[PATCH 22/27] Lock down kprobes
Masami Hiramatsu
mhiramat at kernel.org
Tue Mar 26 12:29:57 UTC 2019
On Mon, 25 Mar 2019 15:09:49 -0700
Matthew Garrett <matthewgarrett at google.com> wrote:
> From: David Howells <dhowells at redhat.com>
>
> Disallow the creation of kprobes when the kernel is locked down by
> preventing their registration. This prevents kprobes from being used to
> access kernel memory, either to make modifications or to steal crypto data.
Hmm, if you enforce signature check of modules, those modules
should be allowed to use kprobes?
I think we should introduce some kind of trust inheritance from
signed (trusted) modules.
Thank you,
>
> Reported-by: Alexei Starovoitov <alexei.starovoitov at gmail.com>
> Signed-off-by: David Howells <dhowells at redhat.com>
> Signed-off-by: Matthew Garrett <matthewgarrett at google.com>
> Cc: Naveen N. Rao <naveen.n.rao at linux.ibm.com>
> Cc: Anil S Keshavamurthy <anil.s.keshavamurthy at intel.com>
> Cc: davem at davemloft.net
> Cc: Masami Hiramatsu <mhiramat at kernel.org>
> ---
> kernel/kprobes.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/kernel/kprobes.c b/kernel/kprobes.c
> index f4ddfdd2d07e..6f66cca8e2c6 100644
> --- a/kernel/kprobes.c
> +++ b/kernel/kprobes.c
> @@ -1552,6 +1552,9 @@ int register_kprobe(struct kprobe *p)
> struct module *probed_mod;
> kprobe_opcode_t *addr;
>
> + if (kernel_is_locked_down("Use of kprobes"))
> + return -EPERM;
> +
> /* Adjust probe address from symbol */
> addr = kprobe_addr(p);
> if (IS_ERR(addr))
> --
> 2.21.0.392.gf8f6787159e-goog
>
--
Masami Hiramatsu <mhiramat at kernel.org>
More information about the Linux-security-module-archive
mailing list