launchpad.net/bugs/1884159 When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a device to access or modify the kernel image. To this end, annotate module_param* statements that refer to hardware configuration and indicate for future reference what type of parameter they specify. The parameter parser in the core sees this information and can skip such parameters with an error message if the kernel is locked down. The module initialisation then runs as normal, but just sees whatever the default values for those parameters is. Note that we do still need to do the module initialisation because some drivers have viable defaults set in case parameters aren't specified and some drivers support automatic configuration (e.g. PNP or PCI) in addition to manually coded parameters. This patch annotates drivers in arch/x86/mm/. [Note: With respect to testmmiotrace, an additional patch will be added separately that makes the module refuse to load if the kernel is locked down.] Suggested-by: Alan Cox Signed-off-by: David Howells Acked-by: Steven Rostedt cc: Ingo Molnar cc: Thomas Gleixner cc: "H. Peter Anvin" cc: x86@kernel.org cc: linux-kernel@vger.kernel.org cc: nouveau@lists.freedesktop.org (cherry picked from commit 3c2e2e6816930e25c755f2e4fc298a0d05d223cf) Signed-off-by: Seth Forshee --- arch/x86/mm/testmmiotrace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/mm/testmmiotrace.c b/arch/x86/mm/testmmiotrace.c index dd2a4ce7b541..a9b62c9c1a8f 100644 --- a/arch/x86/mm/testmmiotrace.c +++ b/arch/x86/mm/testmmiotrace.c @@ -9,7 +9,7 @@ #include static unsigned long mmio_address; -module_param(mmio_address, ulong, 0); +module_param_hw(mmio_address, ulong, iomem, 0); MODULE_PARM_DESC(mmio_address, " Start address of the mapping of 16 kB " "(or 8 MB if read_far is non-zero)."); From patchwork Thu Jun 18 23:12:19 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 1312452 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49nyRH4WHJz9sRW; Fri, 19 Jun 2020 09:13:31 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1jm3im-0008AN-PO; Thu, 18 Jun 2020 23:13:24 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3iZ-00080G-Ms for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:11 +0000 Received: from mail-il1-f199.google.com ([209.85.166.199]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3iY-0008P6-Hi for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:10 +0000 Received: by mail-il1-f199.google.com with SMTP id o12so5149758ilf.6 for ; Thu, 18 Jun 2020 16:13:10 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=WaJ+TCKyD480FFhOLIbJ1LVxgEC2QVUS97vXY12PbRc=; b=HSoXQBUMJ5CgxlM24ssf3YvwO2vRk0DEBbscdpaqtLGCi4mR7ls3UREzHysfXW6gop SREW/5VVnzPmnnrguToUWTBveXNUBFSSoRu4MhuCeL0kCMuiO2iP9Cxb5GHdn8QTNLPA Vae+h+3XfdeIj6gzuiFKg/lshVI6wwuSiXgcXx8As6zhJ4cG9EcVnp5weZxR9YLdPl31 1PO0i0RE4zazttU0fEKTgzvoyRSN2f2McrapZiwz8wDSSXwnqUw33HBLJBpZkmD+zEzd ur4QaWd5JfZHYot0MtiBtuz7uq4GQb1zmh43ED2I4zz+ojQbxXLhLL+ewgwLzwY9QTLT rZSg== X-Gm-Message-State: AOAM5332jE8EhYQ7T/5AzFJe0f0wwZtwIBUuOZDyGFJCOSDKLElA/+nL 9VULDX+ceD4Myw1Jd3BS6oj8XiekyIf0P1wpMNa2S8bXELqy/q4VH0GCXILSqV4xJvxxZoytqio yCQH8cD1lmUqiIqZp9lUpA7uCK13QnOJAiP0oD14vVg== X-Received: by 2002:a92:de0d:: with SMTP id x13mr912906ilm.256.1592521989355; Thu, 18 Jun 2020 16:13:09 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxQYXi3iyJp0P6okXigiiQBmGBHt7G92Ic4v3Vpd9Sk6leFrvk73bheR0FzkQSv4OA8qJulnw== X-Received: by 2002:a92:de0d:: with SMTP id x13mr912881ilm.256.1592521989056; Thu, 18 Jun 2020 16:13:09 -0700 (PDT) Received: from localhost ([2605:a601:ac0f:820:f090:1573:c2fc:6389]) by smtp.gmail.com with ESMTPSA id g15sm2206674ilr.5.2020.06.18.16.13.08 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 16:13:08 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH 08/47][X] Annotate hardware config module parameters in drivers/char/ipmi/ Date: Thu, 18 Jun 2020 18:12:19 -0500 Message-Id: <20200618231258.630575-9-seth.forshee@canonical.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200618231258.630575-1-seth.forshee@canonical.com> References: <20200618231258.630575-1-seth.forshee@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: David Howells BugLink: https://bugs.launchpad.net/bugs/1884159 When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a device to access or modify the kernel image. To this end, annotate module_param* statements that refer to hardware configuration and indicate for future reference what type of parameter they specify. The parameter parser in the core sees this information and can skip such parameters with an error message if the kernel is locked down. The module initialisation then runs as normal, but just sees whatever the default values for those parameters is. Note that we do still need to do the module initialisation because some drivers have viable defaults set in case parameters aren't specified and some drivers support automatic configuration (e.g. PNP or PCI) in addition to manually coded parameters. This patch annotates drivers in drivers/char/ipmi/. Suggested-by: Alan Cox Signed-off-by: David Howells Reviewed-by: Corey Minyard cc: openipmi-developer@lists.sourceforge.net (cherry picked from commit 684497bfe8b4485325554b96b160b5ddb6e9ebaf) Signed-off-by: Seth Forshee --- drivers/char/ipmi/ipmi_si_intf.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/drivers/char/ipmi/ipmi_si_intf.c b/drivers/char/ipmi/ipmi_si_intf.c index 2f8ff63bbbe4..ab672b947bd6 100644 --- a/drivers/char/ipmi/ipmi_si_intf.c +++ b/drivers/char/ipmi/ipmi_si_intf.c @@ -1392,39 +1392,39 @@ MODULE_PARM_DESC(type, "Defines the type of each interface, each" " interface separated by commas. The types are 'kcs'," " 'smic', and 'bt'. For example si_type=kcs,bt will set" " the first interface to kcs and the second to bt"); -module_param_array(addrs, ulong, &num_addrs, 0); +module_param_hw_array(addrs, ulong, iomem, &num_addrs, 0); MODULE_PARM_DESC(addrs, "Sets the memory address of each interface, the" " addresses separated by commas. Only use if an interface" " is in memory. Otherwise, set it to zero or leave" " it blank."); -module_param_array(ports, uint, &num_ports, 0); +module_param_hw_array(ports, uint, ioport, &num_ports, 0); MODULE_PARM_DESC(ports, "Sets the port address of each interface, the" " addresses separated by commas. Only use if an interface" " is a port. Otherwise, set it to zero or leave" " it blank."); -module_param_array(irqs, int, &num_irqs, 0); +module_param_hw_array(irqs, int, irq, &num_irqs, 0); MODULE_PARM_DESC(irqs, "Sets the interrupt of each interface, the" " addresses separated by commas. Only use if an interface" " has an interrupt. Otherwise, set it to zero or leave" " it blank."); -module_param_array(regspacings, int, &num_regspacings, 0); +module_param_hw_array(regspacings, int, other, &num_regspacings, 0); MODULE_PARM_DESC(regspacings, "The number of bytes between the start address" " and each successive register used by the interface. For" " instance, if the start address is 0xca2 and the spacing" " is 2, then the second address is at 0xca4. Defaults" " to 1."); -module_param_array(regsizes, int, &num_regsizes, 0); +module_param_hw_array(regsizes, int, other, &num_regsizes, 0); MODULE_PARM_DESC(regsizes, "The size of the specific IPMI register in bytes." " This should generally be 1, 2, 4, or 8 for an 8-bit," " 16-bit, 32-bit, or 64-bit register. Use this if you" " the 8-bit IPMI register has to be read from a larger" " register."); -module_param_array(regshifts, int, &num_regshifts, 0); +module_param_hw_array(regshifts, int, other, &num_regshifts, 0); MODULE_PARM_DESC(regshifts, "The amount to shift the data read from the." " IPMI register, in bits. For instance, if the data" " is read from a 32-bit word and the IPMI data is in" " bit 8-15, then the shift would be 8"); -module_param_array(slave_addrs, int, &num_slave_addrs, 0); +module_param_hw_array(slave_addrs, int, other, &num_slave_addrs, 0); MODULE_PARM_DESC(slave_addrs, "Set the default IPMB slave address for" " the controller. Normally this is 0x20, but can be" " overridden by this parm. This is an array indexed" From patchwork Thu Jun 18 23:12:20 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 1312450 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49nyR90SCwz9sR4; Fri, 19 Jun 2020 09:13:25 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1jm3ih-00086R-J5; Thu, 18 Jun 2020 23:13:19 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3ia-00080z-Ja for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:12 +0000 Received: from mail-il1-f199.google.com ([209.85.166.199]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3iZ-0008PE-IA for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:11 +0000 Received: by mail-il1-f199.google.com with SMTP id q24so5126679ili.12 for ; Thu, 18 Jun 2020 16:13:11 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=AzqbAC/ES63EnFAvo4b4A9hsSBPEa2/RCHMG4gU+vck=; b=fB/5s1yeues5t+Cm90wiJ/vBw6MmghhjFyG5SjU/9Ur60K5PsTZKz/BLi4sk8cAv4f T5+01mn1OYIREpxGq0Eer0Y6PC+rzLCCUsa8r+xFx5+rHud25UldzvAxRqDXJ+7FtVk/ TwYNXxzPEEMK9qLqG2CfqZfPvp6goiF+lToZVmwnR194ToPDxNdISXBztWAvqiNS3z1U /AJGoJLsCdQi+HaW+IIH9KxL42eZpTlIFHrTym4qGTjGX+JzS//yum3QTS0FbjD78eQ8 1K4+AFy9SsS0B5wYXXxfd3NGQd8uLjzK9lscaZWx63PNe0uMFAt1miVrI0d6Mz9n+9no Is+g== X-Gm-Message-State: AOAM530WEcGvMTDUMQWphoLP/FAY/CUfseV9kzoC6zQ49x2LwCNfXgUk MhM8VAw1ekP4hj3G/TJ8mDfnDvyqBLZmz8sl+iJF57B/ZqtLNIwFPiTOdZXVcT5b3A0jTqm3VTi 8yJw7RnohxsYn+S7EwUwj1ExIeOH8V9T74rZbpktQuA== X-Received: by 2002:a92:4852:: with SMTP id v79mr901938ila.172.1592521990450; Thu, 18 Jun 2020 16:13:10 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy1fBZfaqTT00u8n4Fw0RG8FLQ1Ze5myphqpeMkKrnUhmnGauraZHhvWt7sXMm+BZZOG7u7pQ== X-Received: by 2002:a92:4852:: with SMTP id v79mr901914ila.172.1592521990226; Thu, 18 Jun 2020 16:13:10 -0700 (PDT) Received: from localhost ([2605:a601:ac0f:820:f090:1573:c2fc:6389]) by smtp.gmail.com with ESMTPSA id z4sm2205535ilm.72.2020.06.18.16.13.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 16:13:09 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH 09/47][X] Annotate hardware config module parameters in drivers/char/mwave/ Date: Thu, 18 Jun 2020 18:12:20 -0500 Message-Id: <20200618231258.630575-10-seth.forshee@canonical.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200618231258.630575-1-seth.forshee@canonical.com> References: <20200618231258.630575-1-seth.forshee@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: David Howells BugLink: https://bugs.launchpad.net/bugs/1884159 When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a device to access or modify the kernel image. To this end, annotate module_param* statements that refer to hardware configuration and indicate for future reference what type of parameter they specify. The parameter parser in the core sees this information and can skip such parameters with an error message if the kernel is locked down. The module initialisation then runs as normal, but just sees whatever the default values for those parameters is. Note that we do still need to do the module initialisation because some drivers have viable defaults set in case parameters aren't specified and some drivers support automatic configuration (e.g. PNP or PCI) in addition to manually coded parameters. This patch annotates drivers in drivers/char/mwave/. Suggested-by: Alan Cox Signed-off-by: David Howells (cherry picked from commit 94b599bc07c3c4f365f546218918dcbc363111b2) Signed-off-by: Seth Forshee --- drivers/char/mwave/mwavedd.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/char/mwave/mwavedd.c b/drivers/char/mwave/mwavedd.c index 618f3df6c3b9..19c11efe78b1 100644 --- a/drivers/char/mwave/mwavedd.c +++ b/drivers/char/mwave/mwavedd.c @@ -81,10 +81,10 @@ int mwave_3780i_io = 0; int mwave_uart_irq = 0; int mwave_uart_io = 0; module_param(mwave_debug, int, 0); -module_param(mwave_3780i_irq, int, 0); -module_param(mwave_3780i_io, int, 0); -module_param(mwave_uart_irq, int, 0); -module_param(mwave_uart_io, int, 0); +module_param_hw(mwave_3780i_irq, int, irq, 0); +module_param_hw(mwave_3780i_io, int, ioport, 0); +module_param_hw(mwave_uart_irq, int, irq, 0); +module_param_hw(mwave_uart_io, int, ioport, 0); static int mwave_open(struct inode *inode, struct file *file); static int mwave_close(struct inode *inode, struct file *file); From patchwork Thu Jun 18 23:12:21 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 1312451 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49nyRB2Yktz9sRf; Fri, 19 Jun 2020 09:13:26 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1jm3ij-000886-Td; Thu, 18 Jun 2020 23:13:21 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3id-00082i-3R for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:15 +0000 Received: from mail-il1-f199.google.com ([209.85.166.199]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3ib-0008PJ-PG for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:13 +0000 Received: by mail-il1-f199.google.com with SMTP id l20so5116959ilk.22 for ; Thu, 18 Jun 2020 16:13:13 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=w2J9bq1jc2+eFfA0FNWUc5i8SCn0Cg7uiLuKmEbT3so=; b=JNiRxXEoC4mkudD2SMSvCLtNS/pO98cUlFSggj46g2ltPE/iynZvEW8pLBbDx1ZYQt w6VJ3zUvgCjRNIHj/tBOOv4dKuWM6RIuvD1oqoBOpQ/DYfVyZs+KjeIq/PYqd1DhKE0e +rbvNhyLXVG5K3S/RiXIuiSxuksR66AAu/7iMy6k12khemGiypnjZ3b23KRkBsynZWLi O72CYe233yYpcT1kay2yOYKeNiwiweaLiqMRWVw30ubleWgZN2vwFbSsqyGfoXn+V7ti 8sAgmMR/TZEDV9VeihiaP6q1ya5Lv0nSb5DFr2gSB3UTkEM7DGvVQMNqhu98UFfvimlA vwsQ== X-Gm-Message-State: AOAM532G+H2LEJ5gsLbJfiajm4MpS+xtYV2vp5QYPDwfjk3q4vmkj9en 5eZK+IYMnSQ2ujtOS/HIAyb2QwABvtBbxuR/AfMKWPBnikv713BPVTvONv4a4QkUyVq3j1dZxbV /tiszz0NDB/9aoTa6C2W69RSnt3A9fJ9Y2uHARtkRmw== X-Received: by 2002:a92:d38b:: with SMTP id o11mr904188ilo.47.1592521992596; Thu, 18 Jun 2020 16:13:12 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwfpLgBaoxYLzZBm6fyXKk+fdQiT/FHFnCGzYuTgacdqH8eKmCA2EAsbKsELkMRsbXUt+yUKQ== X-Received: by 2002:a92:d38b:: with SMTP id o11mr904174ilo.47.1592521992301; Thu, 18 Jun 2020 16:13:12 -0700 (PDT) Received: from localhost ([2605:a601:ac0f:820:f090:1573:c2fc:6389]) by smtp.gmail.com with ESMTPSA id z12sm2413071iol.15.2020.06.18.16.13.11 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 16:13:11 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH 10/47][X] Annotate hardware config module parameters in drivers/char/ Date: Thu, 18 Jun 2020 18:12:21 -0500 Message-Id: <20200618231258.630575-11-seth.forshee@canonical.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200618231258.630575-1-seth.forshee@canonical.com> References: <20200618231258.630575-1-seth.forshee@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: David Howells BugLink: https://bugs.launchpad.net/bugs/1884159 When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a device to access or modify the kernel image. To this end, annotate module_param* statements that refer to hardware configuration and indicate for future reference what type of parameter they specify. The parameter parser in the core sees this information and can skip such parameters with an error message if the kernel is locked down. The module initialisation then runs as normal, but just sees whatever the default values for those parameters is. Note that we do still need to do the module initialisation because some drivers have viable defaults set in case parameters aren't specified and some drivers support automatic configuration (e.g. PNP or PCI) in addition to manually coded parameters. This patch annotates drivers in drivers/char/. Suggested-by: Alan Cox Signed-off-by: David Howells Acked-by: Greg Kroah-Hartman cc: Arnd Bergmann (cherry picked from commit 1c37ab5e51792a5419bdc84804aec6379cb43adb) Signed-off-by: Seth Forshee --- drivers/char/applicom.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/char/applicom.c b/drivers/char/applicom.c index 9fcd51095d13..aeb0b876bb19 100644 --- a/drivers/char/applicom.c +++ b/drivers/char/applicom.c @@ -95,9 +95,9 @@ static struct applicom_board { static unsigned int irq = 0; /* interrupt number IRQ */ static unsigned long mem = 0; /* physical segment of board */ -module_param(irq, uint, 0); +module_param_hw(irq, uint, irq, 0); MODULE_PARM_DESC(irq, "IRQ of the Applicom board"); -module_param(mem, ulong, 0); +module_param_hw(mem, ulong, iomem, 0); MODULE_PARM_DESC(mem, "Shared Memory Address of Applicom board"); static unsigned int numboards; /* number of installed boards */ From patchwork Thu Jun 18 23:12:22 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 1312453 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49nyRL29nMz9sNR; Fri, 19 Jun 2020 09:13:34 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1jm3ip-0008Cg-Q3; Thu, 18 Jun 2020 23:13:27 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3ie-00083K-3Z for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:16 +0000 Received: from mail-il1-f199.google.com ([209.85.166.199]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3ic-0008PS-Vy for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:15 +0000 Received: by mail-il1-f199.google.com with SMTP id w65so5131246ilk.14 for ; Thu, 18 Jun 2020 16:13:14 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=uGMkQ07+7bx1FU5yI2G6Hy0lRKlEMcGlWA8E+bd5ZVA=; b=S7k5BMx0ckG+CNWLRrM3HuyKSjrWasiNsgwylLLPffwiCMEP55knl901sdg1BD1R5O BiC7Goqkq7F3ZHNJivG0joc0lnXRzYapZi73iUJeTZEDRVfRyjHaBBEpJXkfd0CY+n9u dY21AhCe3h20mEl1A92bAYB0xuBCqyNISsiHGDLPFDTdjduqoOSkOwmPlwyA3K3S2nxn uN/304EJr/uSWj70/n/Qg2JdYIrNQCSy7P6uyuJsGjVJsOpgCRlWdc4BYt/Qu3TIJ+uM ZwfKlAoA/n11Ldi3s0cGToXxT/H+qySX9XHfiwe1P3sdiSBd33cGbSh+wc5lYY+6+kc+ ZCDA== X-Gm-Message-State: AOAM532NBokkNbkLGFvfrnCFfIne0K0QYU9reS4AoSLtKNGEXrWWeqEJ iHmU08ju0zinAYb4dpaOFdCHBM9IM7YGX1rhb7Gkcp5NiLWv94lnUpeAheJX0lHXMwUD3vNQeMk e0dE4Mwm6KPjI5Kj1rUPVmYFlhnLFDKzCFB91YP8LIA== X-Received: by 2002:a6b:1d7:: with SMTP id 206mr1222569iob.138.1592521993791; Thu, 18 Jun 2020 16:13:13 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwyAOEmPlENcFwW7SkWgfbw6vbldzv4g4C+F8ChX9RB3hV2U7i3clR0NVqSjKJT+eVW51Wc4A== X-Received: by 2002:a6b:1d7:: with SMTP id 206mr1222547iob.138.1592521993558; Thu, 18 Jun 2020 16:13:13 -0700 (PDT) Received: from localhost ([2605:a601:ac0f:820:f090:1573:c2fc:6389]) by smtp.gmail.com with ESMTPSA id n20sm2276653ila.85.2020.06.18.16.13.12 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 16:13:13 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH 11/47][X] Annotate hardware config module parameters in drivers/clocksource/ Date: Thu, 18 Jun 2020 18:12:22 -0500 Message-Id: <20200618231258.630575-12-seth.forshee@canonical.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200618231258.630575-1-seth.forshee@canonical.com> References: <20200618231258.630575-1-seth.forshee@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: David Howells BugLink: https://bugs.launchpad.net/bugs/1884159 When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a device to access or modify the kernel image. To this end, annotate module_param* statements that refer to hardware configuration and indicate for future reference what type of parameter they specify. The parameter parser in the core sees this information and can skip such parameters with an error message if the kernel is locked down. The module initialisation then runs as normal, but just sees whatever the default values for those parameters is. Note that we do still need to do the module initialisation because some drivers have viable defaults set in case parameters aren't specified and some drivers support automatic configuration (e.g. PNP or PCI) in addition to manually coded parameters. This patch annotates drivers in drivers/clocksource/. [Note: With regard to cs5535-clockevt.c, Thomas Gleixner asked whether the timer_irq parameter is required for the driver to work on anything other than arbitrary hardware which has it mapped to 0. Jens Rottmann replied that the parameter defaults to 0, which means: 1. autodetect (=keep IRQ BIOS has set up) 2. if that fails use CONFIG_CS5535_MFGPT_DEFAULT_IRQ (see drivers/misc/cs5535-mfgpt.c: cs5535_mfgpt_set_irq()) Jens further noted that there may not be any systems that have CS5535/36 devices that support EFI and secure boot.] Suggested-by: Alan Cox Signed-off-by: David Howells cc: Daniel Lezcano cc: Thomas Gleixner cc: Jens Rottmann cc: linux-kernel@vger.kernel.org (cherry picked from commit cc9c617557cd0442294138188ac8611659768a10) Signed-off-by: Seth Forshee --- drivers/clocksource/cs5535-clockevt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/clocksource/cs5535-clockevt.c b/drivers/clocksource/cs5535-clockevt.c index e1d7373e63e0..1de8cac99a0e 100644 --- a/drivers/clocksource/cs5535-clockevt.c +++ b/drivers/clocksource/cs5535-clockevt.c @@ -22,7 +22,7 @@ #define DRV_NAME "cs5535-clockevt" static int timer_irq; -module_param_named(irq, timer_irq, int, 0644); +module_param_hw_named(irq, timer_irq, int, irq, 0644); MODULE_PARM_DESC(irq, "Which IRQ to use for the clock source MFGPT ticks."); /* From patchwork Thu Jun 18 23:12:23 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 1312454 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49nyRQ5mCrz9sR4; Fri, 19 Jun 2020 09:13:38 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1jm3iu-0008G9-FQ; Thu, 18 Jun 2020 23:13:32 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3ig-00084F-A9 for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:18 +0000 Received: from mail-io1-f72.google.com ([209.85.166.72]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3ie-0008PY-A4 for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:16 +0000 Received: by mail-io1-f72.google.com with SMTP id z12so5355985iow.15 for ; Thu, 18 Jun 2020 16:13:16 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=2LUEeHhPc0QLdUDAtM7h+fXX/Xde04MwmYmNnrJbCSs=; b=qbPOGT+GGNfvsZ5iG1bCiIhnUlyXl1Jkl70uYGfXFnf99Ccqdq78U9r9XT6R0W/Nat JBJWIRiCqxKkdGsdyLr+IQkjieZxYFr1dk1XQ9HfjBZeX/dvLP/4dcvOkaHvYmNQ9sSL mrRoEJhWp+2jZ2j5geWiNFVoVpr9zYYXQgLOH9Qq1UzT3kLwxliP8csriKBIHJPkMVwI g3dK26V2BipZl3oMayGljMuC1VlO3RTSXQzX86ja7hVxoU56OaY6HY4rYMvK5U4eVDCc QpdCaeFrzpZmUJMgW/ukHQDvHgSN0pyKO02KldFjfMZqjXQreJ9BzAKGPZxd4XCnJufz cBpg== X-Gm-Message-State: AOAM531qJYl5B71z21k5wIIoE/G0V19HCHhRgvUNelO8RVAcG6jIT7lh s7sYCNsVcRQJPNvMBzbQTzwS5XdkFYQZLWIYEjdkRMZxb5S0GhkyqOZEUAzLtMbWNI1+SKd8PKp HqZMgmxNDrSRbHwzEE2uBilwmIp28OQpTMiuMy+f4Rg== X-Received: by 2002:a92:155d:: with SMTP id v90mr900444ilk.73.1592521994939; Thu, 18 Jun 2020 16:13:14 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxJTLSVrUwP404zJBWJ6cpp9OVPwGnZhfvIMk2oTw0zvUUcpVp6zSyentY9RHdCKvG2sW/OYw== X-Received: by 2002:a92:155d:: with SMTP id v90mr900428ilk.73.1592521994693; Thu, 18 Jun 2020 16:13:14 -0700 (PDT) Received: from localhost ([2605:a601:ac0f:820:f090:1573:c2fc:6389]) by smtp.gmail.com with ESMTPSA id b8sm898013ilf.28.2020.06.18.16.13.14 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 16:13:14 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH 12/47][X] Annotate hardware config module parameters in drivers/cpufreq/ Date: Thu, 18 Jun 2020 18:12:23 -0500 Message-Id: <20200618231258.630575-13-seth.forshee@canonical.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200618231258.630575-1-seth.forshee@canonical.com> References: <20200618231258.630575-1-seth.forshee@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: David Howells BugLink: https://bugs.launchpad.net/bugs/1884159 When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a device to access or modify the kernel image. To this end, annotate module_param* statements that refer to hardware configuration and indicate for future reference what type of parameter they specify. The parameter parser in the core sees this information and can skip such parameters with an error message if the kernel is locked down. The module initialisation then runs as normal, but just sees whatever the default values for those parameters is. Note that we do still need to do the module initialisation because some drivers have viable defaults set in case parameters aren't specified and some drivers support automatic configuration (e.g. PNP or PCI) in addition to manually coded parameters. This patch annotates drivers in drivers/cpufreq/. Suggested-by: Alan Cox Signed-off-by: David Howells Acked-by: "Rafael J. Wysocki" Acked-by: Viresh Kumar cc: linux-pm@vger.kernel.org (cherry picked from commit 40059ec6701bd10d7d972ed302cca61cf8b6f2cf) Signed-off-by: Seth Forshee --- drivers/cpufreq/speedstep-smi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/cpufreq/speedstep-smi.c b/drivers/cpufreq/speedstep-smi.c index 819229e824fb..b5691317b6dd 100644 --- a/drivers/cpufreq/speedstep-smi.c +++ b/drivers/cpufreq/speedstep-smi.c @@ -377,7 +377,7 @@ static void __exit speedstep_exit(void) cpufreq_unregister_driver(&speedstep_driver); } -module_param(smi_port, int, 0444); +module_param_hw(smi_port, int, ioport, 0444); module_param(smi_cmd, int, 0444); module_param(smi_sig, uint, 0444); From patchwork Thu Jun 18 23:12:24 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 1312455 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49nyRS2l5xz9sRk; Fri, 19 Jun 2020 09:13:40 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1jm3iv-0008HG-S3; Thu, 18 Jun 2020 23:13:33 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3ih-00085c-5j for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:19 +0000 Received: from mail-io1-f71.google.com ([209.85.166.71]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3ig-0008Q2-3e for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:18 +0000 Received: by mail-io1-f71.google.com with SMTP id b3so3072407ion.17 for ; Thu, 18 Jun 2020 16:13:18 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=BL5yL7oY/9Qnleyl5Itl0tw0Tibek5I6ZYbO8678NgE=; b=aG8ZD/B0pgCwSfFmCBmpwyvbzjwRvM7rfOqhVieuakaPD1DzXOJds/shoJWXpGlwh3 TkxAOLjSQo+hjAR8hwUzQ/mtsPfcYy8qlrNM0wOKFopr6nEFWry/4HtF57MfntSR4x4O HKNdHZ5Mxc2KsnDwL/ubRm1ZZZorttUFrdVCOiX3AurQxZJAOt5IdjvA7gLOoFRShbJK VhO8fvD2PI+EDu/1lKywfoy3Yino3A6jJDwR7PGRr76X1gJDNVsef42usw4PbPg2PTjq x+vP/2mhK9VBg6YgHz//PB4O7SOQRKTo+Dwx4CdCfk7ET/JnWMd7DPq4As3Dq8Qs0lTT Z0rQ== X-Gm-Message-State: AOAM5337clcot7TXNjNQD45sUZAObbzYNq70Wc+oylkarYTDI9skB4qm 9l2l5pIOs5sdWFfCd2agVKjTiX5OidwrwIv/ltKIQtQKtmQFhCwD188TlqPfnUfqvidlXKoNQQV EVSNvE9dYSgci0mAKFfUx5BY95IMVtVGuHr+UYiaHAA== X-Received: by 2002:a92:2515:: with SMTP id l21mr885844ill.64.1592521997012; Thu, 18 Jun 2020 16:13:17 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwnwqb2DRZWer3eSaWIGYOObz7gcn+DP2r6RmyBsvCkRYDx6hqQ0FrjLKNcGHWEEZmKD8CQDw== X-Received: by 2002:a92:2515:: with SMTP id l21mr885828ill.64.1592521996753; Thu, 18 Jun 2020 16:13:16 -0700 (PDT) Received: from localhost ([2605:a601:ac0f:820:f090:1573:c2fc:6389]) by smtp.gmail.com with ESMTPSA id c5sm2344158ioq.9.2020.06.18.16.13.16 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 16:13:16 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH 13/47][X] Annotate hardware config module parameters in drivers/gpio/ Date: Thu, 18 Jun 2020 18:12:24 -0500 Message-Id: <20200618231258.630575-14-seth.forshee@canonical.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200618231258.630575-1-seth.forshee@canonical.com> References: <20200618231258.630575-1-seth.forshee@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: David Howells BugLink: https://bugs.launchpad.net/bugs/1884159 When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a device to access or modify the kernel image. To this end, annotate module_param* statements that refer to hardware configuration and indicate for future reference what type of parameter they specify. The parameter parser in the core sees this information and can skip such parameters with an error message if the kernel is locked down. The module initialisation then runs as normal, but just sees whatever the default values for those parameters is. Note that we do still need to do the module initialisation because some drivers have viable defaults set in case parameters aren't specified and some drivers support automatic configuration (e.g. PNP or PCI) in addition to manually coded parameters. This patch annotates drivers in drivers/gpio/. Suggested-by: Alan Cox Signed-off-by: David Howells Acked-by: William Breathitt Gray Acked-by: Linus Walleij cc: Alexandre Courbot cc: linux-gpio@vger.kernel.org (backported from commit d759f906794b3b2894780870227c3c05895d83c1) Signed-off-by: Seth Forshee --- drivers/gpio/gpio-104-idio-16.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpio/gpio-104-idio-16.c b/drivers/gpio/gpio-104-idio-16.c index 5400d7d4d8fd..f48f72e20f2e 100644 --- a/drivers/gpio/gpio-104-idio-16.c +++ b/drivers/gpio/gpio-104-idio-16.c @@ -23,7 +23,7 @@ #include static unsigned idio_16_base; -module_param(idio_16_base, uint, 0); +module_param_hw(idio_16_base, uint, ioport, 0); MODULE_PARM_DESC(idio_16_base, "ACCES 104-IDIO-16 base address"); /** From patchwork Thu Jun 18 23:12:25 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 1312458 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49nyRj3SVNz9sRf; Fri, 19 Jun 2020 09:13:53 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1jm3j9-0008Qf-Hu; Thu, 18 Jun 2020 23:13:47 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3ij-00086k-0K for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:21 +0000 Received: from mail-il1-f197.google.com ([209.85.166.197]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3ih-0008Q7-Jw for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:19 +0000 Received: by mail-il1-f197.google.com with SMTP id c8so5167639ilm.5 for ; Thu, 18 Jun 2020 16:13:19 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=A1Fcvn23JBd+n0F4D5ztp3w3AN0IlJH/19qO+Q+8nBE=; b=FmEPVpvZjbU9BIn9FITCqBCmMAKe0XJb5kNC0POdkMj96va8lGlDAOzR59LHp9V4iv VUIlAX98XgxNbK8CLoPaY81PtGkmL9xf+lc1JHR5FhjoVljwTB5ouKyAw3K1GYN7uhxJ cRrA5Hz5HbwYlHSJdtaZFvgIH/auLAU7AqlvX6t5Zxwo+f9lSmAxqeMV+CDGxAGUErXo DRZVrg9obX9eaqe+GnaXOxti7m5+7tT1cM0JxjWrora3l2kfJqyDoW/NxBu4ZBd31QGi 5AisDk0gCLpP7QZxdRTBwLhcqn1chO/rPZxJrXbH8BR64Z/7/q8U3bnwIPY8OQK1Hlk9 wTyw== X-Gm-Message-State: AOAM531vy9OaPhEX8gnQRgXAYUMLJ3KyMtk/ly8uu32ceYStMCpk6dfP zo15+wBuXso9reMmFub8H7rWVKN6IUKYR8WO/qNk5s+i9frHcQqiVHCX0sRgPwDwXejY11PAYpC aweGz9m+8B5itlrUjIeL0e1pXUaOqQcieQNCIIrduDQ== X-Received: by 2002:a02:ab94:: with SMTP id t20mr1033211jan.13.1592521998315; Thu, 18 Jun 2020 16:13:18 -0700 (PDT) X-Google-Smtp-Source: ABdhPJztBBfKkla90FPYDUWeLh65BoqX4PbnM5tY0Drr6o+IEoIlQ6SuVR5CwnL4B07YcDcO3Cwaxg== X-Received: by 2002:a02:ab94:: with SMTP id t20mr1033195jan.13.1592521998017; Thu, 18 Jun 2020 16:13:18 -0700 (PDT) Received: from localhost ([2605:a601:ac0f:820:f090:1573:c2fc:6389]) by smtp.gmail.com with ESMTPSA id z16sm2219873ilz.64.2020.06.18.16.13.17 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 16:13:17 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH 14/47][X] Annotate hardware config module parameters in drivers/i2c/ Date: Thu, 18 Jun 2020 18:12:25 -0500 Message-Id: <20200618231258.630575-15-seth.forshee@canonical.