From patchwork Mon Mar 25 22:09:49 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Matthew Garrett <matthewgarrett@google.com>
X-Patchwork-Id: 10870203
Return-Path: <linux-security-module-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E43E514DE
	for <patchwork-linux-security-module@patchwork.kernel.org>;
 Mon, 25 Mar 2019 22:11:43 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CD59F28C1D
	for <patchwork-linux-security-module@patchwork.kernel.org>;
 Mon, 25 Mar 2019 22:11:43 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id C078E2905C; Mon, 25 Mar 2019 22:11:43 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-14.5 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI,USER_IN_DEF_DKIM_WL autolearn=ham
	version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6C78E28C1D
	for <patchwork-linux-security-module@patchwork.kernel.org>;
 Mon, 25 Mar 2019 22:11:43 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1730012AbfCYWLh (ORCPT
        <rfc822;patchwork-linux-security-module@patchwork.kernel.org>);
        Mon, 25 Mar 2019 18:11:37 -0400
Received: from mail-pg1-f201.google.com ([209.85.215.201]:40413 "EHLO
        mail-pg1-f201.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1731172AbfCYWK4 (ORCPT
        <rfc822;linux-security-module@vger.kernel.org>);
        Mon, 25 Mar 2019 18:10:56 -0400
Received: by mail-pg1-f201.google.com with SMTP id j184so10353759pgd.7
        for <linux-security-module@vger.kernel.org>;
 Mon, 25 Mar 2019 15:10:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=date:in-reply-to:message-id:mime-version:references:subject:from:to
         :cc;
        bh=naZ0ixtXEBG7XGPLPxcUPIELDdBmoCPAXKyiyaNTZ5I=;
        b=NIjTDHQHLWbBplFeWWC4DRIWlFLcDZNTxuEyxwPxtXI2qmNuqY428e8JBIwylotaIw
         ylsTVVH9P/FOzh/oECPMhER8ShKqU/Oojusg3kQ0yTKZnOETHhFv3numCvnwKRdjEnGD
         ldQasPDsT2jf2buPy6NZeoNpKrdxyERByjj79L1/dagfSJO7099lgFWB8X/duR41w9UC
         iYrE2xAAl5rfRQt3+WS9KdIY0YSiZXF000HvMH83kygW9yVJ8uW4A5jbuDyM8MR7A0ev
         0Lu2sJVrtiBY5OhVpkRQdMIEt56Yv5en0v8UGiq/8udcfKdFC1gxhJxBVvzxDVDZnGAp
         ox6g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:in-reply-to:message-id:mime-version
         :references:subject:from:to:cc;
        bh=naZ0ixtXEBG7XGPLPxcUPIELDdBmoCPAXKyiyaNTZ5I=;
        b=S1KiJGz1TTcp0DSp2VorNX9URZbkCQw7yIeGIFjfcxEJg+Gl266evYW4trKpDCdBtS
         2qkEK3cyjekn12zROCCc8JhR6dno5XGs40BNHWc9v0h5+m7/qxZMbO4VQsjudHNapyXy
         X5OfetYQVIZHmlPCzK9kEfJjvZRvwme/XgWdDRDK9uiKyoUauUVytkcJzVogOjJus0Uy
         N4j2zb8Vhd/W31gdhs3TvOKl25oRKdgbOEeKY0RDMnBlOE2YqXuMFNeX17FXRIDSzqVk
         vO3i1HKkKNPPhZqEaTLBbtJOeRgYMc5NvA5hzGKaFJZ70g4Yh1rUTxVPbi0Aj/Bz2BmP
         un8A==
X-Gm-Message-State: APjAAAWqxBgnUHqXKsRqHeRFaHKBfCiDWNUEcD2aYsFbxSloz55ozyNH
        iF+n0f2FIHaql/0RZy2BXdrPf1Yy+U6+OI7v0v/klw==
X-Google-Smtp-Source: 
 APXvYqzN3xQUlEDfZ5+zFhO3QC8Yq79t0kRhGvrE59XgU2rstOpQfmofhCWF259NyTHdEf0rdfpMm975BTAJIqf8WLZgcQ==
X-Received: by 2002:a63:470a:: with SMTP id u10mr26134869pga.17.1553551855675;
 Mon, 25 Mar 2019 15:10:55 -0700 (PDT)
Date: Mon, 25 Mar 2019 15:09:49 -0700
In-Reply-To: <20190325220954.29054-1-matthewgarrett@google.com>
Message-Id: <20190325220954.29054-23-matthewgarrett@google.com>
Mime-Version: 1.0
References: <20190325220954.29054-1-matthewgarrett@google.com>
X-Mailer: git-send-email 2.21.0.392.gf8f6787159e-goog
Subject: [PATCH 22/27] Lock down kprobes
From: Matthew Garrett <matthewgarrett@google.com>
To: jmorris@namei.org
Cc: linux-security-module@vger.kernel.org,
        linux-kernel@vger.kernel.org, dhowells@redhat.com,
        Alexei Starovoitov <alexei.starovoitov@gmail.com>,
        Matthew Garrett <matthewgarrett@google.com>,
        "Naveen N . Rao" <naveen.n.rao@linux.ibm.com>,
        Anil S Keshavamurthy <anil.s.keshavamurthy@intel.com>,
        davem@davemloft.net, Masami Hiramatsu <mhiramat@kernel.org>
Sender: owner-linux-security-module@vger.kernel.org
Precedence: bulk
List-ID: <linux-security-module.vger.kernel.org>
X-Virus-Scanned: ClamAV using ClamSMTP

From: David Howells <dhowells@redhat.com>

Disallow the creation of kprobes when the kernel is locked down by
preventing their registration.  This prevents kprobes from being used to
access kernel memory, either to make modifications or to steal crypto data.

Reported-by: Alexei Starovoitov <alexei.starovoitov@gmail.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Matthew Garrett <matthewgarrett@google.com>
Cc: Naveen N. Rao <naveen.n.rao@linux.ibm.com>
Cc: Anil S Keshavamurthy <anil.s.keshavamurthy@intel.com>
Cc: davem@davemloft.net
Cc: Masami Hiramatsu <mhiramat@kernel.org>
---
 kernel/kprobes.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/kernel/kprobes.c b/kernel/kprobes.c
index f4ddfdd2d07e..6f66cca8e2c6 100644
--- a/kernel/kprobes.c
+++ b/kernel/kprobes.c
@@ -1552,6 +1552,9 @@ int register_kprobe(struct kprobe *p)
 	struct module *probed_mod;
 	kprobe_opcode_t *addr;
 
+	if (kernel_is_locked_down("Use of kprobes"))
+		return -EPERM;
+
 	/* Adjust probe address from symbol */
 	addr = kprobe_addr(p);
 	if (IS_ERR(addr))