x86/msr: Restrict MSR access when the kernel is locked down

Writing to MSRs should not be allowed if the kernel is locked down, since it could lead to execution of arbitrary code in kernel mode. Based on a patch by Kees Cook. Signed-off-by: Matthew Garrett <mjg59@google.com> Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Kees Cook <keescook@chromium.org> Reviewed-by: Thomas Gleixner <tglx@linutronix.de> cc: x86@kernel.org Signed-off-by: James Morris <jmorris@namei.org>
author: Matthew Garrett <mjg59@srcf.ucam.org> 2019-08-19 17:17:49 -0700
committer: James Morris <jmorris@namei.org> 2019-08-19 21:54:16 -0700
commit: 95f5e95f41dff31b2a4566c5a8975c08a49ae4e3 (patch)
tree: 1d11399a1d98cf0cf2b338f45567781559034e12 /include
parent: 96c4f67293e4cd8b3394adce5a8041a2784e68a3 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index cd93fa5d3c6d..010637a79eac 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -109,6 +109,7 @@ enum lockdown_reason {
 	LOCKDOWN_HIBERNATION,
 	LOCKDOWN_PCI_ACCESS,
 	LOCKDOWN_IOPORT,
+	LOCKDOWN_MSR,
 	LOCKDOWN_INTEGRITY_MAX,
 	LOCKDOWN_CONFIDENTIALITY_MAX,
 };
author	Matthew Garrett <mjg59@srcf.ucam.org>	2019-08-19 17:17:49 -0700
committer	James Morris <jmorris@namei.org>	2019-08-19 21:54:16 -0700
commit	95f5e95f41dff31b2a4566c5a8975c08a49ae4e3 (patch)
tree	1d11399a1d98cf0cf2b338f45567781559034e12 /include
parent	96c4f67293e4cd8b3394adce5a8041a2784e68a3 (diff)