| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 01 Dec 2016 12:29:39 +0000
From: David Howells <dhowells@...hat.com>
To: linux-kernel@...r.kernel.org
Cc: dhowells@...hat.com, gnomes@...rguk.ukuu.org.uk,
linux-security-module@...r.kernel.org, keyrings@...r.kernel.org,
minyard@....org
Subject: [PATCH 00/39] Annotate hw config module params for future lockdown
Here's a set of patches that annotate module parameters that configure
hardware resources including ioports, iomem addresses, irq lines and dma
channels.
This will be used in a future patch to prohibit the use of such module
parameters so that hardware can't be abused to gain access to the running
kernel image.
This is done by changing:
module_param(n, t, p)
module_param_named(n, v, t, p)
module_param_array(n, t, m, p)
to:
module_param_hw(n, t, hwtype, p)
module_param_hw_named(n, v, t, hwtype, p)
module_param_hw_array(n, t, hwtype, m, p)
where hwtype specifies the type of the resource being configured.
Note that the hwtype is compile checked, but not currently stored (the
lockdown code probably won't require it). It is, however, there for future
use.
The patches can be found here also:
http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=hwparam
at tag:
hwparam-20161201
David
---
David Howells (39):
Annotate module params that specify hardware parameters (eg. ioport)
Annotate hardware config module parameters in arch/x86/mm/
Annotate hardware config module parameters in drivers/char/ipmi/
Annotate hardware config module parameters in drivers/char/mwave/
Annotate hardware config module parameters in drivers/char/
Annotate hardware config module parameters in drivers/clocksource/
Annotate hardware config module parameters in drivers/cpufreq/
Annotate hardware config module parameters in drivers/gpio/
Annotate hardware config module parameters in drivers/i2c/
Annotate hardware config module parameters in drivers/iio/
Annotate hardware config module parameters in drivers/input/
Annotate hardware config module parameters in drivers/isdn/
Annotate hardware config module parameters in drivers/media/
Annotate hardware config module parameters in drivers/misc/
Annotate hardware config module parameters in drivers/mmc/host/
Annotate hardware config module parameters in drivers/net/appletalk/
Annotate hardware config module parameters in drivers/net/arcnet/
Annotate hardware config module parameters in drivers/net/can/
Annotate hardware config module parameters in drivers/net/ethernet/
Annotate hardware config module parameters in drivers/net/hamradio/
Annotate hardware config module parameters in drivers/net/irda/
Annotate hardware config module parameters in drivers/net/wan/
Annotate hardware config module parameters in drivers/net/wireless/
Annotate hardware config module parameters in drivers/parport/
Annotate hardware config module parameters in drivers/pci/hotplug/
Annotate hardware config module parameters in drivers/pcmcia/
