Re: [PATCH 02/27] Add a SysRq option to lift kernel lockdown
Thiago Jung Bauermann wrote: > On non-x86 platforms (tested on powerpc) this fails to build with: > > security/lock_down.c: In function ‘lockdown_lift_sysrq’: > security/lock_down.c:100:40: error: ‘LOCKDOWN_LIFT_KEY’ undeclared (first use > in this function) >lockdown_lift_sysrq_op.help_msg[5] = LOCKDOWN_LIFT_KEY; > ^ > security/lock_down.c:100:40: note: each undeclared identifier is reported > only once for each function it appears in I've added an arch dependency in the Kconfig file in my local branch. I'll try to get it pushed again. David -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 02/27] Add a SysRq option to lift kernel lockdown
Hello David, David Howells writes: > +static struct sysrq_key_op lockdown_lift_sysrq_op = { > + .handler= sysrq_handle_lockdown_lift, > + .help_msg = "unSB(x)", > + .action_msg = "Disabling Secure Boot restrictions", > + .enable_mask= SYSRQ_DISABLE_USERSPACE, > +}; > + > +static int __init lockdown_lift_sysrq(void) > +{ > + if (kernel_locked_down) { > + lockdown_lift_sysrq_op.help_msg[5] = LOCKDOWN_LIFT_KEY; > + register_sysrq_key(LOCKDOWN_LIFT_KEY, &lockdown_lift_sysrq_op); > + } > + return 0; > +} > + > +late_initcall(lockdown_lift_sysrq); > + > +#endif /* CONFIG_ALLOW_LOCKDOWN_LIFT_BY_KEY */ On non-x86 platforms (tested on powerpc) this fails to build with: security/lock_down.c: In function ‘lockdown_lift_sysrq’: security/lock_down.c:100:40: error: ‘LOCKDOWN_LIFT_KEY’ undeclared (first use in this function) lockdown_lift_sysrq_op.help_msg[5] = LOCKDOWN_LIFT_KEY; ^ security/lock_down.c:100:40: note: each undeclared identifier is reported only once for each function it appears in -- Thiago Jung Bauermann IBM Linux Technology Center -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 02/27] Add a SysRq option to lift kernel lockdown
Randy Dunlap wrote: > > +config ALLOW_LOCKDOWN_LIFT > > + bool > > + help > > + Allow the lockdown on a kernel to be lifted, thereby restoring the > > + ability of userspace to access the kernel image (eg. by SysRq+x under > > how about:on > > > + x86). I'll just get rid of this config option, I think - it doesn't make anything available outside of lock_down.c. > > +#ifdef CONFIG_ALLOW_LOCKDOWN_LIFT_BY_KEY > > is that the same as: CONFIG_ALLOW_LOCKDOWN_LIFT_BY_SYSRQ ? > tested? My test machine doesn't have a physical keyboard attached, but you're right. David -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 02/27] Add a SysRq option to lift kernel lockdown
On 10/19/17 07:50, David Howells wrote: > From: Kyle McMartin > > Make an option to provide a sysrq key that will lift the kernel lockdown, > thereby allowing the running kernel image to be accessed and modified. > > On x86_64 this is triggered with SysRq+x, but this key may not be available > on all arches, so it is set by setting LOCKDOWN_LIFT_KEY in asm/setup.h. > > Signed-off-by: Kyle McMartin > Signed-off-by: David Howells > cc: x...