[PATCH 24/27] bpf: Restrict kernel image access functions when the kernel is locked down

From: Matthew Garrett
Date: Wed Mar 06 2019 - 19:00:35 EST

From: David Howells <dhowells@xxxxxxxxxx>

There are some bpf functions can be used to read kernel memory:
bpf_probe_read, bpf_probe_write_user and bpf_trace_printk. These allow
private keys in kernel memory (e.g. the hibernation image signing key) to
be read by an eBPF program and kernel memory to be altered without

Completely prohibit the use of BPF when the kernel is locked down.

Suggested-by: Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx>
Signed-off-by: David Howells <dhowells@xxxxxxxxxx>
cc: netdev@xxxxxxxxxxxxxxx
cc: Chun-Yi Lee <jlee@xxxxxxxx>
cc: Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx>
Signed-off-by: Matthew Garrett <matthewgarrett@xxxxxxxxxx>
kernel/bpf/syscall.c | 3 +++
1 file changed, 3 insertions(+)

diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index b155cd17c1bd..2cde39a875aa 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -2585,6 +2585,9 @@ SYSCALL_DEFINE3(bpf, int, cmd, union bpf_attr __user *, uattr, unsigned int, siz
if (sysctl_unprivileged_bpf_disabled && !capable(CAP_SYS_ADMIN))
return -EPERM;

+ if (kernel_is_locked_down("BPF"))
+ return -EPERM;
err = bpf_check_uarg_tail_zero(uattr, sizeof(attr), size);
if (err)
return err;