On Mon, 25 Mar 2019 15:09:49 -0700
Matthew Garrett <matthewgarr...@google.com> wrote:
> From: David Howells <dhowe...@redhat.com>
>
> Disallow the creation of kprobes when the kernel is locked down by
> preventing their registration. This prevents kprobes from being used to
> access kernel memory, either to make modifications or to steal crypto data.
Hmm, if you enforce signature check of modules, those modules
should be allowed to use kprobes?
I think we should introduce some kind of trust inheritance from
signed (trusted) modules.
Thank you,
>
> Reported-by: Alexei Starovoitov <alexei.starovoi...@gmail.com>
> Signed-off-by: David Howells <dhowe...@redhat.com>
> Signed-off-by: Matthew Garrett <matthewgarr...@google.com>
> Cc: Naveen N. Rao <naveen.n....@linux.ibm.com>
> Cc: Anil S Keshavamurthy <anil.s.keshavamur...@intel.com>
> Cc: da...@davemloft.net
> Cc: Masami Hiramatsu <mhira...@kernel.org>
> ---
> kernel/kprobes.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/kernel/kprobes.c b/kernel/kprobes.c
> index f4ddfdd2d07e..6f66cca8e2c6 100644
> --- a/kernel/kprobes.c
> +++ b/kernel/kprobes.c
> @@ -1552,6 +1552,9 @@ int register_kprobe(struct kprobe *p)
> struct module *probed_mod;
> kprobe_opcode_t *addr;
>
> + if (kernel_is_locked_down("Use of kprobes"))
> + return -EPERM;
> +
> /* Adjust probe address from symbol */
> addr = kprobe_addr(p);
> if (IS_ERR(addr))
> --
> 2.21.0.392.gf8f6787159e-goog
>
--
Masami Hiramatsu <mhira...@kernel.org>
