summaryrefslogtreecommitdiffstats
path: root/security/lockdown
diff options
context:
space:
mode:
authorMatthew Garrett <mjg59@srcf.ucam.org>2019-08-20 02:17:49 +0200
committerJames Morris <jmorris@namei.org>2019-08-20 06:54:16 +0200
commit95f5e95f41dff31b2a4566c5a8975c08a49ae4e3 (patch)
tree1d11399a1d98cf0cf2b338f45567781559034e12 /security/lockdown
parentx86: Lock down IO port access when the kernel is locked down (diff)
downloadlinux-95f5e95f41dff31b2a4566c5a8975c08a49ae4e3.tar.xz
linux-95f5e95f41dff31b2a4566c5a8975c08a49ae4e3.zip
x86/msr: Restrict MSR access when the kernel is locked down
Writing to MSRs should not be allowed if the kernel is locked down, since it could lead to execution of arbitrary code in kernel mode. Based on a patch by Kees Cook. Signed-off-by: Matthew Garrett <mjg59@google.com> Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Kees Cook <keescook@chromium.org> Reviewed-by: Thomas Gleixner <tglx@linutronix.de> cc: x86@kernel.org Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/lockdown')
-rw-r--r--security/lockdown/lockdown.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c
index 8b7d65dbb086..b1c1c72440d5 100644
--- a/security/lockdown/lockdown.c
+++ b/security/lockdown/lockdown.c
@@ -24,6 +24,7 @@ static char *lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1] = {
[LOCKDOWN_HIBERNATION] = "hibernation",
[LOCKDOWN_PCI_ACCESS] = "direct PCI access",
[LOCKDOWN_IOPORT] = "raw io port access",
+ [LOCKDOWN_MSR] = "raw MSR access",
[LOCKDOWN_INTEGRITY_MAX] = "integrity",
[LOCKDOWN_CONFIDENTIALITY_MAX] = "confidentiality",
};