tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
lockdown: Prohibit PCMCIA CIS storage when the kernel is locked down
Prohibit replacement of the PCMCIA Card Information Structure when the
kernel is locked down.
Suggested-by: Dominik Brodowski <linux@dominikbrodowski.net>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Matthew Garrett <mjg59@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: James Morris <jmorris@namei.org>
authored by
David Howells
and committed by
James Morris
3f19cad3
6ea0e815
+7
+5
drivers/pcmcia/cistpl.c
+5
drivers/pcmcia/cistpl.c
···
21
21
#include <linux/pci.h>
22
22
#include <linux/ioport.h>
23
23
#include <linux/io.h>
24
+
#include <linux/security.h>
24
25
#include <asm/byteorder.h>
25
26
#include <asm/unaligned.h>
26
27
···
1575
1574
{
1576
1575
struct pcmcia_socket *s;
1577
1576
int error;
1577
+
1578
+
error = security_locked_down(LOCKDOWN_PCMCIA_CIS);
1579
+
if (error)
1580
+
return error;
1578
1581
1579
1582
s = to_socket(container_of(kobj, struct device, kobj));
1580
1583
+1
include/linux/security.h
+1
include/linux/security.h
+1
security/lockdown/lockdown.c
+1
security/lockdown/lockdown.c
···
26
26
[LOCKDOWN_IOPORT] = "raw io port access",
27
27
[LOCKDOWN_MSR] = "raw MSR access",
28
28
[LOCKDOWN_ACPI_TABLES] = "modifying ACPI tables",
29
+
[LOCKDOWN_PCMCIA_CIS] = "direct PCMCIA CIS storage",
29
30
[LOCKDOWN_INTEGRITY_MAX] = "integrity",
30
31
[LOCKDOWN_CONFIDENTIALITY_MAX] = "confidentiality",
31
32
};