Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp3716300img;
        Mon, 25 Mar 2019 16:37:08 -0700 (PDT)
X-Google-Smtp-Source: APXvYqy8pJ976U03LKgqvcJIo+QVJgmoGO02k7ZeD6OY5Hi/Vy+K0jdslHfwFbEAnedXWOBFToBC
X-Received: by 2002:a17:902:9a83:: with SMTP id w3mr27980945plp.137.1553557028286;
        Mon, 25 Mar 2019 16:37:08 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1553557028; cv=none;
        d=google.com; s=arc-20160816;
        b=EInFG3wC9Oor30DvCBFPU0UJLYIsUHnFaYuTcJF8yuiN0yd5RtGFgYWdfbpQJxsG4S
         W/PbfnaTMGWaCHkL+N9Rg8ZxJ9ZmWcpdclny2qUUEpshuSV9wk7N9SiP4stwW1nfkVea
         njaGYtEl8K0rFXqo8Tu447Ah4S8oqoBtR7BBQeXGjro+ScWG7o2Cb5JJsB8FqxB7zOhd
         hZngJ3tTH4Nl8de1fL/+Qe7lbRVUbtXSSHOD4YAlyNMfpZxo+j49lbT2348TPfCIpU6J
         a2C9hZqVPecNO18Jm+MW1yA4k2hoX1X0kzfuQ0V4uYkppR1a6quQXs4r249KJCXesaSe
         sVvQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:subject:cc:to:from:date;
        bh=l3ZK8Y/ceiVdbsEzIyy6nNWTda+Hjs/BNqKLN6N5te4=;
        b=Zj/rYAtxUfSHK90bVktEV67StWh8qP7Gieh3++4HcVhRPYTUjHEGbXbfuXSKLjSe/J
         iCLQd5mMkm8Eyt4ypvjos4Tw/59HacODIfUmUVLd1zcpmJvxeEDovbMzpMcU9JKZosfu
         vs+mnyQMUwKcXI8a8We4/fTbpwlZstAiYFlftKFxZR5YvflIb6qqTSQSBPdVeL0cBXBM
         LOmK+/m4dAAQDu0CZ1CuM9fK4QXUweMBG4bz08qLJEfpEjKxVt/RsfIycFENJTQjwCKN
         fgomcddIItLR580Z1ABk01bO4qVChFywG2NEglhT+UY08LpvWuKwcNeIVQKfamHEZZ/U
         qSaA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id y66si14888672pgy.34.2019.03.25.16.36.53;
        Mon, 25 Mar 2019 16:37:08 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1730195AbfCYXfy (ORCPT <rfc822;ablacktshirt@gmail.com>
        + 99 others); Mon, 25 Mar 2019 19:35:54 -0400
Received: from mail.kernel.org ([198.145.29.99]:48012 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726061AbfCYXfy (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 25 Mar 2019 19:35:54 -0400
Received: from oasis.local.home (cpe-66-24-58-225.stny.res.rr.com [66.24.58.225])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 66FD0207DD;
        Mon, 25 Mar 2019 23:35:52 +0000 (UTC)
Date:   Mon, 25 Mar 2019 19:35:50 -0400
From:   Steven Rostedt <rostedt@goodmis.org>
To:     Matthew Garrett <matthewgarrett@google.com>
Cc:     jmorris@namei.org, linux-security-module@vger.kernel.org,
        linux-kernel@vger.kernel.org, dhowells@redhat.com,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@kernel.org>,
        "H. Peter Anvin" <hpa@zytor.com>, x86@kernel.org
Subject: Re: [PATCH 20/27] x86/mmiotrace: Lock down the testmmiotrace module
Message-ID: <20190325193550.00cbbff6@oasis.local.home>
In-Reply-To: <20190325220954.29054-21-matthewgarrett@google.com>
References: <20190325220954.29054-1-matthewgarrett@google.com>
        <20190325220954.29054-21-matthewgarrett@google.com>
X-Mailer: Claws Mail 3.17.3 (GTK+ 2.24.32; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, 25 Mar 2019 15:09:47 -0700
Matthew Garrett <matthewgarrett@google.com> wrote:

> From: David Howells <dhowells@redhat.com>
> 
> The testmmiotrace module shouldn't be permitted when the kernel is locked
> down as it can be used to arbitrarily read and write MMIO space.
> 
> Suggested-by: Thomas Gleixner <tglx@linutronix.de>
> Signed-off-by: David Howells <dhowells@redhat.com
> cc: Thomas Gleixner <tglx@linutronix.de>
> cc: Steven Rostedt <rostedt@goodmis.org>
> cc: Ingo Molnar <mingo@kernel.org>
> cc: "H. Peter Anvin" <hpa@zytor.com>
> cc: x86@kernel.org
> Signed-off-by: Matthew Garrett <matthewgarrett@google.com>
> ---
>  arch/x86/mm/testmmiotrace.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/arch/x86/mm/testmmiotrace.c b/arch/x86/mm/testmmiotrace.c
> index f6ae6830b341..bbaad357f5d7 100644
> --- a/arch/x86/mm/testmmiotrace.c
> +++ b/arch/x86/mm/testmmiotrace.c
> @@ -115,6 +115,9 @@ static int __init init(void)
>  {
>  	unsigned long size = (read_far) ? (8 << 20) : (16 << 10);
>  
> +	if (kernel_is_locked_down("MMIO trace testing"))
> +		return -EPERM;

I wonder if we should take this one step further. As this module is
really just for testing the mmiotracer (and really shouldn't be enabled
by anyone that doesn't know what it's for), why not just add to the Kconfig file

CONFIG_MMIOTRACE_TEST depend on !CONFIG_LOCK_DOWN_KERNEL ?

-- Steve

> +
>  	if (mmio_address == 0) {
>  		pr_err("you have to use the module argument
> mmio_address.\n"); pr_err("DO NOT LOAD THIS MODULE UNLESS YOU REALLY
> KNOW WHAT YOU ARE DOING!\n");