From mboxrd@z Thu Jan 1 00:00:00 1970 From: Matthew Garrett Subject: [PATCH V32 21/27] Lock down tracing and perf kprobes when in confidentiality mode Date: Wed, 3 Apr 2019 17:32:43 -0700 Message-ID: <20190404003249.14356-22-matthewgarrett@google.com> References: <20190404003249.14356-1-matthewgarrett@google.com> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Return-path: In-Reply-To: <20190404003249.14356-1-matthewgarrett@google.com> Sender: linux-kernel-owner@vger.kernel.org To: jmorris@namei.org Cc: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, dhowells@redhat.com, linux-api@vger.kernel.org, luto@kernel.org, Alexei Starovoitov , Matthew Garrett , "Naveen N . Rao" , Anil S Keshavamurthy , davem@davemloft.net, Masami Hiramatsu List-Id: linux-api@vger.kernel.org From: David Howells Disallow the creation of perf and ftrace kprobes when the kernel is locked down in confidentiality mode by preventing their registration. This prevents kprobes from being used to access kernel memory to steal crypto data, but continues to allow the use of kprobes from signed modules. Reported-by: Alexei Starovoitov Signed-off-by: David Howells Signed-off-by: Matthew Garrett Cc: Naveen N. Rao Cc: Anil S Keshavamurthy Cc: davem@davemloft.net Cc: Masami Hiramatsu --- kernel/trace/trace_kprobe.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kernel/trace/trace_kprobe.c b/kernel/trace/trace_kprobe.c index d5fb09ebba8b..5c70acd80344 100644 --- a/kernel/trace/trace_kprobe.c +++ b/kernel/trace/trace_kprobe.c @@ -420,6 +420,9 @@ static int __register_trace_kprobe(struct trace_kprobe *tk) { int i, ret; + if (kernel_is_locked_down("Use of kprobes", LOCKDOWN_CONFIDENTIALITY)) + return -EPERM; + if (trace_probe_is_registered(&tk->tp)) return -EINVAL; -- 2.21.0.392.gf8f6787159e-goog