On Mon, 25 Mar 2019 15:09:49 -0700 Matthew Garrett <matthewgarr...@google.com> wrote:
> From: David Howells <dhowe...@redhat.com> > > Disallow the creation of kprobes when the kernel is locked down by > preventing their registration. This prevents kprobes from being used to > access kernel memory, either to make modifications or to steal crypto data. Hmm, if you enforce signature check of modules, those modules should be allowed to use kprobes? I think we should introduce some kind of trust inheritance from signed (trusted) modules. Thank you, > > Reported-by: Alexei Starovoitov <alexei.starovoi...@gmail.com> > Signed-off-by: David Howells <dhowe...@redhat.com> > Signed-off-by: Matthew Garrett <matthewgarr...@google.com> > Cc: Naveen N. Rao <naveen.n....@linux.ibm.com> > Cc: Anil S Keshavamurthy <anil.s.keshavamur...@intel.com> > Cc: da...@davemloft.net > Cc: Masami Hiramatsu <mhira...@kernel.org> > --- > kernel/kprobes.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/kernel/kprobes.c b/kernel/kprobes.c > index f4ddfdd2d07e..6f66cca8e2c6 100644 > --- a/kernel/kprobes.c > +++ b/kernel/kprobes.c > @@ -1552,6 +1552,9 @@ int register_kprobe(struct kprobe *p) > struct module *probed_mod; > kprobe_opcode_t *addr; > > + if (kernel_is_locked_down("Use of kprobes")) > + return -EPERM; > + > /* Adjust probe address from symbol */ > addr = kprobe_addr(p); > if (IS_ERR(addr)) > -- > 2.21.0.392.gf8f6787159e-goog > -- Masami Hiramatsu <mhira...@kernel.org>