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200618231258.630575-1-seth.forshee@canonical.com> References: <20200618231258.630575-1-seth.forshee@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: David Howells BugLink: https://bugs.launchpad.net/bugs/1884159 When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a device to access or modify the kernel image. To this end, annotate module_param* statements that refer to hardware configuration and indicate for future reference what type of parameter they specify. The parameter parser in the core sees this information and can skip such parameters with an error message if the kernel is locked down. The module initialisation then runs as normal, but just sees whatever the default values for those parameters is. Note that we do still need to do the module initialisation because some drivers have viable defaults set in case parameters aren't specified and some drivers support automatic configuration (e.g. PNP or PCI) in addition to manually coded parameters. This patch annotates drivers in drivers/i2c/. Suggested-by: Alan Cox Signed-off-by: David Howells Acked-by: Wolfram Sang Acked-by: Jean Delvare cc: linux-i2c@vger.kernel.org (backported from commit c78babcc7d25ffd44a579c796fb4e9a313c0b127) Signed-off-by: Seth Forshee --- drivers/i2c/busses/i2c-ali15x3.c | 2 +- drivers/i2c/busses/i2c-elektor.c | 6 +++--- drivers/i2c/busses/i2c-parport-light.c | 4 ++-- drivers/i2c/busses/i2c-pca-isa.c | 4 ++-- drivers/i2c/busses/i2c-piix4.c | 2 +- drivers/i2c/busses/i2c-sis5595.c | 2 +- drivers/i2c/busses/i2c-viapro.c | 2 +- drivers/i2c/busses/scx200_acb.c | 2 +- 8 files changed, 12 insertions(+), 12 deletions(-) diff --git a/drivers/i2c/busses/i2c-ali15x3.c b/drivers/i2c/busses/i2c-ali15x3.c index 45c5c4883022..6e6bf46bcb52 100644 --- a/drivers/i2c/busses/i2c-ali15x3.c +++ b/drivers/i2c/busses/i2c-ali15x3.c @@ -119,7 +119,7 @@ /* If force_addr is set to anything different from 0, we forcibly enable the device at the given address. */ static u16 force_addr; -module_param(force_addr, ushort, 0); +module_param_hw(force_addr, ushort, ioport, 0); MODULE_PARM_DESC(force_addr, "Initialize the base address of the i2c controller"); diff --git a/drivers/i2c/busses/i2c-elektor.c b/drivers/i2c/busses/i2c-elektor.c index 92e8c0ce1625..af4eedef733e 100644 --- a/drivers/i2c/busses/i2c-elektor.c +++ b/drivers/i2c/busses/i2c-elektor.c @@ -333,11 +333,11 @@ MODULE_AUTHOR("Hans Berglund "); MODULE_DESCRIPTION("I2C-Bus adapter routines for PCF8584 ISA bus adapter"); MODULE_LICENSE("GPL"); -module_param(base, int, 0); -module_param(irq, int, 0); +module_param_hw(base, int, ioport_or_iomem, 0); +module_param_hw(irq, int, irq, 0); module_param(clock, int, 0); module_param(own, int, 0); -module_param(mmapped, int, 0); +module_param_hw(mmapped, int, other, 0); module_init(i2c_pcfisa_init); module_exit(i2c_pcfisa_exit); diff --git a/drivers/i2c/busses/i2c-parport-light.c b/drivers/i2c/busses/i2c-parport-light.c index 1bcdd10b68b9..faa8fb8f2b8f 100644 --- a/drivers/i2c/busses/i2c-parport-light.c +++ b/drivers/i2c/busses/i2c-parport-light.c @@ -38,11 +38,11 @@ static struct platform_device *pdev; static u16 base; -module_param(base, ushort, 0); +module_param_hw(base, ushort, ioport, 0); MODULE_PARM_DESC(base, "Base I/O address"); static int irq; -module_param(irq, int, 0); +module_param_hw(irq, int, irq, 0); MODULE_PARM_DESC(irq, "IRQ (optional)"); /* ----- Low-level parallel port access ----------------------------------- */ diff --git a/drivers/i2c/busses/i2c-pca-isa.c b/drivers/i2c/busses/i2c-pca-isa.c index e0eb4ca0102e..2e1931d5ca76 100644 --- a/drivers/i2c/busses/i2c-pca-isa.c +++ b/drivers/i2c/busses/i2c-pca-isa.c @@ -207,10 +207,10 @@ MODULE_AUTHOR("Ian Campbell "); MODULE_DESCRIPTION("ISA base PCA9564/PCA9665 driver"); MODULE_LICENSE("GPL"); -module_param(base, ulong, 0); +module_param_hw(base, ulong, ioport, 0); MODULE_PARM_DESC(base, "I/O base address"); -module_param(irq, int, 0); +module_param_hw(irq, int, irq, 0); MODULE_PARM_DESC(irq, "IRQ"); module_param(clock, int, 0); MODULE_PARM_DESC(clock, "Clock rate in hertz.\n\t\t" diff --git a/drivers/i2c/busses/i2c-piix4.c b/drivers/i2c/busses/i2c-piix4.c index b61db9db3ca5..45cb33360522 100644 --- a/drivers/i2c/busses/i2c-piix4.c +++ b/drivers/i2c/busses/i2c-piix4.c @@ -86,7 +86,7 @@ MODULE_PARM_DESC(force, "Forcibly enable the PIIX4. DANGEROUS!"); /* If force_addr is set to anything different from 0, we forcibly enable the PIIX4 at the given address. VERY DANGEROUS! */ static int force_addr; -module_param (force_addr, int, 0); +module_param_hw(force_addr, int, ioport, 0); MODULE_PARM_DESC(force_addr, "Forcibly enable the PIIX4 at the given address. " "EXTREMELY DANGEROUS!"); diff --git a/drivers/i2c/busses/i2c-sis5595.c b/drivers/i2c/busses/i2c-sis5595.c index 7d58a40faf2d..d543a9867ba4 100644 --- a/drivers/i2c/busses/i2c-sis5595.c +++ b/drivers/i2c/busses/i2c-sis5595.c @@ -119,7 +119,7 @@ static int blacklist[] = { /* If force_addr is set to anything different from 0, we forcibly enable the device at the given address. */ static u16 force_addr; -module_param(force_addr, ushort, 0); +module_param_hw(force_addr, ushort, ioport, 0); MODULE_PARM_DESC(force_addr, "Initialize the base address of the i2c controller"); static struct pci_driver sis5595_driver; diff --git a/drivers/i2c/busses/i2c-viapro.c b/drivers/i2c/busses/i2c-viapro.c index 0ee2646f3b00..0dc45e12bb1d 100644 --- a/drivers/i2c/busses/i2c-viapro.c +++ b/drivers/i2c/busses/i2c-viapro.c @@ -94,7 +94,7 @@ MODULE_PARM_DESC(force, "Forcibly enable the SMBus. DANGEROUS!"); /* If force_addr is set to anything different from 0, we forcibly enable the VT596 at the given address. VERY DANGEROUS! */ static u16 force_addr; -module_param(force_addr, ushort, 0); +module_param_hw(force_addr, ushort, ioport, 0); MODULE_PARM_DESC(force_addr, "Forcibly enable the SMBus at the given address. " "EXTREMELY DANGEROUS!"); diff --git a/drivers/i2c/busses/scx200_acb.c b/drivers/i2c/busses/scx200_acb.c index 0a7e410b6195..e0923bee8d1f 100644 --- a/drivers/i2c/busses/scx200_acb.c +++ b/drivers/i2c/busses/scx200_acb.c @@ -42,7 +42,7 @@ MODULE_LICENSE("GPL"); #define MAX_DEVICES 4 static int base[MAX_DEVICES] = { 0x820, 0x840 }; -module_param_array(base, int, NULL, 0); +module_param_hw_array(base, int, ioport, NULL, 0); MODULE_PARM_DESC(base, "Base addresses for the ACCESS.bus controllers"); #define POLL_TIMEOUT (HZ/5) From patchwork Thu Jun 18 23:12:26 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 1312459 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49nyRp31YNz9sR4; Fri, 19 Jun 2020 09:13:58 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1jm3jD-0008U0-MV; Thu, 18 Jun 2020 23:13:51 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3ij-00087b-W8 for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:22 +0000 Received: from mail-il1-f199.google.com ([209.85.166.199]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3ii-0008QH-R7 for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:20 +0000 Received: by mail-il1-f199.google.com with SMTP id k13so5092086ilh.23 for ; Thu, 18 Jun 2020 16:13:20 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=sQA4RNjeOAFL8ZvSpU90F10ame2j3xG6L97Q7eOgZ3o=; b=GOJvf9JYNWPfclqwYTWU2HBf/1VheSYIhXeMnGEAJJZfIPwdNLfZSLNdYJOkY8/G+Z S4gNbDJYeRSisizgYiWDBhTUz1Ze8b7ALrIrQmVOCnz0qQMY6ukJF/KUOMLTxlCuxSeQ sFD1u2RiVilDVG9vU2guSmWweRzuIeD5FuV4A6vCRl7FsNcV/TEthYFMpGIgtDJE2zhV 5o/neuTFitmgFr5Xv+GwsIthfmT1gvFXYdEtJXJwMLSOx+CPX1eeLVDtanXHuLq+b4sS xFJZbAvi+F0TeSpK8BBOjKbLOoA2sFyr5UOCtmoo1CUvNLKlhgHLZ/KdRUBo2GGy2uqA awxw== X-Gm-Message-State: AOAM533WTeOK8n2dYgxRQsqeIqQjMk3apOezuAf9n+HiXL0RCIWHN2E0 Kq+RCE2GRDfxBPrr3IL6QY9K0sNYqHC+wU17IHtKTbBL7dOV36DvO6QkjM4TnAq94P7iEjd1ork wIJ/5/kCk8jLMOcocR2cn01v5IsRYFjnonmz3Nig55A== X-Received: by 2002:a92:8986:: with SMTP id w6mr771838ilk.253.1592521999662; Thu, 18 Jun 2020 16:13:19 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwZ1zOjMDrZMfWe6UgDi51uBKutzoD9C5oLA6Ac2P9WiQMcEW1nmQKCPL6vgjolP2EbTWj9eQ== X-Received: by 2002:a92:8986:: with SMTP id w6mr771814ilk.253.1592521999324; Thu, 18 Jun 2020 16:13:19 -0700 (PDT) Received: from localhost ([2605:a601:ac0f:820:f090:1573:c2fc:6389]) by smtp.gmail.com with ESMTPSA id r1sm2249660iln.77.2020.06.18.16.13.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 16:13:18 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH 15/47][X] Annotate hardware config module parameters in drivers/input/ Date: Thu, 18 Jun 2020 18:12:26 -0500 Message-Id: <20200618231258.630575-16-seth.forshee@canonical.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200618231258.630575-1-seth.forshee@canonical.com> References: <20200618231258.630575-1-seth.forshee@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: David Howells BugLink: https://bugs.launchpad.net/bugs/1884159 When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a device to access or modify the kernel image. To this end, annotate module_param* statements that refer to hardware configuration and indicate for future reference what type of parameter they specify. The parameter parser in the core sees this information and can skip such parameters with an error message if the kernel is locked down. The module initialisation then runs as normal, but just sees whatever the default values for those parameters is. Note that we do still need to do the module initialisation because some drivers have viable defaults set in case parameters aren't specified and some drivers support automatic configuration (e.g. PNP or PCI) in addition to manually coded parameters. This patch annotates drivers in drivers/input/. Suggested-by: Alan Cox Signed-off-by: David Howells Acked-by: Dmitry Torokhov cc: linux-input@vger.kernel.org (cherry picked from commit f6b12d04346cfcc926756ded982c91c25eff0333) Signed-off-by: Seth Forshee --- drivers/input/mouse/inport.c | 2 +- drivers/input/mouse/logibm.c | 2 +- drivers/input/touchscreen/mk712.c | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/input/mouse/inport.c b/drivers/input/mouse/inport.c index 3827a22362de..9ce71dfa0de1 100644 --- a/drivers/input/mouse/inport.c +++ b/drivers/input/mouse/inport.c @@ -78,7 +78,7 @@ MODULE_LICENSE("GPL"); #define INPORT_IRQ 5 static int inport_irq = INPORT_IRQ; -module_param_named(irq, inport_irq, uint, 0); +module_param_hw_named(irq, inport_irq, uint, irq, 0); MODULE_PARM_DESC(irq, "IRQ number (5=default)"); static struct input_dev *inport_dev; diff --git a/drivers/input/mouse/logibm.c b/drivers/input/mouse/logibm.c index e2413113df22..6f165e053f4d 100644 --- a/drivers/input/mouse/logibm.c +++ b/drivers/input/mouse/logibm.c @@ -69,7 +69,7 @@ MODULE_LICENSE("GPL"); #define LOGIBM_IRQ 5 static int logibm_irq = LOGIBM_IRQ; -module_param_named(irq, logibm_irq, uint, 0); +module_param_hw_named(irq, logibm_irq, uint, irq, 0); MODULE_PARM_DESC(irq, "IRQ number (5=default)"); static struct input_dev *logibm_dev; diff --git a/drivers/input/touchscreen/mk712.c b/drivers/input/touchscreen/mk712.c index 36e57deacd03..bd5352824f77 100644 --- a/drivers/input/touchscreen/mk712.c +++ b/drivers/input/touchscreen/mk712.c @@ -50,11 +50,11 @@ MODULE_DESCRIPTION("ICS MicroClock MK712 TouchScreen driver"); MODULE_LICENSE("GPL"); static unsigned int mk712_io = 0x260; /* Also 0x200, 0x208, 0x300 */ -module_param_named(io, mk712_io, uint, 0); +module_param_hw_named(io, mk712_io, uint, ioport, 0); MODULE_PARM_DESC(io, "I/O base address of MK712 touchscreen controller"); static unsigned int mk712_irq = 10; /* Also 12, 14, 15 */ -module_param_named(irq, mk712_irq, uint, 0); +module_param_hw_named(irq, mk712_irq, uint, irq, 0); MODULE_PARM_DESC(irq, "IRQ of MK712 touchscreen controller"); /* eight 8-bit registers */ From patchwork Thu Jun 18 23:12:27 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 1312461 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49nyRw5GTzz9sNR; Fri, 19 Jun 2020 09:14:04 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1jm3jL-00007C-03; Thu, 18 Jun 2020 23:13:59 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3im-00089Z-DB for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:24 +0000 Received: from mail-io1-f72.google.com ([209.85.166.72]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3ik-0008QM-Ua for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:23 +0000 Received: by mail-io1-f72.google.com with SMTP id w2so5337515iom.13 for ; Thu, 18 Jun 2020 16:13:22 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=21D9e3VSqCE7i8xDSLjIEWPWTfu0JPqpi2POaHrpW0w=; b=UlUEpaqLj9B5BWp/5uB6FdM1F8ESdhMYXQd7FbbejgeD16qtv68dM4Nsbttd5TPODb sSXqkVsc8wZygoCgVAw8/P6I53wum74Dw/4k5dNb0HAYYhIJEqjh8LclEdxcgu3HONCn FnpyAKI0O3IAUopPsCF7TXwbGQbJ2xqsbW5IHLnejMPIhtMtEjI8aIRvxOEw+tvhz58J lxVTDJQ51WtFnarDUpdQK+MLh2FyWKsxNHYRcLq8w2c5QTe1dvbV+e9SYvmD5c7ZfLwd WVhsb/3Jpl60hoO6ODoO4EuFX5eFE66eXiv476Bmamdw0UfIBXH5ltsgVx3Fa4y+Z732 I33g== X-Gm-Message-State: AOAM531t3j6g1TAS4mDmcVOjNDQStzu5yfTHUi0sdlA4/BcbG6anBJl4 6CbqbB7ULrmVaD+HDU/etXEuztLEzAqcghexXtgNHV5pKgZnVXhy1l5GwQJYpKfGLFJrwUKXFn+ jV5jbQ8b66JnSfAzai97B0kMpxqLTmFKhTC/LR6Gf1w== X-Received: by 2002:a05:6638:a0a:: with SMTP id 10mr1063073jan.30.1592522001747; Thu, 18 Jun 2020 16:13:21 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz//XvQcqiMO1q971tKtLfSgJFhLZzSGDTBpIWt69/MQ/vxjH2sEcq2Dx2j6l2GMohaHF/uqA== X-Received: by 2002:a05:6638:a0a:: with SMTP id 10mr1063058jan.30.1592522001508; Thu, 18 Jun 2020 16:13:21 -0700 (PDT) Received: from localhost ([2605:a601:ac0f:820:f090:1573:c2fc:6389]) by smtp.gmail.com with ESMTPSA id b22sm2385667ios.21.2020.06.18.16.13.20 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 16:13:21 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH 16/47][X] Annotate hardware config module parameters in drivers/isdn/ Date: Thu, 18 Jun 2020 18:12:27 -0500 Message-Id: <20200618231258.630575-17-seth.forshee@canonical.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200618231258.630575-1-seth.forshee@canonical.com> References: <20200618231258.630575-1-seth.forshee@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: David Howells BugLink: https://bugs.launchpad.net/bugs/1884159 When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a device to access or modify the kernel image. To this end, annotate module_param* statements that refer to hardware configuration and indicate for future reference what type of parameter they specify. The parameter parser in the core sees this information and can skip such parameters with an error message if the kernel is locked down. The module initialisation then runs as normal, but just sees whatever the default values for those parameters is. Note that we do still need to do the module initialisation because some drivers have viable defaults set in case parameters aren't specified and some drivers support automatic configuration (e.g. PNP or PCI) in addition to manually coded parameters. This patch annotates drivers in drivers/isdn/. Suggested-by: Alan Cox Signed-off-by: David Howells cc: Karsten Keil cc: netdev@vger.kernel.org (cherry picked from commit b9351f7e51dbbf1d850281142a55d848301d482d) Signed-off-by: Seth Forshee --- drivers/isdn/hardware/avm/b1isa.c | 4 ++-- drivers/isdn/hardware/avm/t1isa.c | 4 ++-- drivers/isdn/hisax/config.c | 10 +++++----- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/drivers/isdn/hardware/avm/b1isa.c b/drivers/isdn/hardware/avm/b1isa.c index 31ef8130a87f..54e871a47387 100644 --- a/drivers/isdn/hardware/avm/b1isa.c +++ b/drivers/isdn/hardware/avm/b1isa.c @@ -169,8 +169,8 @@ static struct pci_dev isa_dev[MAX_CARDS]; static int io[MAX_CARDS]; static int irq[MAX_CARDS]; -module_param_array(io, int, NULL, 0); -module_param_array(irq, int, NULL, 0); +module_param_hw_array(io, int, ioport, NULL, 0); +module_param_hw_array(irq, int, irq, NULL, 0); MODULE_PARM_DESC(io, "I/O base address(es)"); MODULE_PARM_DESC(irq, "IRQ number(s) (assigned)"); diff --git a/drivers/isdn/hardware/avm/t1isa.c b/drivers/isdn/hardware/avm/t1isa.c index 72ef18853951..9516203c735f 100644 --- a/drivers/isdn/hardware/avm/t1isa.c +++ b/drivers/isdn/hardware/avm/t1isa.c @@ -516,8 +516,8 @@ static int io[MAX_CARDS]; static int irq[MAX_CARDS]; static int cardnr[MAX_CARDS]; -module_param_array(io, int, NULL, 0); -module_param_array(irq, int, NULL, 0); +module_param_hw_array(io, int, ioport, NULL, 0); +module_param_hw_array(irq, int, irq, NULL, 0); module_param_array(cardnr, int, NULL, 0); MODULE_PARM_DESC(io, "I/O base address(es)"); MODULE_PARM_DESC(irq, "IRQ number(s) (assigned)"); diff --git a/drivers/isdn/hisax/config.c b/drivers/isdn/hisax/config.c index bf04d2a3cf4a..30da1bc106f0 100644 --- a/drivers/isdn/hisax/config.c +++ b/drivers/isdn/hisax/config.c @@ -350,13 +350,13 @@ MODULE_AUTHOR("Karsten Keil"); MODULE_LICENSE("GPL"); module_param_array(type, int, NULL, 0); module_param_array(protocol, int, NULL, 0); -module_param_array(io, int, NULL, 0); -module_param_array(irq, int, NULL, 0); -module_param_array(mem, int, NULL, 0); +module_param_hw_array(io, int, ioport, NULL, 0); +module_param_hw_array(irq, int, irq, NULL, 0); +module_param_hw_array(mem, int, iomem, NULL, 0); module_param(id, charp, 0); #ifdef IO0_IO1 -module_param_array(io0, int, NULL, 0); -module_param_array(io1, int, NULL, 0); +module_param_hw_array(io0, int, ioport, NULL, 0); +module_param_hw_array(io1, int, ioport, NULL, 0); #endif #endif /* MODULE */ From patchwork Thu Jun 18 23:12:28 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 1312462 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49nyS01HNTz9sNR; Fri, 19 Jun 2020 09:14:08 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1jm3jO-0000A1-4K; Thu, 18 Jun 2020 23:14:02 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3in-0008AK-H0 for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:25 +0000 Received: from mail-io1-f70.google.com ([209.85.166.70]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3im-0008QQ-3h for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:24 +0000 Received: by mail-io1-f70.google.com with SMTP id h65so5322441ioa.7 for ; Thu, 18 Jun 2020 16:13:24 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=oZjnHxKTRX1BIAALuvjimTbveYb60wqvLXYE53tpma0=; b=YHLJuLCLe8rvL/2AhfCsQMckWbLf7jRbldrnOvoZvn6y89Pgsd8TMEsn3gMz1ADcqL UsYCc6o62TKhqLByjMZz1ZH3m/6DP3tRI72uU4oJww0M0UjuuL6GpfuNmgr90Mod8x0x 8gLiujmkwCpeuQJHv0hEdNPiiq1dOPpRd+fPmAweJsf2iFDAeJB5gxQveT0+wH02Frcd sR0+0RPwqMTIOQiWaVuAsT9VbL7W9BTY3MLs/aX/B4iLZQlRYVFsMs/x8fR1b7k+VExj DFjFOMwNN5FIyrtwikxLNK8wDETJ9qzIpTC0M7okLMHQ33wdVs4+lOnKuVkG+eZx6uk6 gTfw== X-Gm-Message-State: AOAM530Cly06xmVH/dcvxLnrv8GTaaWRc21a/5cqIZxjIUg8ETu0wpGX KlbwBn5grxmzQ0QTasY7y9iQBpQ7HN1Vscn6SJ9+dpNvpBKLECYLxr+X66SwB1DPd7W9jDeqNTB AkF8JRrYlhoasUbE/g+WIUYxSyAhau6ObWKwq5/NwQw== X-Received: by 2002:a5e:9708:: with SMTP id w8mr1241950ioj.16.1592522002990; Thu, 18 Jun 2020 16:13:22 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxUQthqFWZmB3V5bB+Kzz0+RyxzNmWxcyhAhqg26xmnXEpl8hIizvy6ryru1bTHL0P9UrwZHA== X-Received: by 2002:a5e:9708:: with SMTP id w8mr1241938ioj.16.1592522002734; Thu, 18 Jun 2020 16:13:22 -0700 (PDT) Received: from localhost ([2605:a601:ac0f:820:f090:1573:c2fc:6389]) by smtp.gmail.com with ESMTPSA id f18sm2394542ion.19.2020.06.18.16.13.22 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 16:13:22 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH 17/47][X] Annotate hardware config module parameters in drivers/media/ Date: Thu, 18 Jun 2020 18:12:28 -0500 Message-Id: <20200618231258.630575-18-seth.forshee@canonical.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200618231258.630575-1-seth.forshee@canonical.com> References: <20200618231258.630575-1-seth.forshee@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: David Howells BugLink: https://bugs.launchpad.net/bugs/1884159 When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a device to access or modify the kernel image. To this end, annotate module_param* statements that refer to hardware configuration and indicate for future reference what type of parameter they specify. The parameter parser in the core sees this information and can skip such parameters with an error message if the kernel is locked down. The module initialisation then runs as normal, but just sees whatever the default values for those parameters is. Note that we do still need to do the module initialisation because some drivers have viable defaults set in case parameters aren't specified and some drivers support automatic configuration (e.g. PNP or PCI) in addition to manually coded parameters. This patch annotates drivers in drivers/media/. Suggested-by: Alan Cox Signed-off-by: David Howells Acked-by: Mauro Carvalho Chehab cc: mjpeg-users@lists.sourceforge.net cc: linux-media@vger.kernel.org (backported from commit 5a8fc6a3cebb0dde27584603c5c4b5c72c6d810f) Signed-off-by: Seth Forshee --- drivers/media/pci/zoran/zoran_card.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/media/pci/zoran/zoran_card.c b/drivers/media/pci/zoran/zoran_card.c index 1136d92af642..4dc81cca7cdb 100644 --- a/drivers/media/pci/zoran/zoran_card.c +++ b/drivers/media/pci/zoran/zoran_card.c @@ -73,7 +73,7 @@ MODULE_PARM_DESC(card, "Card type"); */ static unsigned long vidmem; /* default = 0 - Video memory base address */ -module_param(vidmem, ulong, 0444); +module_param_hw(vidmem, ulong, iomem, 0444); MODULE_PARM_DESC(vidmem, "Default video memory base address"); /* From patchwork Thu Jun 18 23:12:29 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 1312460 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49nyRs2KTKz9sNR; Fri, 19 Jun 2020 09:14:01 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1jm3jH-00004y-GZ; Thu, 18 Jun 2020 23:13:55 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3io-0008BH-Ez for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:26 +0000 Received: from mail-io1-f71.google.com ([209.85.166.71]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3in-0008QU-A5 for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:25 +0000 Received: by mail-io1-f71.google.com with SMTP id w2so5337578iom.13 for ; Thu, 18 Jun 2020 16:13:25 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=d+chaEpPEvOe7XOrWdcQB4G4HUo1yXAnP7ryyJDse38=; b=aUHQTZE/1kYxYL4P76MFt5jMRxula/nA0fZl32aZ+gmmpvNE6z0Y7GZHnDYmkFSX7S UdjJfuusulLnTZO6nRIWJTviZQYBwPUYBt10kht6X+hw9dUddTpDp+m+98YOImGOAMyW cFXerPb1DYP2xdBb/+gkPIKtF4VToCUklG6m1cgwZtTsGBcSMRh0fNatg5/BfhmiZSwQ oE0ZIWjpuJYLpMuj5+QV17zWqwT31Y8BLJRp13ZHa6TuY0j3zeMwH06hUhsiGHlAqSTS GHi1dlNwOmBj2OED0F1Yp+oIESTrpGvOrCuKlRtmmlnYH3Yp66425SIqMzfmRi6duzfQ UGPg== X-Gm-Message-State: AOAM530C0KcOQFmnbImGVhdiRiIQfxstOfcrQCroHbeV5EBwU52zanAB 27HppgUklzbCI+AHkLQiZJR+/PyF0COq6QAjqkYK8aWNrRkixXtxmzHS+QlaNLR5EsNwWBgWhAf +iP9cwnqcoh/4dKjsXYBm9turTXb1ARHleJfxYiRLqw== X-Received: by 2002:a6b:ef1a:: with SMTP id k26mr1211676ioh.124.1592522004127; Thu, 18 Jun 2020 16:13:24 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxekmmw0qXrJ1qAV/g7B4ME5PgTTWz0fY2VPydMoLOJL7FZp9eLCS7Jqo14gUzhmin//DNQkA== X-Received: by 2002:a6b:ef1a:: with SMTP id k26mr1211653ioh.124.1592522003849; Thu, 18 Jun 2020 16:13:23 -0700 (PDT) Received: from localhost ([2605:a601:ac0f:820:f090:1573:c2fc:6389]) by smtp.gmail.com with ESMTPSA id n17sm2243443ilq.13.2020.06.18.16.13.23 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 16:13:23 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH 18/47][X] Annotate hardware config module parameters in drivers/misc/ Date: Thu, 18 Jun 2020 18:12:29 -0500 Message-Id: <20200618231258.630575-19-seth.forshee@canonical.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200618231258.630575-1-seth.forshee@canonical.com> References: <20200618231258.630575-1-seth.forshee@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: David Howells BugLink: https://bugs.launchpad.net/bugs/1884159 When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a device to access or modify the kernel image. To this end, annotate module_param* statements that refer to hardware configuration and indicate for future reference what type of parameter they specify. The parameter parser in the core sees this information and can skip such parameters with an error message if the kernel is locked down. The module initialisation then runs as normal, but just sees whatever the default values for those parameters is. Note that we do still need to do the module initialisation because some drivers have viable defaults set in case parameters aren't specified and some drivers support automatic configuration (e.g. PNP or PCI) in addition to manually coded parameters. This patch annotates drivers in drivers/misc/. Suggested-by: Alan Cox Signed-off-by: David Howells Acked-by: Greg Kroah-Hartman cc: Arnd Bergmann (cherry picked from commit 4f1927dcbf79f6c7c153c8ec9beeb17364649f0c) Signed-off-by: Seth Forshee --- drivers/misc/dummy-irq.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/misc/dummy-irq.c b/drivers/misc/dummy-irq.c index acbbe0390be4..76a1015d5783 100644 --- a/drivers/misc/dummy-irq.c +++ b/drivers/misc/dummy-irq.c @@ -59,6 +59,6 @@ module_exit(dummy_irq_exit); MODULE_LICENSE("GPL"); MODULE_AUTHOR("Jiri Kosina"); -module_param(irq, uint, 0444); +module_param_hw(irq, uint, irq, 0444); MODULE_PARM_DESC(irq, "The IRQ to register for"); MODULE_DESCRIPTION("Dummy IRQ handler driver"); From patchwork Thu Jun 18 23:12:30 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 1312463 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49nyS56xWgz9sNR; Fri, 19 Jun 2020 09:14:13 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1jm3jS-0000DH-D3; Thu, 18 Jun 2020 23:14:06 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3ip-0008C7-Ni for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:27 +0000 Received: from mail-il1-f198.google.com ([209.85.166.198]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3io-0008Qa-Fa for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:26 +0000 Received: by mail-il1-f198.google.com with SMTP id a4so5157716ilq.2 for ; Thu, 18 Jun 2020 16:13:26 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=tbI6OR9nO9H0Cyk/Yf25ljA+851AY89QAaFmaeHBgqc=; b=k+7lkDIIpE/n0gk+naNWvyRxa20bRQJNwyeU/TpYhSXK+i1n8Y0LzXq6hVDJKCCWnY pqAkCPTlWpZxZpRt4xGuuT76idyJ8tFx2TN3oihSiSkTs5WPRAlwOiZvYcux1OJNNrJO aG/1E4y7Fcqv0JPlRDvsbQU4zUXuU3Ch4xYukewry4rRfwBimo9Fws25hauaR2aOCfJq Z+iQNB31FKjn7c9j2iP4t+M6rghIddf0NuDpEx4wMYWvYpYyrALZ/K+gqiIfsqaNBov8 iDn5ZV+8x/axoidxSrk4RHn6HPYEzhvnLLxSOMftzIxRjXiuO63v9EEpwzZOl3e4gVy7 V1sA== X-Gm-Message-State: AOAM533Yr+LG6beFTa7hbifrqoBO/aqk1YmDasG7VHNnrvOlJo1mi7vQ d0JLjOqVZT9g73PYefTz/iMwLmTRuMSQ5EnHXJxBIDkpQXYmgmrzlmOLBahumTgFXX7eU/u5Z4b fCGBI8BOgeSnrOmzzZFwky5EgH0Hm7MNedsIutwjIlA== X-Received: by 2002:a5d:9a13:: with SMTP id s19mr1236997iol.20.1592522005289; Thu, 18 Jun 2020 16:13:25 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx7woCxQANiDvnzZ8+PcB2uOIoHeKFp2nvt+2KrYXQsSWiMyAWCqkPp1Tow0aeA7bDKc/506w== X-Received: by 2002:a5d:9a13:: with SMTP id s19mr1236982iol.20.1592522005066; Thu, 18 Jun 2020 16:13:25 -0700 (PDT) Received: from localhost ([2605:a601:ac0f:820:f090:1573:c2fc:6389]) by smtp.gmail.com with ESMTPSA id r1sm2249788iln.77.2020.06.18.16.13.24 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 16:13:24 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH 19/47][X] Annotate hardware config module parameters in drivers/mmc/host/ Date: Thu, 18 Jun 2020 18:12:30 -0500 Message-Id: <20200618231258.630575-20-seth.forshee@canonical.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200618231258.630575-1-seth.forshee@canonical.com> References: <20200618231258.630575-1-seth.forshee@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: David Howells BugLink: https://bugs.launchpad.net/bugs/1884159 When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a device to access or modify the kernel image. To this end, annotate module_param* statements that refer to hardware configuration and indicate for future reference what type of parameter they specify. The parameter parser in the core sees this information and can skip such parameters with an error message if the kernel is locked down. The module initialisation then runs as normal, but just sees whatever the default values for those parameters is. Note that we do still need to do the module initialisation because some drivers have viable defaults set in case parameters aren't specified and some drivers support automatic configuration (e.g. PNP or PCI) in addition to manually coded parameters. This patch annotates drivers in drivers/mmc/host/. Suggested-by: Alan Cox Signed-off-by: David Howells cc: Pierre Ossman cc: Ulf Hansson cc: linux-mmc@vger.kernel.org (cherry picked from commit dac562fc5ff4956d779029d2ae379e34c791f011) Signed-off-by: Seth Forshee --- drivers/mmc/host/wbsd.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/mmc/host/wbsd.c b/drivers/mmc/host/wbsd.c index c3fd16d997ca..76c7f643fab5 100644 --- a/drivers/mmc/host/wbsd.c +++ b/drivers/mmc/host/wbsd.c @@ -1995,11 +1995,11 @@ static void __exit wbsd_drv_exit(void) module_init(wbsd_drv_init); module_exit(wbsd_drv_exit); #ifdef CONFIG_PNP -module_param_named(nopnp, param_nopnp, uint, 0444); +module_param_hw_named(nopnp, param_nopnp, uint, other, 0444); #endif -module_param_named(io, param_io, uint, 0444); -module_param_named(irq, param_irq, uint, 0444); -module_param_named(dma, param_dma, int, 0444); +module_param_hw_named(io, param_io, uint, ioport, 0444); +module_param_hw_named(irq, param_irq, uint, irq, 0444); +module_param_hw_named(dma, param_dma, int, dma, 0444); MODULE_LICENSE("GPL"); MODULE_AUTHOR("Pierre Ossman "); From patchwork Thu Jun 18 23:12:31 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 1312464 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49nySC4NLwz9sNR; Fri, 19 Jun 2020 09:14:19 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1jm3jZ-0000Ih-2K; Thu, 18 Jun 2020 23:14:13 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3is-0008DE-6G for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:30 +0000 Received: from mail-io1-f71.google.com ([209.85.166.71]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3ip-0008Qi-QH for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:27 +0000 Received: by mail-io1-f71.google.com with SMTP id d20so5313919iom.16 for ; Thu, 18 Jun 2020 16:13:27 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=LOz31QKtwpZHTHIZ41bGny0068Zy9Jo/VOjVe5Ks4zQ=; b=iOKZtcgw3yDUZsaIZlZSDs9XxKZl/5OXIp1N0wDQroUKcE8GHfUztVqMvyfZV7ewqe 0ttEWD7w3aWhEmIejTlDn+wYjUaa55uALOTitLBAR8UyhWLWvepC542zKe8FS9KnfemB 1zYQROwkbM2sRuuhjOwyFe6xHlijrc+66rBH0MUXRQm2g/3fpFCrFxevE8JLSy8NYGBP vzwUWsllxJg5XbmqVIhFHKT+ea6Zhid8X8EFBmTKW+bRs4tQL1eX7OOgACXXmk7ZdtKB vXePsAC5JvEOa13EnZe00mErO/rGU0LGYIL26td6/xnXT4JIfgLodlNByvmszwHNqe1y WQ2A== X-Gm-Message-State: AOAM532zPa7N3rwbdmkEoYXD5x4qfyKZr7lE8KzXG8kr9+h5h8tlQ7Gk DX2+Zmpes8WG6majgFq370oMDz667iQbCS28ZtMKJFjSpc4RO1XFbe7pBhifOSuhKwcQqb+SDJE 6INcIEJq4J19yodinW+tscQstUgA4uKI0MPzx/e94FQ== X-Received: by 2002:a02:a70d:: with SMTP id k13mr1054398jam.100.1592522006683; Thu, 18 Jun 2020 16:13:26 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzw48toNjFFWH7UG+7fAn2hNh1JhUZQekT66Wod9UQ8rt6slqJMjMdfSYBChZRgLbNn+nWyMw== X-Received: by 2002:a02:a70d:: with SMTP id k13mr1054383jam.100.1592522006440; Thu, 18 Jun 2020 16:13:26 -0700 (PDT) Received: from localhost ([2605:a601:ac0f:820:f090:1573:c2fc:6389]) by smtp.gmail.com with ESMTPSA id b8sm2415424ior.35.2020.06.18.16.13.25 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 16:13:26 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH 20/47][X] Annotate hardware config module parameters in drivers/net/appletalk/ Date: Thu, 18 Jun 2020 18:12:31 -0500 Message-Id: <20200618231258.630575-21-seth.forshee@canonical.