Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp1237709ybi;
        Fri, 21 Jun 2019 17:05:46 -0700 (PDT)
X-Google-Smtp-Source: APXvYqxB12+efB9UB68G+sQcemtXVSPP6MEMKKzoR1/K95rJ3s6JxJ8lQUUGZl6tvXMkJy+WRTwo
X-Received: by 2002:a17:902:704c:: with SMTP id h12mr17935790plt.214.1561161945912;
        Fri, 21 Jun 2019 17:05:45 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1561161945; cv=none;
        d=google.com; s=arc-20160816;
        b=Un8xw/F2mNTtcHhu43mOIYtu6POCovQEEj7YHRcX6fRKoEavbVpdqPmX9PfrqFEDAZ
         PrwGCWsXXHsyzD+T9pLt6pwPKm+RukHom+prsZ/KL82XBX+h4fAGOyTEtovPFR8LL1Lt
         Bg6DSKGCAYV9+YLBIXxCkf3+vGM6MV6k1vI0DII5MV7vSXZwzTpgjL7fv6ozeCDGTHw+
         Dn5m7Is0eF4ELIzHU6jvGfbe1FR6VBE5HzLLOAhkuZDyTwe7xq2C1JNFB+CQ7dTW8yCK
         3mHZRKjuYYDOGi2UbZ61fuqY8W0zcWlM/27QYjRZjgxjOJUM1vHkWrNvZUG3rpBeAkca
         g+Gg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:from:subject:references
         :mime-version:message-id:in-reply-to:date:dkim-signature;
        bh=E6ROmks1YP8CwMOFQbw770isN8mKFQ6O3PhJWfaTMq0=;
        b=FkU2jKromspmUOxeLPAArhOGzoS2NS7JH8ulgsjirY3Z510gxNCQFOw+j2l7B5WJtf
         ojZwvyD3JMvevOyiWAhAdG8GhjtraKDJU+u/O1/SBqpI+ggp1zL8Hx/4TRmJwSbeAg/N
         JUfhGAQQn2GWn9P7414ACfVxbz2LRgfMzDUWEyOA5IQ/VKr40yIFE0OSrQFw0xkCyDDO
         d9yeDZFrgQgBI/Irj5jkKQAgyZKGaNIUkM/xtf87qddC0zIQenIBcKARvbiQ3B8J1meB
         V6MEPniS+BmsQRaAlPogzG0Br81+o/sYlUYmoUI000CqRLQXzdyLNiAo2Nwa/FEJfJzn
         aRjg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=cpBykRhd;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id e25si4252986pff.30.2019.06.21.17.05.30;
        Fri, 21 Jun 2019 17:05:45 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=cpBykRhd;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726909AbfFVAE6 (ORCPT <rfc822;vladislav.valtchev@gmail.com>
        + 99 others); Fri, 21 Jun 2019 20:04:58 -0400
Received: from mail-vs1-f73.google.com ([209.85.217.73]:47403 "EHLO
        mail-vs1-f73.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726893AbfFVAEz (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 21 Jun 2019 20:04:55 -0400
Received: by mail-vs1-f73.google.com with SMTP id d139so2862667vsc.14
        for <linux-kernel@vger.kernel.org>; Fri, 21 Jun 2019 17:04:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=date:in-reply-to:message-id:mime-version:references:subject:from:to
         :cc;
        bh=E6ROmks1YP8CwMOFQbw770isN8mKFQ6O3PhJWfaTMq0=;
        b=cpBykRhdrV9WvWOUQ0h1bdHdihLaySqHs97UUlYGQjYPCfnQENBajs/VWwRncZdWQJ
         x3qp4dXdCHuLvr0Mp9gBg782SJ3QvOmtlMNNdGpXLWvphNDNK0JImHSRoWKx2+Acm19p
         g/ua8GzrquOQvXhYsRy0aBLAk5lrgayhBjNpvyBXlqdfAauipEGwI0ELTVNh+Y4hnp/T
         azc+iqLbvc0ObICwB2E/JKUSQJQEvpYBDmbLnn0W+yOQNMrspXNt9MaRhDRXIAJ1i2kx
         Ue/EZgQQhMcAruOAHGrXEeDsgIwOVf9cSnt7HPqH6YwJy6llXY6OkWVOn+911ox4eb2F
         q7KQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:in-reply-to:message-id:mime-version
         :references:subject:from:to:cc;
        bh=E6ROmks1YP8CwMOFQbw770isN8mKFQ6O3PhJWfaTMq0=;
        b=slSEPR9fJRiesHmkIdwZ12W4DbeXA6uC+DJ2/ByetQ4Cee0Vz7K/0IqqgxrNohRPgz
         u5hfJjV3jS8CI3QGMBU5qQTK4rrT/279sH13WEfNB3cr7XzdsBmjaWJ3X3ay/fQR+4hA
         ipIQsSQJrL9O34f6CBRKgc757rvvtePCx0v/F7CvjOnliITaala9ZIRp2b4kY3VBQs7E
         TvNtJvwATU0R1AvVSuCB+dWbCJTUquA3qUH41tljtJ570WF/SwA1o/wKwvnI87VeW7AY
         02Y1JMPxTz75/IsSqmARYGRrhMezpY+hjP/qeoC/H8kKiqoKngRMSOuR3DaakcLmIdFM
         zumA==
X-Gm-Message-State: APjAAAUrD5LWZ03WXJofvnmdAFuQwA7dMgKHWvpsNO2Gk4mtIBMtElJd
        HzxOE3HGhuJJZ0ncFHr+fQ7bIpWH4gyil8F6oNE1bA==
X-Received: by 2002:a1f:8bc4:: with SMTP id n187mr930984vkd.32.1561161894624;
 Fri, 21 Jun 2019 17:04:54 -0700 (PDT)
Date:   Fri, 21 Jun 2019 17:03:50 -0700
In-Reply-To: <20190622000358.19895-1-matthewgarrett@google.com>
Message-Id: <20190622000358.19895-22-matthewgarrett@google.com>
Mime-Version: 1.0
References: <20190622000358.19895-1-matthewgarrett@google.com>
X-Mailer: git-send-email 2.22.0.410.gd8fdbe21b5-goog
Subject: [PATCH V34 21/29] Lock down /proc/kcore
From:   Matthew Garrett <matthewgarrett@google.com>
To:     jmorris@namei.org
Cc:     linux-security-module@vger.kernel.org,
        linux-kernel@vger.kernel.org, linux-api@vger.kernel.org,
        David Howells <dhowells@redhat.com>,
        Matthew Garrett <mjg59@google.com>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: David Howells <dhowells@redhat.com>

