dect
/
linux-2.6
Archived
13
0
Fork 0
Code Releases Activity
This repository has been archived on 2022-02-17. You can view files and clone it, but cannot push or open issues or pull requests.
linux-2.6/arch/x86/kernel
History
Alan Cox c903f0456b x86/msr: Add capabilities check 
At the moment the MSR driver only relies upon file system
checks. This means that anything as root with any capability set
can write to MSRs. Historically that wasn't very interesting but
on modern processors the MSRs are such that writing to them
provides several ways to execute arbitary code in kernel space.
Sample code and documentation on doing this is circulating and
MSR attacks are used on Windows 64bit rootkits already.

In the Linux case you still need to be able to open the device
file so the impact is fairly limited and reduces the security of
some capability and security model based systems down towards
that of a generic "root owns the box" setup.

Therefore they should require CAP_SYS_RAWIO to prevent an
elevation of capabilities. The impact of this is fairly minimal
on most setups because they don't have heavy use of
capabilities. Those using SELinux, SMACK or AppArmor rules might
want to consider if their rulesets on the MSR driver could be
tighter.

Signed-off-by: Alan Cox <alan@linux.intel.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Horses <stable@kernel.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
 		2013-01-24 17:37:51 +01:00
..
acpi Merge branch 'x86-acpi-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2012-12-14 10:03:23 -08:00
apic PCI changes for the v3.8 merge window: 2012-12-13 12:14:47 -08:00
cpu X86: drivers: remove __dev* attributes. 2013-01-03 15:57:04 -08:00
.gitignore
Makefile tracing,x86: Add a TSC trace_clock 2012-11-13 15:48:27 -05:00
alternative.c Merge branch 'x86-cleanups-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2012-10-01 10:47:45 -07:00
amd_gart_64.c X86 & IA64: adapt for dma_map_ops changes 2012-03-28 16:36:31 +02:00
amd_nb.c Merge branch 'x86-mce-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2012-07-22 16:07:45 -07:00
apb_timer.c Merge branch 'timers-clocksource-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2011-07-23 10:34:47 -07:00
aperture_64.c x86/gart: Fix kmemleak warning 2012-06-06 11:58:38 +02:00
apm_32.c x86/debug: Add KERN_<LEVEL> to bare printks, convert printks to pr_<level> 2012-06-06 09:17:22 +02:00
asm-offsets.c x86, um/x86: switch to generic sys_execve and kernel_execve 2012-09-30 22:53:32 -04:00
asm-offsets_32.c x86: Generate system call tables and unistd_*.h from tables 2011-11-17 13:35:37 -08:00
asm-offsets_64.c x32: If configured, add x32 system calls to system call tables 2012-02-20 12:52:06 -08:00
audit_64.c
bootflag.c
check.c x86: kernel/check.c simple_strtoul cleanup 2012-05-15 15:36:41 -07:00
cpuid.c Use get_online_cpus to avoid races involving CPU hotplug 2012-09-23 07:43:56 -07:00
crash.c x86/kexec: crash_vmclear_local_vmcss needs __rcu 2012-12-11 19:55:23 -02:00
crash_dump_32.c x86: remove the second argument of k[un]map_atomic() 2012-03-20 21:48:15 +08:00
crash_dump_64.c
devicetree.c x86: dt: Use linear irq domain for ioapic(s) 2012-08-21 22:16:57 +02:00
doublefault_32.c
dumpstack.c x86: Move call to print_modules() out of show_regs() 2012-06-20 14:33:48 +02:00
dumpstack_32.c x86: Move call to print_modules() out of show_regs() 2012-06-20 14:33:48 +02:00
dumpstack_64.c x86: Move call to print_modules() out of show_regs() 2012-06-20 14:33:48 +02:00
e820.c x86, mm: Trim memory in memblock to be page aligned 2012-10-24 11:52:21 -07:00
early-quirks.c
early_printk.c Revert "x86/early_printk: Replace obsolete simple_strtoul() usage with kstrtoint()" 2012-07-22 15:47:52 +02:00
entry_32.S introduce generic sys_sigaltstack(), switch x86 and um to it 2012-12-19 18:07:40 -05:00
