kernel/0001-bpf-set-unprivileged_bpf_disabled-to-1-by-default-ad.patch

123 lines
4.5 KiB
Diff
Raw Normal View History

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Eugene Syromiatnikov <esyr@redhat.com>
Date: Thu, 14 Jun 2018 16:36:02 -0400
Subject: [PATCH] bpf: set unprivileged_bpf_disabled to 1 by default, add a
boot parameter
Message-id: <133022c6c389ca16060bd20ef69199de0800200b.1528991396.git.esyr@redhat.com>
Patchwork-id: 8250
O-Subject: [kernel team] [RHEL8 PATCH v4 2/5] [bpf] bpf: set unprivileged_bpf_disabled to 1 by default, add a boot parameter
Bugzilla: 1561171
RH-Acked-by: Jiri Benc <jbenc@redhat.com>
RH-Acked-by: Jesper Dangaard Brouer <brouer@redhat.com>
This patch sets kernel.unprivileged_bpf_disabled sysctl knob to 1
by default, and provides an ability (in a form of a boot-time parameter)
to reset it to 0, as it is impossible to do so in runtime. Since
unprivileged BPF is considered unsupported, it also taints the kernel.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1561171
Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=16716594
Upstream: RHEL only. The patch (in a more generic form) has been
proposed upstream[1] and subsequently rejected.
[1] https://lkml.org/lkml/2018/5/21/344
Upstream Status: RHEL only
Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com>
Signed-off-by: Herton R. Krzesinski <herton@redhat.com>
---
.../admin-guide/kernel-parameters.txt | 8 +++++++
include/linux/kernel.h | 2 +-
kernel/bpf/syscall.c | 21 ++++++++++++++++++-
kernel/panic.c | 2 +-
4 files changed, 30 insertions(+), 3 deletions(-)
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index a1068742a6df..aba9439caec9 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -5370,6 +5370,14 @@
unknown_nmi_panic
[X86] Cause panic on unknown NMI.
+ unprivileged_bpf_disabled=
+ Format: { "0" | "1" }
+ Sets the initial value of
+ kernel.unprivileged_bpf_disabled sysctl knob.
+ 0 - unprivileged bpf() syscall access is enabled.
+ 1 - unprivileged bpf() syscall access is disabled.
+ Default value is 1.
+
usbcore.authorized_default=
[USB] Default USB device authorization:
(default -1 = authorized except for wireless USB,
diff --git a/include/linux/kernel.h b/include/linux/kernel.h
index f14f238dc36a..156d1e44d9f7 100644
--- a/include/linux/kernel.h
+++ b/include/linux/kernel.h
@@ -617,7 +617,7 @@ extern enum system_states {
#define TAINT_RESERVED28 28
#define TAINT_RESERVED29 29
#define TAINT_RESERVED30 30
-#define TAINT_RESERVED31 31
+#define TAINT_UNPRIVILEGED_BPF 31
/* End of Red Hat-specific taint flags */
#define TAINT_FLAGS_COUNT 32
kernel-5.8.0-0.rc0.20200610git84fc461db99b.1 * Wed Jun 10 2020 Fedora Kernel Team <kernel-team@fedoraproject.org> [5.8.0-0.rc0.20200610git84fc461db99b.1] - 84fc461db99b rebase - Fix PATCHLEVEL for merge window ("Justin M. Forbes") - PCI: tegra: Revert raw_violation_fixup for tegra124 (Nicolas Chauvet) - Change ark CONFIG_COMMON_CLK to yes, it is selected already by other options ("Justin M. Forbes") - More module filtering for Fedora ("Justin M. Forbes") - Update filters for rnbd in Fedora ("Justin M. Forbes") - Fix up module filtering for 5.8 ("Justin M. Forbes") - More Fedora config work ("Justin M. Forbes") - RTW88BE and CE have been extracted to their own modules ("Justin M. Forbes") - Set CONFIG_BLK_INLINE_ENCRYPTION_FALLBACK for Fedora ("Justin M. Forbes") - Arm64 Use Branch Target Identification for kernel ("Justin M. Forbes") - Fedora config updates ("Justin M. Forbes") - Change value of CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE ("Justin M. Forbes") - Fix configs for Fedora ("Justin M. Forbes") - Fix update_scripts.sh unselective pattern sub (David Howells) - Updated changelog for the release based on b0c3ba31be3e ("CKI@GitLab") - Drop the static path configuration for the Sphinx docs (Jeremy Cline) - Sign off generated configuration patches (Jeremy Cline) - Use __make macro instead of make (Tom Stellard) - redhat/configs: Enable CONFIG_SMC91X and disable CONFIG_SMC911X (Prarit Bhargava) [http://bugzilla.redhat.com/1722136] Resolves: rhbz# Signed-off-by: Justin M. Forbes <jforbes@fedoraproject.org>
2020-06-10 22:01:45 +00:00
#define TAINT_FLAGS_MAX ((1UL << TAINT_FLAGS_COUNT) - 1)
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index b999e7ff2583..5e5ac50d9137 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -24,6 +24,7 @@
#include <linux/ctype.h>
#include <linux/nospec.h>
#include <linux/audit.h>
+#include <linux/init.h>
#include <uapi/linux/btf.h>
