Received: by 2002:a5b:505:0:0:0:0:0 with SMTP id o5csp1636926ybp;
        Fri, 11 Oct 2019 18:02:56 -0700 (PDT)
X-Google-Smtp-Source: APXvYqwKU6hsZ/aldZ+4f0Ezjle/oPl26lGREgqyKbLd1oIc1Rurq18p7ZTyp8OQ0BXTC1BoDTsB
X-Received: by 2002:a05:6402:21dd:: with SMTP id bi29mr16425065edb.7.1570842176642;
        Fri, 11 Oct 2019 18:02:56 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1570842176; cv=none;
        d=google.com; s=arc-20160816;
        b=xXOu9iE8KBlCwpugpK8b/x32x9bFoA159GNmLtHECSdNfSl+re0zsRGXNTfxgKGxin
         Oo+upSsAIKtbLhopNbOSxWCjo4DqbSpJ85rDfEKpW65vVR2AEOtyla7N5r3e03X+sqQ5
         AoNYZ7bUs3ZuPz2D+T4ztWFEWHLkQGMggqbzmy/LERr6YZ7xhTHhpBNc9qdVzzCTep2R
         plueWlKbDPISHSfGgU/EnGhLwFk+mwBmLzltbMVeDpbPuHe2C+3O3afpqRrpZehugl2I
         nx4Q8YwtU2ZDt0cu7uQbeT4yxm/A9VuqiLsNWUj2TPzq6RQeDk3ms+86DmdH/B7UQURY
         wekw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:references:subject:cc:to
         :from:date:user-agent:message-id;
        bh=8H8cfSVvbZbNNZM5IVK+GhF+SpK7yxx8Hloy5ZEeR6g=;
        b=v1oF/hGGW3RfXzeGE3JiUEV5h8bAREIAqpiEi3aAkciemP9E8jULeNyVOJSjX9gaoA
         OSTWmrvySWWbmf2QFnTXDSX6v3ioyqJpBTetVlsO737JoRV8pFcfLVzUvKOADkv5guHN
         f3e7oNgDXBYdGa5TRhJ1D5I9QsRkYOLjDFnGBU8ufjntJmbhdI5A8j57QRH4tyhoZU9h
         XjvwJEY/UWQPCmXxicPfDz3sJjy91th0U2DMxB8GsPgV3z2kqRERmzruRxUng9R+9Sge
         cTfRzoRByZPxn/cPo1HYjeYyGI7rapq3eVVX7pYo4zm/2jFbAAl3GHg8+0hK7dOCz/W+
         GKvA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id s41si6635454edm.412.2019.10.11.18.02.33;
        Fri, 11 Oct 2019 18:02:56 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728735AbfJLA7l (ORCPT <rfc822;zzmahb@gmail.com> + 99 others);
        Fri, 11 Oct 2019 20:59:41 -0400
Received: from mail.kernel.org ([198.145.29.99]:57184 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1728351AbfJLA7W (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 11 Oct 2019 20:59:22 -0400
Received: from gandalf.local.home (cpe-66-24-58-225.stny.res.rr.com [66.24.58.225])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 7BD2721D7F;
        Sat, 12 Oct 2019 00:59:22 +0000 (UTC)
Received: from rostedt by gandalf.local.home with local (Exim 4.92.2)
        (envelope-from <rostedt@goodmis.org>)
        id 1iJ5kf-0004GO-MF; Fri, 11 Oct 2019 20:59:21 -0400
Message-Id: <20191012005921.580293464@goodmis.org>
User-Agent: quilt/0.65
Date:   Fri, 11 Oct 2019 20:57:54 -0400
From:   Steven Rostedt <rostedt@goodmis.org>
To:     linux-kernel@vger.kernel.org
Cc:     Linus Torvalds <torvalds@linux-foundation.org>,
        Ingo Molnar <mingo@kernel.org>,
        Andrew Morton <akpm@linux-foundation.org>,
        Matthew Garrett <matthewgarrett@google.com>,
        James Morris James Morris <jmorris@namei.org>,
        LSM List <linux-security-module@vger.kernel.org>,
        Linux API <linux-api@vger.kernel.org>,
        Ben Hutchings <ben@decadent.org.uk>,
        Al Viro <viro@zeniv.linux.org.uk>
Subject: [PATCH 7/7 v2] tracing: Do not create tracefs files if tracefs lockdown is in effect
References: <20191012005747.210722465@goodmis.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: "Steven Rostedt (VMware)" <rostedt@goodmis.org>

If on boot up, lockdown is activated for tracefs, don't even bother creating
the files. This can also prevent instances from being created if lockdown is
in effect.

Link: http://lkml.kernel.org/r/CAHk-=whC6Ji=fWnjh2+eS4b15TnbsS4VPVtvBOwCy1jjEG_JHQ@mail.gmail.com

Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
---
 fs/tracefs/inode.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/fs/tracefs/inode.c b/fs/tracefs/inode.c
index eeeae0475da9..0caa151cae4e 100644
--- a/fs/tracefs/inode.c
+++ b/fs/tracefs/inode.c
@@ -16,6 +16,7 @@
 #include <linux/namei.h>
 #include <linux/tracefs.h>
 #include <linux/fsnotify.h>
+#include <linux/security.h>
 #include <linux/seq_file.h>
 #include <linux/parser.h>
 #include <linux/magic.h>
@@ -390,6 +391,9 @@ struct dentry *tracefs_create_file(const char *name, umode_t mode,
 	struct dentry *dentry;
 	struct inode *inode;
 
+	if (security_locked_down(LOCKDOWN_TRACEFS))
+		return NULL;
+
 	if (!(mode & S_IFMT))
 		mode |= S_IFREG;
 	BUG_ON(!S_ISREG(mode));
-- 
2.23.0