bpf: Restrict bpf when kernel lockdown is in confidentiality mode
authorDavid Howells <dhowells@redhat.com>
Tue, 20 Aug 2019 00:17:59 +0000 (17:17 -0700)
committerJames Morris <jmorris@namei.org>
Tue, 20 Aug 2019 04:54:16 +0000 (21:54 -0700)
commit9d1f8be5cf42b497a3bddf1d523f2bb142e9318c
treefc926ba08f6b2b69c2b9341de2a16d2870b25bda
parenta94549dd87f5ea4ca50fee493df08a2dc6256b53
bpf: Restrict bpf when kernel lockdown is in confidentiality mode

bpf_read() and bpf_read_str() could potentially be abused to (eg) allow
private keys in kernel memory to be leaked. Disable them if the kernel
has been locked down in confidentiality mode.

Suggested-by: Alexei Starovoitov <alexei.starovoitov@gmail.com>
Signed-off-by: Matthew Garrett <mjg59@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
cc: netdev@vger.kernel.org
cc: Chun-Yi Lee <jlee@suse.com>
cc: Alexei Starovoitov <alexei.starovoitov@gmail.com>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: James Morris <jmorris@namei.org>
include/linux/security.h
kernel/trace/bpf_trace.c
security/lockdown/lockdown.c