Disallow access to /proc/kcore when the kernel is locked down to prevent
access to cryptographic data. This is limited to lockdown
confidentiality mode and is still permitted in integrity mode.

Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Matthew Garrett <mjg59@google.com>
---
 fs/proc/kcore.c              | 5 +++++
 include/linux/security.h     | 1 +
 security/lockdown/lockdown.c | 1 +
 3 files changed, 7 insertions(+)

diff --git a/fs/proc/kcore.c b/fs/proc/kcore.c
index d29d869abec1..4e95edb1e282 100644
--- a/fs/proc/kcore.c
+++ b/fs/proc/kcore.c
@@ -31,6 +31,7 @@
 #include <linux/ioport.h>
 #include <linux/memory.h>
 #include <linux/sched/task.h>
+#include <linux/security.h>
 #include <asm/sections.h>
 #include "internal.h"
 
@@ -545,6 +546,10 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos)
 
 static int open_kcore(struct inode *inode, struct file *filp)
 {
+	int ret = security_locked_down(LOCKDOWN_KCORE);
+
+	if (ret)
+		return ret;
 	if (!capable(CAP_SYS_RAWIO))
 		return -EPERM;
 
diff --git a/include/linux/security.h b/include/linux/security.h
index c649cb91e762..3875f6df2ecc 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -95,6 +95,7 @@ enum lockdown_reason {
 	LOCKDOWN_MODULE_PARAMETERS,
 	LOCKDOWN_MMIOTRACE,
 	LOCKDOWN_INTEGRITY_MAX,
+	LOCKDOWN_KCORE,
 	LOCKDOWN_CONFIDENTIALITY_MAX,
 };
 
diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c
index cd86ed9f4d4b..4c9b324dfc55 100644
--- a/security/lockdown/lockdown.c
+++ b/security/lockdown/lockdown.c
@@ -31,6 +31,7 @@ static char *lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1] = {
 	[LOCKDOWN_MODULE_PARAMETERS] = "unsafe module parameters",
 	[LOCKDOWN_MMIOTRACE] = "unsafe mmio",
 	[LOCKDOWN_INTEGRITY_MAX] = "integrity",
+	[LOCKDOWN_KCORE] = "/proc/kcore access",
 	[LOCKDOWN_CONFIDENTIALITY_MAX] = "confidentiality",
 };
 
-- 
2.22.0.410.gd8fdbe21b5-goog