lockdown: Lock down perf when in confidentiality mode

Disallow the use of certain perf facilities that might allow userspace to access kernel data. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Matthew Garrett <mjg59@google.com> Reviewed-by: Kees Cook <keescook@chromium.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Ingo Molnar <mingo@redhat.com> Cc: Arnaldo Carvalho de Melo <acme@kernel.org> Signed-off-by: James Morris <jmorris@namei.org>
author: David Howells <dhowells@redhat.com> 2019-08-20 02:18:00 +0200
committer: James Morris <jmorris@namei.org> 2019-08-20 06:54:16 +0200
commit: b0c8fdc7fdb77586c3d1937050925b960743306e (patch)
tree: bdd70cb78f6630c2e98a06aaae45600fcbb03f89 /include
parent: bpf: Restrict bpf when kernel lockdown is in confidentiality mode (diff)
download: linux-b0c8fdc7fdb77586c3d1937050925b960743306e.tar.xz
linux-b0c8fdc7fdb77586c3d1937050925b960743306e.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index e604f4c67f03..b94f1e697537 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -119,6 +119,7 @@ enum lockdown_reason {
 	LOCKDOWN_KCORE,
 	LOCKDOWN_KPROBES,
 	LOCKDOWN_BPF_READ,
+	LOCKDOWN_PERF,
 	LOCKDOWN_CONFIDENTIALITY_MAX,
 };
author	David Howells <dhowells@redhat.com>	2019-08-20 02:18:00 +0200
committer	James Morris <jmorris@namei.org>	2019-08-20 06:54:16 +0200
commit	b0c8fdc7fdb77586c3d1937050925b960743306e (patch)
tree	bdd70cb78f6630c2e98a06aaae45600fcbb03f89 /include
parent	bpf: Restrict bpf when kernel lockdown is in confidentiality mode (diff)
download	linux-b0c8fdc7fdb77586c3d1937050925b960743306e.tar.xz linux-b0c8fdc7fdb77586c3d1937050925b960743306e.zip