[RFC][PATCH] Lock down kprobes

Masami Hiramatsu mhiramat at kernel.org
Fri Nov 10 01:01:50 UTC 2017


Hi David,

On Thu, 09 Nov 2017 16:52:05 +0000
David Howells <dhowells at redhat.com> wrote:
> 
>     Lock down kprobes
>     
>     Disallow the creation of kprobes when the kernel is locked down by
>     preventing their registration.  This prevents kprobes from being used to
>     access kernel memory, either to make modifications or to steal crypto data.

Is that locked-down flag changed while running the kernel, or
only specified by boot parameter?
If that can happen while running, we have to take care of enabling/disabling
unregistering etc. too.

Thank you,


>     
>     Reported-by: Alexei Starovoitov <alexei.starovoitov at gmail.com>
>     Signed-off-by: David Howells <dhowells at redhat.com>
> 
> diff --git a/kernel/kprobes.c b/kernel/kprobes.c
> index a1606a4224e1..f06023b0936c 100644
> --- a/kernel/kprobes.c
> +++ b/kernel/kprobes.c
> @@ -1530,6 +1530,9 @@ int register_kprobe(struct kprobe *p)
>  	struct module *probed_mod;
>  	kprobe_opcode_t *addr;
>  
> +	if (kernel_is_locked_down("Use of kprobes"))
> +		return -EPERM;
> +
>  	/* Adjust probe address from symbol */
>  	addr = kprobe_addr(p);
>  	if (IS_ERR(addr))


-- 
Masami Hiramatsu <mhiramat at kernel.org>
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html



More information about the Linux-security-module-archive mailing list