Annotate hardware config module parameters in drivers/scsi/
Annotate hardware config module parameters in drivers/staging/i4l/
Annotate hardware config module parameters in drivers/staging/media/
Annotate hardware config module parameters in drivers/staging/speakup/
Annotate hardware config module parameters in drivers/staging/vme/
Annotate hardware config module parameters in drivers/tty/
Annotate hardware config module parameters in drivers/video/
Annotate hardware config module parameters in drivers/watchdog/
Annotate hardware config module parameters in fs/pstore/
Annotate hardware config module parameters in sound/drivers/
Annotate hardware config module parameters in sound/isa/
Annotate hardware config module parameters in sound/oss/
Annotate hardware config module parameters in sound/pci/
arch/x86/mm/testmmiotrace.c | 2 -
drivers/char/applicom.c | 4 +-
drivers/char/ipmi/ipmi_si_intf.c | 14 +++---
drivers/char/mwave/mwavedd.c | 8 ++-
drivers/clocksource/cs5535-clockevt.c | 2 -
drivers/cpufreq/speedstep-smi.c | 2 -
drivers/gpio/gpio-104-dio-48e.c | 4 +-
drivers/gpio/gpio-104-idi-48.c | 4 +-
drivers/gpio/gpio-104-idio-16.c | 4 +-
drivers/gpio/gpio-gpio-mm.c | 2 -
drivers/gpio/gpio-ws16c48.c | 4 +-
drivers/i2c/busses/i2c-elektor.c | 6 +-
drivers/i2c/busses/i2c-parport-light.c | 4 +-
drivers/i2c/busses/i2c-pca-isa.c | 4 +-
drivers/i2c/busses/scx200_acb.c | 2 -
drivers/iio/adc/stx104.c | 2 -
drivers/iio/dac/cio-dac.c | 2 -
drivers/input/mouse/inport.c | 2 -
drivers/input/mouse/logibm.c | 2 -
drivers/input/touchscreen/mk712.c | 4 +-
drivers/isdn/hardware/avm/b1isa.c | 4 +-
drivers/isdn/hardware/avm/t1isa.c | 4 +-
drivers/isdn/hisax/config.c | 10 ++--
drivers/media/pci/zoran/zoran_card.c | 2 -
drivers/misc/dummy-irq.c | 2 -
drivers/mmc/host/wbsd.c | 8 ++-
drivers/net/appletalk/cops.c | 6 +-
drivers/net/appletalk/ltpc.c | 6 +-
drivers/net/arcnet/com20020-isa.c | 4 +-
drivers/net/arcnet/com90io.c | 4 +-
drivers/net/arcnet/com90xx.c | 4 +-
drivers/net/can/cc770/cc770_isa.c | 8 ++-
drivers/net/can/sja1000/sja1000_isa.c | 8 ++-
drivers/net/ethernet/3com/3c509.c | 2 -
drivers/net/ethernet/3com/3c59x.c | 4 +-
drivers/net/ethernet/8390/ne.c | 4 +-
drivers/net/ethernet/8390/smc-ultra.c | 4 +-
drivers/net/ethernet/8390/wd.c | 8 ++-
drivers/net/ethernet/amd/lance.c | 6 +-
drivers/net/ethernet/amd/ni65.c | 6 +-
drivers/net/ethernet/cirrus/cs89x0.c | 6 +-
drivers/net/ethernet/dec/tulip/de4x5.c | 2 -
drivers/net/ethernet/hp/hp100.c | 2 -
drivers/net/ethernet/realtek/atp.c | 4 +-
drivers/net/ethernet/smsc/smc9194.c | 4 +-
drivers/net/hamradio/baycom_epp.c | 2 -
drivers/net/hamradio/baycom_par.c | 2 -
drivers/net/hamradio/baycom_ser_fdx.c | 4 +-
drivers/net/hamradio/baycom_ser_hdx.c | 4 +-
drivers/net/hamradio/dmascc.c | 2 -
drivers/net/irda/ali-ircc.c | 6 +-
drivers/net/irda/nsc-ircc.c | 6 +-
drivers/net/irda/smsc-ircc2.c | 10 ++--
drivers/net/irda/w83977af_ir.c | 4 +-
drivers/net/wan/cosa.c | 6 +-
