From 1d0ca9da77f0ab01ff3c430ebd34f9d70d264b50 Mon Sep 17 00:00:00 2001 From: David Howells Date: Wed, 24 May 2017 14:56:05 +0100 Subject: [PATCH] bpf: Restrict kernel image access functions when the kernel is locked down There are some bpf functions can be used to read kernel memory: bpf_probe_read, bpf_probe_write_user and bpf_trace_printk. These allow private keys in kernel memory (e.g. the hibernation image signing key) to be read by an eBPF program and kernel memory to be altered without restriction. Completely prohibit the use of BPF when the kernel is locked down. Suggested-by: Alexei Starovoitov Signed-off-by: David Howells cc: netdev@vger.kernel.org cc: Chun-Yi Lee cc: Alexei Starovoitov [bwh: Adjust context to apply after commit dcab51f19b29 "bpf: Expose check_uarg_tail_zero()"] Gbp-Pq: Topic features/all/lockdown Gbp-Pq: Name 0027-bpf-Restrict-kernel-image-access-functions-when-the-.patch --- kernel/bpf/syscall.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c index a31a1ba0f8e..a3006ef8766 100644 --- a/kernel/bpf/syscall.c +++ b/kernel/bpf/syscall.c @@ -2274,6 +2274,9 @@ SYSCALL_DEFINE3(bpf, int, cmd, union bpf_attr __user *, uattr, unsigned int, siz if (sysctl_unprivileged_bpf_disabled && !capable(CAP_SYS_ADMIN)) return -EPERM; + if (kernel_is_locked_down("BPF")) + return -EPERM; + err = bpf_check_uarg_tail_zero(uattr, sizeof(attr), size); if (err) return err; -- 2.30.2