[PATCH 20/27] x86/mmiotrace: Lock down the testmmiotrace module

[Steven Rostedt]

On Mon, 25 Mar 2019 15:09:47 -0700
Matthew Garrett <matthewgarrett at google.com> wrote:

> From: David Howells <dhowells at redhat.com>
> 
> The testmmiotrace module shouldn't be permitted when the kernel is locked
> down as it can be used to arbitrarily read and write MMIO space.
> 
> Suggested-by: Thomas Gleixner <tglx at linutronix.de>
> Signed-off-by: David Howells <dhowells at redhat.com
> cc: Thomas Gleixner <tglx at linutronix.de>
> cc: Steven Rostedt <rostedt at goodmis.org>
> cc: Ingo Molnar <mingo at kernel.org>
> cc: "H. Peter Anvin" <hpa at zytor.com>
> cc: x86 at kernel.org
> Signed-off-by: Matthew Garrett <matthewgarrett at google.com>
> ---
>  arch/x86/mm/testmmiotrace.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/arch/x86/mm/testmmiotrace.c b/arch/x86/mm/testmmiotrace.c
> index f6ae6830b341..bbaad357f5d7 100644
> --- a/arch/x86/mm/testmmiotrace.c
> +++ b/arch/x86/mm/testmmiotrace.c
> @@ -115,6 +115,9 @@ static int __init init(void)
>  {
>  	unsigned long size = (read_far) ? (8 << 20) : (16 << 10);
>  
> +	if (kernel_is_locked_down("MMIO trace testing"))
> +		return -EPERM;

I wonder if we should take this one step further. As this module is
really just for testing the mmiotracer (and really shouldn't be enabled
by anyone that doesn't know what it's for), why not just add to the Kconfig file

CONFIG_MMIOTRACE_TEST depend on !CONFIG_LOCK_DOWN_KERNEL ?

-- Steve

> +
>  	if (mmio_address == 0) {
>  		pr_err("you have to use the module argument
> mmio_address.\n"); pr_err("DO NOT LOAD THIS MODULE UNLESS YOU REALLY
> KNOW WHAT YOU ARE DOING!\n");