drivers/net/wan/hostess_sv11.c | 6 +-
drivers/net/wan/sbni.c | 4 +-
drivers/net/wan/sealevel.c | 8 ++-
drivers/net/wireless/cisco/airo.c | 4 +-
drivers/parport/parport_pc.c | 8 ++-
drivers/pci/hotplug/cpcihp_generic.c | 2 -
drivers/pcmcia/i82365.c | 8 ++-
drivers/pcmcia/tcic.c | 8 ++-
drivers/scsi/aha152x.c | 4 +-
drivers/scsi/aha1542.c | 2 -
drivers/scsi/g_NCR5380.c | 8 ++-
drivers/scsi/gdth.c | 2 -
drivers/scsi/qlogicfas.c | 4 +-
drivers/staging/i4l/act2000/module.c | 6 +-
drivers/staging/i4l/icn/icn.c | 4 +-
drivers/staging/i4l/pcbit/module.c | 4 +-
drivers/staging/media/lirc/lirc_parallel.c | 4 +-
drivers/staging/media/lirc/lirc_serial.c | 10 ++--
drivers/staging/media/lirc/lirc_sir.c | 4 +-
drivers/staging/speakup/speakup_acntpc.c | 2 -
drivers/staging/speakup/speakup_dtlk.c | 2 -
drivers/staging/speakup/speakup_keypc.c | 2 -
drivers/staging/vme/devices/vme_pio2_core.c | 8 ++-
drivers/tty/cyclades.c | 4 +-
drivers/tty/moxa.c | 2 -
drivers/tty/mxser.c | 2 -
drivers/tty/rocket.c | 10 ++--
drivers/tty/serial/8250/8250_core.c | 4 +-
drivers/tty/synclink.c | 6 +-
drivers/video/fbdev/arcfb.c | 8 ++-
drivers/video/fbdev/n411.c | 6 +-
drivers/watchdog/cpu5wdt.c | 2 -
drivers/watchdog/eurotechwdt.c | 4 +-
drivers/watchdog/pc87413_wdt.c | 2 -
drivers/watchdog/sc1200wdt.c | 2 -
drivers/watchdog/wdt.c | 4 +-
fs/pstore/ram.c | 2 -
include/linux/moduleparam.h | 65 +++++++++++++++++++++++++++
sound/drivers/mpu401/mpu401.c | 4 +-
sound/drivers/mtpav.c | 4 +-
sound/drivers/serial-u16550.c | 4 +-
sound/isa/ad1848/ad1848.c | 6 +-
sound/isa/adlib.c | 2 -
sound/isa/cmi8328.c | 12 ++---
sound/isa/cmi8330.c | 20 ++++----
sound/isa/cs423x/cs4231.c | 12 ++---
sound/isa/cs423x/cs4236.c | 18 ++++---
sound/isa/es1688/es1688.c | 12 ++---
sound/isa/es18xx.c | 12 ++---
sound/isa/galaxy/galaxy.c | 16 +++----
sound/isa/gus/gusclassic.c | 8 ++-
sound/isa/gus/gusextreme.c | 16 +++----
sound/isa/gus/gusmax.c | 8 ++-
sound/isa/gus/interwave.c | 10 ++--
sound/isa/msnd/msnd_pinnacle.c | 20 ++++----
sound/isa/opl3sa2.c | 16 +++----
sound/isa/opti9xx/miro.c | 14 +++---
sound/isa/opti9xx/opti92x-ad1848.c | 14 +++---
sound/isa/sb/jazz16.c | 12 ++---
sound/isa/sb/sb16.c | 14 +++---
sound/isa/sb/sb8.c | 6 +-
sound/isa/sc6000.c | 12 ++---
sound/isa/sscape.c | 12 ++---
sound/isa/wavefront/wavefront.c | 18 ++++---
sound/oss/ad1848.c | 8 ++-
sound/oss/aedsp16.c | 12 ++---
sound/oss/mpu401.c | 4 +-
sound/oss/msnd_pinnacle.c | 20 ++++----
sound/oss/opl3.c | 2 -
sound/oss/pas2_card.c | 18 ++++---
sound/oss/pss.c | 14 +++---
sound/oss/sb_card.c | 10 ++--
sound/oss/trix.c | 18 ++++---
sound/oss/uart401.c | 4 +-
sound/oss/uart6850.c | 4 +-
sound/oss/waveartist.c | 8 ++-
sound/pci/als4000.c | 2 -
sound/pci/cmipci.c | 6 +-
sound/pci/ens1370.c | 2 -
sound/pci/riptide/riptide.c | 6 +-
sound/pci/sonicvibes.c | 2 -
sound/pci/via82xx.c | 2 -
sound/pci/ymfpci/ymfpci.c | 6 +-
138 files changed, 498 insertions(+), 435 deletions(-)
Powered by blists - more mailing lists