@kernel.org > --- > > arch/x86/include/asm/setup.h |2 ++ > drivers/input/misc/uinput.c |1 + > drivers/tty/sysrq.c | 19 +++-- > include/linux/input.h|5 > include/linux/sysrq.h|8 ++- > kernel/debug/kdb/kdb_main.c |2 +- > security/Kconfig | 15 + > security/lock_down.c | 48 > ++ > 8 files changed, 92 insertions(+), 8 deletions(-) > diff --git a/security/Kconfig b/security/Kconfig > index 8e01fd59ae7e..4be6be71e075 100644 > --- a/security/Kconfig > +++ b/security/Kconfig > @@ -213,6 +213,21 @@ config LOCK_DOWN_KERNEL > turns off various features that might otherwise allow access to the > kernel image (eg. setting MSR registers). > > +config ALLOW_LOCKDOWN_LIFT > + bool > + help > + Allow the lockdown on a kernel to be lifted, thereby restoring the > + ability of userspace to access the kernel image (eg. by SysRq+x under how about:on > + x86). > + > +config ALLOW_LOCKDOWN_LIFT_BY_SYSRQ > + bool "Allow the kernel lockdown to be lifted by SysRq" > + depends on MAGIC_SYSRQ > + help > + Allow the lockdown on a kernel to be lifted, by pressing a SysRq key > + combination on a wired keyboard. > + > + > source security/selinux/Kconfig > source security/smack/Kconfig > source security/tomoyo/Kconfig > diff --git a/security/lock_down.c b/security/lock_down.c > index d8595c0e6673..f71118c340d2 100644 > --- a/security/lock_down.c > +++ b/security/lock_down.c > + > +/* > + * Allow lockdown to be lifted by pressing something like SysRq+x (and not by > + * echoing the appropriate letter into the sysrq-trigger file). > + */ > +#ifdef CONFIG_ALLOW_LOCKDOWN_LIFT_BY_KEY is that the same as: CONFIG_ALLOW_LOCKDOWN_LIFT_BY_SYSRQ ? tested? > + > +static void sysrq_handle_lockdown_lift(int key) > +{ > + if (kernel_locked_down) > + lift_kernel_lockdown(); > +} > + > +static struct sysrq_key_op lockdown_lift_sysrq_op = { > + .handler= sysrq_handle_lockdown_lift, > + .help_msg = "unSB(x)", > + .action_msg = "Disabling Secure Boot restrictions", > + .enable_mask= SYSRQ_DISABLE_USERSPACE, > +}; > + > +static int __init lockdown_lift_sysrq(void) > +{ > + if (kernel_locked_down) { > + lockdown_lift_sysrq_op.help_msg[5] = LOCKDOWN_LIFT_KEY; > + register_sysrq_key(LOCKDOWN_LIFT_KEY, &lockdown_lift_sysrq_op); > + } > + return 0; > +} > + > +late_initcall(lockdown_lift_sysrq); > + > +#endif /* CONFIG_ALLOW_LOCKDOWN_LIFT_BY_KEY */ BY_SYSRQ -- ~Randy -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 02/27] Add a SysRq option to lift kernel lockdown
From: Kyle McMartin Make an option to provide a sysrq key that will lift the kernel lockdown, thereby allowing the running kernel image to be accessed and modified. On x86_64 this is triggered with SysRq+x, but this key may not be available on all arches, so it is set by setting LOCKDOWN_LIFT_KEY in asm/setup.h. Signed-off-by: Kyle McMartin Signed-off-by: David Howells cc: x...