lockdown: Restrict /dev/{mem,kmem,port} when the kernel is locked down - blaster4385/linux-IllusionX - Linux kernel with personal config changes for arch linux

diff options

author	Matthew Garrett <[email protected]>	2019-08-19 17:17:41 -0700
committer	James Morris <[email protected]>	2019-08-19 21:54:15 -0700
commit	9b9d8dda1ed72e9bd560ab0ca93d322a9440510e (patch)
tree	aa5a6719f76556e20ce1ca6e286d10660f1746f5 /drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c
parent	49fcf732bdae0550721ef73af7c45109ce26b2a9 (diff)

lockdown: Restrict /dev/{mem,kmem,port} when the kernel is locked down

Allowing users to read and write to core kernel memory makes it possible for the kernel to be subverted, avoiding module loading restrictions, and also to steal cryptographic information. Disallow /dev/mem and /dev/kmem from being opened this when the kernel has been locked down to prevent this. Also disallow /dev/port from being opened to prevent raw ioport access and thus DMA from being used to accomplish the same thing. Signed-off-by: David Howells <[email protected]> Signed-off-by: Matthew Garrett <[email protected]> Reviewed-by: Kees Cook <[email protected]> Cc: [email protected] Signed-off-by: James Morris <[email protected]>

Diffstat (limited to 'drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: