From fd5a68ae46b2c60dc437c7aa6779fd3224fd6a51 Mon Sep 17 00:00:00 2001 From: David Howells Date: Wed, 24 May 2017 14:56:05 +0100 Subject: [PATCH] bpf: Restrict kernel image access functions when the kernel is locked down There are some bpf functions can be used to read kernel memory: bpf_probe_read, bpf_probe_write_user and bpf_trace_printk. These allow private keys in kernel memory (e.g. the hibernation image signing key) to be read by an eBPF program and kernel memory to be altered without restriction. Completely prohibit the use of BPF when the kernel is locked down. Suggested-by: Alexei Starovoitov Signed-off-by: David Howells cc: netdev@vger.kernel.org cc: Chun-Yi Lee cc: Alexei Starovoitov [bwh: Adjust context to apply after commit dcab51f19b29 "bpf: Expose check_uarg_tail_zero()"] Gbp-Pq: Topic features/all/lockdown Gbp-Pq: Name 0027-bpf-Restrict-kernel-image-access-functions-when-the-.patch --- kernel/bpf/syscall.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c index 0f5d2e66cd6..45fea7886f2 100644 --- a/kernel/bpf/syscall.c +++ b/kernel/bpf/syscall.c @@ -2287,6 +2287,9 @@ SYSCALL_DEFINE3(bpf, int, cmd, union bpf_attr __user *, uattr, unsigned int, siz if (sysctl_unprivileged_bpf_disabled && !capable(CAP_SYS_ADMIN)) return -EPERM; + if (kernel_is_locked_down("BPF")) + return -EPERM; + err = bpf_check_uarg_tail_zero(uattr, sizeof(attr), size); if (err) return err; -- 2.30.2