diff options
Diffstat (limited to '0001-tracing-Do-not-create-directories-if-lockdown-is-in-.patch')
-rw-r--r-- | 0001-tracing-Do-not-create-directories-if-lockdown-is-in-.patch | 91 |
1 files changed, 0 insertions, 91 deletions
diff --git a/0001-tracing-Do-not-create-directories-if-lockdown-is-in-.patch b/0001-tracing-Do-not-create-directories-if-lockdown-is-in-.patch deleted file mode 100644 index 911ffe64e..000000000 --- a/0001-tracing-Do-not-create-directories-if-lockdown-is-in-.patch +++ /dev/null @@ -1,91 +0,0 @@ -From a356646a56857c2e5ad875beec734d7145ecd49a Mon Sep 17 00:00:00 2001 -From: "Steven Rostedt (VMware)" <rostedt@goodmis.org> -Date: Mon, 2 Dec 2019 16:25:27 -0500 -Subject: [PATCH] tracing: Do not create directories if lockdown is in affect - -If lockdown is disabling tracing on boot up, it prevents the tracing files -from even bering created. But when that happens, there's several places that -will give a warning that the files were not created as that is usually a -sign of a bug. - -Add in strategic locations where a check is made to see if tracing is -disabled by lockdown, and if it is, do not go further, and fail silently -(but print that tracing is disabled by lockdown, without doing a WARN_ON()). - -Cc: Matthew Garrett <mjg59@google.com> -Fixes: 17911ff38aa5 ("tracing: Add locked_down checks to the open calls of files created for tracefs") -Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org> ---- - kernel/trace/ring_buffer.c | 6 ++++++ - kernel/trace/trace.c | 17 +++++++++++++++++ - 2 files changed, 23 insertions(+) - -diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c -index 66358d66c933..4bf050fcfe3b 100644 ---- a/kernel/trace/ring_buffer.c -+++ b/kernel/trace/ring_buffer.c -@@ -11,6 +11,7 @@ - #include <linux/trace_seq.h> - #include <linux/spinlock.h> - #include <linux/irq_work.h> -+#include <linux/security.h> - #include <linux/uaccess.h> - #include <linux/hardirq.h> - #include <linux/kthread.h> /* for self test */ -@@ -5068,6 +5069,11 @@ static __init int test_ringbuffer(void) - int cpu; - int ret = 0; - -+ if (security_locked_down(LOCKDOWN_TRACEFS)) { -+ pr_warning("Lockdown is enabled, skipping ring buffer tests\n"); -+ return 0; -+ } -+ - pr_info("Running ring buffer tests...\n"); - - buffer = ring_buffer_alloc(RB_TEST_BUFFER_SIZE, RB_FL_OVERWRITE); -diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c -index 02a23a6e5e00..23459d53d576 100644 ---- a/kernel/trace/trace.c -+++ b/kernel/trace/trace.c -@@ -1888,6 +1888,12 @@ int __init register_tracer(struct tracer *type) - return -1; - } - -+ if (security_locked_down(LOCKDOWN_TRACEFS)) { -+ pr_warning("Can not register tracer %s due to lockdown\n", -+ type->name); -+ return -EPERM; -+ } -+ - mutex_lock(&trace_types_lock); - - tracing_selftest_running = true; -@@ -8789,6 +8795,11 @@ struct dentry *tracing_init_dentry(void) - { - struct trace_array *tr = &global_trace; - -+ if (security_locked_down(LOCKDOWN_TRACEFS)) { -+ pr_warning("Tracing disabled due to lockdown\n"); -+ return ERR_PTR(-EPERM); -+ } -+ - /* The top level trace array uses NULL as parent */ - if (tr->dir) - return NULL; -@@ -9231,6 +9242,12 @@ __init static int tracer_alloc_buffers(void) - int ring_buf_size; - int ret = -ENOMEM; - -+ -+ if (security_locked_down(LOCKDOWN_TRACEFS)) { -+ pr_warning("Tracing disabled due to lockdown\n"); -+ return -EPERM; -+ } -+ - /* - * Make sure we don't accidently add more trace options - * than we have bits for. --- -2.24.1 - |