[kernel] r22892 - in dists/trunk/linux/debian: . config patches patches/features/all/grsecurity

Ben Hutchings benh at moszumanska.debian.org
Mon Aug 3 12:04:26 UTC 2015 

Author: benh
Date: Mon Aug  3 12:04:26 2015
New Revision: 22892

Log:
security: Apply and enable GRKERNSEC_PERF_HARDEN feature from Grsecurity

This disables use of perf_event_open() by unprivileged users by default
(sysctl: kernel.perf_event_paranoid)

Added:
   dists/trunk/linux/debian/patches/features/all/grsecurity/
   dists/trunk/linux/debian/patches/features/all/grsecurity/grkernsec_perf_harden.patch
   dists/trunk/linux/debian/patches/features/all/grsecurity/grsecurity-kbuild.patch
   dists/trunk/linux/debian/patches/features/all/grsecurity/grsecurity-kconfig.patch
Modified:
   dists/trunk/linux/debian/changelog
   dists/trunk/linux/debian/config/config
   dists/trunk/linux/debian/patches/series

Modified: dists/trunk/linux/debian/changelog
==============================================================================
--- dists/trunk/linux/debian/changelog	Mon Aug  3 02:18:33 2015	(r22891)
+++ dists/trunk/linux/debian/changelog	Mon Aug  3 12:04:26 2015	(r22892)
@@ -32,6 +32,9 @@
   * [x86] block: Enable BLK_DEV_PMEM as module; enable X86_PMEM_LEGACY
   * [x86] tpm: Enable TCG_CRB as module
   * debug: Enable DEBUG_LIST
+  * security: Apply and enable GRKERNSEC_PERF_HARDEN feature from Grsecurity,
+    disabling use of perf_event_open() by unprivileged users by default
+    (sysctl: kernel.perf_event_paranoid)
 
   [ Ian Campbell ]
   * [armhf] Set CONFIG_ARM_TEGRA_CPUFREQ as builtin.

Modified: dists/trunk/linux/debian/config/config
==============================================================================
--- dists/trunk/linux/debian/config/config	Mon Aug  3 02:18:33 2015	(r22891)
+++ dists/trunk/linux/debian/config/config	Mon Aug  3 12:04:26 2015	(r22892)
@@ -5142,6 +5142,11 @@
 # CONFIG_XFS_DEBUG is not set
 
 ##
+## file: grsecurity/Kconfig
+##
+CONFIG_GRKERNSEC_PERF_HARDEN=y
+
+##
 ## file: init/Kconfig
 ##
 # CONFIG_COMPILE_TEST is not set
@@ -6279,6 +6284,7 @@
 ##
 ## file: security/Kconfig
 ##
+CONFIG_GRKERNSEC=y
 CONFIG_SECURITY=y
 CONFIG_SECURITY_NETWORK=y
 CONFIG_SECURITY_NETWORK_XFRM=y

Added: dists/trunk/linux/debian/patches/features/all/grsecurity/grkernsec_perf_harden.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/trunk/linux/debian/patches/features/all/grsecurity/grkernsec_perf_harden.patch	Mon Aug  3 12:04:26 2015	(r22892)
@@ -0,0 +1,76 @@
+From: Ben Hutchings <ben at decadent.org.uk>
+Subject: grsecurity: GRKERNSEC_PERF_HARDEN
+Origin: https://grsecurity.net/test/grsecurity-3.1-4.1.3-201507261932.patch
+
+The GRKERNSEC_PERF_HARDEN feature extracted from grsecurity.  Adds the
+option to disable perf_event_open() entirely for unprivileged users.
+This standalone version doesn't include making the variable read-only
+(or renaming it).
+
+---
+--- a/include/linux/perf_event.h
++++ b/include/linux/perf_event.h
+@@ -851,6 +851,11 @@ extern int perf_cpu_time_max_percent_han
+ 		loff_t *ppos);
+ 
+ 
++static inline bool perf_paranoid_any(void)
++{
++	return sysctl_perf_event_paranoid > 2;
++}
++
+ static inline bool perf_paranoid_tracepoint_raw(void)
+ {
+ 	return sysctl_perf_event_paranoid > -1;
+--- a/kernel/events/core.c
++++ b/kernel/events/core.c
+@@ -172,8 +172,13 @@ static struct srcu_struct pmus_srcu;
+  *   0 - disallow raw tracepoint access for unpriv
+  *   1 - disallow cpu events for unpriv
+  *   2 - disallow kernel profiling for unpriv
++ *   3 - disallow all unpriv perf event use
+  */
++#ifdef CONFIG_GRKERNSEC_PERF_HARDEN
++int sysctl_perf_event_paranoid __read_mostly = 3;
++#else
+ int sysctl_perf_event_paranoid __read_mostly = 1;
++#endif
+ 
+ /* Minimum for 512 kiB + 1 user control page */
+ int sysctl_perf_event_mlock __read_mostly = 512 + (PAGE_SIZE / 1024); /* 'free' kiB per user */
+@@ -7892,6 +7897,11 @@ SYSCALL_DEFINE5(perf_event_open,
+ 	if (flags & ~PERF_FLAG_ALL)
+ 		return -EINVAL;
+ 
++#ifdef CONFIG_GRKERNSEC_PERF_HARDEN
++	if (perf_paranoid_any() && !capable(CAP_SYS_ADMIN))
++		return -EACCES;
++#endif
++
+ 	err = perf_copy_attr(attr_uptr, &attr);
+ 	if (err)
+ 		return err;
+--- a/grsecurity/Kconfig
++++ b/grsecurity/Kconfig
+@@ -1,3 +1,21 @@
+ #
+ # grecurity configuration
+ #
++config GRKERNSEC_PERF_HARDEN
++	bool "Disable unprivileged PERF_EVENTS usage by default"
++	depends on PERF_EVENTS
++	help
++	  If you say Y here, the range of acceptable values for the
++	  /proc/sys/kernel/perf_event_paranoid sysctl will be expanded to allow and
++	  default to a new value: 3.  When the sysctl is set to this value, no
++	  unprivileged use of the PERF_EVENTS syscall interface will be permitted.
++
++	  Though PERF_EVENTS can be used legitimately for performance monitoring
++	  and low-level application profiling, it is forced on regardless of
++	  configuration, has been at fault for several vulnerabilities, and
++	  creates new opportunities for side channels and other information leaks.
++
++	  This feature puts PERF_EVENTS into a secure default state and permits
++	  the administrator to change out of it temporarily if unprivileged
++	  application profiling is needed.
++

