I think this should be backported to stable. On Fri, 19 Sep 2025 10:15:56 +0900 "Masami Hiramatsu (Google)" <[email protected]> wrote:
> From: Masami Hiramatsu (Google) <[email protected]> > > Since dynamic_events interface on tracefs is compatible with > kprobe_events and uprobe_events, it should also check the lockdown > status and reject if it is set. > > Signed-off-by: Masami Hiramatsu (Google) <[email protected]> Fixes: 17911ff38aa5 ("tracing: Add locked_down checks to the open calls of files created for tracefs") Cc: [email protected] Thanks, > --- > kernel/trace/trace_dynevent.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/kernel/trace/trace_dynevent.c b/kernel/trace/trace_dynevent.c > index 5d64a18cacac..d06854bd32b3 100644 > --- a/kernel/trace/trace_dynevent.c > +++ b/kernel/trace/trace_dynevent.c > @@ -230,6 +230,10 @@ static int dyn_event_open(struct inode *inode, struct > file *file) > { > int ret; > > + ret = security_locked_down(LOCKDOWN_TRACEFS); > + if (ret) > + return ret; > + > ret = tracing_check_open_get_tr(NULL); > if (ret) > return ret; > -- Masami Hiramatsu (Google) <[email protected]>
