]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blob - arch/x86/kernel/ioport.c
projects / mirror_ubuntu-zesty-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
UBUNTU: SAUCE: UEFI: x86: Lock down IO port access when module security is enabled
[mirror_ubuntu-zesty-kernel.git] / arch / x86 / kernel / ioport.c
1 /*
2 * This contains the io-permission bitmap code - written by obz, with changes
3 * by Linus. 32/64 bits code unification by Miguel Botón.
4 */
5
6 #include <linux/sched.h>
7 #include <linux/kernel.h>
8 #include <linux/capability.h>
9 #include <linux/errno.h>
10 #include <linux/types.h>
11 #include <linux/ioport.h>
12 #include <linux/smp.h>
13 #include <linux/stddef.h>
14 #include <linux/slab.h>
15 #include <linux/thread_info.h>
16 #include <linux/syscalls.h>
17 #include <linux/bitmap.h>
18 #include <linux/module.h>
19 #include <asm/syscalls.h>
20
21 /*
22 * this changes the io permissions bitmap in the current task.
23 */
24 asmlinkage long sys_ioperm(unsigned long from, unsigned long num, int turn_on)
25 {
26 struct thread_struct *t = &current->thread;
27 struct tss_struct *tss;
28 unsigned int i, max_long, bytes, bytes_updated;
29
30 if ((from + num <= from) || (from + num > IO_BITMAP_BITS))
31 return -EINVAL;
32 if (turn_on && (!capable(CAP_SYS_RAWIO) || secure_modules()))
33 return -EPERM;
34
35 /*
36 * If it's the first ioperm() call in this thread's lifetime, set the
37 * IO bitmap up. ioperm() is much less timing critical than clone(),
38 * this is why we delay this operation until now:
39 */
40 if (!t->io_bitmap_ptr) {
41 unsigned long *bitmap = kmalloc(IO_BITMAP_BYTES, GFP_KERNEL);
42
43 if (!bitmap)
44 return -ENOMEM;
45
46 memset(bitmap, 0xff, IO_BITMAP_BYTES);
47 t->io_bitmap_ptr = bitmap;
48 set_thread_flag(TIF_IO_BITMAP);
49 }
50
51 /*
52 * do it in the per-thread copy and in the TSS ...
53 *
54 * Disable preemption via get_cpu() - we must not switch away
55 * because the ->io_bitmap_max value must match the bitmap
56 * contents:
57 */
58 tss = &per_cpu(cpu_tss, get_cpu());
59
60 if (turn_on)
61 bitmap_clear(t->io_bitmap_ptr, from, num);
62 else
63 bitmap_set(t->io_bitmap_ptr, from, num);
64
65 /*
66 * Search for a (possibly new) maximum. This is simple and stupid,
67 * to keep it obviously correct:
68 */
69 max_long = 0;
70 for (i = 0; i < IO_BITMAP_LONGS; i++)
71 if (t->io_bitmap_ptr[i] != ~0UL)
72 max_long = i;
73
74 bytes = (max_long + 1) * sizeof(unsigned long);
75 bytes_updated = max(bytes, t->io_bitmap_max);
76
77 t->io_bitmap_max = bytes;
78
79 /* Update the TSS: */
80 memcpy(tss->io_bitmap, t->io_bitmap_ptr, bytes_updated);
81
82 put_cpu();
83
84 return 0;
85 }
86
87 /*
88 * sys_iopl has to be used when you want to access the IO ports
89 * beyond the 0x3ff range: to get the full 65536 ports bitmapped
90 * you'd need 8kB of bitmaps/process, which is a bit excessive.
91 *
92 * Here we just change the flags value on the stack: we allow
93 * only the super-user to do it. This depends on the stack-layout
94 * on system-call entry - see also fork() and the signal handling
95 * code.
96 */
97 SYSCALL_DEFINE1(iopl, unsigned int, level)
98 {
99 struct pt_regs *regs = current_pt_regs();
100 struct thread_struct *t = &current->thread;
101
102 /*
103 * Careful: the IOPL bits in regs->flags are undefined under Xen PV
104 * and changing them has no effect.
105 */
106 unsigned int old = t->iopl >> X86_EFLAGS_IOPL_BIT;
107
108 if (level > 3)
109 return -EINVAL;
110 /* Trying to gain more privileges? */
111 if (level > old) {
112 if (!capable(CAP_SYS_RAWIO) || secure_modules())
113 return -EPERM;
114 }
115 regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) |
116 (level << X86_EFLAGS_IOPL_BIT);
117 t->iopl = level << X86_EFLAGS_IOPL_BIT;
118 set_iopl_mask(t->iopl);
119
120 return 0;
121 }
ubuntu-zesty-kernel mirror