From: "Masami Hiramatsu (Google)" <mhiramat@kernel.org> stable inclusion from stable-v5.10.245 commit f3ac1f4eaba58e57943efa3e8b8d71fa7aab0abf category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/ID3FR6 CVE: CVE-2025-40021 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=... -------------------------------- commit 456c32e3c4316654f95f9d49c12cbecfb77d5660 upstream. Since dynamic_events interface on tracefs is compatible with kprobe_events and uprobe_events, it should also check the lockdown status and reject if it is set. Link: https://lore.kernel.org/all/175824455687.45175.3734166065458520748.stgit@dev... Fixes: 17911ff38aa5 ("tracing: Add locked_down checks to the open calls of files created for tracefs") Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org> Cc: stable@vger.kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Tengda Wu <wutengda2@huawei.com> --- kernel/trace/trace_dynevent.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/kernel/trace/trace_dynevent.c b/kernel/trace/trace_dynevent.c index 33d7057d83b0..a10e2f2de70f 100644 --- a/kernel/trace/trace_dynevent.c +++ b/kernel/trace/trace_dynevent.c @@ -190,6 +190,10 @@ static int dyn_event_open(struct inode *inode, struct file *file) { int ret; + ret = security_locked_down(LOCKDOWN_TRACEFS); + if (ret) + return ret; + ret = tracing_check_open_get_tr(NULL); if (ret) return ret; -- 2.34.1