kernel-5.8.0-0.rc0.20200610git84fc461db99b.1 * Wed Jun 10 2020 Fedora Kernel Team <kernel-team@fedoraproject.org> [5.8.0-0.rc0.20200610git84fc461db99b.1] - 84fc461db99b rebase - Fix PATCHLEVEL for merge window ("Justin M. Forbes") - PCI: tegra: Revert raw_violation_fixup for tegra124 (Nicolas Chauvet) - Change ark CONFIG_COMMON_CLK to yes, it is selected already by other options ("Justin M. Forbes") - More module filtering for Fedora ("Justin M. Forbes") - Update filters for rnbd in Fedora ("Justin M. Forbes") - Fix up module filtering for 5.8 ("Justin M. Forbes") - More Fedora config work ("Justin M. Forbes") - RTW88BE and CE have been extracted to their own modules ("Justin M. Forbes") - Set CONFIG_BLK_INLINE_ENCRYPTION_FALLBACK for Fedora ("Justin M. Forbes") - Arm64 Use Branch Target Identification for kernel ("Justin M. Forbes") - Fedora config updates ("Justin M. Forbes") - Change value of CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE ("Justin M. Forbes") - Fix configs for Fedora ("Justin M. Forbes") - Fix update_scripts.sh unselective pattern sub (David Howells) - Updated changelog for the release based on b0c3ba31be3e ("CKI@GitLab") - Drop the static path configuration for the Sphinx docs (Jeremy Cline) - Sign off generated configuration patches (Jeremy Cline) - Use __make macro instead of make (Tom Stellard) - redhat/configs: Enable CONFIG_SMC91X and disable CONFIG_SMC911X (Prarit Bhargava) [http://bugzilla.redhat.com/1722136] Resolves: rhbz# Signed-off-by: Justin M. Forbes <jforbes@fedoraproject.org>
2020-06-10 22:01:45 +00:00
#include <linux/pgtable.h>
#include <linux/bpf_lsm.h>
@@ -48,7 +49,25 @@ static DEFINE_SPINLOCK(map_idr_lock);
static DEFINE_IDR(link_idr);
static DEFINE_SPINLOCK(link_idr_lock);
-int sysctl_unprivileged_bpf_disabled __read_mostly;
+/* RHEL-only: default to 1 */
+int sysctl_unprivileged_bpf_disabled __read_mostly = 1;
+
+static int __init unprivileged_bpf_setup(char *str)
+{
+ unsigned long disabled;
+ if (!kstrtoul(str, 0, &disabled))
+ sysctl_unprivileged_bpf_disabled = !!disabled;
+
+ if (!sysctl_unprivileged_bpf_disabled) {
+ pr_warn("Unprivileged BPF has been enabled "
+ "(unprivileged_bpf_disabled=0 has been supplied "
+ "in boot parameters), tainting the kernel");
+ add_taint(TAINT_UNPRIVILEGED_BPF, LOCKDEP_STILL_OK);
+ }
+
+ return 1;
+}
+__setup("unprivileged_bpf_disabled=", unprivileged_bpf_setup);
static const struct bpf_map_ops * const bpf_map_types[] = {
#define BPF_PROG_TYPE(_id, _name, prog_ctx_type, kern_ctx_type)
diff --git a/kernel/panic.c b/kernel/panic.c
index fe1d3decf61c..2c483bec82d6 100644
--- a/kernel/panic.c
+++ b/kernel/panic.c
kernel-5.8.0-0.rc0.20200610git84fc461db99b.1 * Wed Jun 10 2020 Fedora Kernel Team <kernel-team@fedoraproject.org> [5.8.0-0.rc0.20200610git84fc461db99b.1] - 84fc461db99b rebase - Fix PATCHLEVEL for merge window ("Justin M. Forbes") - PCI: tegra: Revert raw_violation_fixup for tegra124 (Nicolas Chauvet) - Change ark CONFIG_COMMON_CLK to yes, it is selected already by other options ("Justin M. Forbes") - More module filtering for Fedora ("Justin M. Forbes") - Update filters for rnbd in Fedora ("Justin M. Forbes") - Fix up module filtering for 5.8 ("Justin M. Forbes") - More Fedora config work ("Justin M. Forbes") - RTW88BE and CE have been extracted to their own modules ("Justin M. Forbes") - Set CONFIG_BLK_INLINE_ENCRYPTION_FALLBACK for Fedora ("Justin M. Forbes") - Arm64 Use Branch Target Identification for kernel ("Justin M. Forbes") - Fedora config updates ("Justin M. Forbes") - Change value of CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE ("Justin M. Forbes") - Fix configs for Fedora ("Justin M. Forbes") - Fix update_scripts.sh unselective pattern sub (David Howells) - Updated changelog for the release based on b0c3ba31be3e ("CKI@GitLab") - Drop the static path configuration for the Sphinx docs (Jeremy Cline) - Sign off generated configuration patches (Jeremy Cline) - Use __make macro instead of make (Tom Stellard) - redhat/configs: Enable CONFIG_SMC91X and disable CONFIG_SMC911X (Prarit Bhargava) [http://bugzilla.redhat.com/1722136] Resolves: rhbz# Signed-off-by: Justin M. Forbes <jforbes@fedoraproject.org>
2020-06-10 22:01:45 +00:00
@@ -399,7 +399,7 @@ const struct taint_flag taint_flags[TAINT_FLAGS_COUNT] = {
[ TAINT_RESERVED28 ] = { '?', '-', false },
[ TAINT_RESERVED29 ] = { '?', '-', false },
[ TAINT_RESERVED30 ] = { '?', '-', false },
- [ TAINT_RESERVED31 ] = { '?', '-', false },
+ [ TAINT_UNPRIVILEGED_BPF ] = { 'u', ' ', false },
};
/**
--
2.28.0