Restrict /dev/mem and /dev/kmem when securelevel is set.

Allowing users to write to address space provides mechanisms that may permit
modification of the kernel at runtime. Prevent this if securelevel has been
set.

Signed-off-by: Matthew Garrett <mjg59@srcf.ucam.org>
[bwh: Forward-ported to 4.9: adjust context]

Gbp-Pq: Topic features/all/securelevel
Gbp-Pq: Name restrict-dev-mem-and-dev-kmem-when-securelevel-is-se.patch

diff --git a/drivers/char/mem.c b/drivers/char/mem.c
index e2f4d57b9eabca5deeb412edef82fbdd224bd565..6afd9a8e3cb7f94a2a32b1b69809c2b79a103c91 100644 (file)
--- a/drivers/char/mem.c
+++ b/drivers/char/mem.c
@@ -164,6 +164,9 @@ static ssize_t write_mem(struct file *file, const char __user *buf,
        if (p != *ppos)
                return -EFBIG;
 
+       if (get_securelevel() > 0)
+               return -EPERM;
+
        if (!valid_phys_addr_range(p, count))
                return -EFAULT;
 
@@ -513,6 +516,9 @@ static ssize_t write_kmem(struct file *file, const char __user *buf,
        char *kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
        int err = 0;
 
+       if (get_securelevel() > 0)
+               return -EPERM;
+
        if (!pfn_valid(PFN_DOWN(p)))
                return -EIO;