@kernel.org --- arch/x86/include/asm/setup.h |2 ++ drivers/input/misc/uinput.c |1 + drivers/tty/sysrq.c | 19 +++-- include/linux/input.h|5 include/linux/sysrq.h|8 ++- kernel/debug/kdb/kdb_main.c |2 +- security/Kconfig | 15 + security/lock_down.c | 48 ++ 8 files changed, 92 insertions(+), 8 deletions(-) diff --git a/arch/x86/include/asm/setup.h b/arch/x86/include/asm/setup.h index a65cf544686a..863f77582c09 100644 --- a/arch/x86/include/asm/setup.h +++ b/arch/x86/include/asm/setup.h @@ -8,6 +8,8 @@ #include #include +#define LOCKDOWN_LIFT_KEY 'x' + #ifdef __i386__ #include diff --git a/drivers/input/misc/uinput.c b/drivers/input/misc/uinput.c index 443151de90c6..45a1f5460805 100644 --- a/drivers/input/misc/uinput.c +++ b/drivers/input/misc/uinput.c @@ -408,6 +408,7 @@ static int uinput_allocate_device(struct uinput_device *udev) if (!udev->dev) return -ENOMEM; + udev->dev->flags |= INPUTDEV_FLAGS_SYNTHETIC; udev->dev->event = uinput_dev_event; input_set_drvdata(udev->dev, udev); diff --git a/drivers/tty/sysrq.c b/drivers/tty/sysrq.c index 3ffc1ce29023..8b766dbad6dd 100644 --- a/drivers/tty/sysrq.c +++ b/drivers/tty/sysrq.c @@ -481,6 +481,7 @@ static struct sysrq_key_op *sysrq_key_table[36] = { /* x: May be registered on mips for TLB dump */ /* x: May be registered on ppc/powerpc for xmon */ /* x: May be registered on sparc64 for global PMU dump */ + /* x: May be registered on x86_64 for disabling secure boot */ NULL, /* x */ /* y: May be registered on sparc64 for global register dump */ NULL, /* y */ @@ -524,7 +525,7 @@ static void __sysrq_put_key_op(int key, struct sysrq_key_op *op_p) sysrq_key_table[i] = op_p; } -void __handle_sysrq(int key, bool check_mask) +void __handle_sysrq(int key, unsigned int from) { struct sysrq_key_op *op_p; int orig_log_level; @@ -544,11 +545,15 @@ void __handle_sysrq(int key, bool check_mask) op_p = __sysrq_get_key_op(key); if (op_p) { + /* Ban synthetic events from some sysrq functionality */ + if ((from == SYSRQ_FROM_PROC || from == SYSRQ_FROM_SYNTHETIC) && + op_p->enable_mask & SYSRQ_DISABLE_USERSPACE) + printk("This sysrq operation is disabled from userspace.\n"); /* * Should we check for enabled operations (/proc/sysrq-trigger * should not) and is the invoked operation enabled? */ - if (!check_mask || sysrq_on_mask(op_p->enable_mask)) { + if (from == SYSRQ_FROM_KERNEL || sysrq_on_mask(op_p->enable_mask)) { pr_cont("%s\n", op_p->action_msg); console_loglevel = orig_log_level; op_p->handler(key); @@ -580,7 +585,7 @@ void __handle_sysrq(int key, bool check_mask) void handle_sysrq(int key) { if (sysrq_on()) - __handle_sysrq(key, true); + __handle_sysrq(key, SYSRQ_FROM_KERNEL); } EXPORT_SYMBOL(handle_sysrq); @@ -661,7 +666,7 @@ static void sysrq_do_reset(unsigned long _state) static void sysrq_handle_reset_request(struct sysrq_state *state) { if (state->reset_requested) - __handle_sysrq(sysrq_xlate[KEY_B], false); + __handle_sysrq(sysrq_xlate[KEY_B], SYSRQ_FROM_KERNEL); if (sysrq_reset_downtime_ms) mod_timer(&state->keyreset_timer, @@ -812,8 +817,10 @@ static bool sysrq_handle_keypress(struct sysrq_state *sysrq, default: if (sysrq->active && value && value != 2) { + int from = sysrq->handle.dev->flags & INPUTDEV_FLAGS_SYNTHETIC ? + SYSRQ_FROM_SYNTHETIC : 0; sysrq->need_reinject = false; - __handle_sysrq(sysrq_xlate[code], true); + __handle_sysrq(sysrq_xlate[code], from); } break; } @@ -1097,7 +1104,7 @@ static ssize_t write_sysrq_trigger(struct file *file, const char __user *buf, if (get_user(c, buf)) return -EFAULT; - __handle_sysrq(c, false); + __handle_sysrq(c, SYSRQ_FROM_PROC); } return count; diff --gi