Restrict /dev/mem and /dev/kmem when securelevel is set.

Allowing users to write to address space provides mechanisms that may permit
modification of the kernel at runtime. Prevent this if securelevel has been
set.

Signed-off-by: Matthew Garrett <mjg59@srcf.ucam.org>
Gbp-Pq: Topic features/all/securelevel
Gbp-Pq: Name restrict-dev-mem-and-dev-kmem-when-securelevel-is-se.patch

diff --git a/drivers/char/mem.c b/drivers/char/mem.c
index 10f7dbd8a4e22d12f67bb5eb87fad793cac25eba..3803c0dc9f2754d5be2113874c72e3e814efec42 100644 (file)
--- a/drivers/char/mem.c
+++ b/drivers/char/mem.c
@@ -164,6 +164,9 @@ static ssize_t write_mem(struct file *file, const char __user *buf,
        if (p != *ppos)
                return -EFBIG;
 
+       if (get_securelevel() > 0)
+               return -EPERM;
+
        if (!valid_phys_addr_range(p, count))
                return -EFAULT;
 
@@ -510,6 +513,9 @@ static ssize_t write_kmem(struct file *file, const char __user *buf,
        char *kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
        int err = 0;
 
+       if (get_securelevel() > 0)
+               return -EPERM;
+
        if (p < (unsigned long) high_memory) {
                unsigned long to_write = min_t(unsigned long, count,
                                               (unsigned long)high_memory - p);