[RFC][PATCH] Lock down kprobes
Masami Hiramatsu
mhiramat at kernel.org
Fri Nov 10 01:01:50 UTC 2017
Hi David,
On Thu, 09 Nov 2017 16:52:05 +0000
David Howells <dhowells at redhat.com> wrote:
>
> Lock down kprobes
>
> Disallow the creation of kprobes when the kernel is locked down by
> preventing their registration. This prevents kprobes from being used to
> access kernel memory, either to make modifications or to steal crypto data.
Is that locked-down flag changed while running the kernel, or
only specified by boot parameter?
If that can happen while running, we have to take care of enabling/disabling
unregistering etc. too.
Thank you,
>
> Reported-by: Alexei Starovoitov <alexei.starovoitov at gmail.com>
> Signed-off-by: David Howells <dhowells at redhat.com>
>
> diff --git a/kernel/kprobes.c b/kernel/kprobes.c
> index a1606a4224e1..f06023b0936c 100644
> --- a/kernel/kprobes.c
> +++ b/kernel/kprobes.c
> @@ -1530,6 +1530,9 @@ int register_kprobe(struct kprobe *p)
> struct module *probed_mod;
> kprobe_opcode_t *addr;
>
> + if (kernel_is_locked_down("Use of kprobes"))
> + return -EPERM;
> +
> /* Adjust probe address from symbol */
> addr = kprobe_addr(p);
> if (IS_ERR(addr))
--
Masami Hiramatsu <mhiramat at kernel.org>
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list