entry_64.S x86-64: Fix unwind annotations in recent NMI changes 2013-01-24 10:56:32 +01:00
ftrace.c ftrace/x86: Add save_regs for i386 function calls 2012-07-19 13:20:37 -04:00
head.c memblock, x86: Replace memblock_x86_reserve/free_range() with generic ones 2011-07-14 11:47:53 -07:00
head32.c x86, realmode: Move ACPI wakeup to unified realmode code 2012-05-08 11:46:05 -07:00
head64.c x86, realmode: Move ACPI wakeup to unified realmode code 2012-05-08 11:46:05 -07:00
head_32.S x86-32: Start out cr0 clean, disable paging before modifying cr3/4 2013-01-19 11:01:22 -08:00
head_64.S x86-64, hotplug: Add start_cpu0() entry point to head_64.S 2012-11-14 09:39:51 -08:00
hpet.c x86: hpet: Fix masking of MSI interrupts 2012-11-02 22:53:27 +01:00
hw_breakpoint.c
i386_ksyms_32.c
i387.c x86/i387.c: Initialize thread xstate only on CPU0 only once 2012-11-14 15:28:11 -08:00
i8237.c
i8253.c x86: Use common i8253 clockevent 2011-07-01 10:37:14 +02:00
i8259.c x86/irq/i8259: Fix incorrect comment 2012-08-22 09:34:24 +02:00
io_delay.c
ioport.c
irq.c Merge branch 'x86-mm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2012-10-01 11:13:33 -07:00
irq_32.c x86: Use common threadinfo allocator 2012-05-08 14:08:44 +02:00
irq_64.c x86: Add stack top margin for stack overflow checking 2011-12-07 09:27:11 +01:00
irq_work.c
irqinit.c x86, 386 removal: Remove support for IRQ 13 FPU error reporting 2012-12-17 11:42:40 -08:00
jump_label.c jump_label, x86: Fix section mismatch 2011-12-06 20:41:02 +01:00
kdebugfs.c arch/x86/kernel/kdebugfs.c: Ensure a consistent return value in error case 2012-07-26 15:07:20 +02:00
kgdb.c kgdb,x86: fix warning about unused variable 2012-10-12 06:37:34 -05:00
kprobes-common.h x86/kprobes: Split out optprobe related code to kprobes-opt.c 2012-03-06 09:49:49 +01:00
kprobes-opt.c x86/kprobes: Split out optprobe related code to kprobes-opt.c 2012-03-06 09:49:49 +01:00
kprobes.c kprobes/x86: Move skip_singlestep up 2012-09-20 14:48:16 +02:00
kvm.c Add rcu user eqs exception hooks for async page fault 2012-12-18 15:15:41 +02:00
kvmclock.c x86: kvm guest: pvclock vsyscall support 2012-11-27 23:29:10 -02:00
ldt.c Disintegrate asm/system.h for X86 2012-03-28 18:11:12 +01:00
machine_kexec_32.c Disintegrate asm/system.h for X86 2012-03-28 18:11:12 +01:00
machine_kexec_64.c
microcode_amd.c x86, microcode, AMD: Add support for family 16h processors 2012-11-20 22:23:28 -08:00
microcode_core.c Merge branch 'x86-microcode-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2012-10-01 11:15:17 -07:00
microcode_intel.c x86, microcode: Add a refresh firmware flag to ->request_microcode_fw 2012-08-22 16:15:58 -07:00
mmconf-fam10h_64.c
module.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2012-07-24 13:34:56 -07:00
mpparse.c Merge branch 'x86-trampoline-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2012-05-29 20:14:53 -07:00
msr.c x86/msr: Add capabilities check 2013-01-24 17:37:51 +01:00
nmi.c x86: Save cr2 in NMI in case NMIs take a page fault (for i386) 2012-06-08 18:51:12 -04:00
nmi_selftest.c x86/nmi: Clean up register_nmi_handler() usage 2012-06-20 14:23:17 +02:00
paravirt-spinlocks.c
paravirt.c x86, pvops: Remove hooks for {rd,wr}msr_safe_regs 2012-06-07 11:41:08 -07:00
paravirt_patch_32.c
paravirt_patch_64.c
pci-calgary_64.c x86/debug: Add KERN_<LEVEL> to bare printks, convert printks to pr_<level> 2012-06-06 09:17:22 +02:00
pci-dma.c x86/dma-debug: Bump PREALLOC_DMA_DEBUG_ENTRIES 2013-01-24 17:34:18 +01:00
pci-iommu_table.c
pci-nommu.c X86: integrate CMA with DMA-mapping subsystem 2012-05-21 15:09:38 +02:00
pci-swiotlb.c X86 & IA64: adapt for dma_map_ops changes 2012-03-28 16:36:31 +02:00
pcspeaker.c
perf_regs.c perf: Fix off by one test in perf_reg_value() 2012-09-19 17:08:40 +02:00
probe_roms.c x86/pci/probe_roms: Add missing __iomem annotation to pci_map_biosrom() 2012-09-05 10:52:25 +02:00
