git.baikalelectronics.ru Git - kernel.git/commit

author	David Howells <dhowells@redhat.com>
	Tue, 20 Aug 2019 00:17:56 +0000 (17:17 -0700)
committer	James Morris <jmorris@namei.org>
	Tue, 20 Aug 2019 04:54:16 +0000 (21:54 -0700)
commit	035f7209d5c1eedb5f1eaa74bb880d34a6b8ea0a
tree	049ecdbb02af347886a383126722b6bc853503a6	tree \| snapshot
parent	14d1db7ce0758be1df1e9aab9e08b770403dc4b2	commit \| diff

x86/mmiotrace: Lock down the testmmiotrace module

The testmmiotrace module shouldn't be permitted when the kernel is locked
down as it can be used to arbitrarily read and write MMIO space. This is
a runtime check rather than buildtime in order to allow configurations
where the same kernel may be run in both locked down or permissive modes
depending on local policy.

Suggested-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: David Howells <dhowells@redhat.com
Signed-off-by: Matthew Garrett <mjg59@google.com>
Acked-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
cc: Thomas Gleixner <tglx@linutronix.de>
cc: Steven Rostedt <rostedt@goodmis.org>
cc: Ingo Molnar <mingo@kernel.org>
cc: "H. Peter Anvin" <hpa@zytor.com>
cc: x86@kernel.org
Signed-off-by: James Morris <jmorris@namei.org>

arch/x86/mm/testmmiotrace.c		diff \| blob \| history
include/linux/security.h		diff \| blob \| history
security/lockdown/lockdown.c		diff \| blob \| history