Added: dists/trunk/linux/debian/patches/features/all/grsecurity/grsecurity-kbuild.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/trunk/linux/debian/patches/features/all/grsecurity/grsecurity-kbuild.patch	Mon Aug  3 12:04:26 2015	(r22892)
@@ -0,0 +1,42 @@
+From: Ben Hutchings <ben at decadent.org.uk>
+Subject: grsecurity: Kbuild integration
+Origin: https://grsecurity.net/test/grsecurity-3.1-4.1.3-201507261932.patch
+
+Kbuild integration changes extracted from Grsecurity.
+
+Subsequent patches will add to the empty Makefile.
+
+--- a/Makefile
++++ b/Makefile
+@@ -887,7 +887,7 @@ export mod_sign_cmd
+ 
+ 
+ ifeq ($(KBUILD_EXTMOD),)
+-core-y		+= kernel/ mm/ fs/ ipc/ security/ crypto/ block/
++core-y		+= kernel/ mm/ fs/ ipc/ security/ crypto/ block/ grsecurity/
+ 
+ vmlinux-dirs	:= $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
+ 		     $(core-y) $(core-m) $(drivers-y) $(drivers-m) \
+--- /dev/null
++++ b/grsecurity/Makefile
+@@ -0,0 +1,20 @@
++# grsecurity – access control and security hardening for Linux
++# All code in this directory and various hooks located throughout the Linux kernel are
++# Copyright (C) 2001-2014 Bradley Spengler, Open Source Security, Inc.
++# http://www.grsecurity.net spender at grsecurity.net
++#
++# This program is free software; you can redistribute it and/or
++# modify it under the terms of the GNU General Public License version 2
++# as published by the Free Software Foundation.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program; if not, write to the Free Software
++# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
++
++KBUILD_CFLAGS += -Werror
++

Added: dists/trunk/linux/debian/patches/features/all/grsecurity/grsecurity-kconfig.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/trunk/linux/debian/patches/features/all/grsecurity/grsecurity-kconfig.patch	Mon Aug  3 12:04:26 2015	(r22892)
@@ -0,0 +1,47 @@
+From: Ben Hutchings <ben at decadent.org.uk>
+Subject: grsecurity: Kconfig integration
+Origin: https://grsecurity.net/test/grsecurity-3.1-4.1.3-201507261932.patch
+
+Kconfig integration changes extracted from Grsecurity, with help
+strings changed to make it clear that is not the real thing.
+
+Subsequent patches will add to the empty menu.
+
+---
+--- /dev/null
++++ b/grsecurity/Kconfig
+@@ -0,0 +1,3 @@
++#
++# grecurity configuration
++#
+--- a/security/Kconfig
++++ b/security/Kconfig
+@@ -4,6 +4,28 @@
+ 
+ menu "Security options"
+ 
++menu "Hardening features (from Grsecurity)"
++
++config GRKERNSEC
++	bool "Hardening features (from Grsecurity)"
++	select DEBUG_KERNEL
++	select DEBUG_LIST
++	help
++	  If you say Y here, you will be able to configure many features
++	  that will enhance the security of your system.  It is highly
++	  recommended that you say Y here and read through the help
++	  for each option so that you fully understand the features and
++	  can evaluate their usefulness for your machine.
++
++menu "Customize Configuration"
++depends on GRKERNSEC
++
++source grsecurity/Kconfig
++
++endmenu
++
++endmenu
++
+ source security/keys/Kconfig
+ 
+ config SECURITY_DMESG_RESTRICT

Modified: dists/trunk/linux/debian/patches/series
==============================================================================
--- dists/trunk/linux/debian/patches/series	Mon Aug  3 02:18:33 2015	(r22891)
+++ dists/trunk/linux/debian/patches/series	Mon Aug  3 12:04:26 2015	(r22892)
@@ -90,3 +90,9 @@
 bugfix/all/keys-ensure-we-free-the-assoc-array-edit-if-edit-is-valid.patch
 bugfix/s390/s390-cachinfo-add-missing-facility-check-to-init_cache_level.patch
 bugfix/all/md-use-kzalloc-when-bitmap-is-disabled.patch
+
+# Hardening from grsecurity
+features/all/grsecurity/grsecurity-kconfig.patch
+# Disabled until we add code into the grsecurity/ directory
+#features/all/grsecurity/grsecurity-kbuild.patch
+features/all/grsecurity/grkernsec_perf_harden.patch

More information about the Kernel-svn-changes mailing list