Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp4544908img; Tue, 26 Mar 2019 11:30:20 -0700 (PDT) X-Google-Smtp-Source: APXvYqxDVXmmtdkUUECOA9KBkNmVq6GKm7JzPzmM8i0LvkN6m+nSXZpC0jE0jb92NO3T32JrlHc0 X-Received: by 2002:a62:1cc7:: with SMTP id c190mr9774580pfc.246.1553625020013; Tue, 26 Mar 2019 11:30:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553625020; cv=none; d=google.com; s=arc-20160816; b=HwxQDzE/sNoawqoWrp8JTgabmmW7S44mA67KrT/j1kpMsJx/YyiDlfUFj4Wvhex+aY CBjh2yC+Bwy4oCsQM4sK16kAhwpUXBBWRpd2zIyknCtdmZ58tgRGaOAzKOcG6IoKZiOQ 18VoEpWuklIRVAjkPEL7atMoVed/WiHcmLUselebfMf7hciphh2R/UmhPYFPO36wvEn7 qjmRkBwCUvJhTtR/6+Wf0oc3+XVkDukKC09mG2eCBrI4flF5wbUzR+kU3clT3BxobFZt /l2ew4G/OjbfMdm8/UEIC9GV2s7MmEIKiLXZj40ibMek82jbuOhUVppeUFphVblA0wac D3jg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:from:subject:references :mime-version:message-id:in-reply-to:date:dkim-signature; bh=IoXKM0YaE9Y+1YAYJ3jkE86oI9WuPOYgAsUS7wsInCs=; b=eDTRORjvCByLoAg4QDwd+MWi3XrRZ6rj14DmE0wr9euWGbgMtet/9upOKYvilzk6Gw gCJRsf9UVUYvPWye+ItQXQiTmUQao5Cr6lyMjWfLnYa1HYkOSMCzG2dz4Sl4LYFSNiDm PP8vn6XwaIpDrVxajlNws4sYy1lvxwvigScb2HSTrE4blTihB3nRPeOzRu9kUtyZJwjF q64CrxqSqrCEnRgCwo89WbNCRsvf65iGnhEPx/ffMZaCY8Mqk2/UjHEfhr5GeNHT7XqK 4uCObs9hWWYsnAYb7NPtVcLvob26gx+GaztisiOig08r5NNuXG1PvIFyyV8a1PvaASOm TQxg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=kKv5y01A; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k7si10118232pgq.74.2019.03.26.11.30.05; Tue, 26 Mar 2019 11:30:20 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=kKv5y01A; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732922AbfCZS3F (ORCPT + 99 others); Tue, 26 Mar 2019 14:29:05 -0400 Received: from mail-oi1-f202.google.com ([209.85.167.202]:50515 "EHLO mail-oi1-f202.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732899AbfCZS26 (ORCPT ); Tue, 26 Mar 2019 14:28:58 -0400 Received: by mail-oi1-f202.google.com with SMTP id x125so857811oix.17 for ; Tue, 26 Mar 2019 11:28:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=IoXKM0YaE9Y+1YAYJ3jkE86oI9WuPOYgAsUS7wsInCs=; b=kKv5y01A21+36GWT1D4YyTFV1FMwIxaRgmZ3DkG7OUNg1kOgHEFkifuJwfBADEAl9r UlrestlL5PTDbdz6BL4gJKhnoOiL1vt6dr3ZdGRhdBSNCWdatU+k6Gy8qNWZ8Fgoq+cp kt6JGA6vd9D1HMp1m015CDo9jp4DqGO8Z74WjSl6r2+IwhvaZfdS/iDxhepP7yVB2vYB pZ2hOElr5UfIyrvrEG3cWvVCW8h/vbp0iVdw4EvRzjyGPIHw2gzZ9ejJQczvsuqGkRn4 k3vQ6Ka5ApjuDBzlYiMO2QHGnjvPuRgtounl5Od9RHGDOsC40Fg7QEqqHostyWFT5ZvV VewQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=IoXKM0YaE9Y+1YAYJ3jkE86oI9WuPOYgAsUS7wsInCs=; b=tU35xsIMncbwyZiZQplJVzlDx3b6aDqL3zqkUopK3YZYE0lhMlrQGXZ2dukEWdY8Mt biPO+BEgamIk2MEdehogPgC29xa70oGki53RaIRjT/N3Y6EtiWFPJVksZqrmn7KBT4P6 04AiO/rm03XuzrV65s176n5uMzDSsodZVG8KlTqSdJu6L8SVOVDMCEUmyVqtJbgnPf43 y1FQ+mqwSyWwII9rjSRiqIlJQ1PL1Ye+J+tiER8KSBdAT/2nDqhhEZvt3zDhgJa2AyOZ 0A5ix5eDkpdlSNfJZ/1KTYxlQE0ASH7adByhaMB5esg9YB4Mx3qM+Si6uytCZuj9RTsb bOlA== X-Gm-Message-State: APjAAAXxmlWEyQf9OVd47GVT8NcZOM/hsTJovX/p8kSRCV3skKig7N6v GgFFzgNLiKj96ANqVRzYFFW5bnJFFcTKW4cbtC//4A== X-Received: by 2002:aca:4b56:: with SMTP id y83mr16163700oia.63.1553624937594; Tue, 26 Mar 2019 11:28:57 -0700 (PDT) Date: Tue, 26 Mar 2019 11:27:41 -0700 In-Reply-To: <20190326182742.16950-1-matthewgarrett@google.com> Message-Id: <20190326182742.16950-26-matthewgarrett@google.com> Mime-Version: 1.0 References: <20190326182742.16950-1-matthewgarrett@google.com> X-Mailer: git-send-email 2.21.0.392.gf8f6787159e-goog Subject: [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down From: Matthew Garrett To: jmorris@namei.org Cc: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, dhowells@redhat.com, linux-api@vger.kernel.org, luto@kernel.org, Matthew Garrett , gregkh@linuxfoundation.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Matthew Garrett debugfs has not been meaningfully audited in terms of ensuring that userland cannot trample over the kernel. At Greg's request, disable access to it entirely when the kernel is locked down. This is done at open() time rather than init time as the kernel lockdown status may be made stricter at runtime. Signed-off-by: Matthew Garrett Cc: gregkh@linuxfoundation.org --- fs/debugfs/file.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/fs/debugfs/file.c b/fs/debugfs/file.c index 4fce1da7db23..9ae12ef29ba0 100644 --- a/fs/debugfs/file.c +++ b/fs/debugfs/file.c @@ -142,6 +142,9 @@ static int open_proxy_open(struct inode *inode, struct file *filp) const struct file_operations *real_fops = NULL; int r; + if (kernel_is_locked_down("debugfs", LOCKDOWN_INTEGRITY)) + return -EPERM; + r = debugfs_file_get(dentry); if (r) return r == -EIO ? -ENOENT : r; @@ -267,6 +270,9 @@ static int full_proxy_open(struct inode *inode, struct file *filp) struct file_operations *proxy_fops = NULL; int r; + if (kernel_is_locked_down("debugfs", LOCKDOWN_INTEGRITY)) + return -EPERM; + r = debugfs_file_get(dentry); if (r) return r == -EIO ? -ENOENT : r; -- 2.21.0.392.gf8f6787159e-goog