Commit a94549dd authored by David Howells's avatar David Howells Committed by James Morris

lockdown: Lock down tracing and perf kprobes when in confidentiality mode

Disallow the creation of perf and ftrace kprobes when the kernel is
locked down in confidentiality mode by preventing their registration.
This prevents kprobes from being used to access kernel memory to steal
crypto data, but continues to allow the use of kprobes from signed
modules.
Reported-by: default avatarAlexei Starovoitov <alexei.starovoitov@gmail.com>
Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
Signed-off-by: default avatarMatthew Garrett <mjg59@google.com>
Acked-by: default avatarMasami Hiramatsu <mhiramat@kernel.org>
Reviewed-by: default avatarKees Cook <keescook@chromium.org>
Cc: Naveen N. Rao <naveen.n.rao@linux.ibm.com>
Cc: Anil S Keshavamurthy <anil.s.keshavamurthy@intel.com>
Cc: davem@davemloft.net
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent 02e935bf
...@@ -117,6 +117,7 @@ enum lockdown_reason { ...@@ -117,6 +117,7 @@ enum lockdown_reason {
LOCKDOWN_MMIOTRACE, LOCKDOWN_MMIOTRACE,
LOCKDOWN_INTEGRITY_MAX, LOCKDOWN_INTEGRITY_MAX,
LOCKDOWN_KCORE, LOCKDOWN_KCORE,
LOCKDOWN_KPROBES,
LOCKDOWN_CONFIDENTIALITY_MAX, LOCKDOWN_CONFIDENTIALITY_MAX,
}; };
......
...@@ -11,6 +11,7 @@ ...@@ -11,6 +11,7 @@
#include <linux/uaccess.h> #include <linux/uaccess.h>
#include <linux/rculist.h> #include <linux/rculist.h>
#include <linux/error-injection.h> #include <linux/error-injection.h>
#include <linux/security.h>
#include "trace_dynevent.h" #include "trace_dynevent.h"
#include "trace_kprobe_selftest.h" #include "trace_kprobe_selftest.h"
...@@ -415,6 +416,10 @@ static int __register_trace_kprobe(struct trace_kprobe *tk) ...@@ -415,6 +416,10 @@ static int __register_trace_kprobe(struct trace_kprobe *tk)
{ {
int i, ret; int i, ret;
ret = security_locked_down(LOCKDOWN_KPROBES);
if (ret)
return ret;
if (trace_probe_is_registered(&tk->tp)) if (trace_probe_is_registered(&tk->tp))
return -EINVAL; return -EINVAL;
......
...@@ -32,6 +32,7 @@ static char *lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1] = { ...@@ -32,6 +32,7 @@ static char *lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1] = {
[LOCKDOWN_MMIOTRACE] = "unsafe mmio", [LOCKDOWN_MMIOTRACE] = "unsafe mmio",
[LOCKDOWN_INTEGRITY_MAX] = "integrity", [LOCKDOWN_INTEGRITY_MAX] = "integrity",
[LOCKDOWN_KCORE] = "/proc/kcore access", [LOCKDOWN_KCORE] = "/proc/kcore access",
[LOCKDOWN_KPROBES] = "use of kprobes",
[LOCKDOWN_CONFIDENTIALITY_MAX] = "confidentiality", [LOCKDOWN_CONFIDENTIALITY_MAX] = "confidentiality",
}; };
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment