From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Howells Subject: [PATCH 22/24] bpf: Restrict kernel image access functions when the kernel is locked down Date: Wed, 11 Apr 2018 17:27:03 +0100 Message-ID: <152346402306.4030.13915529680179697046.stgit@warthog.procyon.org.uk> References: <152346387861.4030.4408662483445703127.stgit@warthog.procyon.org.uk> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <152346387861.4030.4408662483445703127.stgit@warthog.procyon.org.uk> Sender: linux-kernel-owner@vger.kernel.org To: torvalds@linux-foundation.org Cc: linux-man@vger.kernel.org, linux-api@vger.kernel.org, jmorris@namei.org, linux-kernel@vger.kernel.org, dhowells@redhat.com, linux-security-module@vger.kernel.org List-Id: linux-man@vger.kernel.org There are some bpf functions can be used to read kernel memory: bpf_probe_read, bpf_probe_write_user and bpf_trace_printk. These allow private keys in kernel memory (e.g. the hibernation image signing key) to be read by an eBPF program. Completely prohibit the use of BPF when the kernel is locked down. Suggested-by: Alexei Starovoitov Signed-off-by: David Howells cc: netdev@vger.kernel.org cc: Chun-Yi Lee cc: Alexei Starovoitov --- kernel/bpf/syscall.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c index 0244973ee544..7457f2676c6d 100644 --- a/kernel/bpf/syscall.c +++ b/kernel/bpf/syscall.c @@ -2031,6 +2031,9 @@ SYSCALL_DEFINE3(bpf, int, cmd, union bpf_attr __user *, uattr, unsigned int, siz if (sysctl_unprivileged_bpf_disabled && !capable(CAP_SYS_ADMIN)) return -EPERM; + if (kernel_is_locked_down("BPF")) + return -EPERM; + err = check_uarg_tail_zero(uattr, sizeof(attr), size); if (err) return err;