lockdown: Lock down tracing and perf kprobes when in confidentiality mode
Disallow the creation of perf and ftrace kprobes when the kernel is locked down in confidentiality mode by preventing their registration. This prevents kprobes from being used to access kernel memory to steal crypto data, but continues to allow the use of kprobes from signed modules. Reported-by: Alexei Starovoitov <alexei.starovoitov@gmail.com> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Matthew Garrett <mjg59@google.com> Acked-by: Masami Hiramatsu <mhiramat@kernel.org> Reviewed-by: Kees Cook <keescook@chromium.org> Cc: Naveen N. Rao <naveen.n.rao@linux.ibm.com> Cc: Anil S Keshavamurthy <anil.s.keshavamurthy@intel.com> Cc: davem@davemloft.net Cc: Masami Hiramatsu <mhiramat@kernel.org> Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
parent
02e935bf5b
commit
a94549dd87
|
@ -117,6 +117,7 @@ enum lockdown_reason {
|
||||||
LOCKDOWN_MMIOTRACE,
|
LOCKDOWN_MMIOTRACE,
|
||||||
LOCKDOWN_INTEGRITY_MAX,
|
LOCKDOWN_INTEGRITY_MAX,
|
||||||
LOCKDOWN_KCORE,
|
LOCKDOWN_KCORE,
|
||||||
|
LOCKDOWN_KPROBES,
|
||||||
LOCKDOWN_CONFIDENTIALITY_MAX,
|
LOCKDOWN_CONFIDENTIALITY_MAX,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -11,6 +11,7 @@
|
||||||
#include <linux/uaccess.h>
|
#include <linux/uaccess.h>
|
||||||
#include <linux/rculist.h>
|
#include <linux/rculist.h>
|
||||||
#include <linux/error-injection.h>
|
#include <linux/error-injection.h>
|
||||||
|
#include <linux/security.h>
|
||||||
|
|
||||||
#include "trace_dynevent.h"
|
#include "trace_dynevent.h"
|
||||||
#include "trace_kprobe_selftest.h"
|
#include "trace_kprobe_selftest.h"
|
||||||
|
@ -415,6 +416,10 @@ static int __register_trace_kprobe(struct trace_kprobe *tk)
|
||||||
{
|
{
|
||||||
int i, ret;
|
int i, ret;
|
||||||
|
|
||||||
|
ret = security_locked_down(LOCKDOWN_KPROBES);
|
||||||
|
if (ret)
|
||||||
|
return ret;
|
||||||
|
|
||||||
if (trace_probe_is_registered(&tk->tp))
|
if (trace_probe_is_registered(&tk->tp))
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
|
|
|
@ -32,6 +32,7 @@ static char *lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1] = {
|
||||||
[LOCKDOWN_MMIOTRACE] = "unsafe mmio",
|
[LOCKDOWN_MMIOTRACE] = "unsafe mmio",
|
||||||
[LOCKDOWN_INTEGRITY_MAX] = "integrity",
|
[LOCKDOWN_INTEGRITY_MAX] = "integrity",
|
||||||
[LOCKDOWN_KCORE] = "/proc/kcore access",
|
[LOCKDOWN_KCORE] = "/proc/kcore access",
|
||||||
|
[LOCKDOWN_KPROBES] = "use of kprobes",
|
||||||
[LOCKDOWN_CONFIDENTIALITY_MAX] = "confidentiality",
|
[LOCKDOWN_CONFIDENTIALITY_MAX] = "confidentiality",
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue