git.baikalelectronics.ru Git - kernel.git/commit

author	Ondrej Mosnacek <omosnace@redhat.com>
	Wed, 24 Feb 2021 21:56:28 +0000 (22:56 +0100)
committer	Peter Zijlstra <peterz@infradead.org>
	Tue, 16 Mar 2021 20:44:43 +0000 (21:44 +0100)
commit	6adfdaa7995f73ff2bd75184e2cae2573b214325
tree	d8226dbc24dade3a628f9489ebedc697dcd09317	tree \| snapshot
parent	9f4b9acbd95ed8ad4a32de7991a6bb4bfe8618a1	commit \| diff

perf/core: Fix unconditional security_locked_down() call

Currently, the lockdown state is queried unconditionally, even though
its result is used only if the PERF_SAMPLE_REGS_INTR bit is set in
attr.sample_type. While that doesn't matter in case of the Lockdown LSM,
it causes trouble with the SELinux's lockdown hook implementation.

SELinux implements the locked_down hook with a check whether the current
task's type has the corresponding "lockdown" class permission
("integrity" or "confidentiality") allowed in the policy. This means
that calling the hook when the access control decision would be ignored
generates a bogus permission check and audit record.

Fix this by checking sample_type first and only calling the hook when
its result would be honored.

Fixes: ebcadd58a37d ("lockdown: Lock down perf when in confidentiality mode")
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Paul Moore <paul@paul-moore.com>
Link: https://lkml.kernel.org/r/20210224215628.192519-1-omosnace@redhat.com