|
|
1f73373 |
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
Jeremy Cline |
d1b6f8c |
From: Eugene Syromiatnikov <esyr@redhat.com>
|
|
Jeremy Cline |
d1b6f8c |
Date: Thu, 14 Jun 2018 16:36:02 -0400
|
|
Jeremy Cline |
d1b6f8c |
Subject: [PATCH] bpf: set unprivileged_bpf_disabled to 1 by default, add a
|
|
Jeremy Cline |
d1b6f8c |
boot parameter
|
|
Jeremy Cline |
d1b6f8c |
|
|
Jeremy Cline |
d1b6f8c |
Message-id: <133022c6c389ca16060bd20ef69199de0800200b.1528991396.git.esyr@redhat.com>
|
|
Jeremy Cline |
d1b6f8c |
Patchwork-id: 8250
|
|
Jeremy Cline |
d1b6f8c |
O-Subject: [kernel team] [RHEL8 PATCH v4 2/5] [bpf] bpf: set unprivileged_bpf_disabled to 1 by default, add a boot parameter
|
|
Jeremy Cline |
d1b6f8c |
Bugzilla: 1561171
|
|
Jeremy Cline |
d1b6f8c |
RH-Acked-by: Jiri Benc <jbenc@redhat.com>
|
|
Jeremy Cline |
d1b6f8c |
RH-Acked-by: Jesper Dangaard Brouer <brouer@redhat.com>
|
|
Jeremy Cline |
d1b6f8c |
|
|
Jeremy Cline |
d1b6f8c |
This patch sets kernel.unprivileged_bpf_disabled sysctl knob to 1
|
|
Jeremy Cline |
d1b6f8c |
by default, and provides an ability (in a form of a boot-time parameter)
|
|
Jeremy Cline |
d1b6f8c |
to reset it to 0, as it is impossible to do so in runtime. Since
|
|
Jeremy Cline |
d1b6f8c |
unprivileged BPF is considered unsupported, it also taints the kernel.
|
|
Jeremy Cline |
d1b6f8c |
|
|
Jeremy Cline |
d1b6f8c |
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1561171
|
|
Jeremy Cline |
d1b6f8c |
Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=16716594
|
|
Jeremy Cline |
d1b6f8c |
Upstream: RHEL only. The patch (in a more generic form) has been
|
|
Jeremy Cline |
d1b6f8c |
proposed upstream[1] and subsequently rejected.
|
|
Jeremy Cline |
d1b6f8c |
|
|
Jeremy Cline |
d1b6f8c |
[1] https://lkml.org/lkml/2018/5/21/344
|
|
Jeremy Cline |
d1b6f8c |
|
|
Jeremy Cline |
d1b6f8c |
Upstream Status: RHEL only
|
|
Jeremy Cline |
d1b6f8c |
Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com>
|
|
Jeremy Cline |
d1b6f8c |
Signed-off-by: Herton R. Krzesinski <herton@redhat.com>
|
|
Jeremy Cline |
d1b6f8c |
---
|
|
Jeremy Cline |
d1b6f8c |
.../admin-guide/kernel-parameters.txt | 8 +++++++
|
|
Jeremy Cline |
d1b6f8c |
include/linux/kernel.h | 2 +-
|
|
Jeremy Cline |
d1b6f8c |
kernel/bpf/syscall.c | 21 ++++++++++++++++++-
|
|
Jeremy Cline |
d1b6f8c |
kernel/panic.c | 2 +-
|
|
Jeremy Cline |
d1b6f8c |
4 files changed, 30 insertions(+), 3 deletions(-)
|
|
Jeremy Cline |
d1b6f8c |
|
|
Jeremy Cline |
d1b6f8c |
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
|
|
|
fb49733 |
index fb95fad81c79..a43287854f8a 100644
|
|
Jeremy Cline |
d1b6f8c |
--- a/Documentation/admin-guide/kernel-parameters.txt
|
|
Jeremy Cline |
d1b6f8c |
+++ b/Documentation/admin-guide/kernel-parameters.txt
|
|
|
fb49733 |
@@ -5277,6 +5277,14 @@
|
|
Jeremy Cline |
d1b6f8c |
unknown_nmi_panic
|
|
Jeremy Cline |
d1b6f8c |
[X86] Cause panic on unknown NMI.
|
|
|
d176dfc |
|
|
Jeremy Cline |
d1b6f8c |
+ unprivileged_bpf_disabled=
|
|
Jeremy Cline |
d1b6f8c |
+ Format: { "0" | "1" }
|
|
Jeremy Cline |
d1b6f8c |
+ Sets the initial value of
|
|
Jeremy Cline |
d1b6f8c |
+ kernel.unprivileged_bpf_disabled sysctl knob.
|
|
Jeremy Cline |
d1b6f8c |
+ 0 - unprivileged bpf() syscall access is enabled.
|
|
Jeremy Cline |
d1b6f8c |
+ 1 - unprivileged bpf() syscall access is disabled.
|
|
Jeremy Cline |
d1b6f8c |
+ Default value is 1.
