Received: by 10.192.165.156 with SMTP id m28csp935331imm; Wed, 11 Apr 2018 09:31:02 -0700 (PDT) X-Google-Smtp-Source: AIpwx4/sVb+ko15ekNy8RdvIRh0zPbB5aed/1F17mmp1o77nRANKGH7RW17g6/71OUORDAoZC0dc X-Received: by 2002:a17:902:141:: with SMTP id 59-v6mr5950847plb.219.1523464262276; Wed, 11 Apr 2018 09:31:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523464262; cv=none; d=google.com; s=arc-20160816; b=Zv6kLq6pdpRZUTnfJXrO8mjgjGFUQjQAANu7OZBJOZ1HcF6lleiQ4Z9kFAqfQQ3w0X EL/Vkf/l9YbBR4dJQiGiU8vf3VUgO5y24ldONTqA6nl6BtZfCxXygTEs9DqOT+JUxuLi YsGEhNrm+rXeqqYy/Y+ckS/Fdrjg6j9z6HgpKAk67GyLZ+GEw5fdbmenjwPr3TyrinM0 ZAvi5okaDKSrtK4fmE3wvRLeZ/dWb4W7hqVeNIxcMQHN+H+FerLqaYsYfOSM+d7a9OG3 aCh//pvLCOA2Y8v+Zbw6/pd6X0BMcbW/qGRv46cDvQFbOxOxKtau/UGpGV9ifGoHtT2X rl0Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:cc:to:from :subject:organization:arc-authentication-results; bh=4YVfOx0CZp1UMIxDS3K37ngV9J8T70NztPDl6tD91qU=; b=xkOVpMYsdo4dtfBpkrSi1lWQmADw16AnV3nTd1F4SEuDRiAUh18sM5vMfSvRvddMtN 1mWCkWRQlexNcb1TtZvvNQIB47rXD1s6hdmkw2sFlw5bCL4XmLqOVcFhtkfUvydMx+Pl d5ry3/LOZbURqT/XnVUBlixlnxrfta+uAet6o01zZvZUIkskTJDqu+yk0LUjEECEFI/K 1yb2dwyPS4FWCT4+2E6rp4V8DfHirBb1k945aNnrYZFs4klvjon6AQXwR01JMF09IwRE 6rXvz8hf9uJb1eGVFB1CBE28QG9JQikD+/5VvEINOEUnVtnankFJhFLhwV35XUn8al9i YQgQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f67si981504pgc.114.2018.04.11.09.30.24; Wed, 11 Apr 2018 09:31:02 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754380AbeDKQ1H (ORCPT + 99 others); Wed, 11 Apr 2018 12:27:07 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:54408 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1753772AbeDKQ1F (ORCPT ); Wed, 11 Apr 2018 12:27:05 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 62FFE406F890; Wed, 11 Apr 2018 16:27:04 +0000 (UTC) Received: from warthog.procyon.org.uk (ovpn-120-8.rdu2.redhat.com [10.10.120.8]) by smtp.corp.redhat.com (Postfix) with ESMTP id 8EE091208F63; Wed, 11 Apr 2018 16:27:03 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 Subject: [PATCH 22/24] bpf: Restrict kernel image access functions when the kernel is locked down From: David Howells To: torvalds@linux-foundation.org Cc: linux-man@vger.kernel.org, linux-api@vger.kernel.org, jmorris@namei.org, linux-kernel@vger.kernel.org, dhowells@redhat.com, linux-security-module@vger.kernel.org Date: Wed, 11 Apr 2018 17:27:03 +0100 Message-ID: <152346402306.4030.13915529680179697046.stgit@warthog.procyon.org.uk> In-Reply-To: <152346387861.4030.4408662483445703127.stgit@warthog.procyon.org.uk> References: <152346387861.4030.4408662483445703127.stgit@warthog.procyon.org.uk> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); Wed, 11 Apr 2018 16:27:04 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); Wed, 11 Apr 2018 16:27:04 +0000 (UTC) for IP:'10.11.54.3' DOMAIN:'int-mx03.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'dhowells@redhat.com' RCPT:'' Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org There are some bpf functions can be used to read kernel memory: bpf_probe_read, bpf_probe_write_user and bpf_trace_printk. These allow private keys in kernel memory (e.g. the hibernation image signing key) to be read by an eBPF program. Completely prohibit the use of BPF when the kernel is locked down. Suggested-by: Alexei Starovoitov Signed-off-by: David Howells cc: netdev@vger.kernel.org cc: Chun-Yi Lee cc: Alexei Starovoitov --- kernel/bpf/syscall.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c index 0244973ee544..7457f2676c6d 100644 --- a/kernel/bpf/syscall.c +++ b/kernel/bpf/syscall.c @@ -2031,6 +2031,9 @@ SYSCALL_DEFINE3(bpf, int, cmd, union bpf_attr __user *, uattr, unsigned int, siz if (sysctl_unprivileged_bpf_disabled && !capable(CAP_SYS_ADMIN)) return -EPERM; + if (kernel_is_locked_down("BPF")) + return -EPERM; + err = check_uarg_tail_zero(uattr, sizeof(attr), size); if (err) return err;