[PATCH 22/27] Lock down kprobes

Matthew Garrett mjg59 at google.com
Tue Mar 26 17:41:23 UTC 2019

On Tue, Mar 26, 2019 at 5:30 AM Masami Hiramatsu <mhiramat at kernel.org> wrote:
> On Mon, 25 Mar 2019 15:09:49 -0700
> Matthew Garrett <matthewgarrett at google.com> wrote:
> > From: David Howells <dhowells at redhat.com>
> >
> > Disallow the creation of kprobes when the kernel is locked down by
> > preventing their registration.  This prevents kprobes from being used to
> > access kernel memory, either to make modifications or to steal crypto data.
> Hmm, if you enforce signature check of modules, those modules
> should be allowed to use kprobes?
> I think we should introduce some kind of trust inheritance from
> signed (trusted) modules.

Is there any way to install a kprobe /without/ it coming from a
module? The presumption in lockdown mode is that module signing is
enforced, so I'll admit to not being entirely clear on why this patch
is needed in that case.

More information about the Linux-security-module-archive mailing list