Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp5517530img; Wed, 27 Mar 2019 09:56:24 -0700 (PDT) X-Google-Smtp-Source: APXvYqwQXosUhKL7uiq0tbmHOPwn656iII8Ve8cv3sDRl7+vqaOFQ2AYo1fL7Nf2HBkzMI6xs15H X-Received: by 2002:aa7:8b93:: with SMTP id r19mr35543031pfd.163.1553705784040; Wed, 27 Mar 2019 09:56:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553705784; cv=none; d=google.com; s=arc-20160816; b=D8wj0Ju7Y5VlWb5RRB7bSKeZun/IpwZgDIm8SfPVV+XKWgZDrBSlnBnXPekX3DGhr1 mj3EbrF68c7aZ3dYt2P3SsV04drNVUOT7I82ini+b+vYslRgBpJumBf5Dh/JwIdvFZbI +f8OwEzs3HbmOcTwHMeC5l/5QoFfzzc/t6lrcNXsds0OmiiNNp206kDGg7B+EekB8nsI p1OWPUirLXk6rIrmQzk93sTQE1M9lzjHY1SfeMqBDSTAq/t17Yg0oklBS0pE8Z1LQmH/ V+VUBtmaCvq3isO5jU88C+mJMNXwqlnUmdsSh7w6LgV/1j9jEmHqv7MHgUc5NFoPErqN yksA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=ZszyTtRF4sHiwangw3H/m8V0aWY+bOEBhByx7XP37/s=; b=egJBsbevwA/JtoCsHkE9Jdhc8XIgnhCkaHknOz4kqHIBQVZi96BdIZ0NpCEWXpmeV3 cVWCB1t4xwzk/9j8r2wlk53mcUvH98wcLyyVZvAzrAuhJLnQm7omgYPDxzE3xCxa0V32 Yhje+qMGH10hUp7XBigzD3Kb4EIuwdi55ljcVSfCiaBlXXub1uMtwDv6mkIDwz42q8a1 6LUnmA7usQTceM617/Z23Ls7RKloEBxhbCshcEqcq2xMRyZRdvVms2ubhfD/F4965sv7 8vkKAxlMvErAPhV/08+S64k3OIYGIWvMKi6o8AhPIhEZB7CZTmPlIz6NLYtP/zDyjezr YJ6w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=M79gIw9H; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p2si8764786pgk.326.2019.03.27.09.56.08; Wed, 27 Mar 2019 09:56:24 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=M79gIw9H; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727656AbfC0Qzd (ORCPT + 99 others); Wed, 27 Mar 2019 12:55:33 -0400 Received: from mail-it1-f195.google.com ([209.85.166.195]:53288 "EHLO mail-it1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727420AbfC0Qzd (ORCPT ); Wed, 27 Mar 2019 12:55:33 -0400 Received: by mail-it1-f195.google.com with SMTP id y204so1247811itf.3 for ; Wed, 27 Mar 2019 09:55:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ZszyTtRF4sHiwangw3H/m8V0aWY+bOEBhByx7XP37/s=; b=M79gIw9HCV82g4XpuEVjztM1XAmvhjLbNndudce0CqkXhG+I7FgR26SMsImL8Tk5YV oqk85VHUtl2gamGGt1YkunwpjXEMTLk1zyLETfXdBI+TXY6tSoCHcF7GA9K3rq96rn5f X549QhcvFXGJPJzGh4dzRRiFLFB06EVnL6HXVCS525ZT3CiL3MYqPnqU/DZOjIYa6I49 L5iDwCOM9lntttsMy3QZAIKe29OzFJy+1HljawQM7p0FgD5hRBgWp9BGgSsfYzTl+D8M kXAaIag2gLCodOynS/QXTGVYZnZ5UASpNf83zotliL1TpPijAza6bWLjmbyAy0EMBDOj 6avg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ZszyTtRF4sHiwangw3H/m8V0aWY+bOEBhByx7XP37/s=; b=QC6I2CZKPEGP9xk6MDflP+CgJqgFJ3f4PJ6XdGnLUDhCxaUkBRFGnXs27UMNrwv2t2 aJaXBb1nsBvXC5CWa/aIlPFg4vaQBeBHQF05Es1WTOVDx5mQO0FJ3rtSC6Tx2HT8eWQI SibM65pRlj2dCZE4EAJF/Lf9OMZDHU30yeNVcp0abx+mwrQrKHu2IBHeD7w5/m7VwuTH 5CCXw+4geedHgeCEpOACTdLg0CDjusEh0wjmkSFT2M0ABWLJiO9E6R+LzYX4Iplw+qa9 k/ktXNQTcxpugd4k0YTib2DIqzYYQFIvwnzplfSKB7GxxR5R5Stj4TjHODt0Qm3OPztD oA2g== X-Gm-Message-State: APjAAAVGvClHgbcMDrsSu1sGMJSUv9NxwDppnYIr7+Ec7+nmAygA+gJ0 QaY/Vk6dimNSbC14V4Lh6Vd5Hze668PkvZW6Tv+IJw== X-Received: by 2002:a24:2c48:: with SMTP id i69mr4469887iti.161.1553705732048; Wed, 27 Mar 2019 09:55:32 -0700 (PDT) MIME-Version: 1.0 References: <20190326182742.16950-1-matthewgarrett@google.com> <20190326182742.16950-20-matthewgarrett@google.com> <20190327115749.5770a102@gandalf.local.home> In-Reply-To: <20190327115749.5770a102@gandalf.local.home> From: Matthew Garrett Date: Wed, 27 Mar 2019 09:55:20 -0700 Message-ID: Subject: Re: [PATCH V31 19/25] x86/mmiotrace: Lock down the testmmiotrace module To: Steven Rostedt Cc: James Morris , LSM List , Linux Kernel Mailing List , David Howells , Linux API , Andy Lutomirski , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , x86@kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Mar 27, 2019 at 8:57 AM Steven Rostedt wrote: > > On Tue, 26 Mar 2019 11:27:35 -0700 > Matthew Garrett wrote: > > > From: David Howells > > > > The testmmiotrace module shouldn't be permitted when the kernel is locked > > down as it can be used to arbitrarily read and write MMIO space. This is > > a runtime check rather than buildtime in order to allow configurations > > where the same kernel may be run in both locked down or permissive modes > > depending on local policy. > > > > Acked-by: Steven Rostedt (VMware) > > I'm curious. Should there be a mode to lockdown the tracefs directory > too? As that can expose addresses. That sounds like a reasonable thing to do in the confidentiality mode, I don't think it'd be necessary in the integrity mode.