diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2017-05-11 05:13:03 +0300 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2017-05-11 05:13:03 +0300 |
commit | 291b38a7565b41676cafd1b4052315a94d9c8977 (patch) | |
tree | 876251a73901865110c8d0d048cf379b8a6ff0e4 /drivers/tty | |
parent | b5a53b61a2890ec08f404f524c1c42aa86f09be4 (diff) | |
parent | 6192c41fc608b0a58d5540b015aa1672c266f3c5 (diff) | |
download | linux-291b38a7565b41676cafd1b4052315a94d9c8977.tar.xz |
Merge tag 'hwparam-20170420' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs
Pull hw lockdown support from David Howells:
"Annotation of module parameters that configure hardware resources
including ioports, iomem addresses, irq lines and dma channels.
This allows a future patch to prohibit the use of such module
parameters to prevent that hardware from being abused to gain access
to the running kernel image as part of locking the kernel down under
UEFI secure boot conditions.
Annotations are made by changing:
module_param(n, t, p)
module_param_named(n, v, t, p)
module_param_array(n, t, m, p)
to:
module_param_hw(n, t, hwtype, p)
module_param_hw_named(n, v, t, hwtype, p)
module_param_hw_array(n, t, hwtype, m, p)
where the module parameter refers to a hardware setting
hwtype specifies the type of the resource being configured. This can
be one of:
ioport Module parameter configures an I/O port
iomem Module parameter configures an I/O mem address
ioport_or_iomem Module parameter could be either (runtime set)
irq Module parameter configures an I/O port
dma Module parameter configures a DMA channel
dma_addr Module parameter configures a DMA buffer address
other Module parameter configures some other value
Note that the hwtype is compile checked, but not currently stored (the
lockdown code probably won't require it). It is, however, there for
future use.
A bonus is that the hwtype can also be used for grepping.
The intention is for the kernel to ignore or reject attempts to set
annotated module parameters if lockdown is enabled. This applies to
options passed on the boot command line, passed to insmod/modprobe or
direct twiddling in /sys/module/ parameter files.
The module initialisation then needs to handle the parameter not being
set, by (1) giving an error, (2) probing for a value or (3) using a
reasonable default.
What I can't do is just reject a module out of hand because it may
take a hardware setting in the module parameters. Some important
modules, some ipmi stuff for instance, both probe for hardware and
allow hardware to be manually specified; if the driver is aborts with
any error, you don't get any ipmi hardware.
Further, trying to do this entirely in the module initialisation code
doesn't protect against sysfs twiddling.
[!] Note that in and of itself, this series of patches should have no
effect on the the size of the kernel or code execution - that is
left to a patch in the next series to effect. It does mark
annotated kernel parameters with a KERNEL_PARAM_FL_HWPARAM flag in
an already existing field"
* tag 'hwparam-20170420' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs: (38 commits)
Annotate hardware config module parameters in sound/pci/
Annotate hardware config module parameters in sound/oss/
Annotate hardware config module parameters in sound/isa/
Annotate hardware config module parameters in sound/drivers/
Annotate hardware config module parameters in fs/pstore/
Annotate hardware config module parameters in drivers/watchdog/
Annotate hardware config module parameters in drivers/video/
Annotate hardware config module parameters in drivers/tty/
Annotate hardware config module parameters in drivers/staging/vme/
Annotate hardware config module parameters in drivers/staging/speakup/
Annotate hardware config module parameters in drivers/staging/media/
Annotate hardware config module parameters in drivers/scsi/
Annotate hardware config module parameters in drivers/pcmcia/
Annotate hardware config module parameters in drivers/pci/hotplug/
Annotate hardware config module parameters in drivers/parport/
Annotate hardware config module parameters in drivers/net/wireless/
Annotate hardware config module parameters in drivers/net/wan/
Annotate hardware config module parameters in drivers/net/irda/
Annotate hardware config module parameters in drivers/net/hamradio/
Annotate hardware config module parameters in drivers/net/ethernet/
...
