kernel/0001-bpf-set-unprivileged_bpf_disabled-to-1-by-default-ad.patch
Justin M. Forbes d176dfce22 kernel-5.8.0-0.rc3.20200630git7c30b859a947.1
* Tue Jun 30 2020 Fedora Kernel Team <kernel-team@fedoraproject.org> [5.8.0-0.rc3.20200630git7c30b859a947.1]
- 7c30b859a947 rebase
- Updated changelog for the release based on v5.8-rc3 (Fedora Kernel Team)
Resolves: rhbz#

Signed-off-by: Justin M. Forbes <jforbes@fedoraproject.org>
2020-06-30 09:24:22 -05:00

123 lines
4.5 KiB
Diff

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Eugene Syromiatnikov <esyr@redhat.com>
Date: Thu, 14 Jun 2018 16:36:02 -0400
Subject: [PATCH] bpf: set unprivileged_bpf_disabled to 1 by default, add a
boot parameter
Message-id: <133022c6c389ca16060bd20ef69199de0800200b.1528991396.git.esyr@redhat.com>
Patchwork-id: 8250
O-Subject: [kernel team] [RHEL8 PATCH v4 2/5] [bpf] bpf: set unprivileged_bpf_disabled to 1 by default, add a boot parameter
Bugzilla: 1561171
RH-Acked-by: Jiri Benc <jbenc@redhat.com>
RH-Acked-by: Jesper Dangaard Brouer <brouer@redhat.com>
This patch sets kernel.unprivileged_bpf_disabled sysctl knob to 1
by default, and provides an ability (in a form of a boot-time parameter)
to reset it to 0, as it is impossible to do so in runtime. Since
unprivileged BPF is considered unsupported, it also taints the kernel.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1561171
Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=16716594
Upstream: RHEL only. The patch (in a more generic form) has been
proposed upstream[1] and subsequently rejected.
[1] https://lkml.org/lkml/2018/5/21/344
Upstream Status: RHEL only
Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com>
Signed-off-by: Herton R. Krzesinski <herton@redhat.com>
---
.../admin-guide/kernel-parameters.txt | 8 +++++++
include/linux/kernel.h | 2 +-
kernel/bpf/syscall.c | 21 ++++++++++++++++++-
kernel/panic.c | 2 +-
4 files changed, 30 insertions(+), 3 deletions(-)
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index fb95fad81c79..a43287854f8a 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -5277,6 +5277,14 @@
unknown_nmi_panic
[X86] Cause panic on unknown NMI.
+ unprivileged_bpf_disabled=
+ Format: { "0" | "1" }
+ Sets the initial value of
+ kernel.unprivileged_bpf_disabled sysctl knob.
+ 0 - unprivileged bpf() syscall access is enabled.
+ 1 - unprivileged bpf() syscall access is disabled.
+ Default value is 1.
+
usbcore.authorized_default=
[USB] Default USB device authorization:
(default -1 = authorized except for wireless USB,
diff --git a/include/linux/kernel.h b/include/linux/kernel.h
index 28be75396242..0a0081b10edb 100644
--- a/include/linux/kernel.h
+++ b/include/linux/kernel.h
@@ -618,7 +618,7 @@ extern enum system_states {
#define TAINT_RESERVED28 28
#define TAINT_RESERVED29 29
#define TAINT_RESERVED30 30
-#define TAINT_RESERVED31 31
+#define TAINT_UNPRIVILEGED_BPF 31
/* End of Red Hat-specific taint flags */
#define TAINT_FLAGS_COUNT 32
#define TAINT_FLAGS_MAX ((1UL << TAINT_FLAGS_COUNT) - 1)
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index 8da159936bab..8f5546ec2d1f 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -24,6 +24,7 @@
#include <linux/ctype.h>
#include <linux/nospec.h>
#include <linux/audit.h>
+#include <linux/init.h>
#include <uapi/linux/btf.h>
#include <linux/pgtable.h>
#include <linux/bpf_lsm.h>
@@ -48,7 +49,25 @@ static DEFINE_SPINLOCK(map_idr_lock);
static DEFINE_IDR(link_idr);
static DEFINE_SPINLOCK(link_idr_lock);
-int sysctl_unprivileged_bpf_disabled __read_mostly;
+/* RHEL-only: default to 1 */
+int sysctl_unprivileged_bpf_disabled __read_mostly = 1;
+
+static int __init unprivileged_bpf_setup(char *str)
+{
+ unsigned long disabled;
+ if (!kstrtoul(str, 0, &disabled))
+ sysctl_unprivileged_bpf_disabled = !!disabled;
+
+ if (!sysctl_unprivileged_bpf_disabled) {
+ pr_warn("Unprivileged BPF has been enabled "
+ "(unprivileged_bpf_disabled=0 has been supplied "
+ "in boot parameters), tainting the kernel");
+ add_taint(TAINT_UNPRIVILEGED_BPF, LOCKDEP_STILL_OK);
+ }
+
+ return 1;
+}
+__setup("unprivileged_bpf_disabled=", unprivileged_bpf_setup);
static const struct bpf_map_ops * const bpf_map_types[] = {
#define BPF_PROG_TYPE(_id, _name, prog_ctx_type, kern_ctx_type)
diff --git a/kernel/panic.c b/kernel/panic.c
index 534bc76e43da..e3bae852d92f 100644
--- a/kernel/panic.c
+++ b/kernel/panic.c
@@ -399,7 +399,7 @@ const struct taint_flag taint_flags[TAINT_FLAGS_COUNT] = {
[ TAINT_RESERVED28 ] = { '?', '-', false },
[ TAINT_RESERVED29 ] = { '?', '-', false },
[ TAINT_RESERVED30 ] = { '?', '-', false },
- [ TAINT_RESERVED31 ] = { '?', '-', false },
+ [ TAINT_UNPRIVILEGED_BPF ] = { 'u', ' ', false },
};
/**
--
2.26.2