Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp4507565img; Tue, 26 Mar 2019 10:42:28 -0700 (PDT) X-Google-Smtp-Source: APXvYqxyXlj9Tkwurnv6VhnB4dWh9Tmq3rDeVFTK61hHJvCQLYBGFxuAR1Vrd1gfIv+e8eHImO+I X-Received: by 2002:aa7:8615:: with SMTP id p21mr7723555pfn.98.1553622148238; Tue, 26 Mar 2019 10:42:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553622148; cv=none; d=google.com; s=arc-20160816; b=m5SC1QRjw5W9R6e4Efp4kDYTXeEdod9ZSjQY3ip8jBEkhfHsSAPUbei7n7tEhI4ly5 3KoQt+DXm3sgoAar3HwSziDhiaqGo+TWQgt0mQvOZsZRro6r5aMbOT9+7kBHd9AG4RkO sY0TGM78kFfvKDw0p94SW+1BJILyHmERBWU1aB2V7xtrSmqJuD3pIGhCFLk9v1T3uvqi ZT0k8A+KYP1Xfr6LJ1KslTrxm1LbVUWtq5cxn1OJmcJKDUjpX7ZVYhodDxDgyBPCpvRq E0pffH1zlfbIxmqw/AH2t5blicrRbG1DYWaLlekOgdPuQAxhs/f7aew1Db5aTa7gvMeA 1TTA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=fGhk19C79D/Fglm4iu0pJ8zGZlge81gvybMyxqkh4bM=; b=G0uVc0gV9NgHt314r+gbxpYtlr6LOMuppklqRzum3NSGLfnvfpLv4rQiD/rMaafj6P +ZCZkGsXeNE4gDS+hBQdJ0AhZZHJpvE8v1/6Ocq0cXXssazTrxlGr1a9fCzaR5zpIivs 3e7MCW1Mmsy/v5MbKiWrL5CkiHST73DrStinXI0j6WdKPRbhhMN2Ctv1s+1hOKY5CGt/ c5DHu5h+S4fFTmqdEHLm3mqoJ5cO2wcg/FANA6zYN7eFjPVVYUWWB8WaKgIKbKC8enbz CeEuyGELuK60yh5JtLlZcOzPulEOH8JdcbhjnedGbh2H0G9AXlYaFYggZge+V7QVVyvI fBgA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=g2OjfgZD; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x14si5581537pfm.179.2019.03.26.10.42.12; Tue, 26 Mar 2019 10:42:28 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=g2OjfgZD; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731832AbfCZRlg (ORCPT + 99 others); Tue, 26 Mar 2019 13:41:36 -0400 Received: from mail-it1-f196.google.com ([209.85.166.196]:33336 "EHLO mail-it1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729440AbfCZRlg (ORCPT ); Tue, 26 Mar 2019 13:41:36 -0400 Received: by mail-it1-f196.google.com with SMTP id v8so3396943itf.0 for ; Tue, 26 Mar 2019 10:41:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=fGhk19C79D/Fglm4iu0pJ8zGZlge81gvybMyxqkh4bM=; b=g2OjfgZDxc7c9OVnGQTEjyOWL1PlA9/Hg/PkRqv7Qaitsf7bYV4uAtc77HW8Eoq8ZP /sxX0SM2mO3AHkkjSxwFXW+iznPbS8tFddy8xKVFRFbbJ4kC3W2oKr8jPjKvzhWLqKPc wUUybPbiQQPJnpar2Vktx4rO1mtvDJendl69p1LyZf5MOzvVMgsp75Mi3Q+GNfeGCizH Eg/Cr0COb1s7Xd1kl9AsQgj9QVAZ1832m5OISeu57m+9IbayN5oehJfsyW0+yxl8C206 s1jEZQ3fS9SwdP1wdYRP03YB9BoJDER1hcBaAQxMj1r3tVsnnibMlBdXEBIz3a+4n3j1 wLRg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=fGhk19C79D/Fglm4iu0pJ8zGZlge81gvybMyxqkh4bM=; b=PP2uIqEr9+awvyIouta0oc6AC10XRE67bqS8Z9TcExk+mhWVg1OaWyALqAk4wOJydI 6hqilOoDitK5BNOZk3eSuIqfhB07GdeFaH6mPItkmiDacyq0mf9B2A3SbBf9SdnxS21v XPblrwfwe0/f2qRmmXPQ6h3HZLXzKJ3SQSIN+RzsfeaXf2bDKfvkBVzFlIX4tPuzBPVd KhZJ9/lG5LRI+PBcwlovR6tNIJ+5S7PcqXwIjGCdDLVA22qHu1hhfrAs0nYtxuX+NC9X 5NTdMjfuA2gqEeh6IQTbXjBxlb0vBT7lHCelQwpQORHICYKBJ5U9nti5nRwXkLftoh2u cUPg== X-Gm-Message-State: APjAAAWRkZlp6B1ZF7v6O2LeuKaxoCJ5x6vy5WpTUOKdhnPzq/2Z+Bka dcWdE1D3Rkm4x0vv7qyQifLtGQbe1WaBv+0qHhOPiTurS1k= X-Received: by 2002:a02:3d84:: with SMTP id n126mr17158071jan.102.1553622095064; Tue, 26 Mar 2019 10:41:35 -0700 (PDT) MIME-Version: 1.0 References: <20190325220954.29054-1-matthewgarrett@google.com> <20190325220954.29054-23-matthewgarrett@google.com> <20190326212957.f5b518990c14cf21262bfdcc@kernel.org> In-Reply-To: <20190326212957.f5b518990c14cf21262bfdcc@kernel.org> From: Matthew Garrett Date: Tue, 26 Mar 2019 10:41:23 -0700 Message-ID: Subject: Re: [PATCH 22/27] Lock down kprobes To: Masami Hiramatsu Cc: James Morris , LSM List , Linux Kernel Mailing List , David Howells , Alexei Starovoitov , "Naveen N . Rao" , Anil S Keshavamurthy , davem@davemloft.net Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Mar 26, 2019 at 5:30 AM Masami Hiramatsu wrote: > > On Mon, 25 Mar 2019 15:09:49 -0700 > Matthew Garrett wrote: > > > From: David Howells > > > > Disallow the creation of kprobes when the kernel is locked down by > > preventing their registration. This prevents kprobes from being used to > > access kernel memory, either to make modifications or to steal crypto data. > > Hmm, if you enforce signature check of modules, those modules > should be allowed to use kprobes? > I think we should introduce some kind of trust inheritance from > signed (trusted) modules. Is there any way to install a kprobe /without/ it coming from a module? The presumption in lockdown mode is that module signing is enforced, so I'll admit to not being entirely clear on why this patch is needed in that case.