From: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Date: Fri, 19 Sep 2025 01:15:56 +0000 (+0900)
Subject: tracing: dynevent: Add a missing lockdown check on dynevent
X-Git-Tag: v6.6.109~29
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3887f3814c0e770e6b73567fe0f83a2c01a6470c;p=thirdparty%2Fkernel%2Fstable.git

tracing: dynevent: Add a missing lockdown check on dynevent

commit 456c32e3c4316654f95f9d49c12cbecfb77d5660 upstream.

Since dynamic_events interface on tracefs is compatible with
kprobe_events and uprobe_events, it should also check the lockdown
status and reject if it is set.

Link: https://lore.kernel.org/all/175824455687.45175.3734166065458520748.stgit@devnote2/

Fixes: 17911ff38aa5 ("tracing: Add locked_down checks to the open calls of files created for tracefs")
Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---

diff --git a/kernel/trace/trace_dynevent.c b/kernel/trace/trace_dynevent.c
index c9b0533407ede..76737492e750e 100644
--- a/kernel/trace/trace_dynevent.c
+++ b/kernel/trace/trace_dynevent.c
@@ -239,6 +239,10 @@ static int dyn_event_open(struct inode *inode, struct file *file)
 {
 	int ret;
 
+	ret = security_locked_down(LOCKDOWN_TRACEFS);
+	if (ret)
+		return ret;
+
 	ret = tracing_check_open_get_tr(NULL);
 	if (ret)
 		return ret;