[PATCH V32 27/27] tracefs: Restrict tracefs when the kernel is locked down
Matthew Garrett
matthewgarrett at google.com
Thu Apr 4 00:32:49 UTC 2019
Tracefs may release more information about the kernel than desirable, so
restrict it when the kernel is locked down in confidentiality mode by
preventing open().
Signed-off-by: Matthew Garrett <mjg59 at google.com>
Cc: Steven Rostedt <rostedt at goodmis.org>
---
fs/tracefs/inode.c | 40 +++++++++++++++++++++++++++++++++++++++-
1 file changed, 39 insertions(+), 1 deletion(-)
diff --git a/fs/tracefs/inode.c b/fs/tracefs/inode.c
index 7098c49f3693..576327ffd9d1 100644
--- a/fs/tracefs/inode.c
+++ b/fs/tracefs/inode.c
@@ -31,6 +31,21 @@ static struct vfsmount *tracefs_mount;
static int tracefs_mount_count;
static bool tracefs_registered;
+static int default_open_file(struct inode *inode, struct file *filp)
+{
+ struct dentry *dentry = filp->f_path.dentry;
+ struct file_operations *real_fops;
+
+ if (!dentry)
+ return -EINVAL;
+
+ if (kernel_is_locked_down("tracefs", LOCKDOWN_CONFIDENTIALITY))
+ return -EPERM;
+
+ real_fops = dentry->d_fsdata;
+ return real_fops->open(inode, filp);
+}
+
static ssize_t default_read_file(struct file *file, char __user *buf,
size_t count, loff_t *ppos)
{
@@ -50,6 +65,13 @@ static const struct file_operations tracefs_file_operations = {
.llseek = noop_llseek,
};
+static const struct file_operations tracefs_proxy_file_operations = {
+ .read = default_read_file,
+ .write = default_write_file,
+ .open = default_open_file,
+ .llseek = noop_llseek,
+};
+
static struct tracefs_dir_ops {
int (*mkdir)(const char *name);
int (*rmdir)(const char *name);
@@ -225,6 +247,12 @@ static int tracefs_apply_options(struct super_block *sb)
return 0;
}
+static void tracefs_destroy_inode(struct inode *inode)
+{
+ if S_ISREG(inode->i_mode)
+ kfree(inode->i_fop);
+}
+
static int tracefs_remount(struct super_block *sb, int *flags, char *data)
{
int err;
@@ -260,6 +288,7 @@ static int tracefs_show_options(struct seq_file *m, struct dentry *root)
static const struct super_operations tracefs_super_operations = {
.statfs = simple_statfs,
+ .destroy_inode = tracefs_destroy_inode,
.remount_fs = tracefs_remount,
.show_options = tracefs_show_options,
};
@@ -393,6 +422,7 @@ struct dentry *tracefs_create_file(const char *name, umode_t mode,
{
struct dentry *dentry;
struct inode *inode;
+ struct file_operations *proxy_fops;
if (!(mode & S_IFMT))
mode |= S_IFREG;
@@ -406,8 +436,16 @@ struct dentry *tracefs_create_file(const char *name, umode_t mode,
if (unlikely(!inode))
return failed_creating(dentry);
+ proxy_fops = kzalloc(sizeof(struct file_operations), GFP_KERNEL);
+ if (!proxy_fops)
+ return failed_creating(dentry);
+
+ dentry->d_fsdata = fops ? (void *)fops :
+ (void *)&tracefs_file_operations;
+ memcpy(proxy_fops, dentry->d_fsdata, sizeof(struct file_operations));
+ proxy_fops->open = default_open_file;
inode->i_mode = mode;
- inode->i_fop = fops ? fops : &tracefs_file_operations;
+ inode->i_fop = proxy_fops;
inode->i_private = data;
d_instantiate(dentry, inode);
fsnotify_create(dentry->d_parent->d_inode, dentry);
--
2.21.0.392.gf8f6787159e-goog
More information about the Linux-security-module-archive
mailing list