Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp295272pxf; Wed, 17 Mar 2021 05:40:14 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzs/YNR9QrtrUYQVLiMmnZny+sarByFOwmQkPkBPz3Hn98k8Qywg72liPg25MyE8NkQfdpz X-Received: by 2002:a05:6402:32a:: with SMTP id q10mr41175561edw.15.1615984814329; Wed, 17 Mar 2021 05:40:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1615984814; cv=none; d=google.com; s=arc-20160816; b=l/qZWY4Rwj3liMVE37Ix+TWY+zDYLz3jc8Vs5aO3ViQGVXR2xz4sn1zOwY9WVpopek kqX/Ckyr1HiFUCOooqapBCkeG1Rggets9+hrx7t8OH9Rq86Uh3uVvjxOPJjrZT3ugju5 /57X77nfDr1TnTmMKy0GwY9Xp7wfFEV7IqpT0VvHodcV6m/h8Ccs6u+Wf9VgjnwmcWlc 3fcFiBdBKGKexcQ7iSI6YfFooMWrQ96rvZxboR9f6D9t8hspRQ8UAxO//gxbA12tJGCZ oQH/x4gGa0cbtr1QOxMclIQOdQKXxrAKUmZbraJhfBVaNNrG0esoVWwBBGxN1DO3fxh9 y2BA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:robot-unsubscribe :robot-id:message-id:mime-version:references:in-reply-to:cc:subject :to:reply-to:sender:from:dkim-signature:dkim-signature:date; bh=PvzSCD844kW1TR0bgZFjibM8oBd8rgGTmd9/5/ual1k=; b=XkQb2pOOWHI+OjrW0BVfjkyPJoqiw4beYX+St1XG9au/k5SKV79Uq7wdkgLJxQce09 85CscIb1Zdagpqc5jBNpzJlPM8WdvCN+BRmtSaTsZ5/GIAMx7Od28efeA/cTJJKPhI8/ dEFsYfcGwAuTjlMiHhuKLlxNKgwlOgu6j7SBovYNgp1QiHcibGxJGanOA8DHuI+vf99a SPjwZc3twBMhm5SiqDgHh0MJapcu187zpsg3LTnfkuBvKz5L71Mn45IbHGGp0HXdQW7L To63M5F7G5Yii6EboEwTiF8D2rLums/JCQ5oh1KvPKjgRxGt2Y3CGmQsmR4U+biyP8XA VXbA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b="cpzu/huD"; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id e26si13351251edr.396.2021.03.17.05.39.51; Wed, 17 Mar 2021 05:40:14 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b="cpzu/huD"; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230134AbhCQMin (ORCPT + 99 others); Wed, 17 Mar 2021 08:38:43 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59348 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229766AbhCQMi0 (ORCPT ); Wed, 17 Mar 2021 08:38:26 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [IPv6:2a0a:51c0:0:12e:550::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 32A05C06174A; Wed, 17 Mar 2021 05:38:26 -0700 (PDT) Date: Wed, 17 Mar 2021 12:38:24 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1615984704; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=PvzSCD844kW1TR0bgZFjibM8oBd8rgGTmd9/5/ual1k=; b=cpzu/huDzcCtfpRv3wRXauh0diR8L/jXd350Ov+iJRhsCoHepS06XE3gpB/l2vSS8evhMV E7oQAe+bC8Lr1z8gWTRqBPd/wLtBGIam/4KUcl6z76qpJthRAAmQA+YjFQy27SChoR35Zo DL4lGdOHracnPPkErN26iQT/oSaRMUEa/hw4sLhXJFBniuaKjc5LQPCPRqfRvvCzSAjeHp ZjTe1E2vzm6Cl7O5Zcehr+uUROvDNnxmD4AwxI7C4G2ohihXuD5vtnyK8vrfL2R9MXoeZc QbkfMwSApAag4XgFyeTF7BIMTjVMNqSmGOMbFEF5PUJ8ql9UeqmfW5A2q7N9vQ== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1615984704; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=PvzSCD844kW1TR0bgZFjibM8oBd8rgGTmd9/5/ual1k=; b=ClPavbhHRgOKSKBo5zqDdW5yWDZi/UJzwoqhOl6cevrN3uYevBOIatxg87Dxqs08H8Ap9c HVBZp8LUwaE5wlDQ== From: "tip-bot2 for Ondrej Mosnacek" Sender: tip-bot2@linutronix.de Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: perf/core] perf/core: Fix unconditional security_locked_down() call Cc: Ondrej Mosnacek , "Peter Zijlstra (Intel)" , Paul Moore , x86@kernel.org, linux-kernel@vger.kernel.org In-Reply-To: <20210224215628.192519-1-omosnace@redhat.com> References: <20210224215628.192519-1-omosnace@redhat.com> MIME-Version: 1.0 Message-ID: <161598470430.398.3377989807660510985.tip-bot2@tip-bot2> Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The following commit has been merged into the perf/core branch of tip: Commit-ID: 08ef1af4de5fe7de9c6d69f1e22e51b66e385d9b Gitweb: https://git.kernel.org/tip/08ef1af4de5fe7de9c6d69f1e22e51b66e385d9b Author: Ondrej Mosnacek AuthorDate: Wed, 24 Feb 2021 22:56:28 +01:00 Committer: Peter Zijlstra CommitterDate: Tue, 16 Mar 2021 21:44:43 +01:00 perf/core: Fix unconditional security_locked_down() call Currently, the lockdown state is queried unconditionally, even though its result is used only if the PERF_SAMPLE_REGS_INTR bit is set in attr.sample_type. While that doesn't matter in case of the Lockdown LSM, it causes trouble with the SELinux's lockdown hook implementation. SELinux implements the locked_down hook with a check whether the current task's type has the corresponding "lockdown" class permission ("integrity" or "confidentiality") allowed in the policy. This means that calling the hook when the access control decision would be ignored generates a bogus permission check and audit record. Fix this by checking sample_type first and only calling the hook when its result would be honored. Fixes: b0c8fdc7fdb7 ("lockdown: Lock down perf when in confidentiality mode") Signed-off-by: Ondrej Mosnacek Signed-off-by: Peter Zijlstra (Intel) Reviewed-by: Paul Moore Link: https://lkml.kernel.org/r/20210224215628.192519-1-omosnace@redhat.com --- kernel/events/core.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/kernel/events/core.c b/kernel/events/core.c index 6182cb1..f079431 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -11833,12 +11833,12 @@ SYSCALL_DEFINE5(perf_event_open, return err; } - err = security_locked_down(LOCKDOWN_PERF); - if (err && (attr.sample_type & PERF_SAMPLE_REGS_INTR)) - /* REGS_INTR can leak data, lockdown must prevent this */ - return err; - - err = 0; + /* REGS_INTR can leak data, lockdown must prevent this */ + if (attr.sample_type & PERF_SAMPLE_REGS_INTR) { + err = security_locked_down(LOCKDOWN_PERF); + if (err) + return err; + } /* * In cgroup mode, the pid argument is used to pass the fd