From: Beau Belgrave <beaub@linux.microsoft.com>
To: rostedt@goodmis.org
Cc: keescook@chromium.org, linux-trace-devel@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
beaub@linux.microsoft.com
Subject: [PATCH] user_events: Add trace event call as root for low permission cases
Date: Tue, 8 Mar 2022 14:28:07 -0800 [thread overview]
Message-ID: <20220308222807.2040-1-beaub@linux.microsoft.com> (raw)
Tracefs by default is locked down heavily. System operators can open up
some files, such as user_events to a broader set of users. These users
do not have access within tracefs beyond just the user_event files. Due
to this restriction the trace_add_event_call/remove calls will silently
fail since the caller does not have permissions to create directories.
To fix this trace_add_event_call/remove calls will be issued with
override creds of the global root UID. Creds are reverted immediately
afterward.
Signed-off-by: Beau Belgrave <beaub@linux.microsoft.com>
---
kernel/trace/trace_events_user.c | 39 ++++++++++++++++++++++++++++++--
1 file changed, 37 insertions(+), 2 deletions(-)
diff --git a/kernel/trace/trace_events_user.c b/kernel/trace/trace_events_user.c
index 2b5e9fdb63a0..7dfa83ff2466 100644
--- a/kernel/trace/trace_events_user.c
+++ b/kernel/trace/trace_events_user.c
@@ -557,6 +557,41 @@ static struct trace_event_functions user_event_funcs = {
.trace = user_event_print_trace,
};
+static int user_event_set_call_visible(struct user_event *user, bool visible)
+{
+ int ret;
+ const struct cred *old_cred;
+ struct cred *cred;
+
+ cred = prepare_creds();
+
+ if (!cred)
+ return -ENOMEM;
+
+ /*
+ * While by default tracefs is locked down, systems can be configured
+ * to allow user_event files to be less locked down. The extreme case
+ * being "other" has read/write access to user_events_data/status.
+ *
+ * When not locked down, processes may not have have permissions to
+ * add/remove calls themselves to tracefs. We need to temporarily
+ * switch to root file permission to allow for this scenario.
+ */
+ cred->fsuid = GLOBAL_ROOT_UID;
+
+ old_cred = override_creds(cred);
+
+ if (visible)
+ ret = trace_add_event_call(&user->call);
+ else
+ ret = trace_remove_event_call(&user->call);
+
+ revert_creds(old_cred);
+ put_cred(cred);
+
+ return ret;
+}
+
static int destroy_user_event(struct user_event *user)
{
int ret = 0;
@@ -564,7 +599,7 @@ static int destroy_user_event(struct user_event *user)
/* Must destroy fields before call removal */
user_event_destroy_fields(user);
- ret = trace_remove_event_call(&user->call);
+ ret = user_event_set_call_visible(user, false);
if (ret)
return ret;
@@ -1037,7 +1072,7 @@ static int user_event_trace_register(struct user_event *user)
if (!ret)
return -ENODEV;
- ret = trace_add_event_call(&user->call);
+ ret = user_event_set_call_visible(user, true);
if (ret)
unregister_trace_event(&user->call.event);
base-commit: 864ea0e10cc90416a01b46f0d47a6f26dc020820
--
2.17.1
reply other threads:[~2022-03-08 22:28 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220308222807.2040-1-beaub@linux.microsoft.com \
--to=beaub@linux.microsoft.com \
--cc=keescook@chromium.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-trace-devel@vger.kernel.org \
--cc=rostedt@goodmis.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).