projects / linux-2.6-block.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 96c4f67) | patch
x86/msr: Restrict MSR access when the kernel is locked down
authorMatthew Garrett <mjg59@srcf.ucam.org>
Tue, 20 Aug 2019 00:17:49 +0000 (17:17 -0700)
committerJames Morris <jmorris@namei.org>
Tue, 20 Aug 2019 04:54:16 +0000 (21:54 -0700)
commit95f5e95f41dff31b2a4566c5a8975c08a49ae4e3
tree1d11399a1d98cf0cf2b338f45567781559034e12tree | snapshot
parent96c4f67293e4cd8b3394adce5a8041a2784e68a3commit | diff
x86/msr: Restrict MSR access when the kernel is locked down

Writing to MSRs should not be allowed if the kernel is locked down, since
it could lead to execution of arbitrary code in kernel mode.  Based on a
patch by Kees Cook.

Signed-off-by: Matthew Garrett <mjg59@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
cc: x86@kernel.org
Signed-off-by: James Morris <jmorris@namei.org>
arch/x86/kernel/msr.c diff | blob | blame | history
include/linux/security.h diff | blob | blame | history
security/lockdown/lockdown.c diff | blob | blame | history
Linux 6.x block layer and io_uring tree(s)