Commit e1caf27b authored by David Howells's avatar David Howells Committed by Khalid Elmously

UBUNTU: SAUCE: (efi-lockdown) x86/mmiotrace: Lock down the testmmiotrace module

BugLink: https://bugs.launchpad.net/bugs/1884159

The testmmiotrace module shouldn't be permitted when the kernel is locked
down as it can be used to arbitrarily read and write MMIO space.
Suggested-by: default avatarThomas Gleixner <tglx@linutronix.de>
Signed-off-by: David Howells <dhowells@redhat.com
cc: Thomas Gleixner <tglx@linutronix.de>
cc: Steven Rostedt <rostedt@goodmis.org>
cc: Ingo Molnar <mingo@kernel.org>
cc: "H. Peter Anvin" <hpa@zytor.com>
cc: x86@kernel.org
(backported from commit 64ce4fc1ef16d4dd818eca47701f803e58444ab2
 git://git.kernel.org/pub/scm/linux/kernel/git/jwboyer/fedora.git)
Signed-off-by: default avatarSeth Forshee <seth.forshee@canonical.com>
Acked-by: default avatarStefan Bader <stefan.bader@canonical.com>
Acked-by: default avatarAndrea Righi <andrea.righi@canonical.com>
Signed-off-by: default avatarKhalid Elmously <khalid.elmously@canonical.com>
parent 6cef0b11
...@@ -115,6 +115,9 @@ static int __init init(void) ...@@ -115,6 +115,9 @@ static int __init init(void)
{ {
unsigned long size = (read_far) ? (8 << 20) : (16 << 10); unsigned long size = (read_far) ? (8 << 20) : (16 << 10);
if (secure_modules())
return -EPERM;
if (mmio_address == 0) { if (mmio_address == 0) {
pr_err("you have to use the module argument mmio_address.\n"); pr_err("you have to use the module argument mmio_address.\n");
pr_err("DO NOT LOAD THIS MODULE UNLESS YOU REALLY KNOW WHAT YOU ARE DOING!\n"); pr_err("DO NOT LOAD THIS MODULE UNLESS YOU REALLY KNOW WHAT YOU ARE DOING!\n");
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment