From: Greg Kroah-Hartman Date: Fri, 10 Jan 2020 16:58:58 +0000 (+0100) Subject: 5.4-stable patches X-Git-Tag: v4.4.209~14 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=533d064469bdf9d701b2551df0e3f98d3fefbd11;p=thirdparty%2Fkernel%2Fstable-queue.git 5.4-stable patches added patches: tracing-do-not-create-directories-if-lockdown-is-in-affect.patch --- diff --git a/queue-5.4/series b/queue-5.4/series index 6bd7d950797..225c9a9a58e 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -134,3 +134,4 @@ s390-qeth-don-t-return-enotsupp-to-userspace.patch llc2-fix-return-statement-of-llc_stat_ev_rx_null_dsa.patch hv_netvsc-fix-unwanted-rx_table-reset.patch selftests-pmtu-fix-init-mtu-value-in-description.patch +tracing-do-not-create-directories-if-lockdown-is-in-affect.patch diff --git a/queue-5.4/tracing-do-not-create-directories-if-lockdown-is-in-affect.patch b/queue-5.4/tracing-do-not-create-directories-if-lockdown-is-in-affect.patch new file mode 100644 index 00000000000..b00252c3feb --- /dev/null +++ b/queue-5.4/tracing-do-not-create-directories-if-lockdown-is-in-affect.patch @@ -0,0 +1,90 @@ +From a356646a56857c2e5ad875beec734d7145ecd49a Mon Sep 17 00:00:00 2001 +From: "Steven Rostedt (VMware)" +Date: Mon, 2 Dec 2019 16:25:27 -0500 +Subject: tracing: Do not create directories if lockdown is in affect + +From: Steven Rostedt (VMware) + +commit a356646a56857c2e5ad875beec734d7145ecd49a upstream. + +If lockdown is disabling tracing on boot up, it prevents the tracing files +from even bering created. But when that happens, there's several places that +will give a warning that the files were not created as that is usually a +sign of a bug. + +Add in strategic locations where a check is made to see if tracing is +disabled by lockdown, and if it is, do not go further, and fail silently +(but print that tracing is disabled by lockdown, without doing a WARN_ON()). + +Cc: Matthew Garrett +Fixes: 17911ff38aa5 ("tracing: Add locked_down checks to the open calls of files created for tracefs") +Signed-off-by: Steven Rostedt (VMware) +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/trace/ring_buffer.c | 6 ++++++ + kernel/trace/trace.c | 17 +++++++++++++++++ + 2 files changed, 23 insertions(+) + +--- a/kernel/trace/ring_buffer.c ++++ b/kernel/trace/ring_buffer.c +@@ -11,6 +11,7 @@ + #include + #include + #include ++#include + #include + #include + #include /* for self test */ +@@ -5068,6 +5069,11 @@ static __init int test_ringbuffer(void) + int cpu; + int ret = 0; + ++ if (security_locked_down(LOCKDOWN_TRACEFS)) { ++ pr_warning("Lockdown is enabled, skipping ring buffer tests\n"); ++ return 0; ++ } ++ + pr_info("Running ring buffer tests...\n"); + + buffer = ring_buffer_alloc(RB_TEST_BUFFER_SIZE, RB_FL_OVERWRITE); +--- a/kernel/trace/trace.c ++++ b/kernel/trace/trace.c +@@ -1804,6 +1804,12 @@ int __init register_tracer(struct tracer + return -1; + } + ++ if (security_locked_down(LOCKDOWN_TRACEFS)) { ++ pr_warning("Can not register tracer %s due to lockdown\n", ++ type->name); ++ return -EPERM; ++ } ++ + mutex_lock(&trace_types_lock); + + tracing_selftest_running = true; +@@ -8647,6 +8653,11 @@ struct dentry *tracing_init_dentry(void) + { + struct trace_array *tr = &global_trace; + ++ if (security_locked_down(LOCKDOWN_TRACEFS)) { ++ pr_warning("Tracing disabled due to lockdown\n"); ++ return ERR_PTR(-EPERM); ++ } ++ + /* The top level trace array uses NULL as parent */ + if (tr->dir) + return NULL; +@@ -9089,6 +9100,12 @@ __init static int tracer_alloc_buffers(v + int ring_buf_size; + int ret = -ENOMEM; + ++ ++ if (security_locked_down(LOCKDOWN_TRACEFS)) { ++ pr_warning("Tracing disabled due to lockdown\n"); ++ return -EPERM; ++ } ++ + /* + * Make sure we don't accidently add more trace options + * than we have bits for.