From patchwork Thu Apr 4 00:32:43 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthew Garrett X-Patchwork-Id: 10884663 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 141C1922 for ; Thu, 4 Apr 2019 00:34:35 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id EACB72871E for ; Thu, 4 Apr 2019 00:34:34 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id DB87B28705; Thu, 4 Apr 2019 00:34:34 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-14.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI,USER_IN_DEF_DKIM_WL autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id EA9E728913 for ; Thu, 4 Apr 2019 00:34:32 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726316AbfDDAeb (ORCPT ); Wed, 3 Apr 2019 20:34:31 -0400 Received: from mail-pg1-f202.google.com ([209.85.215.202]:39902 "EHLO mail-pg1-f202.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728523AbfDDAdt (ORCPT ); Wed, 3 Apr 2019 20:33:49 -0400 Received: by mail-pg1-f202.google.com with SMTP id o4so363558pgl.6 for ; Wed, 03 Apr 2019 17:33:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=J18ALo3LueGVhn7lBcFJjxgV6Duc6Nrvg9c6IUw3gFk=; b=f4X9nbNHfY4KPoiY2rsTDeZzZS0xVYDSJh48T/INc5xcxO6l06XtPToGB5Yf4apcsF QO9MOn/GG22R7EaKsFZ5VoOMO2fyeDZ2nLv5NFyTUIcChYQg+eLUp5gALnVlBXrYfTQp RPpFDlg7gyi/RfbU/aUNdvCAMzBbq4Ux9qoL8qcq3qckUGaWWU5ehr//0EPmpZuM51fH rEXxgeXSu9SkJgqz7FnM2j66Vm7PfIenJp7rjiBnINO41wb0GMcbfQdm+vCGGxCVXqra UAy733GzeE5eTRjvF98IFUyGNKiT5Sa5nKXo2vH8rdjB/GkvJoZbfYLJS/M4g3VQ751b SkEg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=J18ALo3LueGVhn7lBcFJjxgV6Duc6Nrvg9c6IUw3gFk=; b=bIkbR14gcxFDSqoCrVqfXN8PzP37nQyEDNdX+qJnpbavDl8NGwY34ly0N/J1Te1/MS xGn0b9NaqR3vz2aej6ODFgB1q5BJCM20nt62X5d+q+Q3pE4Ukv9QWy95B5qtwZFN6LS5 Aw+TLg50U7LvQ330s1rx11gPt4E8UctbzS4bD7NLOTXBZ6GNDflFh7CCNcRvBcyQhJgG MejzjY7WifWTh9V3uBJ36kw/mP/ZV7CrGlwSHZ1/jl7qXNfvw0+ymTE08U0QDfKs9VZ4 vE0fIwfy774Y/c/6KHRF5vZVc1AHjNy7m3iJ8gJwh38SlwE3v1QyBJx/FGpUj5VKOoAm 6Vxw== X-Gm-Message-State: APjAAAWz8357AIARxialBX2coLrXyPbP8c7qoKQyltLlU0Bm8i6wUbwr +99ODc4iwRhi3Pyu3znOgpCHOwBD6z2KqWSalsuMTw== X-Google-Smtp-Source: APXvYqz4j3QeuhcSeCpssrYno1HhWQWSUHEQbxzBBQkzAYaBEuGhtUI12IUFX6VGtthFChJDwz6dBYHGr0vkhfKiuAft8A== X-Received: by 2002:a65:6483:: with SMTP id e3mr60177pgv.12.1554338028850; Wed, 03 Apr 2019 17:33:48 -0700 (PDT) Date: Wed, 3 Apr 2019 17:32:43 -0700 In-Reply-To: <20190404003249.14356-1-matthewgarrett@google.com> Message-Id: <20190404003249.14356-22-matthewgarrett@google.com> Mime-Version: 1.0 References: <20190404003249.14356-1-matthewgarrett@google.com> X-Mailer: git-send-email 2.21.0.392.gf8f6787159e-goog Subject: [PATCH V32 21/27] Lock down tracing and perf kprobes when in confidentiality mode From: Matthew Garrett To: jmorris@namei.org Cc: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, dhowells@redhat.com, linux-api@vger.kernel.org, luto@kernel.org, Alexei Starovoitov , Matthew Garrett , "Naveen N . Rao" , Anil S Keshavamurthy , davem@davemloft.net, Masami Hiramatsu Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: David Howells Disallow the creation of perf and ftrace kprobes when the kernel is locked down in confidentiality mode by preventing their registration. This prevents kprobes from being used to access kernel memory to steal crypto data, but continues to allow the use of kprobes from signed modules. Reported-by: Alexei Starovoitov Signed-off-by: David Howells Signed-off-by: Matthew Garrett Cc: Naveen N. Rao Cc: Anil S Keshavamurthy Cc: davem@davemloft.net Cc: Masami Hiramatsu --- kernel/trace/trace_kprobe.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kernel/trace/trace_kprobe.c b/kernel/trace/trace_kprobe.c index d5fb09ebba8b..5c70acd80344 100644 --- a/kernel/trace/trace_kprobe.c +++ b/kernel/trace/trace_kprobe.c @@ -420,6 +420,9 @@ static int __register_trace_kprobe(struct trace_kprobe *tk) { int i, ret; + if (kernel_is_locked_down("Use of kprobes", LOCKDOWN_CONFIDENTIALITY)) + return -EPERM; + if (trace_probe_is_registered(&tk->tp)) return -EINVAL;