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200618231258.630575-1-seth.forshee@canonical.com> References: <20200618231258.630575-1-seth.forshee@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: David Howells BugLink: https://bugs.launchpad.net/bugs/1884159 When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a device to access or modify the kernel image. To this end, annotate module_param* statements that refer to hardware configuration and indicate for future reference what type of parameter they specify. The parameter parser in the core sees this information and can skip such parameters with an error message if the kernel is locked down. The module initialisation then runs as normal, but just sees whatever the default values for those parameters is. Note that we do still need to do the module initialisation because some drivers have viable defaults set in case parameters aren't specified and some drivers support automatic configuration (e.g. PNP or PCI) in addition to manually coded parameters. This patch annotates drivers in drivers/net/appletalk/. Suggested-by: Alan Cox Signed-off-by: David Howells cc: Arnaldo Carvalho de Melo cc: netdev@vger.kernel.org (cherry picked from commit 6621f85d79775f71de9623fdfc9135fc494d6863) Signed-off-by: Seth Forshee --- drivers/net/appletalk/cops.c | 6 +++--- drivers/net/appletalk/ltpc.c | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/drivers/net/appletalk/cops.c b/drivers/net/appletalk/cops.c index 7f2a032c354c..f50e87944f2e 100644 --- a/drivers/net/appletalk/cops.c +++ b/drivers/net/appletalk/cops.c @@ -986,9 +986,9 @@ static int cops_close(struct net_device *dev) static struct net_device *cops_dev; MODULE_LICENSE("GPL"); -module_param(io, int, 0); -module_param(irq, int, 0); -module_param(board_type, int, 0); +module_param_hw(io, int, ioport, 0); +module_param_hw(irq, int, irq, 0); +module_param_hw(board_type, int, other, 0); static int __init cops_module_init(void) { diff --git a/drivers/net/appletalk/ltpc.c b/drivers/net/appletalk/ltpc.c index 01e2ac55c137..ac755d2950a6 100644 --- a/drivers/net/appletalk/ltpc.c +++ b/drivers/net/appletalk/ltpc.c @@ -1231,9 +1231,9 @@ static struct net_device *dev_ltpc; MODULE_LICENSE("GPL"); module_param(debug, int, 0); -module_param(io, int, 0); -module_param(irq, int, 0); -module_param(dma, int, 0); +module_param_hw(io, int, ioport, 0); +module_param_hw(irq, int, irq, 0); +module_param_hw(dma, int, dma, 0); static int __init ltpc_module_init(void) From patchwork Thu Jun 18 23:12:32 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 1312466 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49nySK2pr0z9sR4; Fri, 19 Jun 2020 09:14:25 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1jm3jf-0000Mn-16; Thu, 18 Jun 2020 23:14:19 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3it-0008E7-7K for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:31 +0000 Received: from mail-il1-f197.google.com ([209.85.166.197]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3ir-0008Qn-0g for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:29 +0000 Received: by mail-il1-f197.google.com with SMTP id v14so5128328ilo.19 for ; Thu, 18 Jun 2020 16:13:28 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=EAAy2jsyO/x+py6Ttd3XgcKs2zdMfVXyxg2ZwvdpDoU=; b=UK6fNJib1/F5Fl9eDg3H8X2mnf1MkxAmj6b+g8X0e7xVXOjhhi3X0AqEsc4rGFbItI 8oIC62T6rky1XEEc45RNWtOOz14aRzauXjPaeIa+MNTudzPpRXAhTWwOET9/IO4pTGTw sPo8KqsG6tUnR2NfoQyHXOcv7Z1fQvepZIyfZl/4dpa553XbQs4CBQWD3URsBkl/PMgd wQU8AnqAk8CIdxO1HebGxbTFlQSWBUvwNg5f4zcsox1Fl5q0EQd7VOu/7VaAEIuLOWSy Dz+YQIEursTAaVXy8IhdnOKjwhy1t2VjifZYGRGYIVUbPZrnlqVhEm6HHvxzZ1T/BcUE QIEA== X-Gm-Message-State: AOAM533dFtammSrGOXiWg41sS86XpbXzsfOogsCGIqlDfxuDi14AII6G /OdYKoxAxsYECvTh7A2+ACdSXICjn+KYUcdKAmxukbTMp3/UtJj8Ci9IfVEHWBTD3ehUUEyFfXM glFZv/Ddz82ZCqqcH6sFNlILBPSpT9vkvzbh2at4kyA== X-Received: by 2002:a92:35dd:: with SMTP id c90mr908632ilf.103.1592522007865; Thu, 18 Jun 2020 16:13:27 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx8y+U3H8y8G59JHUG4rtkXE+V4JHHvP4jVYlIcAXPSxdOws2EyfwU2zIt7oYH5x/Qj8S993g== X-Received: by 2002:a92:35dd:: with SMTP id c90mr908619ilf.103.1592522007547; Thu, 18 Jun 2020 16:13:27 -0700 (PDT) Received: from localhost ([2605:a601:ac0f:820:f090:1573:c2fc:6389]) by smtp.gmail.com with ESMTPSA id j63sm2379060ilg.50.2020.06.18.16.13.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 16:13:27 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH 21/47][X] Annotate hardware config module parameters in drivers/net/arcnet/ Date: Thu, 18 Jun 2020 18:12:32 -0500 Message-Id: <20200618231258.630575-22-seth.forshee@canonical.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200618231258.630575-1-seth.forshee@canonical.com> References: <20200618231258.630575-1-seth.forshee@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: David Howells BugLink: https://bugs.launchpad.net/bugs/1884159 When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a device to access or modify the kernel image. To this end, annotate module_param* statements that refer to hardware configuration and indicate for future reference what type of parameter they specify. The parameter parser in the core sees this information and can skip such parameters with an error message if the kernel is locked down. The module initialisation then runs as normal, but just sees whatever the default values for those parameters is. Note that we do still need to do the module initialisation because some drivers have viable defaults set in case parameters aren't specified and some drivers support automatic configuration (e.g. PNP or PCI) in addition to manually coded parameters. This patch annotates drivers in drivers/net/arcnet/. Suggested-by: Alan Cox Signed-off-by: David Howells cc: Michael Grzeschik cc: netdev@vger.kernel.org (cherry picked from commit 06a5128a29b3d67fadff5d9593d79b815d8b34d8) Signed-off-by: Seth Forshee --- drivers/net/arcnet/com20020-isa.c | 4 ++-- drivers/net/arcnet/com90io.c | 4 ++-- drivers/net/arcnet/com90xx.c | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/drivers/net/arcnet/com20020-isa.c b/drivers/net/arcnet/com20020-isa.c index b9e9931353b2..38fa60ddaf2e 100644 --- a/drivers/net/arcnet/com20020-isa.c +++ b/drivers/net/arcnet/com20020-isa.c @@ -129,8 +129,8 @@ static int clockp = 0; static int clockm = 0; module_param(node, int, 0); -module_param(io, int, 0); -module_param(irq, int, 0); +module_param_hw(io, int, ioport, 0); +module_param_hw(irq, int, irq, 0); module_param_string(device, device, sizeof(device), 0); module_param(timeout, int, 0); module_param(backplane, int, 0); diff --git a/drivers/net/arcnet/com90io.c b/drivers/net/arcnet/com90io.c index b57863df5bf5..4e56aaf2b984 100644 --- a/drivers/net/arcnet/com90io.c +++ b/drivers/net/arcnet/com90io.c @@ -347,8 +347,8 @@ static int io; /* use the insmod io= irq= shmem= options */ static int irq; static char device[9]; /* use eg. device=arc1 to change name */ -module_param(io, int, 0); -module_param(irq, int, 0); +module_param_hw(io, int, ioport, 0); +module_param_hw(irq, int, irq, 0); module_param_string(device, device, sizeof(device), 0); MODULE_LICENSE("GPL"); diff --git a/drivers/net/arcnet/com90xx.c b/drivers/net/arcnet/com90xx.c index 0d9b45ff1bb2..7cbdfca6d189 100644 --- a/drivers/net/arcnet/com90xx.c +++ b/drivers/net/arcnet/com90xx.c @@ -88,8 +88,8 @@ static int irq; static int shmem; static char device[9]; /* use eg. device=arc1 to change name */ -module_param(io, int, 0); -module_param(irq, int, 0); +module_param_hw(io, int, ioport, 0); +module_param_hw(irq, int, irq, 0); module_param(shmem, int, 0); module_param_string(device, device, sizeof(device), 0); From patchwork Thu Jun 18 23:12:33 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 1312465 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49nySG03TWz9sRW; Fri, 19 Jun 2020 09:14:22 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1jm3jc-0000Kq-Fa; Thu, 18 Jun 2020 23:14:16 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3iu-0008F2-9j for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:32 +0000 Received: from mail-il1-f200.google.com ([209.85.166.200]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3is-0008Qr-AA for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:30 +0000 Received: by mail-il1-f200.google.com with SMTP id i7so5138286ilq.16 for ; Thu, 18 Jun 2020 16:13:30 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Jr+ltGGcvLqJABwXgglZ8VVpMNwMHnI1YYW3tqv3Xsc=; b=I+x325BiqE8Eb3rZisbo1J5/mmpEu9EIGiHQfoKEcUkq2lMN7wBe08OcecVgpbjDAt 9OPbUZu39u3aYdr6NJ9Eqlr+NvpTf7AGpYQTnQwyhY4Azlu1owwJC2I57gfC5pkB9kJR Mlqf0dyWVuRJSLlj/PFY2gEhA1lO89oQYDYP/R4z3ILav79VTHgQ2um24TThIVzd1BbC Mz6FeJ37l0eTzFYWeaw9rM9FjhGRA9L0kW6SiXUom1O3ZfawFlSPkbTw1kD9EwsTHxku zeWvOl7NUMCKfHca+vZmlE84J19OjemfOe/N5cfamwQxedrVozQUW5xq0Er/UIUGvs4K cNOg== X-Gm-Message-State: AOAM5309YQVVpGUWpP3NWAKlLU9fTUCUmKEqS9P3Xw1WdEw5hhL6KdVi Wa8RBSmXQA9jblvr3+0tOutyobLv0pgzyjb3A1WVKHt/Ai7FIXvhpDjiKYsQkUzxk+tAbIwIFU/ MzjCnp5GIF/62CXgj2b1GYqr78a1bKoH1DeRwbZGG8A== X-Received: by 2002:a92:4c7:: with SMTP id 190mr906549ile.41.1592522009104; Thu, 18 Jun 2020 16:13:29 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyqhAGu3EnwewLobnz6unxOhTMUEkT//80MTiXRWki1Q66dfaBrqn7wkZjrFWeY3mlXutyTBg== X-Received: by 2002:a92:4c7:: with SMTP id 190mr906536ile.41.1592522008752; Thu, 18 Jun 2020 16:13:28 -0700 (PDT) Received: from localhost ([2605:a601:ac0f:820:f090:1573:c2fc:6389]) by smtp.gmail.com with ESMTPSA id p10sm2188356ilm.32.2020.06.18.16.13.28 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 16:13:28 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH 22/47][X] Annotate hardware config module parameters in drivers/net/can/ Date: Thu, 18 Jun 2020 18:12:33 -0500 Message-Id: <20200618231258.630575-23-seth.forshee@canonical.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200618231258.630575-1-seth.forshee@canonical.com> References: <20200618231258.630575-1-seth.forshee@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: David Howells BugLink: https://bugs.launchpad.net/bugs/1884159 When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a device to access or modify the kernel image. To this end, annotate module_param* statements that refer to hardware configuration and indicate for future reference what type of parameter they specify. The parameter parser in the core sees this information and can skip such parameters with an error message if the kernel is locked down. The module initialisation then runs as normal, but just sees whatever the default values for those parameters is. Note that we do still need to do the module initialisation because some drivers have viable defaults set in case parameters aren't specified and some drivers support automatic configuration (e.g. PNP or PCI) in addition to manually coded parameters. This patch annotates drivers in drivers/net/can/. Suggested-by: Alan Cox Signed-off-by: David Howells Acked-by: Marc Kleine-Budde cc: Wolfgang Grandegger cc: linux-can@vger.kernel.org cc: netdev@vger.kernel.org (cherry picked from commit e43f2c52a07793cb97e4a963a5b90d4af311c3d5) Signed-off-by: Seth Forshee --- drivers/net/can/cc770/cc770_isa.c | 8 ++++---- drivers/net/can/sja1000/sja1000_isa.c | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/drivers/net/can/cc770/cc770_isa.c b/drivers/net/can/cc770/cc770_isa.c index e0d15711e9ac..3a30fd3b4498 100644 --- a/drivers/net/can/cc770/cc770_isa.c +++ b/drivers/net/can/cc770/cc770_isa.c @@ -82,16 +82,16 @@ static u8 cor[MAXDEV] = {[0 ... (MAXDEV - 1)] = 0xff}; static u8 bcr[MAXDEV] = {[0 ... (MAXDEV - 1)] = 0xff}; static int indirect[MAXDEV] = {[0 ... (MAXDEV - 1)] = -1}; -module_param_array(port, ulong, NULL, S_IRUGO); +module_param_hw_array(port, ulong, ioport, NULL, S_IRUGO); MODULE_PARM_DESC(port, "I/O port number"); -module_param_array(mem, ulong, NULL, S_IRUGO); +module_param_hw_array(mem, ulong, iomem, NULL, S_IRUGO); MODULE_PARM_DESC(mem, "I/O memory address"); -module_param_array(indirect, int, NULL, S_IRUGO); +module_param_hw_array(indirect, int, ioport, NULL, S_IRUGO); MODULE_PARM_DESC(indirect, "Indirect access via address and data port"); -module_param_array(irq, int, NULL, S_IRUGO); +module_param_hw_array(irq, int, irq, NULL, S_IRUGO); MODULE_PARM_DESC(irq, "IRQ number"); module_param_array(clk, int, NULL, S_IRUGO); diff --git a/drivers/net/can/sja1000/sja1000_isa.c b/drivers/net/can/sja1000/sja1000_isa.c index e97e6d35b300..a89c1e92554d 100644 --- a/drivers/net/can/sja1000/sja1000_isa.c +++ b/drivers/net/can/sja1000/sja1000_isa.c @@ -48,16 +48,16 @@ static unsigned char ocr[MAXDEV] = {[0 ... (MAXDEV - 1)] = 0xff}; static int indirect[MAXDEV] = {[0 ... (MAXDEV - 1)] = -1}; static spinlock_t indirect_lock[MAXDEV]; /* lock for indirect access mode */ -module_param_array(port, ulong, NULL, S_IRUGO); +module_param_hw_array(port, ulong, ioport, NULL, S_IRUGO); MODULE_PARM_DESC(port, "I/O port number"); -module_param_array(mem, ulong, NULL, S_IRUGO); +module_param_hw_array(mem, ulong, iomem, NULL, S_IRUGO); MODULE_PARM_DESC(mem, "I/O memory address"); -module_param_array(indirect, int, NULL, S_IRUGO); +module_param_hw_array(indirect, int, ioport, NULL, S_IRUGO); MODULE_PARM_DESC(indirect, "Indirect access via address and data port"); -module_param_array(irq, int, NULL, S_IRUGO); +module_param_hw_array(irq, int, irq, NULL, S_IRUGO); MODULE_PARM_DESC(irq, "IRQ number"); module_param_array(clk, int, NULL, S_IRUGO); From patchwork Thu Jun 18 23:12:34 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 1312467 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49nySP2vz9z9sNR; Fri, 19 Jun 2020 09:14:29 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1jm3ji-0000Oj-4x; Thu, 18 Jun 2020 23:14:22 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3ix-0008Gk-0N for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:35 +0000 Received: from mail-il1-f200.google.com ([209.85.166.200]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3iu-0008RP-Lc for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:32 +0000 Received: by mail-il1-f200.google.com with SMTP id q14so5113885ils.18 for ; Thu, 18 Jun 2020 16:13:32 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ITGfBKCLXhUTcBEiWFZy+NDWQ7nCiOs9WP7/uK6Psi8=; b=AcaPhxiAtVDny0/YqVNM0KwR4DgAsu5JjYfN+KC+XKGtSLrTyVAQRnNawOoVPXgCf2 mANxd5B+/BXSH3/rzlNQcfw5cUjdAjAMjU3jdLrXYnwEREmsmar/Ag4lWsfYxE+d0EbP uz5oDrvI1RCaMolOjIK/XGy5Yybc3WEdwzsTv8yUCv/629a50m1Xmkj0Xb1Mj4EXxwJG tmkP6AZyeaNAIbEwqkQ+mqIS5Ldl8leVSTbmHo/bBPw5fOYI25ov81b3iQV4NExowqpk oZ+WVk0fBVa1pMrv6xXeNws7mBDXntoKqmMz8udnXzHH3oJoPYyve9reHN8+iNCr1eYA 4Iig== X-Gm-Message-State: AOAM5308txLLVEAYs/zP56XH1HxqA5orNagkDiIEsW3/1N/Bei5uHcli 66WNPA9ulacBXxsNo2Gw9VWWPEg65goFjKYoPPCnbPqsFw4F5JdXaxxKX53zxGrD0iN9Z5L36Wr qak3ymRIWlRBxl6bhZMMce25hgI+/wMSDHXKF7fV6Dg== X-Received: by 2002:a6b:440d:: with SMTP id r13mr1130641ioa.95.1592522011513; Thu, 18 Jun 2020 16:13:31 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzG2ii6I2ATQrjARJUP5/HbihDOrcHc4Vjcy6IJqi9Sg2UCIn97XahuPGfdmxVApyFeZ/eLag== X-Received: by 2002:a6b:440d:: with SMTP id r13mr1130610ioa.95.1592522011091; Thu, 18 Jun 2020 16:13:31 -0700 (PDT) Received: from localhost ([2605:a601:ac0f:820:f090:1573:c2fc:6389]) by smtp.gmail.com with ESMTPSA id e184sm2373607iof.44.2020.06.18.16.13.30 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 16:13:30 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH 23/47][X] Annotate hardware config module parameters in drivers/net/ethernet/ Date: Thu, 18 Jun 2020 18:12:34 -0500 Message-Id: <20200618231258.630575-24-seth.forshee@canonical.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200618231258.630575-1-seth.forshee@canonical.com> References: <20200618231258.630575-1-seth.forshee@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: David Howells BugLink: https://bugs.launchpad.net/bugs/1884159 When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a device to access or modify the kernel image. To this end, annotate module_param* statements that refer to hardware configuration and indicate for future reference what type of parameter they specify. The parameter parser in the core sees this information and can skip such parameters with an error message if the kernel is locked down. The module initialisation then runs as normal, but just sees whatever the default values for those parameters is. Note that we do still need to do the module initialisation because some drivers have viable defaults set in case parameters aren't specified and some drivers support automatic configuration (e.g. PNP or PCI) in addition to manually coded parameters. This patch annotates drivers in drivers/net/ethernet/. Suggested-by: Alan Cox Signed-off-by: David Howells cc: Steffen Klassert cc: Jaroslav Kysela cc: netdev@vger.kernel.org cc: linux-parisc@vger.kernel.org (cherry picked from commit df29840815a6aaa6a1ab8d85d7745a1a6fc25de0) Signed-off-by: Seth Forshee --- drivers/net/ethernet/3com/3c509.c | 2 +- drivers/net/ethernet/3com/3c59x.c | 4 ++-- drivers/net/ethernet/8390/ne.c | 4 ++-- drivers/net/ethernet/8390/smc-ultra.c | 4 ++-- drivers/net/ethernet/8390/wd.c | 8 ++++---- drivers/net/ethernet/amd/lance.c | 6 +++--- drivers/net/ethernet/amd/ni65.c | 6 +++--- drivers/net/ethernet/cirrus/cs89x0.c | 6 +++--- drivers/net/ethernet/dec/tulip/de4x5.c | 2 +- drivers/net/ethernet/hp/hp100.c | 2 +- drivers/net/ethernet/realtek/atp.c | 4 ++-- drivers/net/ethernet/smsc/smc9194.c | 4 ++-- 12 files changed, 26 insertions(+), 26 deletions(-) diff --git a/drivers/net/ethernet/3com/3c509.c b/drivers/net/ethernet/3com/3c509.c index 7677c745fb30..c1111eeb189b 100644 --- a/drivers/net/ethernet/3com/3c509.c +++ b/drivers/net/ethernet/3com/3c509.c @@ -1369,7 +1369,7 @@ el3_resume(struct device *pdev) #endif /* CONFIG_PM */ module_param(debug,int, 0); -module_param_array(irq, int, NULL, 0); +module_param_hw_array(irq, int, irq, NULL, 0); module_param(max_interrupt_work, int, 0); MODULE_PARM_DESC(debug, "debug level (0-6)"); MODULE_PARM_DESC(irq, "IRQ number(s) (assigned)"); diff --git a/drivers/net/ethernet/3com/3c59x.c b/drivers/net/ethernet/3com/3c59x.c index 1c5f3b273e6a..92b90624d913 100644 --- a/drivers/net/ethernet/3com/3c59x.c +++ b/drivers/net/ethernet/3com/3c59x.c @@ -813,8 +813,8 @@ module_param(global_enable_wol, int, 0); module_param_array(enable_wol, int, NULL, 0); module_param(rx_copybreak, int, 0); module_param(max_interrupt_work, int, 0); -module_param(compaq_ioaddr, int, 0); -module_param(compaq_irq, int, 0); +module_param_hw(compaq_ioaddr, int, ioport, 0); +module_param_hw(compaq_irq, int, irq, 0); module_param(compaq_device_id, int, 0); module_param(watchdog, int, 0); module_param(global_use_mmio, int, 0); diff --git a/drivers/net/ethernet/8390/ne.c b/drivers/net/ethernet/8390/ne.c index c063b410a163..66f47987e2a2 100644 --- a/drivers/net/ethernet/8390/ne.c +++ b/drivers/net/ethernet/8390/ne.c @@ -74,8 +74,8 @@ static int bad[MAX_NE_CARDS]; static u32 ne_msg_enable; #ifdef MODULE -module_param_array(io, int, NULL, 0); -module_param_array(irq, int, NULL, 0); +module_param_hw_array(io, int, ioport, NULL, 0); +module_param_hw_array(irq, int, irq, NULL, 0); module_param_array(bad, int, NULL, 0); module_param_named(msg_enable, ne_msg_enable, uint, (S_IRUSR|S_IRGRP|S_IROTH)); MODULE_PARM_DESC(io, "I/O base address(es),required"); diff --git a/drivers/net/ethernet/8390/smc-ultra.c b/drivers/net/ethernet/8390/smc-ultra.c index 139385dcdaa7..c5dbf6938a4e 100644 --- a/drivers/net/ethernet/8390/smc-ultra.c +++ b/drivers/net/ethernet/8390/smc-ultra.c @@ -562,8 +562,8 @@ static struct net_device *dev_ultra[MAX_ULTRA_CARDS]; static int io[MAX_ULTRA_CARDS]; static int irq[MAX_ULTRA_CARDS]; -module_param_array(io, int, NULL, 0); -module_param_array(irq, int, NULL, 0); +module_param_hw_array(io, int, ioport, NULL, 0); +module_param_hw_array(irq, int, irq, NULL, 0); module_param_named(msg_enable, ultra_msg_enable, uint, (S_IRUSR|S_IRGRP|S_IROTH)); MODULE_PARM_DESC(io, "I/O base address(es)"); MODULE_PARM_DESC(irq, "IRQ number(s) (assigned)"); diff --git a/drivers/net/ethernet/8390/wd.c b/drivers/net/ethernet/8390/wd.c index dd7d816bde52..e16deef661e3 100644 --- a/drivers/net/ethernet/8390/wd.c +++ b/drivers/net/ethernet/8390/wd.c @@ -504,10 +504,10 @@ static int irq[MAX_WD_CARDS]; static int mem[MAX_WD_CARDS]; static int mem_end[MAX_WD_CARDS]; /* for non std. mem size */ -module_param_array(io, int, NULL, 0); -module_param_array(irq, int, NULL, 0); -module_param_array(mem, int, NULL, 0); -module_param_array(mem_end, int, NULL, 0); +module_param_hw_array(io, int, ioport, NULL, 0); +module_param_hw_array(irq, int, irq, NULL, 0); +module_param_hw_array(mem, int, iomem, NULL, 0); +module_param_hw_array(mem_end, int, iomem, NULL, 0); module_param_named(msg_enable, wd_msg_enable, uint, (S_IRUSR|S_IRGRP|S_IROTH)); MODULE_PARM_DESC(io, "I/O base address(es)"); MODULE_PARM_DESC(irq, "IRQ number(s) (ignored for PureData boards)"); diff --git a/drivers/net/ethernet/amd/lance.c b/drivers/net/ethernet/amd/lance.c index 256f590f6bb1..2b5f16131a51 100644 --- a/drivers/net/ethernet/amd/lance.c +++ b/drivers/net/ethernet/amd/lance.c @@ -318,9 +318,9 @@ static int io[MAX_CARDS]; static int dma[MAX_CARDS]; static int irq[MAX_CARDS]; -module_param_array(io, int, NULL, 0); -module_param_array(dma, int, NULL, 0); -module_param_array(irq, int, NULL, 0); +module_param_hw_array(io, int, ioport, NULL, 0); +module_param_hw_array(dma, int, dma, NULL, 0); +module_param_hw_array(irq, int, irq, NULL, 0); module_param(lance_debug, int, 0); MODULE_PARM_DESC(io, "LANCE/PCnet I/O base address(es),required"); MODULE_PARM_DESC(dma, "LANCE/PCnet ISA DMA channel (ignored for some devices)"); diff --git a/drivers/net/ethernet/amd/ni65.c b/drivers/net/ethernet/amd/ni65.c index 1cf33addd15e..f33def497e6c 100644 --- a/drivers/net/ethernet/amd/ni65.c +++ b/drivers/net/ethernet/amd/ni65.c @@ -1228,9 +1228,9 @@ static void set_multicast_list(struct net_device *dev) #ifdef MODULE static struct net_device *dev_ni65; -module_param(irq, int, 0); -module_param(io, int, 0); -module_param(dma, int, 0); +module_param_hw(irq, int, irq, 0); +module_param_hw(io, int, ioport, 0); +module_param_hw(dma, int, dma, 0); MODULE_PARM_DESC(irq, "ni6510 IRQ number (ignored for some cards)"); MODULE_PARM_DESC(io, "ni6510 I/O base address"); MODULE_PARM_DESC(dma, "ni6510 ISA DMA channel (ignored for some cards)"); diff --git a/drivers/net/ethernet/cirrus/cs89x0.c b/drivers/net/ethernet/cirrus/cs89x0.c index 60383040d6c6..8a13680115ee 100644 --- a/drivers/net/ethernet/cirrus/cs89x0.c +++ b/drivers/net/ethernet/cirrus/cs89x0.c @@ -1703,12 +1703,12 @@ static int use_dma; /* These generate unused var warnings if ALLOW_DMA = 0 */ static int dma; static int dmasize = 16; /* or 64 */ -module_param(io, int, 0); -module_param(irq, int, 0); +module_param_hw(io, int, ioport, 0); +module_param_hw(irq, int, irq, 0); module_param(debug, int, 0); module_param_string(media, media, sizeof(media), 0); module_param(duplex, int, 0); -module_param(dma , int, 0); +module_param_hw(dma , int, dma, 0); module_param(dmasize , int, 0); module_param(use_dma , int, 0); MODULE_PARM_DESC(io, "cs89x0 I/O base address"); diff --git a/drivers/net/ethernet/dec/tulip/de4x5.c b/drivers/net/ethernet/dec/tulip/de4x5.c index 7799cf33cc6e..3ea4e8bbb2d0 100644 --- a/drivers/net/ethernet/dec/tulip/de4x5.c +++ b/drivers/net/ethernet/dec/tulip/de4x5.c @@ -1015,7 +1015,7 @@ static int compact_infoblock(struct net_device *dev, u_char count, u_char *p static int io=0x0;/* EDIT THIS LINE FOR YOUR CONFIGURATION IF NEEDED */ -module_param(io, int, 0); +module_param_hw(io, int, ioport, 0); module_param(de4x5_debug, int, 0); module_param(dec_only, int, 0); module_param(args, charp, 0); diff --git a/drivers/net/ethernet/hp/hp100.c b/drivers/net/ethernet/hp/hp100.c index 884aa809baac..e1e066a89369 100644 --- a/drivers/net/ethernet/hp/hp100.c +++ b/drivers/net/ethernet/hp/hp100.c @@ -2968,7 +2968,7 @@ MODULE_DESCRIPTION("HP CASCADE Architecture Driver for 100VG-AnyLan Network Adap #define HP100_DEVICES 5 /* Parameters set by insmod */ static int hp100_port[HP100_DEVICES] = { 0, [1 ... (HP100_DEVICES-1)] = -1 }; -module_param_array(hp100_port, int, NULL, 0); +module_param_hw_array(hp100_port, int, ioport, NULL, 0); /* List of devices */ static struct net_device *hp100_devlist[HP100_DEVICES]; diff --git a/drivers/net/ethernet/realtek/atp.c b/drivers/net/ethernet/realtek/atp.c index d77d60ea8202..b01ebd79cbb2 100644 --- a/drivers/net/ethernet/realtek/atp.c +++ b/drivers/net/ethernet/realtek/atp.c @@ -151,8 +151,8 @@ MODULE_LICENSE("GPL"); module_param(max_interrupt_work, int, 0); module_param(debug, int, 0); -module_param_array(io, int, NULL, 0); -module_param_array(irq, int, NULL, 0); +module_param_hw_array(io, int, ioport, NULL, 0); +module_param_hw_array(irq, int, irq, NULL, 0); module_param_array(xcvr, int, NULL, 0); MODULE_PARM_DESC(max_interrupt_work, "ATP maximum events handled per interrupt"); MODULE_PARM_DESC(debug, "ATP debug level (0-7)"); diff --git a/drivers/net/ethernet/smsc/smc9194.c b/drivers/net/ethernet/smsc/smc9194.c index 664f596971b5..baa1121ce8b8 100644 --- a/drivers/net/ethernet/smsc/smc9194.c +++ b/drivers/net/ethernet/smsc/smc9194.c @@ -1502,8 +1502,8 @@ static void smc_set_multicast_list(struct net_device *dev) static struct net_device *devSMC9194; MODULE_LICENSE("GPL"); -module_param(io, int, 0); -module_param(irq, int, 0); +module_param_hw(io, int, ioport, 0); +module_param_hw(irq, int, irq, 0); module_param(ifport, int, 0); MODULE_PARM_DESC(io, "SMC 99194 I/O base address"); MODULE_PARM_DESC(irq, "SMC 99194 IRQ number"); From patchwork Thu Jun 18 23:12:35 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 1312468 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49nySV6Wm1z9sNR; Fri, 19 Jun 2020 09:14:34 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1jm3jk-0000QS-Lr; Thu, 18 Jun 2020 23:14:24 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3ix-0008IA-Tp for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:36 +0000 Received: from mail-io1-f72.google.com ([209.85.166.72]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3iv-0008Rd-PR for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:33 +0000 Received: by mail-io1-f72.google.com with SMTP id l22so5278251iob.23 for ; Thu, 18 Jun 2020 16:13:33 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=3m9BcutPCftQjeLaUt/aYJSN8YjoSwQinFTT7E3tWgA=; b=JlvcnjM6p0Y55NqYq+NSbIcRhC7mezSxeZhLmkHLdahsgRkVkdc4Wxmj9t3V7mciTj YfiZBwfJRedwLbQzL5Fb2POaUafGe+8XGyz0lQPk6Vb8az11QLbg64OqHsonq35yD/wQ QPvxJLK6SrNpg8ufPuLNqSz7Bmchn+rB0195SJPUb780MnWs8SxbVD0KDU7t3tsuDJgW /kJdX/qmFkVOrkbJafsAW0lTSdgxKhlL1LR8+hovY677ZNVy8Ic94XNcBT/u9D/189dY afIe9Ue0g1fEKdmV9p8hBPLyvgD6AgaM1mNSHtpPjXrcbH3DzUXlGmbQmTJFpy35XUOB iVJA== X-Gm-Message-State: AOAM531ZV+o7KR6j2lbNXHYl/iDkUnQIMeXpWghg8O7RWC5QCV6GL2rl 898cxomWug0aL6jSdFA8lwcitlPAXeFv531sulsmCA677WRI3TaCkO5ULPKjSQswkn6rqvRwWKg TRwSOhAzXi9yxTGszpDoa3FIDXDqkmz5X/58xW8WWDw== X-Received: by 2002:a5d:94c4:: with SMTP id y4mr1223580ior.182.1592522012589; Thu, 18 Jun 2020 16:13:32 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx93VOvYZPkShv9k4uq2n4ojqthH4mOophR/jFAo6JHVRO5xcYQ79VKELajsCyGH319EXZjbg== X-Received: by 2002:a5d:94c4:: with SMTP id y4mr1223559ior.182.1592522012290; Thu, 18 Jun 2020 16:13:32 -0700 (PDT) Received: from localhost ([2605:a601:ac0f:820:f090:1573:c2fc:6389]) by smtp.gmail.com with ESMTPSA id c62sm2346231ill.62.2020.06.18.16.13.31 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 16:13:31 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH 24/47][X] Annotate hardware config module parameters in drivers/net/hamradio/ Date: Thu, 18 Jun 2020 18:12:35 -0500 Message-Id: <20200618231258.630575-25-seth.forshee@canonical.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200618231258.630575-1-seth.forshee@canonical.com> References: <20200618231258.630575-1-seth.forshee@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: David Howells BugLink: https://bugs.launchpad.net/bugs/1884159 When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a device to access or modify the kernel image. To this end, annotate module_param* statements that refer to hardware configuration and indicate for future reference what type of parameter they specify. The parameter parser in the core sees this information and can skip such parameters with an error message if the kernel is locked down. The module initialisation then runs as normal, but just sees whatever the default values for those parameters is. Note that we do still need to do the module initialisation because some drivers have viable defaults set in case parameters aren't specified and some drivers support automatic configuration (e.g. PNP or PCI) in addition to manually coded parameters. This patch annotates drivers in drivers/net/hamradio/. Suggested-by: Alan Cox Signed-off-by: David Howells cc: Thomas Sailer cc: Joerg Reuter cc: linux-hams@vger.kernel.org cc: netdev@vger.kernel.org (cherry picked from commit b658e5d854d4e9015d83133a826ec734770deefb) Signed-off-by: Seth Forshee --- drivers/net/hamradio/baycom_epp.c | 2 +- drivers/net/hamradio/baycom_par.c | 2 +- drivers/net/hamradio/baycom_ser_fdx.c | 4 ++-- drivers/net/hamradio/baycom_ser_hdx.c | 4 ++-- drivers/net/hamradio/dmascc.c | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/drivers/net/hamradio/baycom_epp.c b/drivers/net/hamradio/baycom_epp.c index 72c9f1f352b4..8c5db53e8742 100644 --- a/drivers/net/hamradio/baycom_epp.c +++ b/drivers/net/hamradio/baycom_epp.c @@ -1170,7 +1170,7 @@ static int iobase[NR_PORTS] = { 0x378, }; module_param_array(mode, charp, NULL, 0); MODULE_PARM_DESC(mode, "baycom operating mode"); -module_param_array(iobase, int, NULL, 0); +module_param_hw_array(iobase, int, ioport, NULL, 0); MODULE_PARM_DESC(iobase, "baycom io base address"); MODULE_AUTHOR("Thomas M. Sailer, sailer@ife.ee.ethz.ch, hb9jnx@hb9w.che.eu"); diff --git a/drivers/net/hamradio/baycom_par.c b/drivers/net/hamradio/baycom_par.c index acb636963e90..6f05792f6999 100644 --- a/drivers/net/hamradio/baycom_par.c +++ b/drivers/net/hamradio/baycom_par.c @@ -481,7 +481,7 @@ static int iobase[NR_PORTS] = { 0x378, }; module_param_array(mode, charp, NULL, 0); MODULE_PARM_DESC(mode, "baycom operating mode; eg. par96 or picpar"); -module_param_array(iobase, int, NULL, 0); +module_param_hw_array(iobase, int, ioport, NULL, 0); MODULE_PARM_DESC(iobase, "baycom io base address"); MODULE_AUTHOR("Thomas M. Sailer, sailer@ife.ee.ethz.ch, hb9jnx@hb9w.che.eu"); diff --git a/drivers/net/hamradio/baycom_ser_fdx.c b/drivers/net/hamradio/baycom_ser_fdx.c index 636b65c66d49..6b07ef9ca345 100644 --- a/drivers/net/hamradio/baycom_ser_fdx.c +++ b/drivers/net/hamradio/baycom_ser_fdx.c @@ -612,9 +612,9 @@ static int baud[NR_PORTS] = { [0 ... NR_PORTS-1] = 1200 }; module_param_array(mode, charp, NULL, 0); MODULE_PARM_DESC(mode, "baycom operating mode; * for software DCD"); -module_param_array(iobase, int, NULL, 0); +module_param_hw_array(iobase, int, ioport, NULL, 0); MODULE_PARM_DESC(iobase, "baycom io base address"); -module_param_array(irq, int, NULL, 0); +module_param_hw_array(irq, int, irq, NULL, 0); MODULE_PARM_DESC(irq, "baycom irq number"); module_param_array(baud, int, NULL, 0); MODULE_PARM_DESC(baud, "baycom baud rate (300 to 4800)"); diff --git a/drivers/net/hamradio/baycom_ser_hdx.c b/drivers/net/hamradio/baycom_ser_hdx.c index f9a8976195ba..1b310493ba8a 100644 --- a/drivers/net/hamradio/baycom_ser_hdx.c +++ b/drivers/net/hamradio/baycom_ser_hdx.c @@ -642,9 +642,9 @@ static int irq[NR_PORTS] = { 4, }; module_param_array(mode, charp, NULL, 0); MODULE_PARM_DESC(mode, "baycom operating mode; * for software DCD"); -module_param_array(iobase, int, NULL, 0); +module_param_hw_array(iobase, int, ioport, NULL, 0); MODULE_PARM_DESC(iobase, "baycom io base address"); -module_param_array(irq, int, NULL, 0); +module_param_hw_array(irq, int, irq, NULL, 0); MODULE_PARM_DESC(irq, "baycom irq number"); MODULE_AUTHOR("Thomas M. Sailer, sailer@ife.ee.ethz.ch, hb9jnx@hb9w.che.eu"); diff --git a/drivers/net/hamradio/dmascc.c b/drivers/net/hamradio/dmascc.c index c3d377770616..bf52868aee38 100644 --- a/drivers/net/hamradio/dmascc.c +++ b/drivers/net/hamradio/dmascc.c @@ -274,7 +274,7 @@ static unsigned long rand; MODULE_AUTHOR("Klaus Kudielka"); MODULE_DESCRIPTION("Driver for high-speed SCC boards"); -module_param_array(io, int, NULL, 0); +module_param_hw_array(io, int, ioport, NULL, 0); MODULE_LICENSE("GPL"); static void __exit dmascc_exit(void) From patchwork Thu Jun 18 23:12:36 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 1312469 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49nySg3x3vz9sNR; Fri, 19 Jun 2020 09:14:43 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1jm3jr-0000Te-Sh; Thu, 18 Jun 2020 23:14:32 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3iz-0008Iv-Oe for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:37 +0000 Received: from mail-io1-f70.google.com ([209.85.166.70]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3ix-0008Ri-4J for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:35 +0000 Received: by mail-io1-f70.google.com with SMTP id a16so5346757iow.9 for ; Thu, 18 Jun 2020 16:13:35 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=uTBXWfh5orR41bUJOe7Ev59lOrAlt+upYQ0ls0b/tCI=; b=iGMuXHPGv38hfuCrjHGdgjVNp1uNH9peFpRPPnW//LT88TtFo4xoi0qlJ9CgxncVGA 1aVjGbJsgHas1ej1I6xHdy5CapPPGisiVQpTTvJla5CYkrO5ngbW2caCUO6pGvUafMii nuYKAi2LX2qbW9tFNIOnTtlx95zyioNQ/S6PGK87rIDpZItyqjHsBn+2qKcOn3qmQN10 8MjhcGSuoF+j9YcFWJCZljMdDtGKxbJ8Y38RhSEUwcoRB2jbujWmvVcgK28R4kJb+3+S nvN3Pj1F9+J2rN61WzYXKNqqJoHbfxMct054lrY0txJqM9nS28B6H5gl06wwQKmVebwC WmEg== X-Gm-Message-State: AOAM5317ePblu752YWZtZ2gMz5VOHM6faYc3wcOlocKtLFohw2jewifg 9/hDg3qLel9MVUrpFUW201X/Fl8xJNr83C8NpBKYBXIoADJbRt04EIqnCwlbK7Z/fsTXB2BKc3Z bCSDDUlWYvbDuVyfL/mm6cy/V1W19vds/vWfBXjGpog== X-Received: by 2002:a5d:890d:: with SMTP id b13mr1193099ion.19.1592522013984; Thu, 18 Jun 2020 16:13:33 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw/zTTGaq5xzZXVYJIFxvuQNgXiTqyc0hXncaKV4lsHh5EMVbVQm0NhlJwhYMDjMq7Ha83Fog== X-Received: by 2002:a5d:890d:: with SMTP id b13mr1193082ion.19.1592522013725; Thu, 18 Jun 2020 16:13:33 -0700 (PDT) Received: from localhost ([2605:a601:ac0f:820:f090:1573:c2fc:6389]) by smtp.gmail.com with ESMTPSA id r17sm2263239ilc.33.2020.06.18.16.13.32 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 16:13:33 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH 25/47][X] Annotate hardware config module parameters in drivers/net/irda/ Date: Thu, 18 Jun 2020 18:12:36 -0500 Message-Id: <20200618231258.630575-26-seth.forshee@canonical.