]> git.ipfire.org Git - thirdparty/kernel/stable-queue.git/commitdiff
5.4-stable patches
authorGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 10 Jan 2020 16:58:58 +0000 (17:58 +0100)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 10 Jan 2020 16:58:58 +0000 (17:58 +0100)
added patches:
tracing-do-not-create-directories-if-lockdown-is-in-affect.patch

queue-5.4/series
queue-5.4/tracing-do-not-create-directories-if-lockdown-is-in-affect.patch [new file with mode: 0644]

index 6bd7d9507977fc28e6dadba505e56744cf444632..225c9a9a58ea030c6868f0e1a4eb37dad70f6bcf 100644 (file)
@@ -134,3 +134,4 @@ s390-qeth-don-t-return-enotsupp-to-userspace.patch
 llc2-fix-return-statement-of-llc_stat_ev_rx_null_dsa.patch
 hv_netvsc-fix-unwanted-rx_table-reset.patch
 selftests-pmtu-fix-init-mtu-value-in-description.patch
+tracing-do-not-create-directories-if-lockdown-is-in-affect.patch
diff --git a/queue-5.4/tracing-do-not-create-directories-if-lockdown-is-in-affect.patch b/queue-5.4/tracing-do-not-create-directories-if-lockdown-is-in-affect.patch
new file mode 100644 (file)
index 0000000..b00252c
--- /dev/null
@@ -0,0 +1,90 @@
+From a356646a56857c2e5ad875beec734d7145ecd49a Mon Sep 17 00:00:00 2001
+From: "Steven Rostedt (VMware)" <rostedt@goodmis.org>
+Date: Mon, 2 Dec 2019 16:25:27 -0500
+Subject: tracing: Do not create directories if lockdown is in affect
+
+From: Steven Rostedt (VMware) <rostedt@goodmis.org>
+
+commit a356646a56857c2e5ad875beec734d7145ecd49a upstream.
+
+If lockdown is disabling tracing on boot up, it prevents the tracing files
+from even bering created. But when that happens, there's several places that
+will give a warning that the files were not created as that is usually a
+sign of a bug.
+
+Add in strategic locations where a check is made to see if tracing is
+disabled by lockdown, and if it is, do not go further, and fail silently
+(but print that tracing is disabled by lockdown, without doing a WARN_ON()).
+
+Cc: Matthew Garrett <mjg59@google.com>
+Fixes: 17911ff38aa5 ("tracing: Add locked_down checks to the open calls of files created for tracefs")
+Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/trace/ring_buffer.c |    6 ++++++
+ kernel/trace/trace.c       |   17 +++++++++++++++++
+ 2 files changed, 23 insertions(+)
+
+--- a/kernel/trace/ring_buffer.c
++++ b/kernel/trace/ring_buffer.c
+@@ -11,6 +11,7 @@
+ #include <linux/trace_seq.h>
+ #include <linux/spinlock.h>
+ #include <linux/irq_work.h>
++#include <linux/security.h>
+ #include <linux/uaccess.h>
+ #include <linux/hardirq.h>
+ #include <linux/kthread.h>    /* for self test */
+@@ -5068,6 +5069,11 @@ static __init int test_ringbuffer(void)
+       int cpu;
+       int ret = 0;
++      if (security_locked_down(LOCKDOWN_TRACEFS)) {
++              pr_warning("Lockdown is enabled, skipping ring buffer tests\n");
++              return 0;
++      }
++
+       pr_info("Running ring buffer tests...\n");
+       buffer = ring_buffer_alloc(RB_TEST_BUFFER_SIZE, RB_FL_OVERWRITE);
+--- a/kernel/trace/trace.c
++++ b/kernel/trace/trace.c
+@@ -1804,6 +1804,12 @@ int __init register_tracer(struct tracer
+               return -1;
+       }
++      if (security_locked_down(LOCKDOWN_TRACEFS)) {
++              pr_warning("Can not register tracer %s due to lockdown\n",
++                         type->name);
++              return -EPERM;
++      }
++
+       mutex_lock(&trace_types_lock);
+       tracing_selftest_running = true;
+@@ -8647,6 +8653,11 @@ struct dentry *tracing_init_dentry(void)
+ {
+       struct trace_array *tr = &global_trace;
++      if (security_locked_down(LOCKDOWN_TRACEFS)) {
++              pr_warning("Tracing disabled due to lockdown\n");
++              return ERR_PTR(-EPERM);
++      }
++
+       /* The top level trace array uses  NULL as parent */
+       if (tr->dir)
+               return NULL;
+@@ -9089,6 +9100,12 @@ __init static int tracer_alloc_buffers(v
+       int ring_buf_size;
+       int ret = -ENOMEM;
++
++      if (security_locked_down(LOCKDOWN_TRACEFS)) {
++              pr_warning("Tracing disabled due to lockdown\n");
++              return -EPERM;
++      }
++
+       /*
+        * Make sure we don't accidently add more trace options
+        * than we have bits for.