diff options
| author | Peter Enderborg <peter.enderborg@sony.com> | 2020-07-16 09:15:11 +0200 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2020-07-23 17:10:25 +0200 |
| commit | a24c6f7bc923d5e2f3139855eb09b0d480d6b410 (patch) | |
| tree | f96b6939d66e6cb438690706dcb76b7e2a948f73 /lib/Kconfig.debug | |
| parent | 072e133d554bb74929f902582c8cf66d9fd12771 (diff) | |
| download | linux-a24c6f7bc923d5e2f3139855eb09b0d480d6b410.tar.gz linux-a24c6f7bc923d5e2f3139855eb09b0d480d6b410.tar.xz | |
debugfs: Add access restriction option
Since debugfs include sensitive information it need to be treated
carefully. But it also has many very useful debug functions for userspace.
With this option we can have same configuration for system with
need of debugfs and a way to turn it off. This gives a extra protection
for exposure on systems where user-space services with system
access are attacked.
It is controlled by a configurable default value that can be override
with a kernel command line parameter. (debugfs=)
It can be on or off, but also internally on but not seen from user-space.
This no-mount mode do not register a debugfs as filesystem, but client can
register their parts in the internal structures. This data can be readed
with a debugger or saved with a crashkernel. When it is off clients
get EPERM error when accessing the functions for registering their
components.
Signed-off-by: Peter Enderborg <peter.enderborg@sony.com>
Link: https://lore.kernel.org/r/20200716071511.26864-3-peter.enderborg@sony.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'lib/Kconfig.debug')
| -rw-r--r-- | lib/Kconfig.debug | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug index 2bff6315224d..256e4ce65f1a 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@ -476,6 +476,38 @@ config DEBUG_FS If unsure, say N. +choice + prompt "Debugfs default access" + depends on DEBUG_FS + default DEBUG_FS_ALLOW_ALL + help + This selects the default access restrictions for debugfs. + It can be overridden with kernel command line option + debugfs=[on,no-mount,off]. The restrictions apply for API access + and filesystem registration. + +config DEBUG_FS_ALLOW_ALL + bool "Access normal" + help + No restrictions apply. Both API and filesystem registration + is on. This is the normal default operation. + +config DEBUG_FS_DISALLOW_MOUNT + bool "Do not register debugfs as filesystem" + help + The API is open but filesystem is not loaded. Clients can still do + their work and read with debug tools that do not need + debugfs filesystem. + +config DEBUG_FS_ALLOW_NONE + bool "No access" + help + Access is off. Clients get -PERM when trying to create nodes in + debugfs tree and debugfs is not registered as a filesystem. + Client can then back-off or continue without debugfs access. + +endchoice + source "lib/Kconfig.kgdb" source "lib/Kconfig.ubsan" |