Restrict /dev/mem and /dev/kmem when securelevel is set.

Allowing users to write to address space provides mechanisms that may permit
modification of the kernel at runtime. Prevent this if securelevel has been
set.

Signed-off-by: Matthew Garrett <mjg59@srcf.ucam.org>
[bwh: Forward-ported to 4.9: adjust context]

Gbp-Pq: Topic features/all/securelevel
Gbp-Pq: Name restrict-dev-mem-and-dev-kmem-when-securelevel-is-se.patch

diff --git a/drivers/char/mem.c b/drivers/char/mem.c
index 25cf624a375c74ef0fe436042917eacb31f6b0dc..92bd336503d221d32c61680233434c46008be6a2 100644 (file)
--- a/drivers/char/mem.c
+++ b/drivers/char/mem.c
@@ -180,6 +180,9 @@ static ssize_t write_mem(struct file *file, const char __user *buf,
        if (p != *ppos)
                return -EFBIG;
 
+       if (get_securelevel() > 0)
+               return -EPERM;
+
        if (!valid_phys_addr_range(p, count))
                return -EFAULT;
 
@@ -541,6 +544,9 @@ static ssize_t write_kmem(struct file *file, const char __user *buf,
        char *kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
        int err = 0;
 
+       if (get_securelevel() > 0)
+               return -EPERM;
+
        if (p < (unsigned long) high_memory) {
                unsigned long to_write = min_t(unsigned long, count,
                                               (unsigned long)high_memory - p);