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200618231258.630575-1-seth.forshee@canonical.com> References: <20200618231258.630575-1-seth.forshee@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: David Howells BugLink: https://bugs.launchpad.net/bugs/1884159 When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a device to access or modify the kernel image. To this end, annotate module_param* statements that refer to hardware configuration and indicate for future reference what type of parameter they specify. The parameter parser in the core sees this information and can skip such parameters with an error message if the kernel is locked down. The module initialisation then runs as normal, but just sees whatever the default values for those parameters is. Note that we do still need to do the module initialisation because some drivers have viable defaults set in case parameters aren't specified and some drivers support automatic configuration (e.g. PNP or PCI) in addition to manually coded parameters. This patch annotates drivers in drivers/net/irda/. Suggested-by: Alan Cox Signed-off-by: David Howells cc: Samuel Ortiz cc: netdev@vger.kernel.org (cherry picked from commit 4f06e652721da79e032d3ba38bc1589bd553a5fc) Signed-off-by: Seth Forshee --- drivers/net/irda/ali-ircc.c | 6 +++--- drivers/net/irda/nsc-ircc.c | 6 +++--- drivers/net/irda/smsc-ircc2.c | 10 +++++----- drivers/net/irda/w83977af_ir.c | 4 ++-- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/drivers/net/irda/ali-ircc.c b/drivers/net/irda/ali-ircc.c index 64bb44d5d867..c50ab723b850 100644 --- a/drivers/net/irda/ali-ircc.c +++ b/drivers/net/irda/ali-ircc.c @@ -2207,11 +2207,11 @@ MODULE_LICENSE("GPL"); MODULE_ALIAS("platform:" ALI_IRCC_DRIVER_NAME); -module_param_array(io, int, NULL, 0); +module_param_hw_array(io, int, ioport, NULL, 0); MODULE_PARM_DESC(io, "Base I/O addresses"); -module_param_array(irq, int, NULL, 0); +module_param_hw_array(irq, int, irq, NULL, 0); MODULE_PARM_DESC(irq, "IRQ lines"); -module_param_array(dma, int, NULL, 0); +module_param_hw_array(dma, int, dma, NULL, 0); MODULE_PARM_DESC(dma, "DMA channels"); module_init(ali_ircc_init); diff --git a/drivers/net/irda/nsc-ircc.c b/drivers/net/irda/nsc-ircc.c index dc0dbd8dd0b5..b7f3873b13c7 100644 --- a/drivers/net/irda/nsc-ircc.c +++ b/drivers/net/irda/nsc-ircc.c @@ -2395,11 +2395,11 @@ MODULE_LICENSE("GPL"); module_param(qos_mtt_bits, int, 0); MODULE_PARM_DESC(qos_mtt_bits, "Minimum Turn Time"); -module_param_array(io, int, NULL, 0); +module_param_hw_array(io, int, ioport, NULL, 0); MODULE_PARM_DESC(io, "Base I/O addresses"); -module_param_array(irq, int, NULL, 0); +module_param_hw_array(irq, int, irq, NULL, 0); MODULE_PARM_DESC(irq, "IRQ lines"); -module_param_array(dma, int, NULL, 0); +module_param_hw_array(dma, int, dma, NULL, 0); MODULE_PARM_DESC(dma, "DMA channels"); module_param(dongle_id, int, 0); MODULE_PARM_DESC(dongle_id, "Type-id of used dongle"); diff --git a/drivers/net/irda/smsc-ircc2.c b/drivers/net/irda/smsc-ircc2.c index b455ffe8850c..f28a1fe8f9dd 100644 --- a/drivers/net/irda/smsc-ircc2.c +++ b/drivers/net/irda/smsc-ircc2.c @@ -82,24 +82,24 @@ MODULE_PARM_DESC(nopnp, "Do not use PNP to detect controller settings, defaults #define DMA_INVAL 255 static int ircc_dma = DMA_INVAL; -module_param(ircc_dma, int, 0); +module_param_hw(ircc_dma, int, dma, 0); MODULE_PARM_DESC(ircc_dma, "DMA channel"); #define IRQ_INVAL 255 static int ircc_irq = IRQ_INVAL; -module_param(ircc_irq, int, 0); +module_param_hw(ircc_irq, int, irq, 0); MODULE_PARM_DESC(ircc_irq, "IRQ line"); static int ircc_fir; -module_param(ircc_fir, int, 0); +module_param_hw(ircc_fir, int, ioport, 0); MODULE_PARM_DESC(ircc_fir, "FIR Base Address"); static int ircc_sir; -module_param(ircc_sir, int, 0); +module_param_hw(ircc_sir, int, ioport, 0); MODULE_PARM_DESC(ircc_sir, "SIR Base Address"); static int ircc_cfg; -module_param(ircc_cfg, int, 0); +module_param_hw(ircc_cfg, int, ioport, 0); MODULE_PARM_DESC(ircc_cfg, "Configuration register base address"); static int ircc_transceiver; diff --git a/drivers/net/irda/w83977af_ir.c b/drivers/net/irda/w83977af_ir.c index e8c3a8c32534..d17389117b2d 100644 --- a/drivers/net/irda/w83977af_ir.c +++ b/drivers/net/irda/w83977af_ir.c @@ -1266,9 +1266,9 @@ MODULE_LICENSE("GPL"); module_param(qos_mtt_bits, int, 0); MODULE_PARM_DESC(qos_mtt_bits, "Mimimum Turn Time"); -module_param_array(io, int, NULL, 0); +module_param_hw_array(io, int, ioport, NULL, 0); MODULE_PARM_DESC(io, "Base I/O addresses"); -module_param_array(irq, int, NULL, 0); +module_param_hw_array(irq, int, irq, NULL, 0); MODULE_PARM_DESC(irq, "IRQ lines"); /* From patchwork Thu Jun 18 23:12:37 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 1312471 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49nySy1T54z9sNR; Fri, 19 Jun 2020 09:14:58 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1jm3k8-0000c9-UV; Thu, 18 Jun 2020 23:14:49 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3j0-0008Js-UI for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:39 +0000 Received: from mail-io1-f71.google.com ([209.85.166.71]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3iy-0008Rs-Jh for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:36 +0000 Received: by mail-io1-f71.google.com with SMTP id m11so5318145ioj.14 for ; Thu, 18 Jun 2020 16:13:36 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=+C9vfCHsfBvDtq4HNTDMkPqh6jimkPvow2uhCCNL/Z4=; b=uIQ7ncI+zjDH/oaoLbY99SnBE5ahOTxx22VIEpLTme/Fh6s6oggHhrVFICCbv1JzBs w51WFr2/z15GKXHW8fHrrx7tG7s84Jn+lwG2FvMFRur7dvvyEnGJmn69uWTEG7smMs73 WbSVLkM3jgWFNKtS7GvMEjbMwZCodFZ86PsMGE+jnhrxcc3gpzp0jv5xOfMLZd4UF1tp X33s09xXobiRTosJ+eBLCEUEewQwfdUNRNmGEQ9wyQEITDh6uWytWWOmr+3in3UIxKt4 S9QJqP4L6IS1pYzFfYPxZ++qg1V/Eo81Mxx2cpEhEf1co5ZHNAIOapWMY07S8SuQIMHQ P/Cg== X-Gm-Message-State: AOAM5303FAXHtiP03YoIkVu+8fp+1mFbp56X7R2d6D6y0LWFyae59vj9 ROiCARtyzCWbKlZwzwGjawYoNJLzHOQNLv8hZZ0WIHB7MIUtv9dVcb/Ab23v4LE+3zWTntLd8dJ Z4Eb85WZ8hj/HS7v1XCou4ZAFUsb6E6cCYofj0dEvPw== X-Received: by 2002:a02:298b:: with SMTP id p133mr1026128jap.73.1592522015318; Thu, 18 Jun 2020 16:13:35 -0700 (PDT) X-Google-Smtp-Source: ABdhPJze5nAoftXyH4DJL8OooCLrdyq+uahFqRrH/1fbOpLuf6XspHHeTRBkLjCJhwqtRKDG0046MA== X-Received: by 2002:a02:298b:: with SMTP id p133mr1026099jap.73.1592522014964; Thu, 18 Jun 2020 16:13:34 -0700 (PDT) Received: from localhost ([2605:a601:ac0f:820:f090:1573:c2fc:6389]) by smtp.gmail.com with ESMTPSA id q5sm2251749ile.37.2020.06.18.16.13.34 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 16:13:34 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH 26/47][X] Annotate hardware config module parameters in drivers/net/wan/ Date: Thu, 18 Jun 2020 18:12:37 -0500 Message-Id: <20200618231258.630575-27-seth.forshee@canonical.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200618231258.630575-1-seth.forshee@canonical.com> References: <20200618231258.630575-1-seth.forshee@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: David Howells BugLink: https://bugs.launchpad.net/bugs/1884159 When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a device to access or modify the kernel image. To this end, annotate module_param* statements that refer to hardware configuration and indicate for future reference what type of parameter they specify. The parameter parser in the core sees this information and can skip such parameters with an error message if the kernel is locked down. The module initialisation then runs as normal, but just sees whatever the default values for those parameters is. Note that we do still need to do the module initialisation because some drivers have viable defaults set in case parameters aren't specified and some drivers support automatic configuration (e.g. PNP or PCI) in addition to manually coded parameters. This patch annotates drivers in drivers/net/wan/. Suggested-by: Alan Cox Signed-off-by: David Howells cc: "Jan \"Yenya\" Kasprzak" cc: netdev@vger.kernel.org (cherry picked from commit af28a03c1b1eae4d7c97f4bd0c6326522c8a3bc9) Signed-off-by: Seth Forshee --- drivers/net/wan/cosa.c | 6 +++--- drivers/net/wan/hostess_sv11.c | 6 +++--- drivers/net/wan/sbni.c | 4 ++-- drivers/net/wan/sealevel.c | 8 ++++---- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/drivers/net/wan/cosa.c b/drivers/net/wan/cosa.c index 848ea6a399f2..18956c47cf92 100644 --- a/drivers/net/wan/cosa.c +++ b/drivers/net/wan/cosa.c @@ -232,11 +232,11 @@ static int irq[MAX_CARDS+1] = { -1, -1, -1, -1, -1, -1, 0, }; static struct class *cosa_class; #ifdef MODULE -module_param_array(io, int, NULL, 0); +module_param_hw_array(io, int, ioport, NULL, 0); MODULE_PARM_DESC(io, "The I/O bases of the COSA or SRP cards"); -module_param_array(irq, int, NULL, 0); +module_param_hw_array(irq, int, irq, NULL, 0); MODULE_PARM_DESC(irq, "The IRQ lines of the COSA or SRP cards"); -module_param_array(dma, int, NULL, 0); +module_param_hw_array(dma, int, dma, NULL, 0); MODULE_PARM_DESC(dma, "The DMA channels of the COSA or SRP cards"); MODULE_AUTHOR("Jan \"Yenya\" Kasprzak, "); diff --git a/drivers/net/wan/hostess_sv11.c b/drivers/net/wan/hostess_sv11.c index 3d741663fd67..4845560fd848 100644 --- a/drivers/net/wan/hostess_sv11.c +++ b/drivers/net/wan/hostess_sv11.c @@ -325,11 +325,11 @@ static void sv11_shutdown(struct z8530_dev *dev) static int io = 0x200; static int irq = 9; -module_param(io, int, 0); +module_param_hw(io, int, ioport, 0); MODULE_PARM_DESC(io, "The I/O base of the Comtrol Hostess SV11 card"); -module_param(dma, int, 0); +module_param_hw(dma, int, dma, 0); MODULE_PARM_DESC(dma, "Set this to 1 to use DMA1/DMA3 for TX/RX"); -module_param(irq, int, 0); +module_param_hw(irq, int, irq, 0); MODULE_PARM_DESC(irq, "The interrupt line setting for the Comtrol Hostess SV11 card"); MODULE_AUTHOR("Alan Cox"); diff --git a/drivers/net/wan/sbni.c b/drivers/net/wan/sbni.c index 8fef8d83436d..5868fc25962c 100644 --- a/drivers/net/wan/sbni.c +++ b/drivers/net/wan/sbni.c @@ -1464,8 +1464,8 @@ set_multicast_list( struct net_device *dev ) #ifdef MODULE -module_param_array(io, int, NULL, 0); -module_param_array(irq, int, NULL, 0); +module_param_hw_array(io, int, ioport, NULL, 0); +module_param_hw_array(irq, int, irq, NULL, 0); module_param_array(baud, int, NULL, 0); module_param_array(rxl, int, NULL, 0); module_param_array(mac, int, NULL, 0); diff --git a/drivers/net/wan/sealevel.c b/drivers/net/wan/sealevel.c index 27860b4f5908..1d762a2d3ddc 100644 --- a/drivers/net/wan/sealevel.c +++ b/drivers/net/wan/sealevel.c @@ -364,13 +364,13 @@ static int rxdma=3; static int irq=5; static bool slow=false; -module_param(io, int, 0); +module_param_hw(io, int, ioport, 0); MODULE_PARM_DESC(io, "The I/O base of the Sealevel card"); -module_param(txdma, int, 0); +module_param_hw(txdma, int, dma, 0); MODULE_PARM_DESC(txdma, "Transmit DMA channel"); -module_param(rxdma, int, 0); +module_param_hw(rxdma, int, dma, 0); MODULE_PARM_DESC(rxdma, "Receive DMA channel"); -module_param(irq, int, 0); +module_param_hw(irq, int, irq, 0); MODULE_PARM_DESC(irq, "The interrupt line setting for the SeaLevel card"); module_param(slow, bool, 0); MODULE_PARM_DESC(slow, "Set this for an older Sealevel card such as the 4012"); From patchwork Thu Jun 18 23:12:38 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 1312472 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49nyT86CRdz9sNR; Fri, 19 Jun 2020 09:15:08 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1jm3kI-0000gc-Px; Thu, 18 Jun 2020 23:14:58 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3j3-0008LP-47 for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:41 +0000 Received: from mail-io1-f69.google.com ([209.85.166.69]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3j0-0008SE-UN for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:39 +0000 Received: by mail-io1-f69.google.com with SMTP id p8so5316587ios.19 for ; Thu, 18 Jun 2020 16:13:38 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=1agq090lQWFCLnU2+tJoMpWRWYwxVgcamoAKSXr4o+g=; b=q1sscd0nUsy3qsKPaacn5XvJYkkm2sj0s1EJB8sOleXAIh5eyeOn9Y6slX3vCQaJOB xycl1AWdozJZjyY0waSBpAgZIf6N+AK8KF1fhwDiL+PXpv5EZkWQRsFN2uxDV4GKjXiX cwnSMdjTPRVOK/IXXWlKveC1+tGBRLZmmWEoh4QytONza84REO0xCWxKdGQZEHPpjQMj N6/9wbEoNIQ2V7ntT4djC5jL2ICehqnVntu1v1hX0H/KZeBl1AKCHQSi36jlCM1OANk4 XkC5J/vaXs+ZthOeiCx3RHM8RU0pr9QY6Xk6MOdrH68dZVrMuM9jDMBoG9C9GBLS2z8p MWSg== X-Gm-Message-State: AOAM532MW84oMXZyFNZ4x9tqzJXHuoJqPpJUO2Gu5qAbTmmOeRMdCz8T 373XbxAvmeo8mWOgkcmAVYtUNQEwMbEdguNkpvtSSQkdXP20hjq/3hF+rQiP/PsG22hHsrgCXE5 WhBfdMglbJPETkkZtYIhDcTH5nqbPHEr5HsXb0i4PIA== X-Received: by 2002:a5e:c64a:: with SMTP id s10mr1193606ioo.1.1592522017796; Thu, 18 Jun 2020 16:13:37 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyYIkd9dVA2unp/Qy2FiLsbgLsxU9Sg8Lgn6OjmTbGMvj/lxFKcDxe/KVwhFTk+HPpufEYiLw== X-Received: by 2002:a5e:c64a:: with SMTP id s10mr1193579ioo.1.1592522017379; Thu, 18 Jun 2020 16:13:37 -0700 (PDT) Received: from localhost ([2605:a601:ac0f:820:f090:1573:c2fc:6389]) by smtp.gmail.com with ESMTPSA id l3sm2553205iow.55.2020.06.18.16.13.36 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 16:13:36 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH 27/47][X] Annotate hardware config module parameters in drivers/net/wireless/ Date: Thu, 18 Jun 2020 18:12:38 -0500 Message-Id: <20200618231258.630575-28-seth.forshee@canonical.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200618231258.630575-1-seth.forshee@canonical.com> References: <20200618231258.630575-1-seth.forshee@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: David Howells BugLink: https://bugs.launchpad.net/bugs/1884159 When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a device to access or modify the kernel image. To this end, annotate module_param* statements that refer to hardware configuration and indicate for future reference what type of parameter they specify. The parameter parser in the core sees this information and can skip such parameters with an error message if the kernel is locked down. The module initialisation then runs as normal, but just sees whatever the default values for those parameters is. Note that we do still need to do the module initialisation because some drivers have viable defaults set in case parameters aren't specified and some drivers support automatic configuration (e.g. PNP or PCI) in addition to manually coded parameters. This patch annotates drivers in drivers/net/wireless/. Suggested-by: Alan Cox Signed-off-by: David Howells cc: Kalle Valo cc: linux-wireless@vger.kernel.org cc: netdev@vger.kernel.org (cherry picked from commit 767c13e610d5775be00423c1ce046c1eb9616a21) Signed-off-by: Seth Forshee --- drivers/net/wireless/airo.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireless/airo.c b/drivers/net/wireless/airo.c index a44496d8423a..3ea2ef19667d 100644 --- a/drivers/net/wireless/airo.c +++ b/drivers/net/wireless/airo.c @@ -246,8 +246,8 @@ MODULE_DESCRIPTION("Support for Cisco/Aironet 802.11 wireless ethernet cards. " "Direct support for ISA/PCI/MPI cards and support for PCMCIA when used with airo_cs."); MODULE_LICENSE("Dual BSD/GPL"); MODULE_SUPPORTED_DEVICE("Aironet 4500, 4800 and Cisco 340/350"); -module_param_array(io, int, NULL, 0); -module_param_array(irq, int, NULL, 0); +module_param_hw_array(io, int, ioport, NULL, 0); +module_param_hw_array(irq, int, irq, NULL, 0); module_param_array(rates, int, NULL, 0); module_param_array(ssids, charp, NULL, 0); module_param(auto_wep, int, 0); From patchwork Thu Jun 18 23:12:39 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 1312470 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49nySq2hFPz9sNR; Fri, 19 Jun 2020 09:14:51 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1jm3k0-0000YB-P6; Thu, 18 Jun 2020 23:14:40 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3j5-0008Mt-4b for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:43 +0000 Received: from mail-il1-f200.google.com ([209.85.166.200]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3j2-0008SO-Ut for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:41 +0000 Received: by mail-il1-f200.google.com with SMTP id y16so5130558ilm.21 for ; Thu, 18 Jun 2020 16:13:40 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=s2iYtTgqfRjBSubgr9yQvdH+ZRxjad4Sk+zVWiOybRE=; b=YR8JT9OHJO7zBNrFmHfC7OOgpUUaHUh1lY+Hm6aEhbNpwRmY5c4m7/cy/rO7wbyUy4 117UmF/gBE5G63axgxWRlX6VGBxY0J5/76TWffNl687pjXqtoHlwjTRKREsXi3yAhP6S JABp/CpM0PMPOcmzf5vYOwM5elEMeokbPZvJGO+QYp+X8JY5FAP7l0D7DscH5vGX2skH 05YMEa423Hyyu+wdmNeO8mDXH8myBukhC32J1KKM0LLJ2CWhirxR3SgSCc/5k/VQ30jr MiAne5PEli8C6eNDdoahIWn2nknIq5906Go0Y+znZVV+9RwlL6IwGLwTl4CDzLcAvuzV QEBA== X-Gm-Message-State: AOAM533z1KwVAJNeiiE/fRnK6HXTqrg8SEhjervRpHivTgA9NxzBei4m RNXxvw9nvaEMncGHYIOn1buAv+1OqNyjcuJQYmy5vt7BVTZs3elONAxw1Bkc1T6zeYDSzvhkzmG fggVh8OX/9p0cjumoP9+Jkcv8/XOYHDMcOH2poBkOww== X-Received: by 2002:a92:9f0e:: with SMTP id u14mr834069ili.277.1592522019788; Thu, 18 Jun 2020 16:13:39 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwG0ouWlKp5iXdyk82GvkfZd2lar1IekLH+P/fdvctz8oxlzqLquh4eXJU5sVs9xEisJJFbmQ== X-Received: by 2002:a92:9f0e:: with SMTP id u14mr834053ili.277.1592522019478; Thu, 18 Jun 2020 16:13:39 -0700 (PDT) Received: from localhost ([2605:a601:ac0f:820:f090:1573:c2fc:6389]) by smtp.gmail.com with ESMTPSA id p12sm2344153ioj.37.2020.06.18.16.13.38 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 16:13:39 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH 28/47][X] Annotate hardware config module parameters in drivers/parport/ Date: Thu, 18 Jun 2020 18:12:39 -0500 Message-Id: <20200618231258.630575-29-seth.forshee@canonical.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200618231258.630575-1-seth.forshee@canonical.com> References: <20200618231258.630575-1-seth.forshee@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: David Howells BugLink: https://bugs.launchpad.net/bugs/1884159 When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a device to access or modify the kernel image. To this end, annotate module_param* statements that refer to hardware configuration and indicate for future reference what type of parameter they specify. The parameter parser in the core sees this information and can skip such parameters with an error message if the kernel is locked down. The module initialisation then runs as normal, but just sees whatever the default values for those parameters is. Note that we do still need to do the module initialisation because some drivers have viable defaults set in case parameters aren't specified and some drivers support automatic configuration (e.g. PNP or PCI) in addition to manually coded parameters. This patch annotates drivers in drivers/parport/. Suggested-by: Alan Cox Signed-off-by: David Howells cc: Sudip Mukherjee (cherry picked from commit c8fc074dd388112890684b614be1e58335890b27) Signed-off-by: Seth Forshee --- drivers/parport/parport_pc.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/parport/parport_pc.c b/drivers/parport/parport_pc.c index 02e6485c1ed5..6520c4041bf7 100644 --- a/drivers/parport/parport_pc.c +++ b/drivers/parport/parport_pc.c @@ -3154,13 +3154,13 @@ static char *irq[PARPORT_PC_MAX_PORTS]; static char *dma[PARPORT_PC_MAX_PORTS]; MODULE_PARM_DESC(io, "Base I/O address (SPP regs)"); -module_param_array(io, int, NULL, 0); +module_param_hw_array(io, int, ioport, NULL, 0); MODULE_PARM_DESC(io_hi, "Base I/O address (ECR)"); -module_param_array(io_hi, int, NULL, 0); +module_param_hw_array(io_hi, int, ioport, NULL, 0); MODULE_PARM_DESC(irq, "IRQ line"); -module_param_array(irq, charp, NULL, 0); +module_param_hw_array(irq, charp, irq, NULL, 0); MODULE_PARM_DESC(dma, "DMA channel"); -module_param_array(dma, charp, NULL, 0); +module_param_hw_array(dma, charp, dma, NULL, 0); #if defined(CONFIG_PARPORT_PC_SUPERIO) || \ (defined(CONFIG_PARPORT_1284) && defined(CONFIG_PARPORT_PC_FIFO)) MODULE_PARM_DESC(verbose_probing, "Log chit-chat during initialisation"); From patchwork Thu Jun 18 23:12:40 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 1312473 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49nyTG1lhcz9sNR; Fri, 19 Jun 2020 09:15:14 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1jm3kQ-0000kl-Ie; Thu, 18 Jun 2020 23:15:06 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3j6-0008O4-Rk for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:44 +0000 Received: from mail-il1-f198.google.com ([209.85.166.198]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3j4-0008SS-Dn for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:42 +0000 Received: by mail-il1-f198.google.com with SMTP id c8so5168297ilm.5 for ; Thu, 18 Jun 2020 16:13:42 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=EM8bBTuEkyO2oujhTLe6kQQeeFf2IhPpwv84qkbRo70=; b=nVmFIxLQtjpAo+x0KZ7YZTvD4qqfg1NfJ7Mwgd/F6BYu3R3myxuWt9AFA4+ue6MwhZ Th8obnvG1PcOkCrh0wnBe5mcXUxW83Z50JSmU6cFJs7IHi9gXkxgmqUkY01qDzKo9lP9 wDJ/2HTF0eFVqZrtBsPU3JXsZaWvyWyCg3HwrM/iAtLOOqAgxHqKtYOjyvdWDQWGZMen M8mCKILiotBIOU3zmYKE0Enygnzll34Q7pPlDoMxJsUDHJ5+mQPiP5ZOVILrNPwCW7vW 2e3/OKuXKxLJu7/lhnYiKY7srkeZ9VzHFdy3KLdx+VnGTp001LOIl7zdXw+mQgkIEIkm 8U+w== X-Gm-Message-State: AOAM531pwnw2Y4OsiECFroEkrw6U0em5xuVvEZYhVXj/SMC5uoIp+xdG UeU/34jcN1f6tQqIW8yhU11I1dNXlnIq4SiEfJmhhjuMtM4/xjHD/icCL7NGDjE8PvnGAzgweWS AXncDimneSBSubdFso3+lsoHrEwea1U4m1aitIGwDrA== X-Received: by 2002:a02:6543:: with SMTP id u64mr1104576jab.26.1592522021229; Thu, 18 Jun 2020 16:13:41 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwn9J77Uy0wjjr9Ccg7XjExebXRChC9GftsSm7KhKnyfg6FWg4Tl1X9mYMOpcwnW5Boj2BJMg== X-Received: by 2002:a02:6543:: with SMTP id u64mr1104536jab.26.1592522020595; Thu, 18 Jun 2020 16:13:40 -0700 (PDT) Received: from localhost ([2605:a601:ac0f:820:f090:1573:c2fc:6389]) by smtp.gmail.com with ESMTPSA id u2sm2180259ilg.29.2020.06.18.16.13.39 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 16:13:40 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH 29/47][X] Annotate hardware config module parameters in drivers/pci/hotplug/ Date: Thu, 18 Jun 2020 18:12:40 -0500 Message-Id: <20200618231258.630575-30-seth.forshee@canonical.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200618231258.630575-1-seth.forshee@canonical.com> References: <20200618231258.630575-1-seth.forshee@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: David Howells BugLink: https://bugs.launchpad.net/bugs/1884159 When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a device to access or modify the kernel image. To this end, annotate module_param* statements that refer to hardware configuration and indicate for future reference what type of parameter they specify. The parameter parser in the core sees this information and can skip such parameters with an error message if the kernel is locked down. The module initialisation then runs as normal, but just sees whatever the default values for those parameters is. Note that we do still need to do the module initialisation because some drivers have viable defaults set in case parameters aren't specified and some drivers support automatic configuration (e.g. PNP or PCI) in addition to manually coded parameters. This patch annotates drivers in drivers/pci/hotplug/. Suggested-by: Alan Cox Signed-off-by: David Howells Acked-by: Bjorn Helgaas cc: Scott Murray cc: linux-pci@vger.kernel.org (cherry picked from commit 01b961b70dde53b3a5b5062670a19d566e67e78e) Signed-off-by: Seth Forshee --- drivers/pci/hotplug/cpcihp_generic.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/pci/hotplug/cpcihp_generic.c b/drivers/pci/hotplug/cpcihp_generic.c index 66b7bbebe493..d92f5304d67b 100644 --- a/drivers/pci/hotplug/cpcihp_generic.c +++ b/drivers/pci/hotplug/cpcihp_generic.c @@ -220,7 +220,7 @@ module_param(first_slot, byte, 0); MODULE_PARM_DESC(first_slot, "Hotswap bus first slot number"); module_param(last_slot, byte, 0); MODULE_PARM_DESC(last_slot, "Hotswap bus last slot number"); -module_param(port, ushort, 0); +module_param_hw(port, ushort, ioport, 0); MODULE_PARM_DESC(port, "#ENUM signal I/O port"); module_param(enum_bit, uint, 0); MODULE_PARM_DESC(enum_bit, "#ENUM signal bit (0-7)"); From patchwork Thu Jun 18 23:12:41 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 1312474 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49nyTL4FjGz9sNR; Fri, 19 Jun 2020 09:15:18 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1jm3kV-0000nM-8B; Thu, 18 Jun 2020 23:15:11 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3j7-0008Of-Of for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:45 +0000 Received: from mail-io1-f69.google.com ([209.85.166.69]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3j4-0008ST-WD for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:43 +0000 Received: by mail-io1-f69.google.com with SMTP id b3so3073110ion.17 for ; Thu, 18 Jun 2020 16:13:42 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=uPZL00A3olC19YonkBL+r+JbLrro800tK/FmuCV7xlY=; b=I5uCD1l0BG0a5rdXZkjUpeeRBoLptN34XyrvZRzqS9CYOLRCgT5fQCj4dtdtsClFor O+Uqvf8loII3cvRikQzAPDFa8Fv9vKhnAAf9NWGvQXlxPyfCFI9X8ur6fEzXFg9t3YoK CtP2IwDN0wQBZoa4AdH3QUiHOwhOnSwO7J6fJDnJt2dJftJIooXW7sQl/QMZXukdBdpx 4XPdhF8faZw7lwgCFUsVeb9BueONLtvym7KpBiSG07FwnNCvIvNppgl0TwN1iuHm6zQw V0hF4f29bLrS7qv3cKUG6zGSFDz9ZtxTuSiuvl7d/ogz7yKoosNao/MkedxQnQ0zB1co 3mGg== X-Gm-Message-State: AOAM531a729mSMner8CxxnUwlHjP6KEQ7jbkiaTgoXjlAL9KUoz/nWKl LaD6d6nWjOPTVC3t1VeKRpqplOEV7Ocn2ohAAwH70zSinpzikPeePag0+us6C8x11QS0EfbxVsd cyqdi23RQBP+nwCQMVIjURg7wm82Q3AL6rO7AshVwUw== X-Received: by 2002:a02:942e:: with SMTP id a43mr995107jai.113.1592522021816; Thu, 18 Jun 2020 16:13:41 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy0EpLz3yGDqCfKcT0UQkV2sVmw3svnhh0VtOtN0USuyUu516r2u2+Aq7kV9OPK3x75lI+CNw== X-Received: by 2002:a02:942e:: with SMTP id a43mr995084jai.113.1592522021564; Thu, 18 Jun 2020 16:13:41 -0700 (PDT) Received: from localhost ([2605:a601:ac0f:820:f090:1573:c2fc:6389]) by smtp.gmail.com with ESMTPSA id y2sm2228032ilg.69.2020.06.18.16.13.41 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 16:13:41 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH 30/47][X] Annotate hardware config module parameters in drivers/pcmcia/ Date: Thu, 18 Jun 2020 18:12:41 -0500 Message-Id: <20200618231258.630575-31-seth.forshee@canonical.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200618231258.630575-1-seth.forshee@canonical.com> References: <20200618231258.630575-1-seth.forshee@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: David Howells BugLink: https://bugs.launchpad.net/bugs/1884159 When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a device to access or modify the kernel image. To this end, annotate module_param* statements that refer to hardware configuration and indicate for future reference what type of parameter they specify. The parameter parser in the core sees this information and can skip such parameters with an error message if the kernel is locked down. The module initialisation then runs as normal, but just sees whatever the default values for those parameters is. Note that we do still need to do the module initialisation because some drivers have viable defaults set in case parameters aren't specified and some drivers support automatic configuration (e.g. PNP or PCI) in addition to manually coded parameters. This patch annotates drivers in drivers/pcmcia/. Suggested-by: Alan Cox Signed-off-by: David Howells cc: linux-pcmcia@lists.infradead.org (cherry picked from commit 9149ba1fc2276181c7f80969d349ea25a7f9fe1f) Signed-off-by: Seth Forshee --- drivers/pcmcia/i82365.c | 8 ++++---- drivers/pcmcia/tcic.c | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/drivers/pcmcia/i82365.c b/drivers/pcmcia/i82365.c index eb0d80a429e4..fb38cc01859f 100644 --- a/drivers/pcmcia/i82365.c +++ b/drivers/pcmcia/i82365.c @@ -108,12 +108,12 @@ static int async_clock = -1; static int cable_mode = -1; static int wakeup = 0; -module_param(i365_base, ulong, 0444); +module_param_hw(i365_base, ulong, ioport, 0444); module_param(ignore, int, 0444); module_param(extra_sockets, int, 0444); -module_param(irq_mask, int, 0444); -module_param_array(irq_list, int, &irq_list_count, 0444); -module_param(cs_irq, int, 0444); +module_param_hw(irq_mask, int, other, 0444); +module_param_hw_array(irq_list, int, irq, &irq_list_count, 0444); +module_param_hw(cs_irq, int, irq, 0444); module_param(async_clock, int, 0444); module_param(cable_mode, int, 0444); module_param(wakeup, int, 0444); diff --git a/drivers/pcmcia/tcic.c b/drivers/pcmcia/tcic.c index 1ee63e5f0550..a1ac72d51d70 100644 --- a/drivers/pcmcia/tcic.c +++ b/drivers/pcmcia/tcic.c @@ -85,12 +85,12 @@ static int poll_quick = HZ/20; /* CCLK external clock time, in nanoseconds. 70 ns = 14.31818 MHz */ static int cycle_time = 70; -module_param(tcic_base, ulong, 0444); +module_param_hw(tcic_base, ulong, ioport, 0444); module_param(ignore, int, 0444); module_param(do_scan, int, 0444); -module_param(irq_mask, int, 0444); -module_param_array(irq_list, int, &irq_list_count, 0444); -module_param(cs_irq, int, 0444); +module_param_hw(irq_mask, int, other, 0444); +module_param_hw_array(irq_list, int, irq, &irq_list_count, 0444); +module_param_hw(cs_irq, int, irq, 0444); module_param(poll_interval, int, 0444); module_param(poll_quick, int, 0444); module_param(cycle_time, int, 0444); From patchwork Thu Jun 18 23:12:42 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 1312479 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49nyTp2WVjz9sR4; Fri, 19 Jun 2020 09:15:42 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1jm3ks-0000zm-Bi; Thu, 18 Jun 2020 23:15:34 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3j8-0008P9-D7 for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:46 +0000 Received: from mail-io1-f72.google.com ([209.85.166.72]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3j6-0008Sb-5R for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:44 +0000 Received: by mail-io1-f72.google.com with SMTP id 5so5340243iou.6 for ; Thu, 18 Jun 2020 16:13:44 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=6evih9eCw13bV+iTJ06y8E92Jy57NygmKyZJ5ZxTcb4=; b=idM3BUrIAQEGb2XeJX5xhhLgXlsSPdC6urmIS2DJNakxUpLZEoXbb8Evv6RePC4QGe 6FG3iXSm/s/Iqv21o7pAHmZ3phFFw9/LaerZXJPcJApKelsvcXPP9Q7Vcw8M93iZoLDX yo0MnNrXlXWqpLkID+s3mJNK6npWLTFck8l/+scugHYuBZS2XoKpPC9YhzBkThwObOT1 2vSM5U3reWKcekHt0LnH9fqQ8Yi2CCeDSCMKptl9UumA2ew5bnpj+euu1u3mIxN51bJi Dfd30rZsIYqVoeQ6MmcbQZb4634cCjt73fMEe/h9bHMY+i5p35a0oGex526849K248SW K+ig== X-Gm-Message-State: AOAM531wTyI5Ktlrr6X/QTBbW80e2W75psAmypbMmI6OEuuns9FjRBBg t1vT4Ny43X+emc18NLyeWnC4d4kpvXgos8wCt7QHzpWTyMJ5I6UwfQjlPBTzAz4fqaVZaTAfUO3 85NAa7Z8uV1+9juj2aWltzmRzp7hOjx3R2ExyTw/pIQ== X-Received: by 2002:a05:6602:1408:: with SMTP id t8mr1199461iov.125.1592522022988; Thu, 18 Jun 2020 16:13:42 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy1maAT4cDClXIyZuFQ669GXZW0Da5xOhocPFBelyphkBc+s1ET1fZ2eKaX1/AFNzqdkhtREQ== X-Received: by 2002:a05:6602:1408:: with SMTP id t8mr1199443iov.125.1592522022665; Thu, 18 Jun 2020 16:13:42 -0700 (PDT) Received: from localhost ([2605:a601:ac0f:820:f090:1573:c2fc:6389]) by smtp.gmail.com with ESMTPSA id t9sm2194764ilg.74.2020.06.18.16.13.41 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 16:13:42 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH 31/47][X] Annotate hardware config module parameters in drivers/scsi/ Date: Thu, 18 Jun 2020 18:12:42 -0500 Message-Id: <20200618231258.630575-32-seth.forshee@canonical.