Diffstat (limited to 'drivers/tty')
-rw-r--r-- | drivers/tty/cyclades.c | 4 | ||||
-rw-r--r-- | drivers/tty/moxa.c | 2 | ||||
-rw-r--r-- | drivers/tty/mxser.c | 2 | ||||
-rw-r--r-- | drivers/tty/rocket.c | 10 | ||||
-rw-r--r-- | drivers/tty/serial/8250/8250_core.c | 4 | ||||
-rw-r--r-- | drivers/tty/synclink.c | 6 |
6 files changed, 14 insertions, 14 deletions
diff --git a/drivers/tty/cyclades.c b/drivers/tty/cyclades.c index 5e4fa9206861..104f09c58163 100644 --- a/drivers/tty/cyclades.c +++ b/drivers/tty/cyclades.c @@ -156,8 +156,8 @@ static unsigned int cy_isa_addresses[] = { static long maddr[NR_CARDS]; static int irq[NR_CARDS]; -module_param_array(maddr, long, NULL, 0); -module_param_array(irq, int, NULL, 0); +module_param_hw_array(maddr, long, iomem, NULL, 0); +module_param_hw_array(irq, int, irq, NULL, 0); #endif /* CONFIG_ISA */ diff --git a/drivers/tty/moxa.c b/drivers/tty/moxa.c index 4caf0c3b1f99..3b251f4e5df0 100644 --- a/drivers/tty/moxa.c +++ b/drivers/tty/moxa.c @@ -179,7 +179,7 @@ MODULE_FIRMWARE("c320tunx.cod"); module_param_array(type, uint, NULL, 0); MODULE_PARM_DESC(type, "card type: C218=2, C320=4"); -module_param_array(baseaddr, ulong, NULL, 0); +module_param_hw_array(baseaddr, ulong, ioport, NULL, 0); MODULE_PARM_DESC(baseaddr, "base address"); module_param_array(numports, uint, NULL, 0); MODULE_PARM_DESC(numports, "numports (ignored for C218)"); diff --git a/drivers/tty/mxser.c b/drivers/tty/mxser.c index 7b8f383fb090..8bd6fb6d9391 100644 --- a/drivers/tty/mxser.c +++ b/drivers/tty/mxser.c @@ -183,7 +183,7 @@ static int ttymajor = MXSERMAJOR; MODULE_AUTHOR("Casper Yang"); MODULE_DESCRIPTION("MOXA Smartio/Industio Family Multiport Board Device Driver"); -module_param_array(ioaddr, ulong, NULL, 0); +module_param_hw_array(ioaddr, ulong, ioport, NULL, 0); MODULE_PARM_DESC(ioaddr, "ISA io addresses to look for a moxa board"); module_param(ttymajor, int, 0); MODULE_LICENSE("GPL"); diff --git a/drivers/tty/rocket.c b/drivers/tty/rocket.c index d66c1edd9892..b51a877da986 100644 --- a/drivers/tty/rocket.c +++ b/drivers/tty/rocket.c @@ -250,15 +250,15 @@ static int sReadAiopNumChan(WordIO_t io); MODULE_AUTHOR("Theodore Ts'o"); MODULE_DESCRIPTION("Comtrol RocketPort driver"); -module_param(board1, ulong, 0); +module_param_hw(board1, ulong, ioport, 0); MODULE_PARM_DESC(board1, "I/O port for (ISA) board #1"); -module_param(board2, ulong, 0); +module_param_hw(board2, ulong, ioport, 0); MODULE_PARM_DESC(board2, "I/O port for (ISA) board #2"); -module_param(board3, ulong, 0); +module_param_hw(board3, ulong, ioport, 0); MODULE_PARM_DESC(board3, "I/O port for (ISA) board #3"); -module_param(board4, ulong, 0); +module_param_hw(board4, ulong, ioport, 0); MODULE_PARM_DESC(board4, "I/O port for (ISA) board #4"); -module_param(controller, ulong, 0); +module_param_hw(controller, ulong, ioport, 0); MODULE_PARM_DESC(controller, "I/O port for (ISA) rocketport controller"); module_param(support_low_speed, bool, 0); MODULE_PARM_DESC(support_low_speed, "1 means support 50 baud, 0 means support 460400 baud"); diff --git a/drivers/tty/serial/8250/8250_core.c b/drivers/tty/serial/8250/8250_core.c index 48a07e2f617f..1aab3010fbfa 100644 --- a/drivers/tty/serial/8250/8250_core.c +++ b/drivers/tty/serial/8250/8250_core.c @@ -1191,7 +1191,7 @@ module_exit(serial8250_exit); MODULE_LICENSE("GPL"); MODULE_DESCRIPTION("Generic 8250/16x50 serial driver"); -module_param(share_irqs, uint, 0644); +module_param_hw(share_irqs, uint, other, 0644); MODULE_PARM_DESC(share_irqs, "Share IRQs with other non-8250/16x50 devices (unsafe)"); module_param(nr_uarts, uint, 0644); @@ -1201,7 +1201,7 @@ module_param(skip_txen_test, uint, 0644); MODULE_PARM_DESC(skip_txen_test, "Skip checking for the TXEN bug at init time"); #ifdef CONFIG_SERIAL_8250_RSA -module_param_array(probe_rsa, ulong, &probe_rsa_count, 0444); +module_param_hw_array(probe_rsa, ulong, ioport, &probe_rsa_count, 0444); MODULE_PARM_DESC(probe_rsa, "Probe I/O ports for RSA"); #endif MODULE_ALIAS_CHARDEV_MAJOR(TTY_MAJOR); diff --git a/drivers/tty/synclink.c b/drivers/tty/synclink.c index 657eed82eeb3..a2c308f7d637 100644 --- a/drivers/tty/synclink.c +++ b/drivers/tty/synclink.c @@ -869,9 +869,9 @@ static int txholdbufs[MAX_TOTAL_DEVICES]; module_param(break_on_load, bool, 0); module_param(ttymajor, int, 0); -module_param_array(io, int, NULL, 0); -module_param_array(irq, int, NULL, 0); -module_param_array(dma, int, NULL, 0); +module_param_hw_array(io, int, ioport, NULL, 0); +module_param_hw_array(irq, int, irq, NULL, 0); +module_param_hw_array(dma, int, dma, NULL, 0); module_param(debug_level, int, 0); module_param_array(maxframe, int, NULL, 0); module_param_array(txdmabufs, int, NULL, 0); |