summaryrefslogtreecommitdiffstats
path: root/debian/patches/features/all/lockdown/0027-bpf-Restrict-kernel-image-access-functions-when-the-.patch
blob: 87273834c9ae53a79e7c12b737612eb0751a12fa (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
From: David Howells <dhowells@redhat.com>
Date: Wed, 24 May 2017 14:56:05 +0100
Subject: [27/29] bpf: Restrict kernel image access functions when the kernel
 is locked down
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=a13e9f58894129d9fd02fdb81b56ac7590704155

There are some bpf functions can be used to read kernel memory:
bpf_probe_read, bpf_probe_write_user and bpf_trace_printk.  These allow
private keys in kernel memory (e.g. the hibernation image signing key) to
be read by an eBPF program and kernel memory to be altered without
restriction.

Completely prohibit the use of BPF when the kernel is locked down.

Suggested-by: Alexei Starovoitov <alexei.starovoitov@gmail.com>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: netdev@vger.kernel.org
cc: Chun-Yi Lee <jlee@suse.com>
cc: Alexei Starovoitov <alexei.starovoitov@gmail.com>
[bwh: Adjust context to apply after commit dcab51f19b29
 "bpf: Expose check_uarg_tail_zero()"]
---
 kernel/bpf/syscall.c | 3 +++
 1 file changed, 3 insertions(+)

Index: linux/kernel/bpf/syscall.c
===================================================================
--- linux.orig/kernel/bpf/syscall.c
+++ linux/kernel/bpf/syscall.c
@@ -2378,6 +2378,9 @@ SYSCALL_DEFINE3(bpf, int, cmd, union bpf
 	if (sysctl_unprivileged_bpf_disabled && !capable(CAP_SYS_ADMIN))
 		return -EPERM;
 
+	if (kernel_is_locked_down("BPF"))
+		return -EPERM;
+
 	err = bpf_check_uarg_tail_zero(uattr, sizeof(attr), size);
 	if (err)
 		return err;