process.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/signal 2012-12-12 12:22:13 -08:00
process_32.c flagday: don't pass regs to copy_thread() 2012-11-28 23:43:42 -05:00
process_64.c flagday: don't pass regs to copy_thread() 2012-11-28 23:43:42 -05:00
ptrace.c Merge branch 'rcu/next' of git://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu into core/rcu 2012-12-03 06:27:05 +01:00
pvclock.c x86: pvclock: generic pvclock vsyscall initialization 2012-11-27 23:29:09 -02:00
quirks.c X86: drivers: remove __dev* attributes. 2013-01-03 15:57:04 -08:00
reboot.c x86/reboot: Remove quirk entry for SBC FITPC 2012-10-04 12:22:32 +02:00
reboot_fixups_32.c
relocate_kernel_32.S kexec, x86: Fix incorrect jump back address if not preserving context 2011-07-21 11:19:28 +02:00
relocate_kernel_64.S kexec, x86: Fix incorrect jump back address if not preserving context 2011-07-21 11:19:28 +02:00
resource.c
rtc.c x86: Allow tracing of functions in arch/x86/kernel/rtc.c 2012-10-24 13:14:22 +02:00
setup.c x86/Sandy Bridge: Sandy Bridge workaround depends on CONFIG_PCI 2013-01-13 20:58:57 -08:00
setup_percpu.c x86: Add read_mostly declaration/definition to variables from smp.h 2012-06-14 12:42:11 +02:00
signal.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/signal 2012-12-20 18:05:28 -08:00
smp.c x86/reboot: Update nonmi_ipi parameter 2012-05-14 11:49:38 +02:00
smpboot.c Merge branch 'x86-cpu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2012-12-11 19:58:29 -08:00
stacktrace.c x86: Swap save_stack_trace_regs parameters 2011-06-14 22:48:51 -04:00
step.c uprobes/x86: Do not (ab)use TIF_SINGLESTEP/user_*_single_step() for single-stepping 2012-09-15 17:37:30 +02:00
sys_x86_64.c mm: fix cache coloring on x86_64 architecture 2012-12-11 17:22:25 -08:00
syscall_32.c x86, syscall: Re-fix typo in comment 2011-11-18 16:25:07 -08:00
syscall_64.c x32: If configured, add x32 system calls to system call tables 2012-02-20 12:52:06 -08:00
tboot.c Revert "x86-64/efi: Use EFI to deal with platform wall clock (again)" 2012-12-15 15:20:41 -08:00
tce_64.c Disintegrate asm/system.h for X86 2012-03-28 18:11:12 +01:00
test_nx.c
test_rodata.c x86, extable: Remove open-coded exception table entries in arch/x86/kernel/test_rodata.c 2012-04-20 13:51:38 -07:00
time.c MCA: delete all remaining traces of microchannel bus support. 2012-05-17 19:06:13 -04:00
tls.c Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2012-03-29 14:28:26 -07:00
tls.h
topology.c x86, topology: Debug CPU0 hotplug 2012-11-14 15:28:11 -08:00
trace_clock.c tracing,x86: Add a TSC trace_clock 2012-11-13 15:48:27 -05:00
traps.c Merge branch 'x86/nuke386' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2012-12-19 13:02:23 -08:00
tsc.c x86: Allow tracing of functions in arch/x86/kernel/rtc.c 2012-10-24 13:14:22 +02:00
tsc_sync.c x86/tsc: Reduce the TSC sync check time for core-siblings 2012-02-22 11:49:40 +01:00
uprobes.c uprobes/x86: Cleanup the single-stepping code 2012-11-03 17:15:12 +01:00
verify_cpu.S
vm86_32.c thp: change split_huge_page_pmd() interface 2012-12-12 17:38:31 -08:00
vmlinux.lds.S x86, realmode: Move ACPI wakeup to unified realmode code 2012-05-08 11:46:05 -07:00
vsmp_64.c x86/apic/x2apic: Limit the vector reservation to the user specified mask 2012-07-06 11:00:22 +02:00
vsyscall_64.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2012-12-16 15:40:50 -08:00
vsyscall_emu_64.S x86-64: Rework vsyscall emulation and add vsyscall= parameter 2011-08-10 19:26:46 -05:00
vsyscall_trace.h x86-64: Add vsyscall:emulate_vsyscall trace event 2011-08-04 16:13:53 -07:00
x86_init.c x86: xen: Cleanup and remove x86_init.paging.pagetable_setup_done() 2012-09-12 15:33:06 +02:00
x8664_ksyms_64.c ftrace/x86: Add support for -mfentry to x86_64 2012-08-23 11:26:36 -04:00
xsave.c x86, smap: Do not abuse the [f][x]rstor_checking() functions for user space 2012-09-25 15:42:18 -07:00