Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp3716300img; Mon, 25 Mar 2019 16:37:08 -0700 (PDT) X-Google-Smtp-Source: APXvYqy8pJ976U03LKgqvcJIo+QVJgmoGO02k7ZeD6OY5Hi/Vy+K0jdslHfwFbEAnedXWOBFToBC X-Received: by 2002:a17:902:9a83:: with SMTP id w3mr27980945plp.137.1553557028286; Mon, 25 Mar 2019 16:37:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553557028; cv=none; d=google.com; s=arc-20160816; b=EInFG3wC9Oor30DvCBFPU0UJLYIsUHnFaYuTcJF8yuiN0yd5RtGFgYWdfbpQJxsG4S W/PbfnaTMGWaCHkL+N9Rg8ZxJ9ZmWcpdclny2qUUEpshuSV9wk7N9SiP4stwW1nfkVea njaGYtEl8K0rFXqo8Tu447Ah4S8oqoBtR7BBQeXGjro+ScWG7o2Cb5JJsB8FqxB7zOhd hZngJ3tTH4Nl8de1fL/+Qe7lbRVUbtXSSHOD4YAlyNMfpZxo+j49lbT2348TPfCIpU6J a2C9hZqVPecNO18Jm+MW1yA4k2hoX1X0kzfuQ0V4uYkppR1a6quQXs4r249KJCXesaSe sVvQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date; bh=l3ZK8Y/ceiVdbsEzIyy6nNWTda+Hjs/BNqKLN6N5te4=; b=Zj/rYAtxUfSHK90bVktEV67StWh8qP7Gieh3++4HcVhRPYTUjHEGbXbfuXSKLjSe/J iCLQd5mMkm8Eyt4ypvjos4Tw/59HacODIfUmUVLd1zcpmJvxeEDovbMzpMcU9JKZosfu vs+mnyQMUwKcXI8a8We4/fTbpwlZstAiYFlftKFxZR5YvflIb6qqTSQSBPdVeL0cBXBM LOmK+/m4dAAQDu0CZ1CuM9fK4QXUweMBG4bz08qLJEfpEjKxVt/RsfIycFENJTQjwCKN fgomcddIItLR580Z1ABk01bO4qVChFywG2NEglhT+UY08LpvWuKwcNeIVQKfamHEZZ/U qSaA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y66si14888672pgy.34.2019.03.25.16.36.53; Mon, 25 Mar 2019 16:37:08 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730195AbfCYXfy (ORCPT + 99 others); Mon, 25 Mar 2019 19:35:54 -0400 Received: from mail.kernel.org ([198.145.29.99]:48012 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726061AbfCYXfy (ORCPT ); Mon, 25 Mar 2019 19:35:54 -0400 Received: from oasis.local.home (cpe-66-24-58-225.stny.res.rr.com [66.24.58.225]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 66FD0207DD; Mon, 25 Mar 2019 23:35:52 +0000 (UTC) Date: Mon, 25 Mar 2019 19:35:50 -0400 From: Steven Rostedt To: Matthew Garrett Cc: jmorris@namei.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, dhowells@redhat.com, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , x86@kernel.org Subject: Re: [PATCH 20/27] x86/mmiotrace: Lock down the testmmiotrace module Message-ID: <20190325193550.00cbbff6@oasis.local.home> In-Reply-To: <20190325220954.29054-21-matthewgarrett@google.com> References: <20190325220954.29054-1-matthewgarrett@google.com> <20190325220954.29054-21-matthewgarrett@google.com> X-Mailer: Claws Mail 3.17.3 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 25 Mar 2019 15:09:47 -0700 Matthew Garrett wrote: > From: David Howells > > The testmmiotrace module shouldn't be permitted when the kernel is locked > down as it can be used to arbitrarily read and write MMIO space. > > Suggested-by: Thomas Gleixner > Signed-off-by: David Howells cc: Thomas Gleixner > cc: Steven Rostedt > cc: Ingo Molnar > cc: "H. Peter Anvin" > cc: x86@kernel.org > Signed-off-by: Matthew Garrett > --- > arch/x86/mm/testmmiotrace.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/arch/x86/mm/testmmiotrace.c b/arch/x86/mm/testmmiotrace.c > index f6ae6830b341..bbaad357f5d7 100644 > --- a/arch/x86/mm/testmmiotrace.c > +++ b/arch/x86/mm/testmmiotrace.c > @@ -115,6 +115,9 @@ static int __init init(void) > { > unsigned long size = (read_far) ? (8 << 20) : (16 << 10); > > + if (kernel_is_locked_down("MMIO trace testing")) > + return -EPERM; I wonder if we should take this one step further. As this module is really just for testing the mmiotracer (and really shouldn't be enabled by anyone that doesn't know what it's for), why not just add to the Kconfig file CONFIG_MMIOTRACE_TEST depend on !CONFIG_LOCK_DOWN_KERNEL ? -- Steve > + > if (mmio_address == 0) { > pr_err("you have to use the module argument > mmio_address.\n"); pr_err("DO NOT LOAD THIS MODULE UNLESS YOU REALLY > KNOW WHAT YOU ARE DOING!\n");