Re: [PATCH 20/27] x86/mmiotrace: Lock down the testmmiotrace module
From: Steven Rostedt
Date: Mon Mar 25 2019 - 19:35:55 EST
On Mon, 25 Mar 2019 15:09:47 -0700
Matthew Garrett <matthewgarrett@xxxxxxxxxx> wrote:
> From: David Howells <dhowells@xxxxxxxxxx>
>
> The testmmiotrace module shouldn't be permitted when the kernel is locked
> down as it can be used to arbitrarily read and write MMIO space.
>
> Suggested-by: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
> Signed-off-by: David Howells <dhowells@xxxxxxxxxx
> cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
> cc: Steven Rostedt <rostedt@xxxxxxxxxxx>
> cc: Ingo Molnar <mingo@xxxxxxxxxx>
> cc: "H. Peter Anvin" <hpa@xxxxxxxxx>
> cc: x86@xxxxxxxxxx
> Signed-off-by: Matthew Garrett <matthewgarrett@xxxxxxxxxx>
> ---
> arch/x86/mm/testmmiotrace.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/arch/x86/mm/testmmiotrace.c b/arch/x86/mm/testmmiotrace.c
> index f6ae6830b341..bbaad357f5d7 100644
> --- a/arch/x86/mm/testmmiotrace.c
> +++ b/arch/x86/mm/testmmiotrace.c
> @@ -115,6 +115,9 @@ static int __init init(void)
> {
> unsigned long size = (read_far) ? (8 << 20) : (16 << 10);
>
> + if (kernel_is_locked_down("MMIO trace testing"))
> + return -EPERM;
I wonder if we should take this one step further. As this module is
really just for testing the mmiotracer (and really shouldn't be enabled
by anyone that doesn't know what it's for), why not just add to the Kconfig file
CONFIG_MMIOTRACE_TEST depend on !CONFIG_LOCK_DOWN_KERNEL ?
-- Steve
> +
> if (mmio_address == 0) {
> pr_err("you have to use the module argument
> mmio_address.\n"); pr_err("DO NOT LOAD THIS MODULE UNLESS YOU REALLY
> KNOW WHAT YOU ARE DOING!\n");