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200618231258.630575-1-seth.forshee@canonical.com> References: <20200618231258.630575-1-seth.forshee@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: David Howells BugLink: https://bugs.launchpad.net/bugs/1884159 When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a device to access or modify the kernel image. To this end, annotate module_param* statements that refer to hardware configuration and indicate for future reference what type of parameter they specify. The parameter parser in the core sees this information and can skip such parameters with an error message if the kernel is locked down. The module initialisation then runs as normal, but just sees whatever the default values for those parameters is. Note that we do still need to do the module initialisation because some drivers have viable defaults set in case parameters aren't specified and some drivers support automatic configuration (e.g. PNP or PCI) in addition to manually coded parameters. This patch annotates drivers in drivers/scsi/. Suggested-by: Alan Cox Signed-off-by: David Howells cc: "Juergen E. Fischer" cc: "James E.J. Bottomley" cc: "Martin K. Petersen" cc: Dario Ballabio cc: Finn Thain cc: Michael Schmitz cc: Achim Leubner cc: linux-scsi@vger.kernel.org (backported from commit 88f06b76e462119cb694c3ff13d7d343c49d2569) Signed-off-by: Seth Forshee --- drivers/scsi/aha152x.c | 4 ++-- drivers/scsi/aha1542.c | 2 +- drivers/scsi/g_NCR5380.c | 17 +++++++++++++++-- drivers/scsi/gdth.c | 2 +- drivers/scsi/qlogicfas.c | 4 ++-- 5 files changed, 21 insertions(+), 8 deletions(-) diff --git a/drivers/scsi/aha152x.c b/drivers/scsi/aha152x.c index f44d0487236e..ce5dc73d85bb 100644 --- a/drivers/scsi/aha152x.c +++ b/drivers/scsi/aha152x.c @@ -331,11 +331,11 @@ MODULE_LICENSE("GPL"); #if !defined(PCMCIA) #if defined(MODULE) static int io[] = {0, 0}; -module_param_array(io, int, NULL, 0); +module_param_hw_array(io, int, ioport, NULL, 0); MODULE_PARM_DESC(io,"base io address of controller"); static int irq[] = {0, 0}; -module_param_array(irq, int, NULL, 0); +module_param_hw_array(irq, int, irq, NULL, 0); MODULE_PARM_DESC(irq,"interrupt for controller"); static int scsiid[] = {7, 7}; diff --git a/drivers/scsi/aha1542.c b/drivers/scsi/aha1542.c index 5b8b2937a3fe..04e40ea98dad 100644 --- a/drivers/scsi/aha1542.c +++ b/drivers/scsi/aha1542.c @@ -31,7 +31,7 @@ module_param(isapnp, bool, 0); MODULE_PARM_DESC(isapnp, "enable PnP support (default=1)"); static int io[MAXBOARDS] = { 0x330, 0x334, 0, 0 }; -module_param_array(io, int, NULL, 0); +module_param_hw_array(io, int, ioport, NULL, 0); MODULE_PARM_DESC(io, "base IO address of controller (0x130,0x134,0x230,0x234,0x330,0x334, default=0x330,0x334)"); /* time AHA spends on the AT-bus during data transfer */ diff --git a/drivers/scsi/g_NCR5380.c b/drivers/scsi/g_NCR5380.c index 87e081f8a386..70f83281bcf9 100644 --- a/drivers/scsi/g_NCR5380.c +++ b/drivers/scsi/g_NCR5380.c @@ -75,6 +75,7 @@ #include #include "g_NCR5380.h" #include "NCR5380.h" +#include #include #include #include @@ -174,6 +175,9 @@ static int __init do_NCR5380_setup(char *str) { int ints[10]; + if (secure_modules()) + return -EPERM; + get_options(str, ARRAY_SIZE(ints), ints); internal_setup(BOARD_NCR5380, str, ints); return 1; @@ -192,6 +196,9 @@ static int __init do_NCR53C400_setup(char *str) { int ints[10]; + if (secure_modules()) + return -EPERM; + get_options(str, ARRAY_SIZE(ints), ints); internal_setup(BOARD_NCR53C400, str, ints); return 1; @@ -210,6 +217,9 @@ static int __init do_NCR53C400A_setup(char *str) { int ints[10]; + if (secure_modules()) + return -EPERM; + get_options(str, ARRAY_SIZE(ints), ints); internal_setup(BOARD_NCR53C400A, str, ints); return 1; @@ -228,6 +238,9 @@ static int __init do_DTC3181E_setup(char *str) { int ints[10]; + if (secure_modules()) + return -EPERM; + get_options(str, ARRAY_SIZE(ints), ints); internal_setup(BOARD_DTC3181E, str, ints); return 1; @@ -717,9 +730,9 @@ static struct scsi_host_template driver_template = { #include #include "scsi_module.c" -module_param(ncr_irq, int, 0); +module_param_hw(ncr_irq, int, irq, 0); module_param(ncr_dma, int, 0); -module_param(ncr_addr, int, 0); +module_param_hw(ncr_addr, int, ioport, 0); module_param(ncr_5380, int, 0); module_param(ncr_53c400, int, 0); module_param(ncr_53c400a, int, 0); diff --git a/drivers/scsi/gdth.c b/drivers/scsi/gdth.c index 71e138044379..efc2083a211f 100644 --- a/drivers/scsi/gdth.c +++ b/drivers/scsi/gdth.c @@ -353,7 +353,7 @@ static int probe_eisa_isa = 0; static int force_dma32 = 0; /* parameters for modprobe/insmod */ -module_param_array(irq, int, NULL, 0); +module_param_hw_array(irq, int, irq, NULL, 0); module_param(disable, int, 0); module_param(reserve_mode, int, 0); module_param_array(reserve_list, int, NULL, 0); diff --git a/drivers/scsi/qlogicfas.c b/drivers/scsi/qlogicfas.c index 61cac87fb86f..840823b99e51 100644 --- a/drivers/scsi/qlogicfas.c +++ b/drivers/scsi/qlogicfas.c @@ -137,8 +137,8 @@ err: static struct qlogicfas408_priv *cards; static int iobase[MAX_QLOGICFAS]; static int irq[MAX_QLOGICFAS] = { [0 ... MAX_QLOGICFAS-1] = -1 }; -module_param_array(iobase, int, NULL, 0); -module_param_array(irq, int, NULL, 0); +module_param_hw_array(iobase, int, ioport, NULL, 0); +module_param_hw_array(irq, int, irq, NULL, 0); MODULE_PARM_DESC(iobase, "I/O address"); MODULE_PARM_DESC(irq, "IRQ"); From patchwork Thu Jun 18 23:12:43 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 1312475 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49nyTQ5m51z9sNR; Fri, 19 Jun 2020 09:15:22 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1jm3ka-0000q1-8d; Thu, 18 Jun 2020 23:15:16 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3j9-0008Pr-JY for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:47 +0000 Received: from mail-io1-f69.google.com ([209.85.166.69]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3j7-0008Ss-CQ for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:45 +0000 Received: by mail-io1-f69.google.com with SMTP id w2so5338139iom.13 for ; Thu, 18 Jun 2020 16:13:45 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=VHL6SDuyGaUOiEerLfWtysP/5JzdyeTwqiohGCHg5Nc=; b=YF5MRGV3DTIvXUyky/dYFtLwNuMaE+8KTWQZCoIuNp6IH7z5Kvl7uSvPaF0S8miB2s iDj8BEv4JD2opW5wtk0vGxUp7tN4yLPLQ2ewPWtgNAvnELEc1T0TF13ZeIS+V2rmsPW2 04JZNPxFENmjVJOfsJW6BAiQlZBgaTZnlxU9oZcYeC0APrmtPhRRgN/zkTHzx6aJbK/2 E6++ilmmjCpEmD5NO/6/V4miiLGcxoOP+2mkVhf1gXMFEl+l0R4zzoZQqWbl8Zo/Y+0K brtNMIKt5PYiY2o5p4yezw1eDY0VmF2s/SVXQNIDqdEJI1agGxtH1igPegzKNWBgvehz n0Bw== X-Gm-Message-State: AOAM533aTHQ2LPlghZu/SDNkj5nWpScsZ9dy53ANhh718IlGn+lELrpr dnHo7KeE+OGJsH5c9UhawnOIhiqcumSf126ROH/l7ckevlG7I0BZum/pimngypGJcmCBilRcOoI x0CTDnGZftb1aZ6CDWTI+Qs8cQkodkiR/YDOS7nErSA== X-Received: by 2002:a05:6602:2e05:: with SMTP id o5mr1249344iow.28.1592522024214; Thu, 18 Jun 2020 16:13:44 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy5e6nz4u5LpY14jnQZHvB08eGlJBIgn3XvmUEBygJuEZQ1Zj3xM4eDxgjd4YUDyyTOYRwUBQ== X-Received: by 2002:a05:6602:2e05:: with SMTP id o5mr1249325iow.28.1592522023910; Thu, 18 Jun 2020 16:13:43 -0700 (PDT) Received: from localhost ([2605:a601:ac0f:820:f090:1573:c2fc:6389]) by smtp.gmail.com with ESMTPSA id v11sm2263600ile.61.2020.06.18.16.13.43 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 16:13:43 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH 32/47][X] Annotate hardware config module parameters in drivers/staging/media/ Date: Thu, 18 Jun 2020 18:12:43 -0500 Message-Id: <20200618231258.630575-33-seth.forshee@canonical.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200618231258.630575-1-seth.forshee@canonical.com> References: <20200618231258.630575-1-seth.forshee@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: David Howells BugLink: https://bugs.launchpad.net/bugs/1884159 When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a device to access or modify the kernel image. To this end, annotate module_param* statements that refer to hardware configuration and indicate for future reference what type of parameter they specify. The parameter parser in the core sees this information and can skip such parameters with an error message if the kernel is locked down. The module initialisation then runs as normal, but just sees whatever the default values for those parameters is. Note that we do still need to do the module initialisation because some drivers have viable defaults set in case parameters aren't specified and some drivers support automatic configuration (e.g. PNP or PCI) in addition to manually coded parameters. This patch annotates drivers in drivers/staging/media/. Suggested-by: Alan Cox Signed-off-by: David Howells Acked-by: Greg Kroah-Hartman Acked-by: Mauro Carvalho Chehab cc: linux-media@vger.kernel.org cc: devel@driverdev.osuosl.org (cherry picked from commit 32820d8abd4d9502208697f0d26a3f8761b5868f) Signed-off-by: Seth Forshee --- drivers/staging/media/lirc/lirc_sir.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/staging/media/lirc/lirc_sir.c b/drivers/staging/media/lirc/lirc_sir.c index 4f326e97ad75..e27842e01fba 100644 --- a/drivers/staging/media/lirc/lirc_sir.c +++ b/drivers/staging/media/lirc/lirc_sir.c @@ -986,10 +986,10 @@ MODULE_AUTHOR("Milan Pikula"); #endif MODULE_LICENSE("GPL"); -module_param(io, int, S_IRUGO); +module_param_hw(io, int, ioport, S_IRUGO); MODULE_PARM_DESC(io, "I/O address base (0x3f8 or 0x2f8)"); -module_param(irq, int, S_IRUGO); +module_param_hw(irq, int, irq, S_IRUGO); MODULE_PARM_DESC(irq, "Interrupt (4 or 3)"); module_param(threshold, int, S_IRUGO); From patchwork Thu Jun 18 23:12:44 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 1312480 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49nyTs11Rnz9sRW; Fri, 19 Jun 2020 09:15:45 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1jm3kx-00012H-1O; Thu, 18 Jun 2020 23:15:39 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3jA-0008Qn-JW for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:48 +0000 Received: from mail-io1-f70.google.com ([209.85.166.70]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3j8-0008Sw-Ha for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:46 +0000 Received: by mail-io1-f70.google.com with SMTP id w2so5338178iom.13 for ; Thu, 18 Jun 2020 16:13:46 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=7XKBQb+yfv062gRlFUoiVKu33DCw4bYaAKJygfCXe78=; b=Wt4GEmkLeicCKkTRcKDOwOKEl/5hsKr/FR2QwF9CMsic1lJNRrmaqh3gM4Hv68nmV6 WFpnSmfdzLx9OIBLegNwPKp7CE+NYkzXCEXp8Drt5fvmW1+6iTNETyK7a8PuY1ArKEd3 JzuruiiOj1dOraCB9g8VJxEts0W5tcTyF3J5888RKGuCWz7qVLoBUYDvZRI8RBBlEe/y uL9pja7fcnfgNJLv/uI24SKcAUnTgih6U+MRFEsdiiwYUky7ADXL7HUmyQkALpKADIJ7 7HwXyX1oWjwC4VZm3li7k7aESGngPT1qyGcArw2TPJ174ba8iIVxfR+svqHzWoTxGKfo znag== X-Gm-Message-State: AOAM531nDM6BGHrsBkpwE6Up6Vor52ul0Dzl6CxMzQeycakmD7dWtmhR FqQ68qJgoQ8WWZloVWT6K+yTD7ZKwES5PQJ64FF364X0RAo5FpwRrJ4Sc25qNtvFsK2JjjR0QWj BhZe94cUZdnsETq3oDDNp5A+lu/M+GIRLCeQPelimFg== X-Received: by 2002:a5e:9908:: with SMTP id t8mr1193014ioj.171.1592522025336; Thu, 18 Jun 2020 16:13:45 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyrBGNLBf2H9g9YHARa6mwI69lp+mQbpwMX7gvwnGrsBqz9G6Rbkl2frsj876ReQ14zytDzhg== X-Received: by 2002:a5e:9908:: with SMTP id t8mr1193002ioj.171.1592522025081; Thu, 18 Jun 2020 16:13:45 -0700 (PDT) Received: from localhost ([2605:a601:ac0f:820:f090:1573:c2fc:6389]) by smtp.gmail.com with ESMTPSA id l9sm2095747ili.86.2020.06.18.16.13.44 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 16:13:44 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH 33/47][X] Annotate hardware config module parameters in drivers/staging/speakup/ Date: Thu, 18 Jun 2020 18:12:44 -0500 Message-Id: <20200618231258.630575-34-seth.forshee@canonical.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200618231258.630575-1-seth.forshee@canonical.com> References: <20200618231258.630575-1-seth.forshee@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: David Howells BugLink: https://bugs.launchpad.net/bugs/1884159 When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a device to access or modify the kernel image. To this end, annotate module_param* statements that refer to hardware configuration and indicate for future reference what type of parameter they specify. The parameter parser in the core sees this information and can skip such parameters with an error message if the kernel is locked down. The module initialisation then runs as normal, but just sees whatever the default values for those parameters is. Note that we do still need to do the module initialisation because some drivers have viable defaults set in case parameters aren't specified and some drivers support automatic configuration (e.g. PNP or PCI) in addition to manually coded parameters. This patch annotates drivers in drivers/staging/speakup/. Suggested-by: Alan Cox Signed-off-by: David Howells Acked-by: Greg Kroah-Hartman cc: speakup@linux-speakup.org cc: devel@driverdev.osuosl.org (backported from commit dbf05cb05f61145069d01ca9c6a896159184af88) Signed-off-by: Seth Forshee --- drivers/staging/speakup/speakup_acntpc.c | 2 +- drivers/staging/speakup/speakup_dtlk.c | 2 +- drivers/staging/speakup/speakup_keypc.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/staging/speakup/speakup_acntpc.c b/drivers/staging/speakup/speakup_acntpc.c index f418893928ec..092e2ae8f3eb 100644 --- a/drivers/staging/speakup/speakup_acntpc.c +++ b/drivers/staging/speakup/speakup_acntpc.c @@ -312,7 +312,7 @@ static void accent_release(void) speakup_info.port_tts = 0; } -module_param_named(port, port_forced, int, S_IRUGO); +module_param_hw_named(port, port_forced, int, ioport, S_IRUGO); module_param_named(start, synth_acntpc.startup, short, S_IRUGO); MODULE_PARM_DESC(port, "Set the port for the synthesizer (override probing)."); diff --git a/drivers/staging/speakup/speakup_dtlk.c b/drivers/staging/speakup/speakup_dtlk.c index 345efd3344b0..a888315b9e78 100644 --- a/drivers/staging/speakup/speakup_dtlk.c +++ b/drivers/staging/speakup/speakup_dtlk.c @@ -382,7 +382,7 @@ static void dtlk_release(void) speakup_info.port_tts = 0; } -module_param_named(port, port_forced, int, S_IRUGO); +module_param_hw_named(port, port_forced, int, ioport, S_IRUGO); module_param_named(start, synth_dtlk.startup, short, S_IRUGO); MODULE_PARM_DESC(port, "Set the port for the synthesizer (override probing)."); diff --git a/drivers/staging/speakup/speakup_keypc.c b/drivers/staging/speakup/speakup_keypc.c index 6ea027365664..55c0e733a7fa 100644 --- a/drivers/staging/speakup/speakup_keypc.c +++ b/drivers/staging/speakup/speakup_keypc.c @@ -313,7 +313,7 @@ static void keynote_release(void) synth_port = 0; } -module_param_named(port, port_forced, int, S_IRUGO); +module_param_hw_named(port, port_forced, int, ioport, S_IRUGO); module_param_named(start, synth_keypc.startup, short, S_IRUGO); MODULE_PARM_DESC(port, "Set the port for the synthesizer (override probing)."); From patchwork Thu Jun 18 23:12:45 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 1312476 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49nyTW2p22z9sR4; Fri, 19 Jun 2020 09:15:27 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1jm3ke-0000rv-Bv; Thu, 18 Jun 2020 23:15:20 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3jC-0008SZ-AG for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:50 +0000 Received: from mail-io1-f71.google.com ([209.85.166.71]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3jA-0008TO-Mf for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:48 +0000 Received: by mail-io1-f71.google.com with SMTP id b3so3073254ion.17 for ; Thu, 18 Jun 2020 16:13:48 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=KPTYc9vIjdpsDkpkdtpldOj+A1+GdmiPIHbafAmh/Dc=; b=mAV9cSHwDCVLFVgeyVlLl/x5wxFrJGF3AL0a258507LxRtC3WXuCmilbdlnGCXg27e t7vUZa1PNM8jtAjeQ1VQGF2pG0I72/W81JG3OCKAyOrAjRWXhl6HVaVMofFOSApKxkAv BjxopZj8XuxcmydNY/opUhOi1eTrTlOUl3aVUqOdxXZgN2uNG4jRtRkODq5xwcbmGdEv RNjZ+crQaMd/W8GpOTyCprUcREByNAZTP98Pkg9YpF64BmsqNAZUJWKUCcXhjB2VSb6E WuPqa76TyCt/kabW1gfkeMdIk0vFkWUglScsEZLIcIpfJzjtTmeN8IXoBdzV0jORH3zE Fr7w== X-Gm-Message-State: AOAM530edXZBDh/k+o0hKZzEFY2DOFmxeAf2zoC0q+8bnGaLFWfujNvK x5f45DTonQVNj8rhrBpwsvVhtC2hsx58qm/I0fySznMrMqpLMoWNZnlrIkKvv4WVyIVy/m4l9KZ DITgxdHoXVYOBJR+ollNj1OMlEC/iNTmFJtOBcK9Asg== X-Received: by 2002:a6b:661a:: with SMTP id a26mr1160918ioc.197.1592522027566; Thu, 18 Jun 2020 16:13:47 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw7UW165AlWrOOQrB6iTE/d52uu4ZdaYwOrRhIlrv6WkbUG9Ws7UyLNJmGeyRFpk22TXaQsDA== X-Received: by 2002:a6b:661a:: with SMTP id a26mr1160897ioc.197.1592522027233; Thu, 18 Jun 2020 16:13:47 -0700 (PDT) Received: from localhost ([2605:a601:ac0f:820:f090:1573:c2fc:6389]) by smtp.gmail.com with ESMTPSA id d5sm2364238ioe.20.2020.06.18.16.13.46 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 16:13:46 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH 34/47][X] Annotate hardware config module parameters in drivers/staging/vme/ Date: Thu, 18 Jun 2020 18:12:45 -0500 Message-Id: <20200618231258.630575-35-seth.forshee@canonical.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200618231258.630575-1-seth.forshee@canonical.com> References: <20200618231258.630575-1-seth.forshee@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: David Howells BugLink: https://bugs.launchpad.net/bugs/1884159 When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a device to access or modify the kernel image. To this end, annotate module_param* statements that refer to hardware configuration and indicate for future reference what type of parameter they specify. The parameter parser in the core sees this information and can skip such parameters with an error message if the kernel is locked down. The module initialisation then runs as normal, but just sees whatever the default values for those parameters is. Note that we do still need to do the module initialisation because some drivers have viable defaults set in case parameters aren't specified and some drivers support automatic configuration (e.g. PNP or PCI) in addition to manually coded parameters. This patch annotates drivers in drivers/staging/vme/. Suggested-by: Alan Cox Signed-off-by: David Howells cc: Martyn Welch cc: Manohar Vanga cc: Greg Kroah-Hartman cc: devel@driverdev.osuosl.org (backported from commit ea38fd72fb5f065e3f655d388193db3476820482) Signed-off-by: Seth Forshee --- drivers/staging/vme/devices/vme_pio2_core.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/staging/vme/devices/vme_pio2_core.c b/drivers/staging/vme/devices/vme_pio2_core.c index 35c6ce5047de..c7f068af3e58 100644 --- a/drivers/staging/vme/devices/vme_pio2_core.c +++ b/drivers/staging/vme/devices/vme_pio2_core.c @@ -478,16 +478,16 @@ static void __exit pio2_exit(void) /* These are required for each board */ MODULE_PARM_DESC(bus, "Enumeration of VMEbus to which the board is connected"); -module_param_array(bus, int, &bus_num, S_IRUGO); +module_param_hw_array(bus, int, other, &bus_num, S_IRUGO); MODULE_PARM_DESC(base, "Base VME address for PIO2 Registers"); -module_param_array(base, long, &base_num, S_IRUGO); +module_param_hw_array(base, long, other, &base_num, S_IRUGO); MODULE_PARM_DESC(vector, "VME IRQ Vector (Lower 4 bits masked)"); -module_param_array(vector, int, &vector_num, S_IRUGO); +module_param_hw_array(vector, int, other, &vector_num, S_IRUGO); MODULE_PARM_DESC(level, "VME IRQ Level"); -module_param_array(level, int, &level_num, S_IRUGO); +module_param_hw_array(level, int, other, &level_num, S_IRUGO); MODULE_PARM_DESC(variant, "Last 4 characters of PIO2 board variant"); module_param_array(variant, charp, &variant_num, S_IRUGO); From patchwork Thu Jun 18 23:12:46 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 1312481 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49nyTv72GJz9sRf; Fri, 19 Jun 2020 09:15:47 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1jm3l0-00014R-4S; Thu, 18 Jun 2020 23:15:42 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3jF-0008UG-JP for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:53 +0000 Received: from mail-il1-f200.google.com ([209.85.166.200]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3jD-0008Ts-FD for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:51 +0000 Received: by mail-il1-f200.google.com with SMTP id n2so5151470ilq.4 for ; Thu, 18 Jun 2020 16:13:51 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=A4V+OakdM2l+jNGvM8AkxhmVias1hH9ZNoYDSfRdin8=; b=LBYNMV7BCnPaqalB9idjaVvPPzme5Ca8xgT2eoa55nHPz7M/oBHUut4bNiNifoyMGH 51nRY7fxDYQdygCs98aruZN3kng/jDCfMJjYQoLHOT0VVgy/TfpBD47VTl70f5DKPh9D Iqqh205HWxC2ShW4gyMDUuMOcKM3d52Gd3MRK1xILwlUVcjyhwSi41TA58ZN6BgEQpbS AMN0OMjuGrqgiYNNyLeZdU0o7/SJQcDYJy0ZV1jO97QdbbWLRVmEq8hYRxbHH66+QkxH Rh3yV1tbcMkZ9qEQhbQlvIBX8Bm+y2XnDZY/KqILJ+sWGkOjudQLfIWpTvQ+JzqtmtcQ 9E5w== X-Gm-Message-State: AOAM531f8DJYlZehwtDPnhJmgdi9JpJKvLWcFWIy44hJqWcM+iyzljPG u4CDac0D2IQr05zK9Ggh3ySqDXZlbStg8Dz6j/x8bn7ia0xai/3L9vygcmJuyND3O+1VbXOVeI0 Pq9BTaW0ZPTHb4k3tI78CRCmEXC2bk2WGZLJxUYlpaQ== X-Received: by 2002:a92:909:: with SMTP id y9mr908935ilg.165.1592522029914; Thu, 18 Jun 2020 16:13:49 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwhmQ9m4mc2X2iWRmTnZBhK73EJYmjAs4JY2PSWs8VUo6ZLE6/mymjYROGcmThGevQ1U78Dbw== X-Received: by 2002:a92:909:: with SMTP id y9mr908921ilg.165.1592522029642; Thu, 18 Jun 2020 16:13:49 -0700 (PDT) Received: from localhost ([2605:a601:ac0f:820:f090:1573:c2fc:6389]) by smtp.gmail.com with ESMTPSA id b24sm760157ioh.6.2020.06.18.16.13.49 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 16:13:49 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH 35/47][X] Annotate hardware config module parameters in drivers/tty/ Date: Thu, 18 Jun 2020 18:12:46 -0500 Message-Id: <20200618231258.630575-36-seth.forshee@canonical.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200618231258.630575-1-seth.forshee@canonical.com> References: <20200618231258.630575-1-seth.forshee@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: David Howells BugLink: https://bugs.launchpad.net/bugs/1884159 When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a device to access or modify the kernel image. To this end, annotate module_param* statements that refer to hardware configuration and indicate for future reference what type of parameter they specify. The parameter parser in the core sees this information and can skip such parameters with an error message if the kernel is locked down. The module initialisation then runs as normal, but just sees whatever the default values for those parameters is. Note that we do still need to do the module initialisation because some drivers have viable defaults set in case parameters aren't specified and some drivers support automatic configuration (e.g. PNP or PCI) in addition to manually coded parameters. This patch annotates drivers in drivers/tty/. Suggested-by: Alan Cox Signed-off-by: David Howells Acked-by: Greg Kroah-Hartman cc: Jiri Slaby cc: linux-serial@vger.kernel.org (backported from commit 3b60daf86b133f0b15e3eb9b767c6c1752af2bd6) Signed-off-by: Seth Forshee --- drivers/tty/cyclades.c | 4 ++-- drivers/tty/moxa.c | 2 +- drivers/tty/mxser.c | 2 +- drivers/tty/rocket.c | 10 +++++----- drivers/tty/serial/8250/8250_core.c | 4 ++-- drivers/tty/synclink.c | 6 +++--- 6 files changed, 14 insertions(+), 14 deletions(-) diff --git a/drivers/tty/cyclades.c b/drivers/tty/cyclades.c index d4a1331675ed..cfd1b7f5179c 100644 --- a/drivers/tty/cyclades.c +++ b/drivers/tty/cyclades.c @@ -158,8 +158,8 @@ static unsigned int cy_isa_addresses[] = { static long maddr[NR_CARDS]; static int irq[NR_CARDS]; -module_param_array(maddr, long, NULL, 0); -module_param_array(irq, int, NULL, 0); +module_param_hw_array(maddr, long, iomem, NULL, 0); +module_param_hw_array(irq, int, irq, NULL, 0); #endif /* CONFIG_ISA */ diff --git a/drivers/tty/moxa.c b/drivers/tty/moxa.c index 14c54e041065..2ff6a13062d8 100644 --- a/drivers/tty/moxa.c +++ b/drivers/tty/moxa.c @@ -180,7 +180,7 @@ MODULE_FIRMWARE("c320tunx.cod"); module_param_array(type, uint, NULL, 0); MODULE_PARM_DESC(type, "card type: C218=2, C320=4"); -module_param_array(baseaddr, ulong, NULL, 0); +module_param_hw_array(baseaddr, ulong, ioport, NULL, 0); MODULE_PARM_DESC(baseaddr, "base address"); module_param_array(numports, uint, NULL, 0); MODULE_PARM_DESC(numports, "numports (ignored for C218)"); diff --git a/drivers/tty/mxser.c b/drivers/tty/mxser.c index 4c4a23674569..935e9a9fb020 100644 --- a/drivers/tty/mxser.c +++ b/drivers/tty/mxser.c @@ -183,7 +183,7 @@ static int ttymajor = MXSERMAJOR; MODULE_AUTHOR("Casper Yang"); MODULE_DESCRIPTION("MOXA Smartio/Industio Family Multiport Board Device Driver"); -module_param_array(ioaddr, ulong, NULL, 0); +module_param_hw_array(ioaddr, ulong, ioport, NULL, 0); MODULE_PARM_DESC(ioaddr, "ISA io addresses to look for a moxa board"); module_param(ttymajor, int, 0); MODULE_LICENSE("GPL"); diff --git a/drivers/tty/rocket.c b/drivers/tty/rocket.c index 0d3cc3324f46..e8a65ed4bb2c 100644 --- a/drivers/tty/rocket.c +++ b/drivers/tty/rocket.c @@ -250,15 +250,15 @@ static int sReadAiopNumChan(WordIO_t io); MODULE_AUTHOR("Theodore Ts'o"); MODULE_DESCRIPTION("Comtrol RocketPort driver"); -module_param(board1, ulong, 0); +module_param_hw(board1, ulong, ioport, 0); MODULE_PARM_DESC(board1, "I/O port for (ISA) board #1"); -module_param(board2, ulong, 0); +module_param_hw(board2, ulong, ioport, 0); MODULE_PARM_DESC(board2, "I/O port for (ISA) board #2"); -module_param(board3, ulong, 0); +module_param_hw(board3, ulong, ioport, 0); MODULE_PARM_DESC(board3, "I/O port for (ISA) board #3"); -module_param(board4, ulong, 0); +module_param_hw(board4, ulong, ioport, 0); MODULE_PARM_DESC(board4, "I/O port for (ISA) board #4"); -module_param(controller, ulong, 0); +module_param_hw(controller, ulong, ioport, 0); MODULE_PARM_DESC(controller, "I/O port for (ISA) rocketport controller"); module_param(support_low_speed, bool, 0); MODULE_PARM_DESC(support_low_speed, "1 means support 50 baud, 0 means support 460400 baud"); diff --git a/drivers/tty/serial/8250/8250_core.c b/drivers/tty/serial/8250/8250_core.c index 39126460c1f5..3305b7b1e4cf 100644 --- a/drivers/tty/serial/8250/8250_core.c +++ b/drivers/tty/serial/8250/8250_core.c @@ -1173,7 +1173,7 @@ EXPORT_SYMBOL(serial8250_resume_port); MODULE_LICENSE("GPL"); MODULE_DESCRIPTION("Generic 8250/16x50 serial driver"); -module_param(share_irqs, uint, 0644); +module_param_hw(share_irqs, uint, other, 0644); MODULE_PARM_DESC(share_irqs, "Share IRQs with other non-8250/16x50 devices" " (unsafe)"); @@ -1184,7 +1184,7 @@ module_param(skip_txen_test, uint, 0644); MODULE_PARM_DESC(skip_txen_test, "Skip checking for the TXEN bug at init time"); #ifdef CONFIG_SERIAL_8250_RSA -module_param_array(probe_rsa, ulong, &probe_rsa_count, 0444); +module_param_hw_array(probe_rsa, ulong, ioport, &probe_rsa_count, 0444); MODULE_PARM_DESC(probe_rsa, "Probe I/O ports for RSA"); #endif MODULE_ALIAS_CHARDEV_MAJOR(TTY_MAJOR); diff --git a/drivers/tty/synclink.c b/drivers/tty/synclink.c index 6188059fd523..0a4416b2ce63 100644 --- a/drivers/tty/synclink.c +++ b/drivers/tty/synclink.c @@ -869,9 +869,9 @@ static int txholdbufs[MAX_TOTAL_DEVICES]; module_param(break_on_load, bool, 0); module_param(ttymajor, int, 0); -module_param_array(io, int, NULL, 0); -module_param_array(irq, int, NULL, 0); -module_param_array(dma, int, NULL, 0); +module_param_hw_array(io, int, ioport, NULL, 0); +module_param_hw_array(irq, int, irq, NULL, 0); +module_param_hw_array(dma, int, dma, NULL, 0); module_param(debug_level, int, 0); module_param_array(maxframe, int, NULL, 0); module_param_array(txdmabufs, int, NULL, 0); From patchwork Thu Jun 18 23:12:47 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 1312477 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49nyTd71Kmz9sR4; Fri, 19 Jun 2020 09:15:33 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1jm3kl-0000vU-9t; Thu, 18 Jun 2020 23:15:27 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3jG-0008Um-D4 for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:54 +0000 Received: from mail-io1-f72.google.com ([209.85.166.72]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3jE-0008Tv-7V for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:52 +0000 Received: by mail-io1-f72.google.com with SMTP id b11so5296683ioh.22 for ; Thu, 18 Jun 2020 16:13:52 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=n1yj+U/Z/29O6MdyC5HHnYy5jwlYDzyoyfOy+QMU4c4=; b=P995SbqnSHw0h781aHaXsKJTI+niN60M0rmWdn51qRl0gBuqn/fFjrtNr469wWkf49 AxPtxDMenjDbdyo7PxjiexOHw5Dy9plTZ6zfNLljynPnE/i0yxtonbi6Mc/BsCK/SQzK RrrniANiPIWOt0W72c3mPh0M2pNxgibsFeF5pNZSGw9bNx3fgLVhUQtY93UQf87YQAZB yeu0C5nSEDtcZpsWmMadMr0iWrChUXRQnzUtcX9u4tmeO9dQbShVJBcY28toc6A2cTLE DigBhcVGiTjM4FZ2bdACpsDl3t0GW6ynbha3/nxyKzFgR3gecH3kkWCLR/nFOE82anUZ wTRg== X-Gm-Message-State: AOAM531XbcB1Wl8bDIaHlPZaysDqvnWiXF2dJt7LVNwCFvA2s36ZmaYK l8e/H5vX53es0CVF2jSYU3/NpS3kofvUH4gip06Ge6YWsx2i2H9MMVbwqi6gEparrEvs5tyB1ql rEe/Z/mgWgHkHkNdycwcbyl0XH/vRuq2awjI5U5LsNw== X-Received: by 2002:a05:6602:140b:: with SMTP id t11mr1206226iov.198.1592522031051; Thu, 18 Jun 2020 16:13:51 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzDVU1toVvgSwyH9+4YBw/XpLSeRj8lvgBbs6d3PdxXuSBrICXmaglkWV/XTko3P1XInhnfNA== X-Received: by 2002:a05:6602:140b:: with SMTP id t11mr1206203iov.198.1592522030744; Thu, 18 Jun 2020 16:13:50 -0700 (PDT) Received: from localhost ([2605:a601:ac0f:820:f090:1573:c2fc:6389]) by smtp.gmail.com with ESMTPSA id h13sm2238221ile.18.2020.06.18.16.13.50 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 16:13:50 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH 36/47][X] Annotate hardware config module parameters in drivers/video/ Date: Thu, 18 Jun 2020 18:12:47 -0500 Message-Id: <20200618231258.630575-37-seth.forshee@canonical.