UBUNTU: SAUCE: (efi-lockdown) x86/msr: Restrict MSR access when the kernel is locked...

Writing to MSRs should not be allowed if the kernel is locked down, since
it could lead to execution of arbitrary code in kernel mode.  Based on a
patch by Kees Cook.

MSR accesses are logged for the purposes of building up a whitelist as per
Alan Cox's suggestion.

Signed-off-by: Matthew Garrett <mjg59@srcf.ucam.org>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: "Lee, Chun-Yi" <jlee@suse.com>
cc: x86@kernel.org
(cherry picked from commit 5322660ecdacb1e026fd7db602d2dd11124119a3
 git://git.kernel.org/pub/scm/linux/kernel/git/jwboyer/fedora.git)
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>

diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c
index 4588414e2561ccc9d0d883c01fc400f2e9bdd1bf..f5a2cf07972f54e61b85606517f19e21b0a9648c 100644 (file)
--- a/arch/x86/kernel/msr.c
+++ b/arch/x86/kernel/msr.c
@@ -84,6 +84,11 @@ static ssize_t msr_write(struct file *file, const char __user *buf,
        int err = 0;
        ssize_t bytes = 0;
 
+       if (kernel_is_locked_down("Direct MSR access")) {
+               pr_info("Direct access to MSR %x\n", reg);
+               return -EPERM;
+       }
+
        if (count % 8)
                return -EINVAL; /* Invalid chunk size */
 
@@ -135,6 +140,11 @@ static long msr_ioctl(struct file *file, unsigned int ioc, unsigned long arg)
                        err = -EFAULT;
                        break;
                }
+               if (kernel_is_locked_down("Direct MSR access")) {
+                       pr_info("Direct access to MSR %x\n", regs[1]); /* Display %ecx */
+                       err = -EPERM;
+                       break;
+               }
                err = wrmsr_safe_regs_on_cpu(cpu, regs);
                if (err)
                        break;