Re: [PATCH 02/27] Add a SysRq option to lift kernel lockdown
Thiago Jung Bauermann wrote: > On non-x86 platforms (tested on powerpc) this fails to build with: > > security/lock_down.c: In function ‘lockdown_lift_sysrq’: > security/lock_down.c:100:40: error: ‘LOCKDOWN_LIFT_KEY’ undeclared (first use > in this function) >lockdown_lift_sysrq_op.help_msg[5] = LOCKDOWN_LIFT_KEY; > ^ > security/lock_down.c:100:40: note: each undeclared identifier is reported > only once for each function it appears in I've added an arch dependency in the Kconfig file in my local branch. I'll try to get it pushed again. David -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 02/27] Add a SysRq option to lift kernel lockdown
Hello David,
David Howells writes:
> +static struct sysrq_key_op lockdown_lift_sysrq_op = {
> + .handler= sysrq_handle_lockdown_lift,
> + .help_msg = "unSB(x)",
> + .action_msg = "Disabling Secure Boot restrictions",
> + .enable_mask= SYSRQ_DISABLE_USERSPACE,
> +};
> +
> +static int __init lockdown_lift_sysrq(void)
> +{
> + if (kernel_locked_down) {
> + lockdown_lift_sysrq_op.help_msg[5] = LOCKDOWN_LIFT_KEY;
> + register_sysrq_key(LOCKDOWN_LIFT_KEY, &lockdown_lift_sysrq_op);
> + }
> + return 0;
> +}
> +
> +late_initcall(lockdown_lift_sysrq);
> +
> +#endif /* CONFIG_ALLOW_LOCKDOWN_LIFT_BY_KEY */
On non-x86 platforms (tested on powerpc) this fails to build with:
security/lock_down.c: In function ‘lockdown_lift_sysrq’:
security/lock_down.c:100:40: error: ‘LOCKDOWN_LIFT_KEY’ undeclared (first use
in this function)
lockdown_lift_sysrq_op.help_msg[5] = LOCKDOWN_LIFT_KEY;
^
security/lock_down.c:100:40: note: each undeclared identifier is reported only
once for each function it appears in
--
Thiago Jung Bauermann
IBM Linux Technology Center
--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 02/27] Add a SysRq option to lift kernel lockdown
Randy Dunlap wrote: > > +config ALLOW_LOCKDOWN_LIFT > > + bool > > + help > > + Allow the lockdown on a kernel to be lifted, thereby restoring the > > + ability of userspace to access the kernel image (eg. by SysRq+x under > > how about:on > > > + x86). I'll just get rid of this config option, I think - it doesn't make anything available outside of lock_down.c. > > +#ifdef CONFIG_ALLOW_LOCKDOWN_LIFT_BY_KEY > > is that the same as: CONFIG_ALLOW_LOCKDOWN_LIFT_BY_SYSRQ ? > tested? My test machine doesn't have a physical keyboard attached, but you're right. David -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 02/27] Add a SysRq option to lift kernel lockdown
On 10/19/17 07:50, David Howells wrote:
> From: Kyle McMartin
>
> Make an option to provide a sysrq key that will lift the kernel lockdown,
> thereby allowing the running kernel image to be accessed and modified.
>
> On x86_64 this is triggered with SysRq+x, but this key may not be available
> on all arches, so it is set by setting LOCKDOWN_LIFT_KEY in asm/setup.h.
>
> Signed-off-by: Kyle McMartin
> Signed-off-by: David Howells
> cc: x...@kernel.org
> ---
>
> arch/x86/include/asm/setup.h |2 ++
> drivers/input/misc/uinput.c |1 +
> drivers/tty/sysrq.c | 19 +++--
> include/linux/input.h|5
> include/linux/sysrq.h|8 ++-
> kernel/debug/kdb/kdb_main.c |2 +-
> security/Kconfig | 15 +
> security/lock_down.c | 48
> ++
> 8 files changed, 92 insertions(+), 8 deletions(-)
> diff --git a/security/Kconfig b/security/Kconfig
> index 8e01fd59ae7e..4be6be71e075 100644
> --- a/security/Kconfig
> +++ b/security/Kconfig
> @@ -213,6 +213,21 @@ config LOCK_DOWN_KERNEL
> turns off various features that might otherwise allow access to the
> kernel image (eg. setting MSR registers).
>
> +config ALLOW_LOCKDOWN_LIFT
> + bool
> + help
> + Allow the lockdown on a kernel to be lifted, thereby restoring the
> + ability of userspace to access the kernel image (eg. by SysRq+x under
how about:on
> + x86).
> +
> +config ALLOW_LOCKDOWN_LIFT_BY_SYSRQ
> + bool "Allow the kernel lockdown to be lifted by SysRq"
> + depends on MAGIC_SYSRQ
> + help
> + Allow the lockdown on a kernel to be lifted, by pressing a SysRq key
> + combination on a wired keyboard.
> +
> +
> source security/selinux/Kconfig
> source security/smack/Kconfig
> source security/tomoyo/Kconfig
> diff --git a/security/lock_down.c b/security/lock_down.c
> index d8595c0e6673..f71118c340d2 100644
> --- a/security/lock_down.c
> +++ b/security/lock_down.c
> +
> +/*
> + * Allow lockdown to be lifted by pressing something like SysRq+x (and not by
> + * echoing the appropriate letter into the sysrq-trigger file).
> + */
> +#ifdef CONFIG_ALLOW_LOCKDOWN_LIFT_BY_KEY
is that the same as: CONFIG_ALLOW_LOCKDOWN_LIFT_BY_SYSRQ ?
tested?
> +
> +static void sysrq_handle_lockdown_lift(int key)
> +{
> + if (kernel_locked_down)
> + lift_kernel_lockdown();
> +}
> +
> +static struct sysrq_key_op lockdown_lift_sysrq_op = {
> + .handler= sysrq_handle_lockdown_lift,
> + .help_msg = "unSB(x)",
> + .action_msg = "Disabling Secure Boot restrictions",
> + .enable_mask= SYSRQ_DISABLE_USERSPACE,
> +};
> +
> +static int __init lockdown_lift_sysrq(void)
> +{
> + if (kernel_locked_down) {
> + lockdown_lift_sysrq_op.help_msg[5] = LOCKDOWN_LIFT_KEY;
> + register_sysrq_key(LOCKDOWN_LIFT_KEY, &lockdown_lift_sysrq_op);
> + }
> + return 0;
> +}
> +
> +late_initcall(lockdown_lift_sysrq);
> +
> +#endif /* CONFIG_ALLOW_LOCKDOWN_LIFT_BY_KEY */
BY_SYSRQ
--
~Randy
--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 02/27] Add a SysRq option to lift kernel lockdown
From: Kyle McMartin
Make an option to provide a sysrq key that will lift the kernel lockdown,
thereby allowing the running kernel image to be accessed and modified.
On x86_64 this is triggered with SysRq+x, but this key may not be available
on all arches, so it is set by setting LOCKDOWN_LIFT_KEY in asm/setup.h.
Signed-off-by: Kyle McMartin
Signed-off-by: David Howells
cc: x...@kernel.org
---
arch/x86/include/asm/setup.h |2 ++
drivers/input/misc/uinput.c |1 +
drivers/tty/sysrq.c | 19 +++--
include/linux/input.h|5
include/linux/sysrq.h|8 ++-
kernel/debug/kdb/kdb_main.c |2 +-
security/Kconfig | 15 +
security/lock_down.c | 48 ++
8 files changed, 92 insertions(+), 8 deletions(-)
diff --git a/arch/x86/include/asm/setup.h b/arch/x86/include/asm/setup.h
index a65cf544686a..863f77582c09 100644
--- a/arch/x86/include/asm/setup.h
+++ b/arch/x86/include/asm/setup.h
@@ -8,6 +8,8 @@
#include
#include
+#define LOCKDOWN_LIFT_KEY 'x'
+
#ifdef __i386__
#include
diff --git a/drivers/input/misc/uinput.c b/drivers/input/misc/uinput.c
index 443151de90c6..45a1f5460805 100644
--- a/drivers/input/misc/uinput.c
+++ b/drivers/input/misc/uinput.c
@@ -408,6 +408,7 @@ static int uinput_allocate_device(struct uinput_device
*udev)
if (!udev->dev)
return -ENOMEM;
+ udev->dev->flags |= INPUTDEV_FLAGS_SYNTHETIC;
udev->dev->event = uinput_dev_event;
input_set_drvdata(udev->dev, udev);
diff --git a/drivers/tty/sysrq.c b/drivers/tty/sysrq.c
index 3ffc1ce29023..8b766dbad6dd 100644
--- a/drivers/tty/sysrq.c
+++ b/drivers/tty/sysrq.c
@@ -481,6 +481,7 @@ static struct sysrq_key_op *sysrq_key_table[36] = {
/* x: May be registered on mips for TLB dump */
/* x: May be registered on ppc/powerpc for xmon */
/* x: May be registered on sparc64 for global PMU dump */
+ /* x: May be registered on x86_64 for disabling secure boot */
NULL, /* x */
/* y: May be registered on sparc64 for global register dump */
NULL, /* y */
@@ -524,7 +525,7 @@ static void __sysrq_put_key_op(int key, struct sysrq_key_op
*op_p)
sysrq_key_table[i] = op_p;
}
-void __handle_sysrq(int key, bool check_mask)
+void __handle_sysrq(int key, unsigned int from)
{
struct sysrq_key_op *op_p;
int orig_log_level;
@@ -544,11 +545,15 @@ void __handle_sysrq(int key, bool check_mask)
op_p = __sysrq_get_key_op(key);
if (op_p) {
+ /* Ban synthetic events from some sysrq functionality */
+ if ((from == SYSRQ_FROM_PROC || from == SYSRQ_FROM_SYNTHETIC) &&
+ op_p->enable_mask & SYSRQ_DISABLE_USERSPACE)
+ printk("This sysrq operation is disabled from
userspace.\n");
/*
* Should we check for enabled operations (/proc/sysrq-trigger
* should not) and is the invoked operation enabled?
*/
- if (!check_mask || sysrq_on_mask(op_p->enable_mask)) {
+ if (from == SYSRQ_FROM_KERNEL ||
sysrq_on_mask(op_p->enable_mask)) {
pr_cont("%s\n", op_p->action_msg);
console_loglevel = orig_log_level;
op_p->handler(key);
@@ -580,7 +585,7 @@ void __handle_sysrq(int key, bool check_mask)
void handle_sysrq(int key)
{
if (sysrq_on())
- __handle_sysrq(key, true);
+ __handle_sysrq(key, SYSRQ_FROM_KERNEL);
}
EXPORT_SYMBOL(handle_sysrq);
@@ -661,7 +666,7 @@ static void sysrq_do_reset(unsigned long _state)
static void sysrq_handle_reset_request(struct sysrq_state *state)
{
if (state->reset_requested)
- __handle_sysrq(sysrq_xlate[KEY_B], false);
+ __handle_sysrq(sysrq_xlate[KEY_B], SYSRQ_FROM_KERNEL);
if (sysrq_reset_downtime_ms)
mod_timer(&state->keyreset_timer,
@@ -812,8 +817,10 @@ static bool sysrq_handle_keypress(struct sysrq_state
*sysrq,
default:
if (sysrq->active && value && value != 2) {
+ int from = sysrq->handle.dev->flags &
INPUTDEV_FLAGS_SYNTHETIC ?
+ SYSRQ_FROM_SYNTHETIC : 0;
sysrq->need_reinject = false;
- __handle_sysrq(sysrq_xlate[code], true);
+ __handle_sysrq(sysrq_xlate[code], from);
}
break;
}
@@ -1097,7 +1104,7 @@ static ssize_t write_sysrq_trigger(struct file *file,
const char __user *buf,
if (get_user(c, buf))
return -EFAULT;
- __handle_sysrq(c, false);
+ __handle_sysrq(c, SYSRQ_FROM_PROC);
}
return count;
diff --gi