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200618231258.630575-1-seth.forshee@canonical.com> References: <20200618231258.630575-1-seth.forshee@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: David Howells BugLink: https://bugs.launchpad.net/bugs/1884159 When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a device to access or modify the kernel image. To this end, annotate module_param* statements that refer to hardware configuration and indicate for future reference what type of parameter they specify. The parameter parser in the core sees this information and can skip such parameters with an error message if the kernel is locked down. The module initialisation then runs as normal, but just sees whatever the default values for those parameters is. Note that we do still need to do the module initialisation because some drivers have viable defaults set in case parameters aren't specified and some drivers support automatic configuration (e.g. PNP or PCI) in addition to manually coded parameters. This patch annotates drivers in drivers/video/. Suggested-by: Alan Cox Signed-off-by: David Howells Acked-by: Bartlomiej Zolnierkiewicz cc: Tomi Valkeinen cc: linux-fbdev@vger.kernel.org (cherry picked from commit c729203defa7e6672ff6a5e503066351ac3928cb) Signed-off-by: Seth Forshee --- drivers/video/fbdev/arcfb.c | 8 ++++---- drivers/video/fbdev/n411.c | 6 +++--- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/drivers/video/fbdev/arcfb.c b/drivers/video/fbdev/arcfb.c index 1b0b233b8b39..875496d277cd 100644 --- a/drivers/video/fbdev/arcfb.c +++ b/drivers/video/fbdev/arcfb.c @@ -645,17 +645,17 @@ module_param(nosplash, uint, 0); MODULE_PARM_DESC(nosplash, "Disable doing the splash screen"); module_param(arcfb_enable, uint, 0); MODULE_PARM_DESC(arcfb_enable, "Enable communication with Arc board"); -module_param(dio_addr, ulong, 0); +module_param_hw(dio_addr, ulong, ioport, 0); MODULE_PARM_DESC(dio_addr, "IO address for data, eg: 0x480"); -module_param(cio_addr, ulong, 0); +module_param_hw(cio_addr, ulong, ioport, 0); MODULE_PARM_DESC(cio_addr, "IO address for control, eg: 0x400"); -module_param(c2io_addr, ulong, 0); +module_param_hw(c2io_addr, ulong, ioport, 0); MODULE_PARM_DESC(c2io_addr, "IO address for secondary control, eg: 0x408"); module_param(splashval, ulong, 0); MODULE_PARM_DESC(splashval, "Splash pattern: 0xFF is black, 0x00 is green"); module_param(tuhold, ulong, 0); MODULE_PARM_DESC(tuhold, "Time to hold between strobing data to Arc board"); -module_param(irq, uint, 0); +module_param_hw(irq, uint, irq, 0); MODULE_PARM_DESC(irq, "IRQ for the Arc board"); module_init(arcfb_init); diff --git a/drivers/video/fbdev/n411.c b/drivers/video/fbdev/n411.c index 935830fea7b6..5383d70f0ce7 100644 --- a/drivers/video/fbdev/n411.c +++ b/drivers/video/fbdev/n411.c @@ -187,11 +187,11 @@ module_exit(n411_exit); module_param(nosplash, uint, 0); MODULE_PARM_DESC(nosplash, "Disable doing the splash screen"); -module_param(dio_addr, ulong, 0); +module_param_hw(dio_addr, ulong, ioport, 0); MODULE_PARM_DESC(dio_addr, "IO address for data, eg: 0x480"); -module_param(cio_addr, ulong, 0); +module_param_hw(cio_addr, ulong, ioport, 0); MODULE_PARM_DESC(cio_addr, "IO address for control, eg: 0x400"); -module_param(c2io_addr, ulong, 0); +module_param_hw(c2io_addr, ulong, ioport, 0); MODULE_PARM_DESC(c2io_addr, "IO address for secondary control, eg: 0x408"); module_param(splashval, ulong, 0); MODULE_PARM_DESC(splashval, "Splash pattern: 0x00 is black, 0x01 is white"); From patchwork Thu Jun 18 23:12:48 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 1312478 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49nyTj47nmz9sR4; Fri, 19 Jun 2020 09:15:37 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1jm3kp-0000xw-Jf; Thu, 18 Jun 2020 23:15:31 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3jH-0008VX-Au for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:55 +0000 Received: from mail-il1-f198.google.com ([209.85.166.198]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3jF-0008UA-HB for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:53 +0000 Received: by mail-il1-f198.google.com with SMTP id n2so5151510ilq.4 for ; Thu, 18 Jun 2020 16:13:53 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=11T5Un3eWc003MEALTUz2mj+xWeg+uTXz9p66Wq74nE=; b=fO0XHgaqbo90aODhWDkBGTFDDla2d615q6qUL896OeDUfm3PAQgC/Qrdlk4hvZpXXl 8e6RkWMbtfSfFCzmO4ADelxRTwvDCKKD0wR3Bdz/jsuY4Za5VFTIbdXigO4Jeu22IoUY o4/EpNHoObn2cK8ZWq8XYSFSyyRQdNon03N9Yl3+V7++paA/50u4sa22gdeSOeaWNub+ YXZuNKuQT88Q6OMpx7wxhJeb2ZG/jLd0OeHC8Wrg4hbU4yFqKpusLqmKpq+fa3KE7Hwy /Zxysl64yBSsFfvqJ7TS5DI3jDPtQs39uXGk+QyiDaGsU8ijRV9epaCIpX82ScJPiTva O3RQ== X-Gm-Message-State: AOAM533BnVXIerzMZ35P+pcH1A10hy9WwGZXsUm4bnRU8/03IAzsDeMM Aq3Gnb16vdzysEKi33y1fomJ1Vp9hFYL5LKjLm+ku7TNEJy1udAZeaV+FRPXqHOUZG8mT/thcNx spl8eRF4PQmlBtu8rEivLTskVGxet9xJcO3w6HSnf7g== X-Received: by 2002:a5d:860a:: with SMTP id f10mr1216948iol.11.1592522032293; Thu, 18 Jun 2020 16:13:52 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwivgCnyF4wcEEduWObNMDbmqtfP+ZRo6DaHYdJHn3bkNZuER4742U84EYqsG1fWEkMVwpZYg== X-Received: by 2002:a5d:860a:: with SMTP id f10mr1216935iol.11.1592522032065; Thu, 18 Jun 2020 16:13:52 -0700 (PDT) Received: from localhost ([2605:a601:ac0f:820:f090:1573:c2fc:6389]) by smtp.gmail.com with ESMTPSA id w18sm2386088ili.19.2020.06.18.16.13.51 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 16:13:51 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH 37/47][X] Annotate hardware config module parameters in drivers/watchdog/ Date: Thu, 18 Jun 2020 18:12:48 -0500 Message-Id: <20200618231258.630575-38-seth.forshee@canonical.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200618231258.630575-1-seth.forshee@canonical.com> References: <20200618231258.630575-1-seth.forshee@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: David Howells BugLink: https://bugs.launchpad.net/bugs/1884159 When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a device to access or modify the kernel image. To this end, annotate module_param* statements that refer to hardware configuration and indicate for future reference what type of parameter they specify. The parameter parser in the core sees this information and can skip such parameters with an error message if the kernel is locked down. The module initialisation then runs as normal, but just sees whatever the default values for those parameters is. Note that we do still need to do the module initialisation because some drivers have viable defaults set in case parameters aren't specified and some drivers support automatic configuration (e.g. PNP or PCI) in addition to manually coded parameters. This patch annotates drivers in drivers/watchdog/. Suggested-by: Alan Cox Signed-off-by: David Howells Reviewed-by: Guenter Roeck cc: Wim Van Sebroeck cc: Zwane Mwaikambo cc: linux-watchdog@vger.kernel.org (cherry picked from commit 5d1c93ce21832825acc48595a6fec8cfdb3e1453) Signed-off-by: Seth Forshee --- drivers/watchdog/cpu5wdt.c | 2 +- drivers/watchdog/eurotechwdt.c | 4 ++-- drivers/watchdog/pc87413_wdt.c | 2 +- drivers/watchdog/sc1200wdt.c | 2 +- drivers/watchdog/wdt.c | 4 ++-- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/drivers/watchdog/cpu5wdt.c b/drivers/watchdog/cpu5wdt.c index 6d03e8e30f8b..6c3f78e45c26 100644 --- a/drivers/watchdog/cpu5wdt.c +++ b/drivers/watchdog/cpu5wdt.c @@ -289,7 +289,7 @@ MODULE_DESCRIPTION("sma cpu5 watchdog driver"); MODULE_SUPPORTED_DEVICE("sma cpu5 watchdog"); MODULE_LICENSE("GPL"); -module_param(port, int, 0); +module_param_hw(port, int, ioport, 0); MODULE_PARM_DESC(port, "base address of watchdog card, default is 0x91"); module_param(verbose, int, 0); diff --git a/drivers/watchdog/eurotechwdt.c b/drivers/watchdog/eurotechwdt.c index 23ee53240c4c..38e96712264f 100644 --- a/drivers/watchdog/eurotechwdt.c +++ b/drivers/watchdog/eurotechwdt.c @@ -97,9 +97,9 @@ MODULE_PARM_DESC(nowayout, #define WDT_TIMER_CFG 0xf3 -module_param(io, int, 0); +module_param_hw(io, int, ioport, 0); MODULE_PARM_DESC(io, "Eurotech WDT io port (default=0x3f0)"); -module_param(irq, int, 0); +module_param_hw(irq, int, irq, 0); MODULE_PARM_DESC(irq, "Eurotech WDT irq (default=10)"); module_param(ev, charp, 0); MODULE_PARM_DESC(ev, "Eurotech WDT event type (default is `int')"); diff --git a/drivers/watchdog/pc87413_wdt.c b/drivers/watchdog/pc87413_wdt.c index 9f15dd9435d1..06a892e36a8d 100644 --- a/drivers/watchdog/pc87413_wdt.c +++ b/drivers/watchdog/pc87413_wdt.c @@ -579,7 +579,7 @@ MODULE_AUTHOR("Marcus Junker "); MODULE_DESCRIPTION("PC87413 WDT driver"); MODULE_LICENSE("GPL"); -module_param(io, int, 0); +module_param_hw(io, int, ioport, 0); MODULE_PARM_DESC(io, MODNAME " I/O port (default: " __MODULE_STRING(IO_DEFAULT) ")."); diff --git a/drivers/watchdog/sc1200wdt.c b/drivers/watchdog/sc1200wdt.c index 131193a7acdf..b34d3d5ba632 100644 --- a/drivers/watchdog/sc1200wdt.c +++ b/drivers/watchdog/sc1200wdt.c @@ -88,7 +88,7 @@ MODULE_PARM_DESC(isapnp, "When set to 0 driver ISA PnP support will be disabled"); #endif -module_param(io, int, 0); +module_param_hw(io, int, ioport, 0); MODULE_PARM_DESC(io, "io port"); module_param(timeout, int, 0); MODULE_PARM_DESC(timeout, "range is 0-255 minutes, default is 1"); diff --git a/drivers/watchdog/wdt.c b/drivers/watchdog/wdt.c index e0206b5b7d89..e481fbbc4ae7 100644 --- a/drivers/watchdog/wdt.c +++ b/drivers/watchdog/wdt.c @@ -78,9 +78,9 @@ static int irq = 11; static DEFINE_SPINLOCK(wdt_lock); -module_param(io, int, 0); +module_param_hw(io, int, ioport, 0); MODULE_PARM_DESC(io, "WDT io port (default=0x240)"); -module_param(irq, int, 0); +module_param_hw(irq, int, irq, 0); MODULE_PARM_DESC(irq, "WDT irq (default=11)"); /* Support for the Fan Tachometer on the WDT501-P */ From patchwork Thu Jun 18 23:12:49 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 1312482 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49nyTy1H5Nz9sSJ; Fri, 19 Jun 2020 09:15:50 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1jm3l3-00016Y-AL; Thu, 18 Jun 2020 23:15:45 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3jI-0008WR-7L for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:56 +0000 Received: from mail-io1-f69.google.com ([209.85.166.69]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3jG-0008UH-Oa for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:54 +0000 Received: by mail-io1-f69.google.com with SMTP id d20so5314637iom.16 for ; Thu, 18 Jun 2020 16:13:54 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=/byXRn2eQorhDQOfN73aC0U2sAzlgB+rYd118SUhqm0=; b=KcNN5xDB13nEJsSQqpkn72HnqEUXlHSvvdxml3Ed6sPhf1tFnXkzvgn7jRDnHUiRz6 mOJ5opJVXhMSJ51pIT3v1CKU1WqtKITC4AI8qg94O/5T3CJTMLypeqS88dqK34eAoV+j Y2iWSXjtMBwR2hoaz+KuHC6V224WKeDBp+d/bmRxuGiPsld/Tl1pbfqiH1NsxO7gUVmN FnKw9npdoPT+wWu+y7ibTJljbHhXtOOatyF/y8g5PQNCpnL2pmYgdQn3mQNn0dWpyV+B pHKJu1xvvi0sKrRvb4HwZkuwjN1rPxhd2DjxBU4fJFbnF8fTCB9ELxPT5JcJf7Gug/h2 WW/Q== X-Gm-Message-State: AOAM5333mauK+xiX2iX7Bej2y/4g2kwkVhZ3aSWJy7vgUL5goiN0SIxv CQmONmr9jzybDk4jLNcIGCJq6Zwr2wUFqBQgu/7RIqvEPsGnQ+thu0bvoFrxTrhL5lzNZoPqAye 4QJJap/Vg3qf5pyW2qTAFzRwGplh61k7JGkXrKqRLBA== X-Received: by 2002:a92:d188:: with SMTP id z8mr874184ilz.251.1592522033586; Thu, 18 Jun 2020 16:13:53 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyabOoJaRlqN3+jNivFl91LLNq53izuoVfkfLvTlT3POfeXn1tSBvp2MntYFgMkt/FW7hZBvA== X-Received: by 2002:a92:d188:: with SMTP id z8mr874175ilz.251.1592522033348; Thu, 18 Jun 2020 16:13:53 -0700 (PDT) Received: from localhost ([2605:a601:ac0f:820:f090:1573:c2fc:6389]) by smtp.gmail.com with ESMTPSA id o2sm2238681ilq.71.2020.06.18.16.13.52 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 16:13:52 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH 38/47][X] Annotate hardware config module parameters in fs/pstore/ Date: Thu, 18 Jun 2020 18:12:49 -0500 Message-Id: <20200618231258.630575-39-seth.forshee@canonical.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200618231258.630575-1-seth.forshee@canonical.com> References: <20200618231258.630575-1-seth.forshee@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: David Howells BugLink: https://bugs.launchpad.net/bugs/1884159 When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a device to access or modify the kernel image. To this end, annotate module_param* statements that refer to hardware configuration and indicate for future reference what type of parameter they specify. The parameter parser in the core sees this information and can skip such parameters with an error message if the kernel is locked down. The module initialisation then runs as normal, but just sees whatever the default values for those parameters is. Note that we do still need to do the module initialisation because some drivers have viable defaults set in case parameters aren't specified and some drivers support automatic configuration (e.g. PNP or PCI) in addition to manually coded parameters. This patch annotates drivers in fs/pstore/. Suggested-by: Alan Cox Signed-off-by: David Howells Acked-by: Kees Cook cc: Anton Vorontsov cc: Colin Cross cc: Tony Luck (backported from commit b90fe0c4e0ceb52c78c17f3cfa1ff8e79275028d) Signed-off-by: Seth Forshee --- fs/pstore/ram.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/pstore/ram.c b/fs/pstore/ram.c index fa0e89edb62d..10b0302c4d57 100644 --- a/fs/pstore/ram.c +++ b/fs/pstore/ram.c @@ -56,7 +56,7 @@ module_param_named(pmsg_size, ramoops_pmsg_size, ulong, 0400); MODULE_PARM_DESC(pmsg_size, "size of user space message log"); static ulong mem_address; -module_param(mem_address, ulong, 0400); +module_param_hw(mem_address, ulong, other, 0400); MODULE_PARM_DESC(mem_address, "start of reserved RAM used to store oops/panic logs"); From patchwork Thu Jun 18 23:12:50 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 1312483 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49nyV056scz9sNR; Fri, 19 Jun 2020 09:15:52 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1jm3l6-00019O-6h; Thu, 18 Jun 2020 23:15:48 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3jJ-00005r-MH for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:57 +0000 Received: from mail-io1-f70.google.com ([209.85.166.70]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3jH-0008UL-U8 for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:56 +0000 Received: by mail-io1-f70.google.com with SMTP id p8so5317020ios.19 for ; Thu, 18 Jun 2020 16:13:55 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=zPM9hT0O2bmDi1Bk5oa0hhHcnIT+iOnulvS8mpfyWzM=; b=n5FjYAzSel2uM2KjHNiUOG84IkX8XCeLObqmQ1Q30LX1ydsiKnkGgmbgHLwal2jHff Re6GtvNu/Jt9KyBx+zDHExsriJIio2dYcU+exBPVPFXDuD66V6U01I1JugbDYyIs2XKx CilhZ/q6UAjT0YOjRwmcuCAveetv7NA+cKmVBRP8bSEq5cZwQjE8QmTPokSK0DWlSPg/ CNgDiSTayHJBjcCo9QonuXkiA45/8xtlDrGulKGN1twPYLMeiM0sA5WK70d4PgN3Y6gl aot+6bScfcCpMUb42jz0KRVjSMo5wNEnXNvV6Bq/B3M2IR2DI1cmIahpadsAYaIwNVvE vGmQ== X-Gm-Message-State: AOAM531p4aQZPzwugdcffd2oIikl+mc/htJobyhNo0JKleB2Pk6hesPh kNsa3vxB2OJgX+sVg8J/xaB3Djnsww2rHVM93IG4i+5JbKoBP45N/+I9G+w+CSZotrQ+9zgAHvL OEuIo5uer15zqlNW+bUt83xINLABCv2Y7UIc3YkwlPg== X-Received: by 2002:a92:cc8e:: with SMTP id x14mr925255ilo.266.1592522034799; Thu, 18 Jun 2020 16:13:54 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzpkTOsQ8zzO+d5KiuOZBIZG7fV2Aa2heSbFFRnnkcFplKSrZrFxmaAhY/zIQ+bcKO5bsgnYQ== X-Received: by 2002:a92:cc8e:: with SMTP id x14mr925232ilo.266.1592522034479; Thu, 18 Jun 2020 16:13:54 -0700 (PDT) Received: from localhost ([2605:a601:ac0f:820:f090:1573:c2fc:6389]) by smtp.gmail.com with ESMTPSA id b8sm898850ilf.28.2020.06.18.16.13.53 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 16:13:54 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH 39/47][X] Annotate hardware config module parameters in sound/drivers/ Date: Thu, 18 Jun 2020 18:12:50 -0500 Message-Id: <20200618231258.630575-40-seth.forshee@canonical.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200618231258.630575-1-seth.forshee@canonical.com> References: <20200618231258.630575-1-seth.forshee@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: David Howells BugLink: https://bugs.launchpad.net/bugs/1884159 When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a device to access or modify the kernel image. To this end, annotate module_param* statements that refer to hardware configuration and indicate for future reference what type of parameter they specify. The parameter parser in the core sees this information and can skip such parameters with an error message if the kernel is locked down. The module initialisation then runs as normal, but just sees whatever the default values for those parameters is. Note that we do still need to do the module initialisation because some drivers have viable defaults set in case parameters aren't specified and some drivers support automatic configuration (e.g. PNP or PCI) in addition to manually coded parameters. This patch annotates drivers in sound/drivers/. Suggested-by: Alan Cox Signed-off-by: David Howells Acked-by: Takashi Iwai cc: Jaroslav Kysela cc: alsa-devel@alsa-project.org (cherry picked from commit b11ce420c5dfc966061bc20f576c85504bb69712) Signed-off-by: Seth Forshee --- sound/drivers/mpu401/mpu401.c | 4 ++-- sound/drivers/mtpav.c | 4 ++-- sound/drivers/serial-u16550.c | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/sound/drivers/mpu401/mpu401.c b/sound/drivers/mpu401/mpu401.c index fed7e7e2177b..9b86e00d7d95 100644 --- a/sound/drivers/mpu401/mpu401.c +++ b/sound/drivers/mpu401/mpu401.c @@ -53,9 +53,9 @@ MODULE_PARM_DESC(enable, "Enable MPU-401 device."); module_param_array(pnp, bool, NULL, 0444); MODULE_PARM_DESC(pnp, "PnP detection for MPU-401 device."); #endif -module_param_array(port, long, NULL, 0444); +module_param_hw_array(port, long, ioport, NULL, 0444); MODULE_PARM_DESC(port, "Port # for MPU-401 device."); -module_param_array(irq, int, NULL, 0444); +module_param_hw_array(irq, int, irq, NULL, 0444); MODULE_PARM_DESC(irq, "IRQ # for MPU-401 device."); module_param_array(uart_enter, bool, NULL, 0444); MODULE_PARM_DESC(uart_enter, "Issue UART_ENTER command at open."); diff --git a/sound/drivers/mtpav.c b/sound/drivers/mtpav.c index 30e8a1d5bc87..c6bab7cf4fe7 100644 --- a/sound/drivers/mtpav.c +++ b/sound/drivers/mtpav.c @@ -86,9 +86,9 @@ module_param(index, int, 0444); MODULE_PARM_DESC(index, "Index value for MotuMTPAV MIDI."); module_param(id, charp, 0444); MODULE_PARM_DESC(id, "ID string for MotuMTPAV MIDI."); -module_param(port, long, 0444); +module_param_hw(port, long, ioport, 0444); MODULE_PARM_DESC(port, "Parallel port # for MotuMTPAV MIDI."); -module_param(irq, int, 0444); +module_param_hw(irq, int, irq, 0444); MODULE_PARM_DESC(irq, "Parallel IRQ # for MotuMTPAV MIDI."); module_param(hwports, int, 0444); MODULE_PARM_DESC(hwports, "Hardware ports # for MotuMTPAV MIDI."); diff --git a/sound/drivers/serial-u16550.c b/sound/drivers/serial-u16550.c index 1927b89e1d1f..04be126fe4e6 100644 --- a/sound/drivers/serial-u16550.c +++ b/sound/drivers/serial-u16550.c @@ -84,9 +84,9 @@ module_param_array(id, charp, NULL, 0444); MODULE_PARM_DESC(id, "ID string for Serial MIDI."); module_param_array(enable, bool, NULL, 0444); MODULE_PARM_DESC(enable, "Enable UART16550A chip."); -module_param_array(port, long, NULL, 0444); +module_param_hw_array(port, long, ioport, NULL, 0444); MODULE_PARM_DESC(port, "Port # for UART16550A chip."); -module_param_array(irq, int, NULL, 0444); +module_param_hw_array(irq, int, irq, NULL, 0444); MODULE_PARM_DESC(irq, "IRQ # for UART16550A chip."); module_param_array(speed, int, NULL, 0444); MODULE_PARM_DESC(speed, "Speed in bauds."); From patchwork Thu Jun 18 23:12:51 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 1312485 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49nyV26dZVz9sNR; Fri, 19 Jun 2020 09:15:54 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1jm3l7-0001BB-QI; Thu, 18 Jun 2020 23:15:49 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3jL-00006v-Bh for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:59 +0000 Received: from mail-il1-f198.google.com ([209.85.166.198]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3jJ-0008UU-Kc for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:57 +0000 Received: by mail-il1-f198.google.com with SMTP id l11so5160111ils.11 for ; Thu, 18 Jun 2020 16:13:57 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ZTedMIvHO2H7/tMJzZEIFUlfhkOn1gHkVi4XloTsipo=; b=o1xYCiuXUfX9u/n9XZZ1xMuecdOhWEjj0z/B3KUpq5E4MVof9tcd2ia3gYloSoiUC2 PPghWevO1mBh+1Cr005/tWQh/HaaDiKD4z5y99jVmd/n8m8fNixZnVaG3+0nBqUblEES UuWd+nKz44SnmMboMWs3XZfmIzGx//FN3hhLMRKwvgWP3Vd2uk/1Qjz11UcjRsN1g9G8 7vomOK3ISaIUEpbutFN354aZTjV2fbNLCmdNYb7KM0eWuQMdvy4eMmtPwA1sLsbL1egM BVf0BgrVLa7PlGDfPNu2S3lpF114J85dppXJXD2gnXUyyU4YYhFEei5YjjxY5whpcDW6 RSow== X-Gm-Message-State: AOAM5333h9khzqxA00LOhPWhLUJ2Rfk4rYf7p100nz27AwlusQxTw4IZ v+eRTHRz0lhr8ldntEypQ+8P/Oyzhnw4NU6vbKK6Sp3OmrXgrZvDHukBxl6jeDUbxj801YSqoq1 6lTmauQY1SsVzBBQqdd+bdZvp/cg45rhJswiX3L5uQg== X-Received: by 2002:a5e:dd45:: with SMTP id u5mr1234911iop.118.1592522036265; Thu, 18 Jun 2020 16:13:56 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxn7CnkmZHRq3XDCvH5b34dEaTT15KTWQ1ozujWwk7qeNVCSNL2/Bvk7VBFIyjFCt5qF6QMQA== X-Received: by 2002:a5e:dd45:: with SMTP id u5mr1234870iop.118.1592522035695; Thu, 18 Jun 2020 16:13:55 -0700 (PDT) Received: from localhost ([2605:a601:ac0f:820:f090:1573:c2fc:6389]) by smtp.gmail.com with ESMTPSA id o28sm2342042ili.12.2020.06.18.16.13.55 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 16:13:55 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH 40/47][X] Annotate hardware config module parameters in sound/isa/ Date: Thu, 18 Jun 2020 18:12:51 -0500 Message-Id: <20200618231258.630575-41-seth.forshee@canonical.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200618231258.630575-1-seth.forshee@canonical.com> References: <20200618231258.630575-1-seth.forshee@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: David Howells BugLink: https://bugs.launchpad.net/bugs/1884159 When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a device to access or modify the kernel image. To this end, annotate module_param* statements that refer to hardware configuration and indicate for future reference what type of parameter they specify. The parameter parser in the core sees this information and can skip such parameters with an error message if the kernel is locked down. The module initialisation then runs as normal, but just sees whatever the default values for those parameters is. Note that we do still need to do the module initialisation because some drivers have viable defaults set in case parameters aren't specified and some drivers support automatic configuration (e.g. PNP or PCI) in addition to manually coded parameters. This patch annotates drivers in sound/isa/. Suggested-by: Alan Cox Signed-off-by: David Howells cc: Jaroslav Kysela cc: Takashi Iwai cc: alsa-devel@alsa-project.org (cherry picked from commit e992ef5705c1e154acb248869b39e0be4c003a8b) Signed-off-by: Seth Forshee --- sound/isa/ad1848/ad1848.c | 6 +++--- sound/isa/adlib.c | 2 +- sound/isa/cmi8328.c | 12 ++++++------ sound/isa/cmi8330.c | 20 ++++++++++---------- sound/isa/cs423x/cs4231.c | 12 ++++++------ sound/isa/cs423x/cs4236.c | 18 +++++++++--------- sound/isa/es1688/es1688.c | 12 ++++++------ sound/isa/es18xx.c | 12 ++++++------ sound/isa/galaxy/galaxy.c | 16 ++++++++-------- sound/isa/gus/gusclassic.c | 8 ++++---- sound/isa/gus/gusextreme.c | 16 ++++++++-------- sound/isa/gus/gusmax.c | 8 ++++---- sound/isa/gus/interwave.c | 10 +++++----- sound/isa/msnd/msnd_pinnacle.c | 20 ++++++++++---------- sound/isa/opl3sa2.c | 16 ++++++++-------- sound/isa/opti9xx/miro.c | 14 +++++++------- sound/isa/opti9xx/opti92x-ad1848.c | 14 +++++++------- sound/isa/sb/jazz16.c | 12 ++++++------ sound/isa/sb/sb16.c | 14 +++++++------- sound/isa/sb/sb8.c | 6 +++--- sound/isa/sc6000.c | 12 ++++++------ sound/isa/sscape.c | 12 ++++++------ sound/isa/wavefront/wavefront.c | 18 +++++++++--------- 23 files changed, 145 insertions(+), 145 deletions(-) diff --git a/sound/isa/ad1848/ad1848.c b/sound/isa/ad1848/ad1848.c index f159da4ec890..c1020f917b30 100644 --- a/sound/isa/ad1848/ad1848.c +++ b/sound/isa/ad1848/ad1848.c @@ -55,11 +55,11 @@ module_param_array(id, charp, NULL, 0444); MODULE_PARM_DESC(id, "ID string for " CRD_NAME " soundcard."); module_param_array(enable, bool, NULL, 0444); MODULE_PARM_DESC(enable, "Enable " CRD_NAME " soundcard."); -module_param_array(port, long, NULL, 0444); +module_param_hw_array(port, long, ioport, NULL, 0444); MODULE_PARM_DESC(port, "Port # for " CRD_NAME " driver."); -module_param_array(irq, int, NULL, 0444); +module_param_hw_array(irq, int, irq, NULL, 0444); MODULE_PARM_DESC(irq, "IRQ # for " CRD_NAME " driver."); -module_param_array(dma1, int, NULL, 0444); +module_param_hw_array(dma1, int, dma, NULL, 0444); MODULE_PARM_DESC(dma1, "DMA1 # for " CRD_NAME " driver."); module_param_array(thinkpad, bool, NULL, 0444); MODULE_PARM_DESC(thinkpad, "Enable only for the onboard CS4248 of IBM Thinkpad 360/750/755 series."); diff --git a/sound/isa/adlib.c b/sound/isa/adlib.c index 120c524bb2a0..896398ac72f5 100644 --- a/sound/isa/adlib.c +++ b/sound/isa/adlib.c @@ -27,7 +27,7 @@ module_param_array(id, charp, NULL, 0444); MODULE_PARM_DESC(id, "ID string for " CRD_NAME " soundcard."); module_param_array(enable, bool, NULL, 0444); MODULE_PARM_DESC(enable, "Enable " CRD_NAME " soundcard."); -module_param_array(port, long, NULL, 0444); +module_param_hw_array(port, long, ioport, NULL, 0444); MODULE_PARM_DESC(port, "Port # for " CRD_NAME " driver."); static int snd_adlib_match(struct device *dev, unsigned int n) diff --git a/sound/isa/cmi8328.c b/sound/isa/cmi8328.c index 2c89d95da674..1c1a01226987 100644 --- a/sound/isa/cmi8328.c +++ b/sound/isa/cmi8328.c @@ -51,18 +51,18 @@ MODULE_PARM_DESC(index, "Index value for CMI8328 soundcard."); module_param_array(id, charp, NULL, 0444); MODULE_PARM_DESC(id, "ID string for CMI8328 soundcard."); -module_param_array(port, long, NULL, 0444); +module_param_hw_array(port, long, ioport, NULL, 0444); MODULE_PARM_DESC(port, "Port # for CMI8328 driver."); -module_param_array(irq, int, NULL, 0444); +module_param_hw_array(irq, int, irq, NULL, 0444); MODULE_PARM_DESC(irq, "IRQ # for CMI8328 driver."); -module_param_array(dma1, int, NULL, 0444); +module_param_hw_array(dma1, int, dma, NULL, 0444); MODULE_PARM_DESC(dma1, "DMA1 for CMI8328 driver."); -module_param_array(dma2, int, NULL, 0444); +module_param_hw_array(dma2, int, dma, NULL, 0444); MODULE_PARM_DESC(dma2, "DMA2 for CMI8328 driver."); -module_param_array(mpuport, long, NULL, 0444); +module_param_hw_array(mpuport, long, ioport, NULL, 0444); MODULE_PARM_DESC(mpuport, "MPU-401 port # for CMI8328 driver."); -module_param_array(mpuirq, int, NULL, 0444); +module_param_hw_array(mpuirq, int, irq, NULL, 0444); MODULE_PARM_DESC(mpuirq, "IRQ # for CMI8328 MPU-401 port."); #ifdef SUPPORT_JOYSTICK module_param_array(gameport, bool, NULL, 0444); diff --git a/sound/isa/cmi8330.c b/sound/isa/cmi8330.c index dfedfd85f205..f64b29ab5cc7 100644 --- a/sound/isa/cmi8330.c +++ b/sound/isa/cmi8330.c @@ -95,27 +95,27 @@ module_param_array(isapnp, bool, NULL, 0444); MODULE_PARM_DESC(isapnp, "PnP detection for specified soundcard."); #endif -module_param_array(sbport, long, NULL, 0444); +module_param_hw_array(sbport, long, ioport, NULL, 0444); MODULE_PARM_DESC(sbport, "Port # for CMI8330/CMI8329 SB driver."); -module_param_array(sbirq, int, NULL, 0444); +module_param_hw_array(sbirq, int, irq, NULL, 0444); MODULE_PARM_DESC(sbirq, "IRQ # for CMI8330/CMI8329 SB driver."); -module_param_array(sbdma8, int, NULL, 0444); +module_param_hw_array(sbdma8, int, dma, NULL, 0444); MODULE_PARM_DESC(sbdma8, "DMA8 for CMI8330/CMI8329 SB driver."); -module_param_array(sbdma16, int, NULL, 0444); +module_param_hw_array(sbdma16, int, dma, NULL, 0444); MODULE_PARM_DESC(sbdma16, "DMA16 for CMI8330/CMI8329 SB driver."); -module_param_array(wssport, long, NULL, 0444); +module_param_hw_array(wssport, long, ioport, NULL, 0444); MODULE_PARM_DESC(wssport, "Port # for CMI8330/CMI8329 WSS driver."); -module_param_array(wssirq, int, NULL, 0444); +module_param_hw_array(wssirq, int, irq, NULL, 0444); MODULE_PARM_DESC(wssirq, "IRQ # for CMI8330/CMI8329 WSS driver."); -module_param_array(wssdma, int, NULL, 0444); +module_param_hw_array(wssdma, int, dma, NULL, 0444); MODULE_PARM_DESC(wssdma, "DMA for CMI8330/CMI8329 WSS driver."); -module_param_array(fmport, long, NULL, 0444); +module_param_hw_array(fmport, long, ioport, NULL, 0444); MODULE_PARM_DESC(fmport, "FM port # for CMI8330/CMI8329 driver."); -module_param_array(mpuport, long, NULL, 0444); +module_param_hw_array(mpuport, long, ioport, NULL, 0444); MODULE_PARM_DESC(mpuport, "MPU-401 port # for CMI8330/CMI8329 driver."); -module_param_array(mpuirq, int, NULL, 0444); +module_param_hw_array(mpuirq, int, irq, NULL, 0444); MODULE_PARM_DESC(mpuirq, "IRQ # for CMI8330/CMI8329 MPU-401 port."); #ifdef CONFIG_PNP static int isa_registered; diff --git a/sound/isa/cs423x/cs4231.c b/sound/isa/cs423x/cs4231.c index 282cd75d2235..a0c6fc60bbdf 100644 --- a/sound/isa/cs423x/cs4231.c +++ b/sound/isa/cs423x/cs4231.c @@ -55,17 +55,17 @@ module_param_array(id, charp, NULL, 0444); MODULE_PARM_DESC(id, "ID string for " CRD_NAME " soundcard."); module_param_array(enable, bool, NULL, 0444); MODULE_PARM_DESC(enable, "Enable " CRD_NAME " soundcard."); -module_param_array(port, long, NULL, 0444); +module_param_hw_array(port, long, ioport, NULL, 0444); MODULE_PARM_DESC(port, "Port # for " CRD_NAME " driver."); -module_param_array(mpu_port, long, NULL, 0444); +module_param_hw_array(mpu_port, long, ioport, NULL, 0444); MODULE_PARM_DESC(mpu_port, "MPU-401 port # for " CRD_NAME " driver."); -module_param_array(irq, int, NULL, 0444); +module_param_hw_array(irq, int, irq, NULL, 0444); MODULE_PARM_DESC(irq, "IRQ # for " CRD_NAME " driver."); -module_param_array(mpu_irq, int, NULL, 0444); +module_param_hw_array(mpu_irq, int, irq, NULL, 0444); MODULE_PARM_DESC(mpu_irq, "MPU-401 IRQ # for " CRD_NAME " driver."); -module_param_array(dma1, int, NULL, 0444); +module_param_hw_array(dma1, int, dma, NULL, 0444); MODULE_PARM_DESC(dma1, "DMA1 # for " CRD_NAME " driver."); -module_param_array(dma2, int, NULL, 0444); +module_param_hw_array(dma2, int, dma, NULL, 0444); MODULE_PARM_DESC(dma2, "DMA2 # for " CRD_NAME " driver."); static int snd_cs4231_match(struct device *dev, unsigned int n) diff --git a/sound/isa/cs423x/cs4236.c b/sound/isa/cs423x/cs4236.c index c67d379cb6d6..c2063fe06966 100644 --- a/sound/isa/cs423x/cs4236.c +++ b/sound/isa/cs423x/cs4236.c @@ -98,23 +98,23 @@ MODULE_PARM_DESC(enable, "Enable " IDENT " soundcard."); module_param_array(isapnp, bool, NULL, 0444); MODULE_PARM_DESC(isapnp, "ISA PnP detection for specified soundcard."); #endif -module_param_array(port, long, NULL, 0444); +module_param_hw_array(port, long, ioport, NULL, 0444); MODULE_PARM_DESC(port, "Port # for " IDENT " driver."); -module_param_array(cport, long, NULL, 0444); +module_param_hw_array(cport, long, ioport, NULL, 0444); MODULE_PARM_DESC(cport, "Control port # for " IDENT " driver."); -module_param_array(mpu_port, long, NULL, 0444); +module_param_hw_array(mpu_port, long, ioport, NULL, 0444); MODULE_PARM_DESC(mpu_port, "MPU-401 port # for " IDENT " driver."); -module_param_array(fm_port, long, NULL, 0444); +module_param_hw_array(fm_port, long, ioport, NULL, 0444); MODULE_PARM_DESC(fm_port, "FM port # for " IDENT " driver."); -module_param_array(sb_port, long, NULL, 0444); +module_param_hw_array(sb_port, long, ioport, NULL, 0444); MODULE_PARM_DESC(sb_port, "SB port # for " IDENT " driver (optional)."); -module_param_array(irq, int, NULL, 0444); +module_param_hw_array(irq, int, irq, NULL, 0444); MODULE_PARM_DESC(irq, "IRQ # for " IDENT " driver."); -module_param_array(mpu_irq, int, NULL, 0444); +module_param_hw_array(mpu_irq, int, irq, NULL, 0444); MODULE_PARM_DESC(mpu_irq, "MPU-401 IRQ # for " IDENT " driver."); -module_param_array(dma1, int, NULL, 0444); +module_param_hw_array(dma1, int, dma, NULL, 0444); MODULE_PARM_DESC(dma1, "DMA1 # for " IDENT " driver."); -module_param_array(dma2, int, NULL, 0444); +module_param_hw_array(dma2, int, dma, NULL, 0444); MODULE_PARM_DESC(dma2, "DMA2 # for " IDENT " driver."); #ifdef CONFIG_PNP diff --git a/sound/isa/es1688/es1688.c b/sound/isa/es1688/es1688.c index 1901c2bb6c3b..36320e7f2789 100644 --- a/sound/isa/es1688/es1688.c +++ b/sound/isa/es1688/es1688.c @@ -71,17 +71,17 @@ module_param_array(isapnp, bool, NULL, 0444); MODULE_PARM_DESC(isapnp, "PnP detection for specified soundcard."); #endif MODULE_PARM_DESC(enable, "Enable " CRD_NAME " soundcard."); -module_param_array(port, long, NULL, 0444); +module_param_hw_array(port, long, ioport, NULL, 0444); MODULE_PARM_DESC(port, "Port # for " CRD_NAME " driver."); -module_param_array(mpu_port, long, NULL, 0444); +module_param_hw_array(mpu_port, long, ioport, NULL, 0444); MODULE_PARM_DESC(mpu_port, "MPU-401 port # for " CRD_NAME " driver."); -module_param_array(irq, int, NULL, 0444); -module_param_array(fm_port, long, NULL, 0444); +module_param_hw_array(irq, int, irq, NULL, 0444); +module_param_hw_array(fm_port, long, ioport, NULL, 0444); MODULE_PARM_DESC(fm_port, "FM port # for ES1688 driver."); MODULE_PARM_DESC(irq, "IRQ # for " CRD_NAME " driver."); -module_param_array(mpu_irq, int, NULL, 0444); +module_param_hw_array(mpu_irq, int, irq, NULL, 0444); MODULE_PARM_DESC(mpu_irq, "MPU-401 IRQ # for " CRD_NAME " driver."); -module_param_array(dma8, int, NULL, 0444); +module_param_hw_array(dma8, int, dma, NULL, 0444); MODULE_PARM_DESC(dma8, "8-bit DMA # for " CRD_NAME " driver."); #ifdef CONFIG_PNP diff --git a/sound/isa/es18xx.c b/sound/isa/es18xx.c index 5094b62d8f77..0cabe2b8974f 100644 --- a/sound/isa/es18xx.c +++ b/sound/isa/es18xx.c @@ -1999,17 +1999,17 @@ MODULE_PARM_DESC(enable, "Enable ES18xx soundcard."); module_param_array(isapnp, bool, NULL, 0444); MODULE_PARM_DESC(isapnp, "PnP detection for specified soundcard."); #endif -module_param_array(port, long, NULL, 0444); +module_param_hw_array(port, long, ioport, NULL, 0444); MODULE_PARM_DESC(port, "Port # for ES18xx driver."); -module_param_array(mpu_port, long, NULL, 0444); +module_param_hw_array(mpu_port, long, ioport, NULL, 0444); MODULE_PARM_DESC(mpu_port, "MPU-401 port # for ES18xx driver."); -module_param_array(fm_port, long, NULL, 0444); +module_param_hw_array(fm_port, long, ioport, NULL, 0444); MODULE_PARM_DESC(fm_port, "FM port # for ES18xx driver."); -module_param_array(irq, int, NULL, 0444); +module_param_hw_array(irq, int, irq, NULL, 0444); MODULE_PARM_DESC(irq, "IRQ # for ES18xx driver."); -module_param_array(dma1, int, NULL, 0444); +module_param_hw_array(dma1, int, dma, NULL, 0444); MODULE_PARM_DESC(dma1, "DMA 1 # for ES18xx driver."); -module_param_array(dma2, int, NULL, 0444); +module_param_hw_array(dma2, int, dma, NULL, 0444); MODULE_PARM_DESC(dma2, "DMA 2 # for ES18xx driver."); #ifdef CONFIG_PNP diff --git a/sound/isa/galaxy/galaxy.c b/sound/isa/galaxy/galaxy.c index 32278847884f..e644ae713406 100644 --- a/sound/isa/galaxy/galaxy.c +++ b/sound/isa/galaxy/galaxy.c @@ -53,21 +53,21 @@ static int mpu_irq[SNDRV_CARDS] = SNDRV_DEFAULT_IRQ; static int dma1[SNDRV_CARDS] = SNDRV_DEFAULT_DMA; static int dma2[SNDRV_CARDS] = SNDRV_DEFAULT_DMA; -module_param_array(port, long, NULL, 0444); +module_param_hw_array(port, long, ioport, NULL, 0444); MODULE_PARM_DESC(port, "Port # for " CRD_NAME " driver."); -module_param_array(wss_port, long, NULL, 0444); +module_param_hw_array(wss_port, long, ioport, NULL, 0444); MODULE_PARM_DESC(wss_port, "WSS port # for " CRD_NAME " driver."); -module_param_array(mpu_port, long, NULL, 0444); +module_param_hw_array(mpu_port, long, ioport, NULL, 0444); MODULE_PARM_DESC(mpu_port, "MPU-401 port # for " CRD_NAME " driver."); -module_param_array(fm_port, long, NULL, 0444); +module_param_hw_array(fm_port, long, ioport, NULL, 0444); MODULE_PARM_DESC(fm_port, "FM port # for " CRD_NAME " driver."); -module_param_array(irq, int, NULL, 0444); +module_param_hw_array(irq, int, irq, NULL, 0444); MODULE_PARM_DESC(irq, "IRQ # for " CRD_NAME " driver."); -module_param_array(mpu_irq, int, NULL, 0444); +module_param_hw_array(mpu_irq, int, irq, NULL, 0444); MODULE_PARM_DESC(mpu_irq, "MPU-401 IRQ # for " CRD_NAME " driver."); -module_param_array(dma1, int, NULL, 0444); +module_param_hw_array(dma1, int, dma, NULL, 0444); MODULE_PARM_DESC(dma1, "Playback DMA # for " CRD_NAME " driver."); -module_param_array(dma2, int, NULL, 0444); +module_param_hw_array(dma2, int, dma, NULL, 0444); MODULE_PARM_DESC(dma2, "Capture DMA # for " CRD_NAME " driver."); /* diff --git a/sound/isa/gus/gusclassic.c b/sound/isa/gus/gusclassic.c index f0019715d82e..1194a93657c2 100644 --- a/sound/isa/gus/gusclassic.c +++ b/sound/isa/gus/gusclassic.c @@ -58,13 +58,13 @@ module_param_array(id, charp, NULL, 0444); MODULE_PARM_DESC(id, "ID string for " CRD_NAME " soundcard."); module_param_array(enable, bool, NULL, 0444); MODULE_PARM_DESC(enable, "Enable " CRD_NAME " soundcard."); -module_param_array(port, long, NULL, 0444); +module_param_hw_array(port, long, ioport, NULL, 0444); MODULE_PARM_DESC(port, "Port # for " CRD_NAME " driver."); -module_param_array(irq, int, NULL, 0444); +module_param_hw_array(irq, int, irq, NULL, 0444); MODULE_PARM_DESC(irq, "IRQ # for " CRD_NAME " driver."); -module_param_array(dma1, int, NULL, 0444); +module_param_hw_array(dma1, int, dma, NULL, 0444); MODULE_PARM_DESC(dma1, "DMA1 # for " CRD_NAME " driver."); -module_param_array(dma2, int, NULL, 0444); +module_param_hw_array(dma2, int, dma, NULL, 0444); MODULE_PARM_DESC(dma2, "DMA2 # for " CRD_NAME " driver."); module_param_array(joystick_dac, int, NULL, 0444); MODULE_PARM_DESC(joystick_dac, "Joystick DAC level 0.59V-4.52V or 0.389V-2.98V for " CRD_NAME " driver."); diff --git a/sound/isa/gus/gusextreme.c b/sound/isa/gus/gusextreme.c index 693d95f46804..d777e38a9e91 100644 --- a/sound/isa/gus/gusextreme.c +++ b/sound/isa/gus/gusextreme.c @@ -66,21 +66,21 @@ module_param_array(id, charp, NULL, 0444); MODULE_PARM_DESC(id, "ID string for " CRD_NAME " soundcard."); module_param_array(enable, bool, NULL, 0444); MODULE_PARM_DESC(enable, "Enable " CRD_NAME " soundcard."); -module_param_array(port, long, NULL, 0444); +module_param_hw_array(port, long, ioport, NULL, 0444); MODULE_PARM_DESC(port, "Port # for " CRD_NAME " driver."); -module_param_array(gf1_port, long, NULL, 0444); +module_param_hw_array(gf1_port, long, ioport, NULL, 0444); MODULE_PARM_DESC(gf1_port, "GF1 port # for " CRD_NAME " driver (optional)."); -module_param_array(mpu_port, long, NULL, 0444); +module_param_hw_array(mpu_port, long, ioport, NULL, 0444); MODULE_PARM_DESC(mpu_port, "MPU-401 port # for " CRD_NAME " driver."); -module_param_array(irq, int, NULL, 0444); +module_param_hw_array(irq, int, irq, NULL, 0444); MODULE_PARM_DESC(irq, "IRQ # for " CRD_NAME " driver."); -module_param_array(mpu_irq, int, NULL, 0444); +module_param_hw_array(mpu_irq, int, irq, NULL, 0444); MODULE_PARM_DESC(mpu_irq, "MPU-401 IRQ # for " CRD_NAME " driver."); -module_param_array(gf1_irq, int, NULL, 0444); +module_param_hw_array(gf1_irq, int, irq, NULL, 0444); MODULE_PARM_DESC(gf1_irq, "GF1 IRQ # for " CRD_NAME " driver."); -module_param_array(dma8, int, NULL, 0444); +module_param_hw_array(dma8, int, dma, NULL, 0444); MODULE_PARM_DESC(dma8, "8-bit DMA # for " CRD_NAME " driver."); -module_param_array(dma1, int, NULL, 0444); +module_param_hw_array(dma1, int, dma, NULL, 0444); MODULE_PARM_DESC(dma1, "GF1 DMA # for " CRD_NAME " driver."); module_param_array(joystick_dac, int, NULL, 0444); MODULE_PARM_DESC(joystick_dac, "Joystick DAC level 0.59V-4.52V or 0.389V-2.98V for " CRD_NAME " driver."); diff --git a/sound/isa/gus/gusmax.c b/sound/isa/gus/gusmax.c index 8216e8d8f017..9f5f262c7997 100644 --- a/sound/isa/gus/gusmax.c +++ b/sound/isa/gus/gusmax.c @@ -56,13 +56,13 @@ module_param_array(id, charp, NULL, 0444); MODULE_PARM_DESC(id, "ID string for GUS MAX soundcard."); module_param_array(enable, bool, NULL, 0444); MODULE_PARM_DESC(enable, "Enable GUS MAX soundcard."); -module_param_array(port, long, NULL, 0444); +module_param_hw_array(port, long, ioport, NULL, 0444); MODULE_PARM_DESC(port, "Port # for GUS MAX driver."); -module_param_array(irq, int, NULL, 0444); +module_param_hw_array(irq, int, irq, NULL, 0444); MODULE_PARM_DESC(irq, "IRQ # for GUS MAX driver."); -module_param_array(dma1, int, NULL, 0444); +module_param_hw_array(dma1, int, dma, NULL, 0444); MODULE_PARM_DESC(dma1, "DMA1 # for GUS MAX driver."); -module_param_array(dma2, int, NULL, 0444); +module_param_hw_array(dma2, int, dma, NULL, 0444); MODULE_PARM_DESC(dma2, "DMA2 # for GUS MAX driver."); module_param_array(joystick_dac, int, NULL, 0444); MODULE_PARM_DESC(joystick_dac, "Joystick DAC level 0.59V-4.52V or 0.389V-2.98V for GUS MAX driver."); diff --git a/sound/isa/gus/interwave.c b/sound/isa/gus/interwave.c index 70d0040484c8..0687b7ef3e53 100644 --- a/sound/isa/gus/interwave.c +++ b/sound/isa/gus/interwave.c @@ -92,17 +92,17 @@ MODULE_PARM_DESC(enable, "Enable InterWave soundcard."); module_param_array(isapnp, bool, NULL, 0444); MODULE_PARM_DESC(isapnp, "ISA PnP detection for specified soundcard."); #endif -module_param_array(port, long, NULL, 0444); +module_param_hw_array(port, long, ioport, NULL, 0444); MODULE_PARM_DESC(port, "Port # for InterWave driver."); #ifdef SNDRV_STB -module_param_array(port_tc, long, NULL, 0444); +module_param_hw_array(port_tc, long, ioport, NULL, 0444); MODULE_PARM_DESC(port_tc, "Tone control (TEA6330T - i2c bus) port # for InterWave driver."); #endif -module_param_array(irq, int, NULL, 0444); +module_param_hw_array(irq, int, irq, NULL, 0444); MODULE_PARM_DESC(irq, "IRQ # for InterWave driver."); -module_param_array(dma1, int, NULL, 0444); +module_param_hw_array(dma1, int, dma, NULL, 0444); MODULE_PARM_DESC(dma1, "DMA1 # for InterWave driver."); -module_param_array(dma2, int, NULL, 0444); +module_param_hw_array(dma2, int, dma, NULL, 0444); MODULE_PARM_DESC(dma2, "DMA2 # for InterWave driver."); module_param_array(joystick_dac, int, NULL, 0444); MODULE_PARM_DESC(joystick_dac, "Joystick DAC level 0.59V-4.52V or 0.389V-2.98V for InterWave driver."); diff --git a/sound/isa/msnd/msnd_pinnacle.c b/sound/isa/msnd/msnd_pinnacle.c index 2d7379dec1f0..d8ba87c4d3d0 100644 --- a/sound/isa/msnd/msnd_pinnacle.c +++ b/sound/isa/msnd/msnd_pinnacle.c @@ -801,22 +801,22 @@ MODULE_LICENSE("GPL"); MODULE_FIRMWARE(INITCODEFILE); MODULE_FIRMWARE(PERMCODEFILE); -module_param_array(io, long, NULL, S_IRUGO); +module_param_hw_array(io, long, ioport, NULL, S_IRUGO); MODULE_PARM_DESC(io, "IO port #"); -module_param_array(irq, int, NULL, S_IRUGO); -module_param_array(mem, long, NULL, S_IRUGO); +module_param_hw_array(irq, int, irq, NULL, S_IRUGO); +module_param_hw_array(mem, long, iomem, NULL, S_IRUGO); module_param_array(write_ndelay, int, NULL, S_IRUGO); module_param(calibrate_signal, int, S_IRUGO); #ifndef MSND_CLASSIC module_param_array(digital, int, NULL, S_IRUGO); -module_param_array(cfg, long, NULL, S_IRUGO); +module_param_hw_array(cfg, long, ioport, NULL, S_IRUGO); module_param_array(reset, int, 0, S_IRUGO); -module_param_array(mpu_io, long, NULL, S_IRUGO); -module_param_array(mpu_irq, int, NULL, S_IRUGO); -module_param_array(ide_io0, long, NULL, S_IRUGO); -module_param_array(ide_io1, long, NULL, S_IRUGO); -module_param_array(ide_irq, int, NULL, S_IRUGO); -module_param_array(joystick_io, long, NULL, S_IRUGO); +module_param_hw_array(mpu_io, long, ioport, NULL, S_IRUGO); +module_param_hw_array(mpu_irq, int, irq, NULL, S_IRUGO); +module_param_hw_array(ide_io0, long, ioport, NULL, S_IRUGO); +module_param_hw_array(ide_io1, long, ioport, NULL, S_IRUGO); +module_param_hw_array(ide_irq, int, irq, NULL, S_IRUGO); +module_param_hw_array(joystick_io, long, ioport, NULL, S_IRUGO); #endif diff --git a/sound/isa/opl3sa2.c b/sound/isa/opl3sa2.c index ae133633a420..4098e3e0353d 100644 --- a/sound/isa/opl3sa2.c +++ b/sound/isa/opl3sa2.c @@ -69,21 +69,21 @@ MODULE_PARM_DESC(enable, "Enable OPL3-SA soundcard."); module_param_array(isapnp, bool, NULL, 0444); MODULE_PARM_DESC(isapnp, "PnP detection for specified soundcard."); #endif -module_param_array(port, long, NULL, 0444); +module_param_hw_array(port, long, ioport, NULL, 0444); MODULE_PARM_DESC(port, "Port # for OPL3-SA driver."); -module_param_array(sb_port, long, NULL, 0444); +module_param_hw_array(sb_port, long, ioport, NULL, 0444); MODULE_PARM_DESC(sb_port, "SB port # for OPL3-SA driver."); -module_param_array(wss_port, long, NULL, 0444); +module_param_hw_array(wss_port, long, ioport, NULL, 0444); MODULE_PARM_DESC(wss_port, "WSS port # for OPL3-SA driver."); -module_param_array(fm_port, long, NULL, 0444); +module_param_hw_array(fm_port, long, ioport, NULL, 0444); MODULE_PARM_DESC(fm_port, "FM port # for OPL3-SA driver."); -module_param_array(midi_port, long, NULL, 0444); +module_param_hw_array(midi_port, long, ioport, NULL, 0444); MODULE_PARM_DESC(midi_port, "MIDI port # for OPL3-SA driver."); -module_param_array(irq, int, NULL, 0444); +module_param_hw_array(irq, int, irq, NULL, 0444); MODULE_PARM_DESC(irq, "IRQ # for OPL3-SA driver."); -module_param_array(dma1, int, NULL, 0444); +module_param_hw_array(dma1, int, dma, NULL, 0444); MODULE_PARM_DESC(dma1, "DMA1 # for OPL3-SA driver."); -module_param_array(dma2, int, NULL, 0444); +module_param_hw_array(dma2, int, dma, NULL, 0444); MODULE_PARM_DESC(dma2, "DMA2 # for OPL3-SA driver."); module_param_array(opl3sa3_ymode, int, NULL, 0444); MODULE_PARM_DESC(opl3sa3_ymode, "Speaker size selection for 3D Enhancement mode: Desktop/Large Notebook/Small Notebook/HiFi."); diff --git a/sound/isa/opti9xx/miro.c b/sound/isa/opti9xx/miro.c index 7fbac24607bc..958847371c9e 100644 --- a/sound/isa/opti9xx/miro.c +++ b/sound/isa/opti9xx/miro.c @@ -69,19 +69,19 @@ module_param(index, int, 0444); MODULE_PARM_DESC(index, "Index value for miro soundcard."); module_param(id, charp, 0444); MODULE_PARM_DESC(id, "ID string for miro soundcard."); -module_param(port, long, 0444); +module_param_hw(port, long, ioport, 0444); MODULE_PARM_DESC(port, "WSS port # for miro driver."); -module_param(mpu_port, long, 0444); +module_param_hw(mpu_port, long, ioport, 0444); MODULE_PARM_DESC(mpu_port, "MPU-401 port # for miro driver."); -module_param(fm_port, long, 0444); +module_param_hw(fm_port, long, ioport, 0444); MODULE_PARM_DESC(fm_port, "FM Port # for miro driver."); -module_param(irq, int, 0444); +module_param_hw(irq, int, irq, 0444); MODULE_PARM_DESC(irq, "WSS irq # for miro driver."); -module_param(mpu_irq, int, 0444); +module_param_hw(mpu_irq, int, irq, 0444); MODULE_PARM_DESC(mpu_irq, "MPU-401 irq # for miro driver."); -module_param(dma1, int, 0444); +module_param_hw(dma1, int, dma, 0444); MODULE_PARM_DESC(dma1, "1st dma # for miro driver."); -module_param(dma2, int, 0444); +module_param_hw(dma2, int, dma, 0444); MODULE_PARM_DESC(dma2, "2nd dma # for miro driver."); module_param(wss, int, 0444); MODULE_PARM_DESC(wss, "wss mode"); diff --git a/sound/isa/opti9xx/opti92x-ad1848.c b/sound/isa/opti9xx/opti92x-ad1848.c index 6777ae84b59e..1ce1f922d6ec 100644 --- a/sound/isa/opti9xx/opti92x-ad1848.c +++ b/sound/isa/opti9xx/opti92x-ad1848.c @@ -88,20 +88,20 @@ MODULE_PARM_DESC(id, "ID string for opti9xx based soundcard."); module_param(isapnp, bool, 0444); MODULE_PARM_DESC(isapnp, "Enable ISA PnP detection for specified soundcard."); #endif -module_param(port, long, 0444); +module_param_hw(port, long, ioport, 0444); MODULE_PARM_DESC(port, "WSS port # for opti9xx driver."); -module_param(mpu_port, long, 0444); +module_param_hw(mpu_port, long, ioport, 0444); MODULE_PARM_DESC(mpu_port, "MPU-401 port # for opti9xx driver."); -module_param(fm_port, long, 0444); +module_param_hw(fm_port, long, ioport, 0444); MODULE_PARM_DESC(fm_port, "FM port # for opti9xx driver."); -module_param(irq, int, 0444); +module_param_hw(irq, int, irq, 0444); MODULE_PARM_DESC(irq, "WSS irq # for opti9xx driver."); -module_param(mpu_irq, int, 0444); +module_param_hw(mpu_irq, int, irq, 0444); MODULE_PARM_DESC(mpu_irq, "MPU-401 irq # for opti9xx driver."); -module_param(dma1, int, 0444); +module_param_hw(dma1, int, dma, 0444); MODULE_PARM_DESC(dma1, "1st dma # for opti9xx driver."); #if defined(CS4231) || defined(OPTi93X) -module_param(dma2, int, 0444); +module_param_hw(dma2, int, dma, 0444); MODULE_PARM_DESC(dma2, "2nd dma # for opti9xx driver."); #endif /* CS4231 || OPTi93X */ diff --git a/sound/isa/sb/jazz16.c b/sound/isa/sb/jazz16.c index 6b4884d052a5..13b99acb62d5 100644 --- a/sound/isa/sb/jazz16.c +++ b/sound/isa/sb/jazz16.c @@ -50,17 +50,17 @@ module_param_array(id, charp, NULL, 0444); MODULE_PARM_DESC(id, "ID string for Media Vision Jazz16 based soundcard."); module_param_array(enable, bool, NULL, 0444); MODULE_PARM_DESC(enable, "Enable Media Vision Jazz16 based soundcard."); -module_param_array(port, long, NULL, 0444); +module_param_hw_array(port, long, ioport, NULL, 0444); MODULE_PARM_DESC(port, "Port # for jazz16 driver."); -module_param_array(mpu_port, long, NULL, 0444); +module_param_hw_array(mpu_port, long, ioport, NULL, 0444); MODULE_PARM_DESC(mpu_port, "MPU-401 port # for jazz16 driver."); -module_param_array(irq, int, NULL, 0444); +module_param_hw_array(irq, int, irq, NULL, 0444); MODULE_PARM_DESC(irq, "IRQ # for jazz16 driver."); -module_param_array(mpu_irq, int, NULL, 0444); +module_param_hw_array(mpu_irq, int, irq, NULL, 0444); MODULE_PARM_DESC(mpu_irq, "MPU-401 IRQ # for jazz16 driver."); -module_param_array(dma8, int, NULL, 0444); +module_param_hw_array(dma8, int, dma, NULL, 0444); MODULE_PARM_DESC(dma8, "DMA8 # for jazz16 driver."); -module_param_array(dma16, int, NULL, 0444); +module_param_hw_array(dma16, int, dma, NULL, 0444); MODULE_PARM_DESC(dma16, "DMA16 # for jazz16 driver."); #define SB_JAZZ16_WAKEUP 0xaf diff --git a/sound/isa/sb/sb16.c b/sound/isa/sb/sb16.c index 4a7d7c89808f..3b2e4f405ff2 100644 --- a/sound/isa/sb/sb16.c +++ b/sound/isa/sb/sb16.c @@ -99,21 +99,21 @@ MODULE_PARM_DESC(enable, "Enable SoundBlaster 16 soundcard."); module_param_array(isapnp, bool, NULL, 0444); MODULE_PARM_DESC(isapnp, "PnP detection for specified soundcard."); #endif -module_param_array(port, long, NULL, 0444); +module_param_hw_array(port, long, ioport, NULL, 0444); MODULE_PARM_DESC(port, "Port # for SB16 driver."); -module_param_array(mpu_port, long, NULL, 0444); +module_param_hw_array(mpu_port, long, ioport, NULL, 0444); MODULE_PARM_DESC(mpu_port, "MPU-401 port # for SB16 driver."); -module_param_array(fm_port, long, NULL, 0444); +module_param_hw_array(fm_port, long, ioport, NULL, 0444); MODULE_PARM_DESC(fm_port, "FM port # for SB16 PnP driver."); #ifdef SNDRV_SBAWE_EMU8000 -module_param_array(awe_port, long, NULL, 0444); +module_param_hw_array(awe_port, long, ioport, NULL, 0444); MODULE_PARM_DESC(awe_port, "AWE port # for SB16 PnP driver."); #endif -module_param_array(irq, int, NULL, 0444); +module_param_hw_array(irq, int, irq, NULL, 0444); MODULE_PARM_DESC(irq, "IRQ # for SB16 driver."); -module_param_array(dma8, int, NULL, 0444); +module_param_hw_array(dma8, int, dma, NULL, 0444); MODULE_PARM_DESC(dma8, "8-bit DMA # for SB16 driver."); -module_param_array(dma16, int, NULL, 0444); +module_param_hw_array(dma16, int, dma, NULL, 0444); MODULE_PARM_DESC(dma16, "16-bit DMA # for SB16 driver."); module_param_array(mic_agc, int, NULL, 0444); MODULE_PARM_DESC(mic_agc, "Mic Auto-Gain-Control switch."); diff --git a/sound/isa/sb/sb8.c b/sound/isa/sb/sb8.c index 0c7fe1418447..4b770fa3708a 100644 --- a/sound/isa/sb/sb8.c +++ b/sound/isa/sb/sb8.c @@ -47,11 +47,11 @@ module_param_array(id, charp, NULL, 0444); MODULE_PARM_DESC(id, "ID string for Sound Blaster soundcard."); module_param_array(enable, bool, NULL, 0444); MODULE_PARM_DESC(enable, "Enable Sound Blaster soundcard."); -module_param_array(port, long, NULL, 0444); +module_param_hw_array(port, long, ioport, NULL, 0444); MODULE_PARM_DESC(port, "Port # for SB8 driver."); -module_param_array(irq, int, NULL, 0444); +module_param_hw_array(irq, int, irq, NULL, 0444); MODULE_PARM_DESC(irq, "IRQ # for SB8 driver."); -module_param_array(dma8, int, NULL, 0444); +module_param_hw_array(dma8, int, dma, NULL, 0444); MODULE_PARM_DESC(dma8, "8-bit DMA # for SB8 driver."); struct snd_sb8 { diff --git a/sound/isa/sc6000.c b/sound/isa/sc6000.c index 51cfa7615f72..72c8d08e7d20 100644 --- a/sound/isa/sc6000.c +++ b/sound/isa/sc6000.c @@ -64,17 +64,17 @@ module_param_array(id, charp, NULL, 0444); MODULE_PARM_DESC(id, "ID string for sc-6000 based soundcard."); module_param_array(enable, bool, NULL, 0444); MODULE_PARM_DESC(enable, "Enable sc-6000 based soundcard."); -module_param_array(port, long, NULL, 0444); +module_param_hw_array(port, long, ioport, NULL, 0444); MODULE_PARM_DESC(port, "Port # for sc-6000 driver."); -module_param_array(mss_port, long, NULL, 0444); +module_param_hw_array(mss_port, long, ioport, NULL, 0444); MODULE_PARM_DESC(mss_port, "MSS Port # for sc-6000 driver."); -module_param_array(mpu_port, long, NULL, 0444); +module_param_hw_array(mpu_port, long, ioport, NULL, 0444); MODULE_PARM_DESC(mpu_port, "MPU-401 port # for sc-6000 driver."); -module_param_array(irq, int, NULL, 0444); +module_param_hw_array(irq, int, irq, NULL, 0444); MODULE_PARM_DESC(irq, "IRQ # for sc-6000 driver."); -module_param_array(mpu_irq, int, NULL, 0444); +module_param_hw_array(mpu_irq, int, irq, NULL, 0444); MODULE_PARM_DESC(mpu_irq, "MPU-401 IRQ # for sc-6000 driver."); -module_param_array(dma, int, NULL, 0444); +module_param_hw_array(dma, int, dma, NULL, 0444); MODULE_PARM_DESC(dma, "DMA # for sc-6000 driver."); module_param_array(joystick, bool, NULL, 0444); MODULE_PARM_DESC(joystick, "Enable gameport."); diff --git a/sound/isa/sscape.c b/sound/isa/sscape.c index 7b248cdf06e2..2f1eab8e0ef6 100644 --- a/sound/isa/sscape.c +++ b/sound/isa/sscape.c @@ -63,22 +63,22 @@ MODULE_PARM_DESC(index, "Index number for SoundScape soundcard"); module_param_array(id, charp, NULL, 0444); MODULE_PARM_DESC(id, "Description for SoundScape card"); -module_param_array(port, long, NULL, 0444); +module_param_hw_array(port, long, ioport, NULL, 0444); MODULE_PARM_DESC(port, "Port # for SoundScape driver."); -module_param_array(wss_port, long, NULL, 0444); +module_param_hw_array(wss_port, long, ioport, NULL, 0444); MODULE_PARM_DESC(wss_port, "WSS Port # for SoundScape driver."); -module_param_array(irq, int, NULL, 0444); +module_param_hw_array(irq, int, irq, NULL, 0444); MODULE_PARM_DESC(irq, "IRQ # for SoundScape driver."); -module_param_array(mpu_irq, int, NULL, 0444); +module_param_hw_array(mpu_irq, int, irq, NULL, 0444); MODULE_PARM_DESC(mpu_irq, "MPU401 IRQ # for SoundScape driver."); -module_param_array(dma, int, NULL, 0444); +module_param_hw_array(dma, int, dma, NULL, 0444); MODULE_PARM_DESC(dma, "DMA # for SoundScape driver."); -module_param_array(dma2, int, NULL, 0444); +module_param_hw_array(dma2, int, dma, NULL, 0444); MODULE_PARM_DESC(dma2, "DMA2 # for SoundScape driver."); module_param_array(joystick, bool, NULL, 0444); diff --git a/sound/isa/wavefront/wavefront.c b/sound/isa/wavefront/wavefront.c index a0987a57c8a9..da4e9a85f0af 100644 --- a/sound/isa/wavefront/wavefront.c +++ b/sound/isa/wavefront/wavefront.c @@ -63,23 +63,23 @@ MODULE_PARM_DESC(enable, "Enable WaveFront soundcard."); module_param_array(isapnp, bool, NULL, 0444); MODULE_PARM_DESC(isapnp, "ISA PnP detection for WaveFront soundcards."); #endif -module_param_array(cs4232_pcm_port, long, NULL, 0444); +module_param_hw_array(cs4232_pcm_port, long, ioport, NULL, 0444); MODULE_PARM_DESC(cs4232_pcm_port, "Port # for CS4232 PCM interface."); -module_param_array(cs4232_pcm_irq, int, NULL, 0444); +module_param_hw_array(cs4232_pcm_irq, int, irq, NULL, 0444); MODULE_PARM_DESC(cs4232_pcm_irq, "IRQ # for CS4232 PCM interface."); -module_param_array(dma1, int, NULL, 0444); +module_param_hw_array(dma1, int, dma, NULL, 0444); MODULE_PARM_DESC(dma1, "DMA1 # for CS4232 PCM interface."); -module_param_array(dma2, int, NULL, 0444); +module_param_hw_array(dma2, int, dma, NULL, 0444); MODULE_PARM_DESC(dma2, "DMA2 # for CS4232 PCM interface."); -module_param_array(cs4232_mpu_port, long, NULL, 0444); +module_param_hw_array(cs4232_mpu_port, long, ioport, NULL, 0444); MODULE_PARM_DESC(cs4232_mpu_port, "port # for CS4232 MPU-401 interface."); -module_param_array(cs4232_mpu_irq, int, NULL, 0444); +module_param_hw_array(cs4232_mpu_irq, int, irq, NULL, 0444); MODULE_PARM_DESC(cs4232_mpu_irq, "IRQ # for CS4232 MPU-401 interface."); -module_param_array(ics2115_irq, int, NULL, 0444); +module_param_hw_array(ics2115_irq, int, irq, NULL, 0444); MODULE_PARM_DESC(ics2115_irq, "IRQ # for ICS2115."); -module_param_array(ics2115_port, long, NULL, 0444); +module_param_hw_array(ics2115_port, long, ioport, NULL, 0444); MODULE_PARM_DESC(ics2115_port, "Port # for ICS2115."); -module_param_array(fm_port, long, NULL, 0444); +module_param_hw_array(fm_port, long, ioport, NULL, 0444); MODULE_PARM_DESC(fm_port, "FM port #."); module_param_array(use_cs4232_midi, bool, NULL, 0444); MODULE_PARM_DESC(use_cs4232_midi, "Use CS4232 MPU-401 interface (inaccessibly located inside your computer)"); From patchwork Thu Jun 18 23:12:52 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 1312484 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49nyV30Q9Yz9sRf; Fri, 19 Jun 2020 09:15:55 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1jm3l8-0001CA-KB; Thu, 18 Jun 2020 23:15:50 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3jM-00007V-21 for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:14:00 +0000 Received: from mail-io1-f71.google.com ([209.85.166.71]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3jK-0008Uc-DL for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:13:58 +0000 Received: by mail-io1-f71.google.com with SMTP id x2so5342323iof.0 for ; Thu, 18 Jun 2020 16:13:58 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=mnNIuJrMAYG7AOt6CDqKTlTt9fFMHiKjQf4bD4L1VTU=; b=FbgctqnfrMFwyV7Cw5ih54U5Oeh63rFLVe5U4aLlffZ4j/EVHlzr1KNOeba/k+a9b/ axEEPczTqd4070/1FS+DiDObcSHig95BkSIRCxqVyhshITYxtS3CHRdeJA6zmXziWxCv ciDSZ59peRNnfKdyIHCR4q7nhAXX7bqD+LzSJC1AHt2vctvCCw2cUoTTOaB2/TeZonVD KFDnooyYBKWBqgNjo7C0wCvj/nZ4mv/Ota3bK256QIz9i46WIK6t9T/cYVSi8JEgyS+r Bma03ylObhHFPkx2pImIaCQxVPrTNp+fPPpQ9Zuoo4j6xIJy53AqiqXsGNR+pDXDV140 VPsg== X-Gm-Message-State: AOAM531aI9IOzqyfvnr5nus0ic/Vo0x910hhRbce6H7socIBcJboj1Jp SnN2uKjRthaJNHSR6mJUEWMQDrJOBeyOW623hGwegUEb29MFCPVCyNxokoYljAGM/zW3/I35mNs h+1BDTilbVDnm/808LLCu895d7miH1v582GqHLtE3wg== X-Received: by 2002:a05:6602:2dd4:: with SMTP id l20mr1204242iow.13.1592522037094; Thu, 18 Jun 2020 16:13:57 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyQoCVlIWoekcv0KWb9v58FjFNjlxn0J41G5A5KxdFPkJt78+i67VCfPDw6IkLCCQQG0xubJA== X-Received: by 2002:a05:6602:2dd4:: with SMTP id l20mr1204214iow.13.1592522036724; Thu, 18 Jun 2020 16:13:56 -0700 (PDT) Received: from localhost ([2605:a601:ac0f:820:f090:1573:c2fc:6389]) by smtp.gmail.com with ESMTPSA id g15sm2207664ilr.5.2020.06.18.16.13.56 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 16:13:56 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH 41/47][X] Annotate hardware config module parameters in sound/oss/ Date: Thu, 18 Jun 2020 18:12:52 -0500 Message-Id: <20200618231258.630575-42-seth.forshee@canonical.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200618231258.630575-1-seth.forshee@canonical.com> References: <20200618231258.630575-1-seth.forshee@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: David Howells BugLink: https://bugs.launchpad.net/bugs/1884159 When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a device to access or modify the kernel image. To this end, annotate module_param* statements that refer to hardware configuration and indicate for future reference what type of parameter they specify. The parameter parser in the core sees this information and can skip such parameters with an error message if the kernel is locked down. The module initialisation then runs as normal, but just sees whatever the default values for those parameters is. Note that we do still need to do the module initialisation because some drivers have viable defaults set in case parameters aren't specified and some drivers support automatic configuration (e.g. PNP or PCI) in addition to manually coded parameters. This patch annotates drivers in sound/oss/. Suggested-by: Alan Cox Signed-off-by: David Howells cc: Jaroslav Kysela cc: Takashi Iwai cc: Andrew Veliath cc: alsa-devel@alsa-project.org (cherry picked from commit 232b0b0829fa4f22172750a6e2a36867583da285) Signed-off-by: Seth Forshee --- sound/oss/ad1848.c | 8 ++++---- sound/oss/aedsp16.c | 12 ++++++------ sound/oss/mpu401.c | 4 ++-- sound/oss/msnd_pinnacle.c | 20 ++++++++++---------- sound/oss/opl3.c | 2 +- sound/oss/pas2_card.c | 18 +++++++++--------- sound/oss/pss.c | 14 +++++++------- sound/oss/sb_card.c | 10 +++++----- sound/oss/trix.c | 18 +++++++++--------- sound/oss/uart401.c | 4 ++-- sound/oss/uart6850.c | 4 ++-- sound/oss/waveartist.c | 8 ++++---- 12 files changed, 61 insertions(+), 61 deletions(-) diff --git a/sound/oss/ad1848.c b/sound/oss/ad1848.c index 10c8de1f8d29..f43f4c4b254b 100644 --- a/sound/oss/ad1848.c +++ b/sound/oss/ad1848.c @@ -2810,10 +2810,10 @@ static int __initdata dma = -1; static int __initdata dma2 = -1; static int __initdata type = 0; -module_param(io, int, 0); /* I/O for a raw AD1848 card */ -module_param(irq, int, 0); /* IRQ to use */ -module_param(dma, int, 0); /* First DMA channel */ -module_param(dma2, int, 0); /* Second DMA channel */ +module_param_hw(io, int, ioport, 0); /* I/O for a raw AD1848 card */ +module_param_hw(irq, int, irq, 0); /* IRQ to use */ +module_param_hw(dma, int, dma, 0); /* First DMA channel */ +module_param_hw(dma2, int, dma, 0); /* Second DMA channel */ module_param(type, int, 0); /* Card type */ module_param(deskpro_xl, bool, 0); /* Special magic for Deskpro XL boxen */ module_param(deskpro_m, bool, 0); /* Special magic for Deskpro M box */ diff --git a/sound/oss/aedsp16.c b/sound/oss/aedsp16.c index 35b5912cf3f8..89427eb60b08 100644 --- a/sound/oss/aedsp16.c +++ b/sound/oss/aedsp16.c @@ -1303,17 +1303,17 @@ static int __initdata mpu_irq = -1; static int __initdata mss_base = -1; static int __initdata mpu_base = -1; -module_param(io, int, 0); +module_param_hw(io, int, ioport, 0); MODULE_PARM_DESC(io, "I/O base address (0x220 0x240)"); -module_param(irq, int, 0); +module_param_hw(irq, int, irq, 0); MODULE_PARM_DESC(irq, "IRQ line (5 7 9 10 11)"); -module_param(dma, int, 0); +module_param_hw(dma, int, dma, 0); MODULE_PARM_DESC(dma, "dma line (0 1 3)"); -module_param(mpu_irq, int, 0); +module_param_hw(mpu_irq, int, irq, 0); MODULE_PARM_DESC(mpu_irq, "MPU-401 IRQ line (5 7 9 10 0)"); -module_param(mss_base, int, 0); +module_param_hw(mss_base, int, ioport, 0); MODULE_PARM_DESC(mss_base, "MSS emulation I/O base address (0x530 0xE80)"); -module_param(mpu_base, int, 0); +module_param_hw(mpu_base, int, ioport, 0); MODULE_PARM_DESC(mpu_base,"MPU-401 I/O base address (0x300 0x310 0x320 0x330)"); MODULE_AUTHOR("Riccardo Facchetti "); MODULE_DESCRIPTION("Audio Excel DSP 16 Driver Version " VERSION); diff --git a/sound/oss/mpu401.c b/sound/oss/mpu401.c index 862735005b43..20e8fa46f647 100644 --- a/sound/oss/mpu401.c +++ b/sound/oss/mpu401.c @@ -1748,8 +1748,8 @@ static struct address_info cfg; static int io = -1; static int irq = -1; -module_param(irq, int, 0); -module_param(io, int, 0); +module_param_hw(irq, int, irq, 0); +module_param_hw(io, int, ioport, 0); static int __init init_mpu401(void) { diff --git a/sound/oss/msnd_pinnacle.c b/sound/oss/msnd_pinnacle.c index a8bb4a06ba6f..8e5221d15066 100644 --- a/sound/oss/msnd_pinnacle.c +++ b/sound/oss/msnd_pinnacle.c @@ -1725,22 +1725,22 @@ static int calibrate_signal __initdata = CONFIG_MSND_CALSIGNAL; #endif /* MODULE */ -module_param (io, int, 0); -module_param (irq, int, 0); -module_param (mem, int, 0); +module_param_hw (io, int, ioport, 0); +module_param_hw (irq, int, irq, 0); +module_param_hw (mem, int, iomem, 0); module_param (write_ndelay, int, 0); module_param (fifosize, int, 0); module_param (calibrate_signal, int, 0); #ifndef MSND_CLASSIC module_param (digital, bool, 0); -module_param (cfg, int, 0); +module_param_hw (cfg, int, ioport, 0); module_param (reset, int, 0); -module_param (mpu_io, int, 0); -module_param (mpu_irq, int, 0); -module_param (ide_io0, int, 0); -module_param (ide_io1, int, 0); -module_param (ide_irq, int, 0); -module_param (joystick_io, int, 0); +module_param_hw (mpu_io, int, ioport, 0); +module_param_hw (mpu_irq, int, irq, 0); +module_param_hw (ide_io0, int, ioport, 0); +module_param_hw (ide_io1, int, ioport, 0); +module_param_hw (ide_irq, int, irq, 0); +module_param_hw (joystick_io, int, ioport, 0); #endif static int __init msnd_init(void) diff --git a/sound/oss/opl3.c b/sound/oss/opl3.c index b6d19adf8f41..f0f5b5be6314 100644 --- a/sound/oss/opl3.c +++ b/sound/oss/opl3.c @@ -1200,7 +1200,7 @@ static int me; static int io = -1; -module_param(io, int, 0); +module_param_hw(io, int, ioport, 0); static int __init init_opl3 (void) { diff --git a/sound/oss/pas2_card.c b/sound/oss/pas2_card.c index b07954a79536..769fca692d2a 100644 --- a/sound/oss/pas2_card.c +++ b/sound/oss/pas2_card.c @@ -383,15 +383,15 @@ static int __initdata sb_irq = -1; static int __initdata sb_dma = -1; static int __initdata sb_dma16 = -1; -module_param(io, int, 0); -module_param(irq, int, 0); -module_param(dma, int, 0); -module_param(dma16, int, 0); - -module_param(sb_io, int, 0); -module_param(sb_irq, int, 0); -module_param(sb_dma, int, 0); -module_param(sb_dma16, int, 0); +module_param_hw(io, int, ioport, 0); +module_param_hw(irq, int, irq, 0); +module_param_hw(dma, int, dma, 0); +module_param_hw(dma16, int, dma, 0); + +module_param_hw(sb_io, int, ioport, 0); +module_param_hw(sb_irq, int, irq, 0); +module_param_hw(sb_dma, int, dma, 0); +module_param_hw(sb_dma16, int, dma, 0); module_param(joystick, bool, 0); module_param(symphony, bool, 0); diff --git a/sound/oss/pss.c b/sound/oss/pss.c index 81314f9e2ccb..33c3a442e162 100644 --- a/sound/oss/pss.c +++ b/sound/oss/pss.c @@ -1139,19 +1139,19 @@ static bool pss_no_sound = 0; /* Just configure non-sound components */ static bool pss_keep_settings = 1; /* Keep hardware settings at module exit */ static char *pss_firmware = "/etc/sound/pss_synth"; -module_param(pss_io, int, 0); +module_param_hw(pss_io, int, ioport, 0); MODULE_PARM_DESC(pss_io, "Set i/o base of PSS card (probably 0x220 or 0x240)"); -module_param(mss_io, int, 0); +module_param_hw(mss_io, int, ioport, 0); MODULE_PARM_DESC(mss_io, "Set WSS (audio) i/o base (0x530, 0x604, 0xE80, 0xF40, or other. Address must end in 0 or 4 and must be from 0x100 to 0xFF4)"); -module_param(mss_irq, int, 0); +module_param_hw(mss_irq, int, irq, 0); MODULE_PARM_DESC(mss_irq, "Set WSS (audio) IRQ (3, 5, 7, 9, 10, 11, 12)"); -module_param(mss_dma, int, 0); +module_param_hw(mss_dma, int, dma, 0); MODULE_PARM_DESC(mss_dma, "Set WSS (audio) DMA (0, 1, 3)"); -module_param(mpu_io, int, 0); +module_param_hw(mpu_io, int, ioport, 0); MODULE_PARM_DESC(mpu_io, "Set MIDI i/o base (0x330 or other. Address must be on 4 location boundaries and must be from 0x100 to 0xFFC)"); -module_param(mpu_irq, int, 0); +module_param_hw(mpu_irq, int, irq, 0); MODULE_PARM_DESC(mpu_irq, "Set MIDI IRQ (3, 5, 7, 9, 10, 11, 12)"); -module_param(pss_cdrom_port, int, 0); +module_param_hw(pss_cdrom_port, int, ioport, 0); MODULE_PARM_DESC(pss_cdrom_port, "Set the PSS CDROM port i/o base (0x340 or other)"); module_param(pss_enable_joystick, bool, 0); MODULE_PARM_DESC(pss_enable_joystick, "Enables the PSS joystick port (1 to enable, 0 to disable)"); diff --git a/sound/oss/sb_card.c b/sound/oss/sb_card.c index fb5d7250de38..2a92cfe6cfe9 100644 --- a/sound/oss/sb_card.c +++ b/sound/oss/sb_card.c @@ -61,15 +61,15 @@ static int __initdata uart401 = 0; static int __initdata pnp = 0; #endif -module_param(io, int, 000); +module_param_hw(io, int, ioport, 000); MODULE_PARM_DESC(io, "Soundblaster i/o base address (0x220,0x240,0x260,0x280)"); -module_param(irq, int, 000); +module_param_hw(irq, int, irq, 000); MODULE_PARM_DESC(irq, "IRQ (5,7,9,10)"); -module_param(dma, int, 000); +module_param_hw(dma, int, dma, 000); MODULE_PARM_DESC(dma, "8-bit DMA channel (0,1,3)"); -module_param(dma16, int, 000); +module_param_hw(dma16, int, dma, 000); MODULE_PARM_DESC(dma16, "16-bit DMA channel (5,6,7)"); -module_param(mpu_io, int, 000); +module_param_hw(mpu_io, int, ioport, 000); MODULE_PARM_DESC(mpu_io, "MPU base address"); module_param(type, int, 000); MODULE_PARM_DESC(type, "You can set this to specific card type (doesn't " \ diff --git a/sound/oss/trix.c b/sound/oss/trix.c index 3c494dc93b93..a57bc635d758 100644 --- a/sound/oss/trix.c +++ b/sound/oss/trix.c @@ -413,15 +413,15 @@ static int __initdata sb_irq = -1; static int __initdata mpu_io = -1; static int __initdata mpu_irq = -1; -module_param(io, int, 0); -module_param(irq, int, 0); -module_param(dma, int, 0); -module_param(dma2, int, 0); -module_param(sb_io, int, 0); -module_param(sb_dma, int, 0); -module_param(sb_irq, int, 0); -module_param(mpu_io, int, 0); -module_param(mpu_irq, int, 0); +module_param_hw(io, int, ioport, 0); +module_param_hw(irq, int, irq, 0); +module_param_hw(dma, int, dma, 0); +module_param_hw(dma2, int, dma, 0); +module_param_hw(sb_io, int, ioport, 0); +module_param_hw(sb_dma, int, dma, 0); +module_param_hw(sb_irq, int, irq, 0); +module_param_hw(mpu_io, int, ioport, 0); +module_param_hw(mpu_irq, int, irq, 0); module_param(joystick, bool, 0); static int __init init_trix(void) diff --git a/sound/oss/uart401.c b/sound/oss/uart401.c index dae4d4344407..83dcc85b8688 100644 --- a/sound/oss/uart401.c +++ b/sound/oss/uart401.c @@ -429,8 +429,8 @@ static struct address_info cfg_mpu; static int io = -1; static int irq = -1; -module_param(io, int, 0444); -module_param(irq, int, 0444); +module_param_hw(io, int, ioport, 0444); +module_param_hw(irq, int, irq, 0444); static int __init init_uart401(void) diff --git a/sound/oss/uart6850.c b/sound/oss/uart6850.c index 1079133dd6ab..eda32d7eddbd 100644 --- a/sound/oss/uart6850.c +++ b/sound/oss/uart6850.c @@ -315,8 +315,8 @@ static struct address_info cfg_mpu; static int __initdata io = -1; static int __initdata irq = -1; -module_param(io, int, 0); -module_param(irq, int, 0); +module_param_hw(io, int, ioport, 0); +module_param_hw(irq, int, irq, 0); static int __init init_uart6850(void) { diff --git a/sound/oss/waveartist.c b/sound/oss/waveartist.c index b36ea47527e8..c3489bf5630b 100644 --- a/sound/oss/waveartist.c +++ b/sound/oss/waveartist.c @@ -2038,8 +2038,8 @@ __setup("waveartist=", setup_waveartist); #endif MODULE_DESCRIPTION("Rockwell WaveArtist RWA-010 sound driver"); -module_param(io, int, 0); /* IO base */ -module_param(irq, int, 0); /* IRQ */ -module_param(dma, int, 0); /* DMA */ -module_param(dma2, int, 0); /* DMA2 */ +module_param_hw(io, int, ioport, 0); /* IO base */ +module_param_hw(irq, int, irq, 0); /* IRQ */ +module_param_hw(dma, int, dma, 0); /* DMA */ +module_param_hw(dma2, int, dma, 0); /* DMA2 */ MODULE_LICENSE("GPL"); From patchwork Thu Jun 18 23:12:53 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 1312486 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49nyV44NZLz9sSd; Fri, 19 Jun 2020 09:15:56 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1jm3lA-0001E0-3c; Thu, 18 Jun 2020 23:15:52 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3jN-00008p-Dc for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:14:01 +0000 Received: from mail-il1-f199.google.com ([209.85.166.199]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3jM-0008Ve-7L for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:14:00 +0000 Received: by mail-il1-f199.google.com with SMTP id q24so5127991ili.12 for ; Thu, 18 Jun 2020 16:14:00 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=j3f5CA+oEyKTcP5F30fKARKJfwFAa7xFq4jDPD1fLSI=; b=DBLUKtkRmETavksIBKpPf3PP93EyKJ3iERVgED3DRjw5nFSQPZwh06dFqeEHCBwtFR dNF4XVUyv54aQxM71K8dRQaKUXfwQsSn7tTSFQOXwFP064km7ISsQpg44fmTfqOxZCwR aiMnjafUe2rLPLkkpUk5FJOn9oBUl7wLVYMluG+VF0FigCPms/YEFJqw3rkbp+QQhZMV quDuEpW+Bf4VHEeSDgfXdngQgVe8UxE7BOv+KD1DAic+vz3Lg0n72/AdmMAt4jJSy8py vPlHx8oiPYQoNhEYXHK5l7rgDmVi72CDSCbIooPTr8ykmqCelOnUjGjESbcVoa1L3Nb6 6WvA== X-Gm-Message-State: AOAM530k+QicN1ZZXzaJDSxW5xeepN4xbujDPFptchAYZK1jU/uFrFwe BHgbnvXEdN25Ie9J4VIeE6NhVQM20ofTyqA1uhxEE2UFFLKw7IJyxS40DSyHUZn6fJ6YrivCmOV MLP1Of7rb2jGX+EQxj8fK6bdQXV6waHY/7jGCwEietA== X-Received: by 2002:a5d:85d5:: with SMTP id e21mr1200942ios.166.1592522039105; Thu, 18 Jun 2020 16:13:59 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwIZs1QfJGcdmSF6ZjExRpHYSG/OlfEjJekq4LeEX7p1I3eezUhNz2+VU/ACAWXOASpAGdAgw== X-Received: by 2002:a5d:85d5:: with SMTP id e21mr1200933ios.166.1592522038829; Thu, 18 Jun 2020 16:13:58 -0700 (PDT) Received: from localhost ([2605:a601:ac0f:820:f090:1573:c2fc:6389]) by smtp.gmail.com with ESMTPSA id h23sm2336684ioj.39.2020.06.18.16.13.58 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 16:13:58 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH 42/47][X] Annotate hardware config module parameters in sound/pci/ Date: Thu, 18 Jun 2020 18:12:53 -0500 Message-Id: <20200618231258.630575-43-seth.forshee@canonical.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200618231258.630575-1-seth.forshee@canonical.com> References: <20200618231258.630575-1-seth.forshee@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: David Howells BugLink: https://bugs.launchpad.net/bugs/1884159 When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a device to access or modify the kernel image. To this end, annotate module_param* statements that refer to hardware configuration and indicate for future reference what type of parameter they specify. The parameter parser in the core sees this information and can skip such parameters with an error message if the kernel is locked down. The module initialisation then runs as normal, but just sees whatever the default values for those parameters is. Note that we do still need to do the module initialisation because some drivers have viable defaults set in case parameters aren't specified and some drivers support automatic configuration (e.g. PNP or PCI) in addition to manually coded parameters. This patch annotates drivers in sound/pci/. Suggested-by: Alan Cox Signed-off-by: David Howells cc: Jaroslav Kysela cc: Takashi Iwai cc: alsa-devel@alsa-project.org (cherry picked from commit 6192c41fc608b0a58d5540b015aa1672c266f3c5) Signed-off-by: Seth Forshee --- sound/pci/als4000.c | 2 +- sound/pci/cmipci.c | 6 +++--- sound/pci/ens1370.c | 2 +- sound/pci/riptide/riptide.c | 6 +++--- sound/pci/sonicvibes.c | 2 +- sound/pci/via82xx.c | 2 +- sound/pci/ymfpci/ymfpci.c | 6 +++--- 7 files changed, 13 insertions(+), 13 deletions(-) diff --git a/sound/pci/als4000.c b/sound/pci/als4000.c index ff39a0c7277b..585bd7527d7d 100644 --- a/sound/pci/als4000.c +++ b/sound/pci/als4000.c @@ -102,7 +102,7 @@ MODULE_PARM_DESC(id, "ID string for ALS4000 soundcard."); module_param_array(enable, bool, NULL, 0444); MODULE_PARM_DESC(enable, "Enable ALS4000 soundcard."); #ifdef SUPPORT_JOYSTICK -module_param_array(joystick_port, int, NULL, 0444); +module_param_hw_array(joystick_port, int, ioport, NULL, 0444); MODULE_PARM_DESC(joystick_port, "Joystick port address for ALS4000 soundcard. (0 = disabled)"); #endif diff --git a/sound/pci/cmipci.c b/sound/pci/cmipci.c index 24cdcba06d27..bf079eef4c1b 100644 --- a/sound/pci/cmipci.c +++ b/sound/pci/cmipci.c @@ -68,14 +68,14 @@ module_param_array(id, charp, NULL, 0444); MODULE_PARM_DESC(id, "ID string for C-Media PCI soundcard."); module_param_array(enable, bool, NULL, 0444); MODULE_PARM_DESC(enable, "Enable C-Media PCI soundcard."); -module_param_array(mpu_port, long, NULL, 0444); +module_param_hw_array(mpu_port, long, ioport, NULL, 0444); MODULE_PARM_DESC(mpu_port, "MPU-401 port."); -module_param_array(fm_port, long, NULL, 0444); +module_param_hw_array(fm_port, long, ioport, NULL, 0444); MODULE_PARM_DESC(fm_port, "FM port."); module_param_array(soft_ac3, bool, NULL, 0444); MODULE_PARM_DESC(soft_ac3, "Software-conversion of raw SPDIF packets (model 033 only)."); #ifdef SUPPORT_JOYSTICK -module_param_array(joystick_port, int, NULL, 0444); +module_param_hw_array(joystick_port, int, ioport, NULL, 0444); MODULE_PARM_DESC(joystick_port, "Joystick port address."); #endif diff --git a/sound/pci/ens1370.c b/sound/pci/ens1370.c index 0dc44ebb0032..f87b403480bf 100644 --- a/sound/pci/ens1370.c +++ b/sound/pci/ens1370.c @@ -106,7 +106,7 @@ module_param_array(enable, bool, NULL, 0444); MODULE_PARM_DESC(enable, "Enable Ensoniq AudioPCI soundcard."); #ifdef SUPPORT_JOYSTICK #ifdef CHIP1371 -module_param_array(joystick_port, int, NULL, 0444); +module_param_hw_array(joystick_port, int, ioport, NULL, 0444); MODULE_PARM_DESC(joystick_port, "Joystick port address."); #else module_param_array(joystick, bool, NULL, 0444); diff --git a/sound/pci/riptide/riptide.c b/sound/pci/riptide/riptide.c index 94639d6b5fb5..a4ffc9a0c60f 100644 --- a/sound/pci/riptide/riptide.c +++ b/sound/pci/riptide/riptide.c @@ -137,12 +137,12 @@ MODULE_PARM_DESC(id, "ID string for Riptide soundcard."); module_param_array(enable, bool, NULL, 0444); MODULE_PARM_DESC(enable, "Enable Riptide soundcard."); #ifdef SUPPORT_JOYSTICK -module_param_array(joystick_port, int, NULL, 0444); +module_param_hw_array(joystick_port, int, ioport, NULL, 0444); MODULE_PARM_DESC(joystick_port, "Joystick port # for Riptide soundcard."); #endif -module_param_array(mpu_port, int, NULL, 0444); +module_param_hw_array(mpu_port, int, ioport, NULL, 0444); MODULE_PARM_DESC(mpu_port, "MPU401 port # for Riptide driver."); -module_param_array(opl3_port, int, NULL, 0444); +module_param_hw_array(opl3_port, int, ioport, NULL, 0444); MODULE_PARM_DESC(opl3_port, "OPL3 port # for Riptide driver."); /* diff --git a/sound/pci/sonicvibes.c b/sound/pci/sonicvibes.c index 1b6fad7d4d56..877403f85f3c 100644 --- a/sound/pci/sonicvibes.c +++ b/sound/pci/sonicvibes.c @@ -66,7 +66,7 @@ module_param_array(reverb, bool, NULL, 0444); MODULE_PARM_DESC(reverb, "Enable reverb (SRAM is present) for S3 SonicVibes soundcard."); module_param_array(mge, bool, NULL, 0444); MODULE_PARM_DESC(mge, "MIC Gain Enable for S3 SonicVibes soundcard."); -module_param(dmaio, uint, 0444); +module_param_hw(dmaio, uint, ioport, 0444); MODULE_PARM_DESC(dmaio, "DDMA i/o base address for S3 SonicVibes soundcard."); /* diff --git a/sound/pci/via82xx.c b/sound/pci/via82xx.c index 3dd038bdb204..5a2c5c75e0c4 100644 --- a/sound/pci/via82xx.c +++ b/sound/pci/via82xx.c @@ -92,7 +92,7 @@ module_param(index, int, 0444); MODULE_PARM_DESC(index, "Index value for VIA 82xx bridge."); module_param(id, charp, 0444); MODULE_PARM_DESC(id, "ID string for VIA 82xx bridge."); -module_param(mpu_port, long, 0444); +module_param_hw(mpu_port, long, ioport, 0444); MODULE_PARM_DESC(mpu_port, "MPU-401 port. (VT82C686x only)"); #ifdef SUPPORT_JOYSTICK module_param(joystick, bool, 0444); diff --git a/sound/pci/ymfpci/ymfpci.c b/sound/pci/ymfpci/ymfpci.c index 812e27a1bcbc..4faf3e1ed06a 100644 --- a/sound/pci/ymfpci/ymfpci.c +++ b/sound/pci/ymfpci/ymfpci.c @@ -55,12 +55,12 @@ module_param_array(id, charp, NULL, 0444); MODULE_PARM_DESC(id, "ID string for the Yamaha DS-1 PCI soundcard."); module_param_array(enable, bool, NULL, 0444); MODULE_PARM_DESC(enable, "Enable Yamaha DS-1 soundcard."); -module_param_array(mpu_port, long, NULL, 0444); +module_param_hw_array(mpu_port, long, ioport, NULL, 0444); MODULE_PARM_DESC(mpu_port, "MPU-401 Port."); -module_param_array(fm_port, long, NULL, 0444); +module_param_hw_array(fm_port, long, ioport, NULL, 0444); MODULE_PARM_DESC(fm_port, "FM OPL-3 Port."); #ifdef SUPPORT_JOYSTICK -module_param_array(joystick_port, long, NULL, 0444); +module_param_hw_array(joystick_port, long, ioport, NULL, 0444); MODULE_PARM_DESC(joystick_port, "Joystick port address"); #endif module_param_array(rear_switch, bool, NULL, 0444); From patchwork Thu Jun 18 23:12:54 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 1312487 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49nyV652tMz9sRW; Fri, 19 Jun 2020 09:15:58 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1jm3lC-0001Gd-3w; Thu, 18 Jun 2020 23:15:54 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3jP-0000AQ-Nw for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:14:03 +0000 Received: from mail-io1-f70.google.com ([209.85.166.70]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3jO-0008WR-9F for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:14:02 +0000 Received: by mail-io1-f70.google.com with SMTP id l204so5342419ioa.4 for ; Thu, 18 Jun 2020 16:14:02 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=AF+rvn3cPMdyW88bulT7E3dojOzpYjLcJmi/uh0A8Vo=; b=CYgkav+Mf1o6npCvwfECIoRDgSRdQJVEXirK4XKBFoosUpHRM/Dv725CkOKWJsESpW c+vzVcb0ZwSmRwJFYeGRhAN/cBaju/oP3jq6w6FXjQaGG+GD8XMD+iI430gRYP30hytG T1KbCJjt8rUjBGCSAi+bETNhyH5J/tQrSHd2FMu/w/4b0kGuiAYAMBGAJPyUNLpgsxa5 tqo0fHmYVCqNa5BdLoju3EwouDiqre+Y1oZ8QcueDC/JbAhE+NoUpTcQZyZI15AEPgND D/deOUHCTCyZlUt+z2ihFi08WuaXytFJsWbHlLDSn8aInMVtlXV5ovZ6Wte+Saj04WOD z87w== X-Gm-Message-State: AOAM530mYsn+naqHkR6toNdA1W9zZr4vNDRpaAt6BKyFwKoC4UkL9Dch OYgoMAqwyPwJG94cecqOyF3S1irQASCtGPXV0zbruKoBra+jLDzYiHZ/Y2oj7svzBTPz1zLsnbc eomQOT+byTlMvVlCg1sKbmwOq5kZ9mipY9dvEp4ABvQ== X-Received: by 2002:a05:6e02:1313:: with SMTP id g19mr850957ilr.91.1592522041168; Thu, 18 Jun 2020 16:14:01 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwFusoFiO08mK20UBoHIDURCgCG8V02FpqtHy9sLMTLh7ImhrV2QCjp9/pgWTri7QciLRMVRQ== X-Received: by 2002:a05:6e02:1313:: with SMTP id g19mr850950ilr.91.1592522040913; Thu, 18 Jun 2020 16:14:00 -0700 (PDT) Received: from localhost ([2605:a601:ac0f:820:f090:1573:c2fc:6389]) by smtp.gmail.com with ESMTPSA id u20sm2409383iom.30.2020.06.18.16.14.00 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 16:14:00 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH 43/47][X] UBUNTU: SAUCE: (efi-lockdown) Lock down module params that specify hardware parameters (eg. ioport) Date: Thu, 18 Jun 2020 18:12:54 -0500 Message-Id: <20200618231258.630575-44-seth.forshee@canonical.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200618231258.630575-1-seth.forshee@canonical.com> References: <20200618231258.630575-1-seth.forshee@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: David Howells BugLink: https://bugs.launchpad.net/bugs/1884159 Provided an annotation for module parameters that specify hardware parameters (such as io ports, iomem addresses, irqs, dma channels, fixed dma buffers and other types). Suggested-by: Alan Cox Signed-off-by: David Howells (backported from commit 33a38c67ed53106458e1858a2101cae3026486e4 git://git.kernel.org/pub/scm/linux/kernel/git/jwboyer/fedora.git) Signed-off-by: Seth Forshee --- kernel/params.c | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/kernel/params.c b/kernel/params.c index a6d6149c0fe6..87bbf2bdc09e 100644 --- a/kernel/params.c +++ b/kernel/params.c @@ -108,13 +108,18 @@ bool parameq(const char *a, const char *b) return parameqn(a, b, strlen(a)+1); } -static void param_check_unsafe(const struct kernel_param *kp) +static bool param_check_unsafe(const struct kernel_param *kp, + const char *doing) { if (kp->flags & KERNEL_PARAM_FL_UNSAFE) { pr_warn("Setting dangerous option %s - tainting kernel\n", kp->name); add_taint(TAINT_USER, LOCKDEP_STILL_OK); } + + if (kp->flags & KERNEL_PARAM_FL_HWPARAM && secure_modules()) + return false; + return true; } static int parse_one(char *param, @@ -144,8 +149,10 @@ static int parse_one(char *param, pr_debug("handling %s with %p\n", param, params[i].ops->set); kernel_param_lock(params[i].mod); - param_check_unsafe(¶ms[i]); - err = params[i].ops->set(val, ¶ms[i]); + if (param_check_unsafe(¶ms[i], doing)) + err = params[i].ops->set(val, ¶ms[i]); + else + err = -EPERM; kernel_param_unlock(params[i].mod); return err; } @@ -608,6 +615,12 @@ static ssize_t param_attr_show(struct module_attribute *mattr, return count; } +#ifdef CONFIG_MODULES +#define mod_name(mod) (mod)->name +#else +#define mod_name(mod) "unknown" +#endif + /* sysfs always hands a nul-terminated string in buf. We rely on that. */ static ssize_t param_attr_store(struct module_attribute *mattr, struct module_kobject *mk, @@ -620,8 +633,10 @@ static ssize_t param_attr_store(struct module_attribute *mattr, return -EPERM; kernel_param_lock(mk->mod); - param_check_unsafe(attribute->param); - err = attribute->param->ops->set(buf, attribute->param); + if (param_check_unsafe(attribute->param, mod_name(mk->mod))) + err = attribute->param->ops->set(buf, attribute->param); + else + err = -EPERM; kernel_param_unlock(mk->mod); if (!err) return len; From patchwork Thu Jun 18 23:12:55 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 1312488 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49nyV92GQzz9sNR; Fri, 19 Jun 2020 09:16:01 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1jm3lD-0001IV-Rx; Thu, 18 Jun 2020 23:15:55 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3jQ-0000BJ-Rh for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:14:04 +0000 Received: from mail-il1-f200.google.com ([209.85.166.200]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3jP-00004r-DR for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:14:03 +0000 Received: by mail-il1-f200.google.com with SMTP id e5so5130746ill.10 for ; Thu, 18 Jun 2020 16:14:03 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=vRdXymHRKOI3kRnkEBUTBToBzMkSk23R3C8M32JJSys=; b=kyGzYQjsIrkSbvXOguo1vrFUj7iT+LpKZ7zhyIrpr3iQEjAXFSD6sTyg98Akur/hKy aJjvcDu12PMJFOfYh6v6aRNWDistVFu9yWjTseqjlMJdxvOiUxcMqlFGulhQlJ5tnY3A OZfaOZt5syxdXYCyIaGGGjwBa2FrsnNk2qBP7rCnFixOAGnGl15MdFydI9uJNDdfVND1 +3BtkkTvhF1rCyt6Q3ZFeuKuxybxrop4UYL6yE9UsUkDHSGJaVwjOVYBZy/vsOURSIKb 5xoUZdSwtOFhqrz6iMWdRyDAI6vzedeSji98qkE2e25dh4tEXDli5gM9If9UVSLL/sqK b7Mg== X-Gm-Message-State: AOAM531aY3JfRi05QAZjcRUfLsqBg4PZitpjq5pcAhV0XLH2ciJaaTk/ ZxQ+2uRlUk23VcAMHx2kkTJUvNMCef5/KYcs4ZY8KN0ZLOyQZz1AIr9qqTVi3A9D4tbIUJf4+q4 NnfbP7Iy5KB8vfiyKhgNmHXbqA0pmMv7TIpG+Q8Uj7w== X-Received: by 2002:a05:6e02:8e8:: with SMTP id n8mr854833ilt.282.1592522042277; Thu, 18 Jun 2020 16:14:02 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwgcLuNe3QHwmtjyrd/YaB04uNqwpkVy5Y5kUeqV6WdxW7l3kEFzxfeNyS7Uj2eCEX40iD6lA== X-Received: by 2002:a05:6e02:8e8:: with SMTP id n8mr854817ilt.282.1592522042056; Thu, 18 Jun 2020 16:14:02 -0700 (PDT) Received: from localhost ([2605:a601:ac0f:820:f090:1573:c2fc:6389]) by smtp.gmail.com with ESMTPSA id s26sm2325890ilb.81.2020.06.18.16.14.01 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 16:14:01 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH 44/47][X] UBUNTU: SAUCE: (efi-lockdown) Prohibit PCMCIA CIS storage when the kernel is locked down Date: Thu, 18 Jun 2020 18:12:55 -0500 Message-Id: <20200618231258.630575-45-seth.forshee@canonical.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200618231258.630575-1-seth.forshee@canonical.com> References: <20200618231258.630575-1-seth.forshee@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: David Howells BugLink: https://bugs.launchpad.net/bugs/1884159 Prohibit replacement of the PCMCIA Card Information Structure when the kernel is locked down. Suggested-by: Dominik Brodowski Signed-off-by: David Howells cc: linux-pcmcia@lists.infradead.org (backported from commit c5fe6d4762b16204e218f5299d232b9953c4caaa git://git.kernel.org/pub/scm/linux/kernel/git/jwboyer/fedora.git) Signed-off-by: Seth Forshee --- drivers/pcmcia/cistpl.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/pcmcia/cistpl.c b/drivers/pcmcia/cistpl.c index 55ef7d1fd8da..4ea05a5ec4b2 100644 --- a/drivers/pcmcia/cistpl.c +++ b/drivers/pcmcia/cistpl.c @@ -1578,6 +1578,9 @@ static ssize_t pccard_store_cis(struct file *filp, struct kobject *kobj, struct pcmcia_socket *s; int error; + if (secure_modules()) + return -EPERM; + s = to_socket(container_of(kobj, struct device, kobj)); if (off) From patchwork Thu Jun 18 23:12:56 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 1312489 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49nyVC1M33z9sNR; Fri, 19 Jun 2020 09:16:03 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1jm3lF-0001KG-9G; Thu, 18 Jun 2020 23:15:57 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3jS-0000CX-LB for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:14:06 +0000 Received: from mail-io1-f69.google.com ([209.85.166.69]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3jQ-000056-Tl for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:14:05 +0000 Received: by mail-io1-f69.google.com with SMTP id l19so5366506iol.5 for ; Thu, 18 Jun 2020 16:14:04 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=AwYcIsdy0Sw03kYMfbvUFlWqCJhDqXXwh6mECPJ4aSs=; b=MgTw8nPOluv9rWdQQWF8dnDaGCN4WLbXjJ56loUfoFABH46dt4tGHylEyT/iqbkt21 hB/+1nDPEqz87Fho91wIX8/EpD80mt0otdzNzZwxJ6J43BFBSSg++1CB7hyyZZsSL49G aGPI0j9BlNio679VEIHf/MEwcalvuTmHxv82FuJzsM61TGC7ps2LUCi+PmXEvXzOwp1x iJkEb67Jflo0vFsnRR8L0pMiV3FwURwjNxLv0/A5+NREZP+e7scpbEnuwI5WVRqPLOoN CO6kgBlKYCrtmRWtROewa9S7+6b3b0DKQB+WnBH4SGkE3ffzBhWoXR7DS7bI+HqguaZ9 Vz3w== X-Gm-Message-State: AOAM533ZhQYtbL+2A4V2/5peKWJd1k/GsF7dxFoK2ZR4ZcQ7szUnkoN7 fo+CdsCFKhx4ets0yKzv6lRZBoBMsMs2Torh8fHu3HpVElLJ4zqM/3edaGfOWZsscu5P1uebf2m uLbzjC/DWWNb937nb442QTtjohpeju92iYxU4FZfjXA== X-Received: by 2002:a5e:c242:: with SMTP id w2mr1204066iop.86.1592522043719; Thu, 18 Jun 2020 16:14:03 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx7J54pG2O7Y2XXuux0jik6gAsGpwG9XxJvS8HNrSgLL6mcDuFCNIhJNeRF4ZHNp1Smg/303w== X-Received: by 2002:a5e:c242:: with SMTP id w2mr1204050iop.86.1592522043481; Thu, 18 Jun 2020 16:14:03 -0700 (PDT) Received: from localhost ([2605:a601:ac0f:820:f090:1573:c2fc:6389]) by smtp.gmail.com with ESMTPSA id k3sm2232308ils.27.2020.06.18.16.14.02 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 16:14:03 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH 45/47][X] UBUNTU: SAUCE: (efi-lockdown) kexec_file: Disable at runtime if the kernel is locked down Date: Thu, 18 Jun 2020 18:12:56 -0500 Message-Id: <20200618231258.630575-46-seth.forshee@canonical.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200618231258.630575-1-seth.forshee@canonical.com> References: <20200618231258.630575-1-seth.forshee@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Chun-Yi Lee BugLink: https://bugs.launchpad.net/bugs/1884159 When KEXEC_VERIFY_SIG is not enabled, kernel should not load images through kexec_file systemcall if the kernel is locked down. This code was showed in Matthew's patch but not in git: https://lkml.org/lkml/2015/3/13/778 Cc: Matthew Garrett Signed-off-by: Chun-Yi Lee Signed-off-by: David Howells Reviewed-by: James Morris cc: kexec@lists.infradead.org (backported from commit 6620737c201ed7242dbb672803085b46ae600ce7 git://git.kernel.org/pub/scm/linux/kernel/git/jwboyer/fedora.git) Signed-off-by: Seth Forshee --- kernel/kexec_file.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c index 6030efd4a188..14d19eda9ec9 100644 --- a/kernel/kexec_file.c +++ b/kernel/kexec_file.c @@ -317,6 +317,12 @@ SYSCALL_DEFINE5(kexec_file_load, int, kernel_fd, int, initrd_fd, if (!capable(CAP_SYS_BOOT) || kexec_load_disabled) return -EPERM; + /* Don't permit images to be loaded into trusted kernels if we're not + * going to verify the signature on them + */ + if (!IS_ENABLED(CONFIG_KEXEC_VERIFY_SIG) && secure_modules()) + return -EPERM; + /* Make sure we have a legal set of flags */ if (flags != (flags & KEXEC_FILE_FLAGS)) return -EINVAL; From patchwork Thu Jun 18 23:12:57 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 1312490 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49nyVF4GKFz9sNR; Fri, 19 Jun 2020 09:16:05 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1jm3lH-0001MN-E3; Thu, 18 Jun 2020 23:15:59 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3jT-0000DQ-Q2 for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:14:07 +0000 Received: from mail-io1-f70.google.com ([209.85.166.70]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3jS-00005B-06 for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:14:06 +0000 Received: by mail-io1-f70.google.com with SMTP id b30so5322864ioc.8 for ; Thu, 18 Jun 2020 16:14:05 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=5puwuIG2UqIZTOL8V8a6BrzTcRHATl5SufIN0D2RqBM=; b=JZrbbE7smcmwTs2SbcUemT1fCpgXeuUtt2rQW1VIrNw3pcT8i/EAPM36u5Z9ldE0Vv deqvdEu5OR9BpRMYk80Ls7savmujRrNpeIO6i0bVCGoU+IZ0Jvgg+94CKiFmjD0ZGiaS 83ezS1puNdgb0QdQ9jJWaJTy81l7aj3BXkJA6bdeCn2FsIssphPgQiW8PcPbv7ymX15T njruXhokSTh3bSL8F+m5VzF0exYh3s37tPwK7FYDmGYU5cTVvKYRhJbPkGOYwC3Cqa+c oUeUMpS1rEbbW37LZX6ydqcnt3hEor+BCh0TnG7b5mUZ/TMswZvGupzmP6BVRPtp22mB hW7w== X-Gm-Message-State: AOAM533VgxFTfTB2tLDnZTHB3yyshu4STSLR1tgY12JEqD+VBtHu0wxb v+ExrxrRgiI80KkfD11TsuxnAGaEdesipxGd+3S3e/Z8GNqydVtA35rIUCfLrVwJ1lu/IFFS0++ 0x8OpiqNGIolFIcA7GkOyH8O0PU/PeIHwpEbi5MluyQ== X-Received: by 2002:a92:cd11:: with SMTP id z17mr885334iln.55.1592522044895; Thu, 18 Jun 2020 16:14:04 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw+9ng5zvoJAvBzUHIRANFIeWK2HPZDwX6SSyrpXkBWuSpIxtKtfAwHK1FrI9cUNxg2ZBrKZA== X-Received: by 2002:a92:cd11:: with SMTP id z17mr885316iln.55.1592522044656; Thu, 18 Jun 2020 16:14:04 -0700 (PDT) Received: from localhost ([2605:a601:ac0f:820:f090:1573:c2fc:6389]) by smtp.gmail.com with ESMTPSA id g15sm2209417ilq.39.2020.06.18.16.14.04 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 16:14:04 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH 46/47][X] UBUNTU: SAUCE: (efi-lockdown) Lock down TIOCSSERIAL Date: Thu, 18 Jun 2020 18:12:57 -0500 Message-Id: <20200618231258.630575-47-seth.forshee@canonical.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200618231258.630575-1-seth.forshee@canonical.com> References: <20200618231258.630575-1-seth.forshee@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: David Howells BugLink: https://bugs.launchpad.net/bugs/1884159 Lock down TIOCSSERIAL as that can be used to change the ioport and irq settings on a serial port. This only appears to be an issue for the serial drivers that use the core serial code. All other drivers seem to either ignore attempts to change port/irq or give an error. Reported-by: Greg Kroah-Hartman Signed-off-by: David Howells cc: Jiri Slaby (backported from commit 8d8c1da752c5ea837f1dbe06fa21d4ca891fcd83 git://git.kernel.org/pub/scm/linux/kernel/git/jwboyer/fedora.git) Signed-off-by: Seth Forshee --- drivers/tty/serial/serial_core.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c index 013fb874c64e..51271d62a7a1 100644 --- a/drivers/tty/serial/serial_core.c +++ b/drivers/tty/serial/serial_core.c @@ -768,6 +768,11 @@ static int uart_set_info(struct tty_struct *tty, struct tty_port *port, new_flags = new_info->flags; old_custom_divisor = uport->custom_divisor; + if ((change_port || change_irq) && secure_modules()) { + retval = -EPERM; + goto exit; + } + if (!capable(CAP_SYS_ADMIN)) { retval = -EPERM; if (change_irq || change_port || From patchwork Thu Jun 18 23:12:58 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 1312491 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49nyVG5P1Sz9sRW; Fri, 19 Jun 2020 09:16:06 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1jm3lJ-0001PE-Qp; Thu, 18 Jun 2020 23:16:01 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3jV-0000EH-3g for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:14:09 +0000 Received: from mail-io1-f70.google.com ([209.85.166.70]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jm3jT-00005N-2t for kernel-team@lists.ubuntu.com; Thu, 18 Jun 2020 23:14:07 +0000 Received: by mail-io1-f70.google.com with SMTP id l19so5366566iol.5 for ; Thu, 18 Jun 2020 16:14:07 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=cDiUWJmO/4e623ftdF6yZteuPUtF3hoQ9IbVPfDqVWY=; b=bfS9M82KmqVV5MN6Qyc25icpTOgRHwBuHJgmjgI/0Y0LaLPrSTeoQfz5WhQimfl8+Z ldJUCjPGfI9ly5Ut86DgkAIk0K8gAD+3YJ1bbTxUVXrvw8rRClo6pJFsTm/ekk+NZD87 ihgaDHpb/RItIkCI4AOrgVhzziluIZoFofL05DLf5t6bTcrH85g5K08OUZpkpHNJgy0U 4wVMQImqzIvwr+2kqECvuM6dXKcSDOb/lUDva8mMxtX5HTFUN7XyXUp+Uh3jFK4G+4Q8 4s9zlYk2ZVRQyQy/Toftkr9nCJz1F8dZH75jpiargzhUm+GhYMCRRmbgznONWCftMWjV 0+yQ== X-Gm-Message-State: AOAM533bv3ulE7bKaZIbntZD/yvYQN3uTnP+Inp8TSr5P1ml4xjt6cuy 0GBkKWZYvogqxGa2fvTq/wA7O+WGeIOH1GLkfiL/GSOypP62i33n1rp6R2vOQs1nkG4/+vulCvD euQDT+fe6dHWbLzngWcs9oaJQb6LInPQoz2E1aXvWvg== X-Received: by 2002:a05:6e02:4c4:: with SMTP id f4mr919417ils.79.1592522046003; Thu, 18 Jun 2020 16:14:06 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyK5yPUdwTBwSxwxJRwiMJjCwyjwHAD2si4advfwK5JHwBWYcDF/31/yr1GO2l9vaTcYFdRSA== X-Received: by 2002:a05:6e02:4c4:: with SMTP id f4mr919401ils.79.1592522045713; Thu, 18 Jun 2020 16:14:05 -0700 (PDT) Received: from localhost ([2605:a601:ac0f:820:f090:1573:c2fc:6389]) by smtp.gmail.com with ESMTPSA id f1sm2247487ilh.17.2020.06.18.16.14.05 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 16:14:05 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH 47/47][X] efi/efi_test: Lock down /dev/efi_test and require CAP_SYS_ADMIN Date: Thu, 18 Jun 2020 18:12:58 -0500 Message-Id: <20200618231258.630575-48-seth.forshee@canonical.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200618231258.630575-1-seth.forshee@canonical.com> References: <20200618231258.630575-1-seth.forshee@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Javier Martinez Canillas BugLink: https://bugs.launchpad.net/bugs/1884159 The driver exposes EFI runtime services to user-space through an IOCTL interface, calling the EFI services function pointers directly without using the efivar API. Disallow access to the /dev/efi_test character device when the kernel is locked down to prevent arbitrary user-space to call EFI runtime services. Also require CAP_SYS_ADMIN to open the chardev to prevent unprivileged users to call the EFI runtime services, instead of just relying on the chardev file mode bits for this. The main user of this driver is the fwts [0] tool that already checks if the effective user ID is 0 and fails otherwise. So this change shouldn't cause any regression to this tool. [0]: https://wiki.ubuntu.com/FirmwareTestSuite/Reference/uefivarinfo Signed-off-by: Javier Martinez Canillas Signed-off-by: Ard Biesheuvel Acked-by: Laszlo Ersek Acked-by: Matthew Garrett Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-efi@vger.kernel.org Link: https://lkml.kernel.org/r/20191029173755.27149-7-ardb@kernel.org Signed-off-by: Ingo Molnar (backported from commit 359efcc2c910117d2faf704ce154e91fc976d37f) Signed-off-by: Seth Forshee --- drivers/firmware/efi/test/efi_test.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/firmware/efi/test/efi_test.c b/drivers/firmware/efi/test/efi_test.c index f61bb52be318..3dc55ac0af73 100644 --- a/drivers/firmware/efi/test/efi_test.c +++ b/drivers/firmware/efi/test/efi_test.c @@ -696,6 +696,13 @@ static long efi_test_ioctl(struct file *file, unsigned int cmd, static int efi_test_open(struct inode *inode, struct file *file) { + bool locked_down = secure_modules(); + + if (locked_down) + return -EPERM; + + if (!capable(CAP_SYS_ADMIN)) + return -EACCES; /* * nothing special to do here * We do accept multiple open files at the same time as we