|
|
Jeremy Cline |
d1b6f8c |
+
|
|
Jeremy Cline |
d1b6f8c |
usbcore.authorized_default=
|
|
Jeremy Cline |
d1b6f8c |
[USB] Default USB device authorization:
|
|
Jeremy Cline |
d1b6f8c |
(default -1 = authorized except for wireless USB,
|
|
Jeremy Cline |
d1b6f8c |
diff --git a/include/linux/kernel.h b/include/linux/kernel.h
|
|
|
fb49733 |
index 28be75396242..0a0081b10edb 100644
|
|
Jeremy Cline |
d1b6f8c |
--- a/include/linux/kernel.h
|
|
Jeremy Cline |
d1b6f8c |
+++ b/include/linux/kernel.h
|
|
|
fb49733 |
@@ -618,7 +618,7 @@ extern enum system_states {
|
|
Jeremy Cline |
d1b6f8c |
#define TAINT_RESERVED28 28
|
|
Jeremy Cline |
d1b6f8c |
#define TAINT_RESERVED29 29
|
|
Jeremy Cline |
d1b6f8c |
#define TAINT_RESERVED30 30
|
|
Jeremy Cline |
d1b6f8c |
-#define TAINT_RESERVED31 31
|
|
Jeremy Cline |
d1b6f8c |
+#define TAINT_UNPRIVILEGED_BPF 31
|
|
Jeremy Cline |
d1b6f8c |
/* End of Red Hat-specific taint flags */
|
|
Jeremy Cline |
d1b6f8c |
#define TAINT_FLAGS_COUNT 32
|
|
|
fb49733 |
#define TAINT_FLAGS_MAX ((1UL << TAINT_FLAGS_COUNT) - 1)
|
|
Jeremy Cline |
d1b6f8c |
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
|
|
|
aa5ab7f |
index 0fd80ac81f70..60f70f31060e 100644
|
|
Jeremy Cline |
d1b6f8c |
--- a/kernel/bpf/syscall.c
|
|
Jeremy Cline |
d1b6f8c |
+++ b/kernel/bpf/syscall.c
|
|
Jeremy Cline |
d1b6f8c |
@@ -24,6 +24,7 @@
|
|
Jeremy Cline |
d1b6f8c |
#include <linux/ctype.h>
|
|
Jeremy Cline |
d1b6f8c |
#include <linux/nospec.h>
|
|
Jeremy Cline |
d1b6f8c |
#include <linux/audit.h>
|
|
Jeremy Cline |
d1b6f8c |
+#include <linux/init.h>
|
|
Jeremy Cline |
d1b6f8c |
#include <uapi/linux/btf.h>
|
|
|
fb49733 |
#include <linux/pgtable.h>
|
|
Jeremy Cline |
d1b6f8c |
#include <linux/bpf_lsm.h>
|
|
|
728cc6e |
@@ -48,7 +49,25 @@ static DEFINE_SPINLOCK(map_idr_lock);
|
|
|
728cc6e |
static DEFINE_IDR(link_idr);
|
|
|
728cc6e |
static DEFINE_SPINLOCK(link_idr_lock);
|
|
|
d176dfc |
|
|
Jeremy Cline |
d1b6f8c |
-int sysctl_unprivileged_bpf_disabled __read_mostly;
|
|
Jeremy Cline |
d1b6f8c |
+/* RHEL-only: default to 1 */
|
|
Jeremy Cline |
d1b6f8c |
+int sysctl_unprivileged_bpf_disabled __read_mostly = 1;
|
|
Jeremy Cline |
d1b6f8c |
+
|
|
Jeremy Cline |
d1b6f8c |
+static int __init unprivileged_bpf_setup(char *str)
|
|
Jeremy Cline |
d1b6f8c |
+{
|
|
Jeremy Cline |
d1b6f8c |
+ unsigned long disabled;
|
|
Jeremy Cline |
d1b6f8c |
+ if (!kstrtoul(str, 0, &disabled))
|
|
Jeremy Cline |
d1b6f8c |
+ sysctl_unprivileged_bpf_disabled = !!disabled;
|
|
Jeremy Cline |
d1b6f8c |
+
|
|
Jeremy Cline |
d1b6f8c |
+ if (!sysctl_unprivileged_bpf_disabled) {
|
|
Jeremy Cline |
d1b6f8c |
+ pr_warn("Unprivileged BPF has been enabled "
|
|
Jeremy Cline |
d1b6f8c |
+ "(unprivileged_bpf_disabled=0 has been supplied "
|
|
Jeremy Cline |
d1b6f8c |
+ "in boot parameters), tainting the kernel");
|
|
Jeremy Cline |
d1b6f8c |
+ add_taint(TAINT_UNPRIVILEGED_BPF, LOCKDEP_STILL_OK);
|
|
Jeremy Cline |
d1b6f8c |
+ }
|
|
Jeremy Cline |
d1b6f8c |
+
|
|
Jeremy Cline |
d1b6f8c |
+ return 1;
|
|
Jeremy Cline |
d1b6f8c |
+}
|
|
Jeremy Cline |
d1b6f8c |
+__setup("unprivileged_bpf_disabled=", unprivileged_bpf_setup);
|
|
|
d176dfc |
|
|
Jeremy Cline |
d1b6f8c |
static const struct bpf_map_ops * const bpf_map_types[] = {
|
|
Jeremy Cline |
d1b6f8c |
#define BPF_PROG_TYPE(_id, _name, prog_ctx_type, kern_ctx_type)
|
|
Jeremy Cline |
d1b6f8c |
diff --git a/kernel/panic.c b/kernel/panic.c
|
|
|
dc4f070 |
index 534bc76e43da..e3bae852d92f 100644
|
|
Jeremy Cline |
d1b6f8c |
--- a/kernel/panic.c
|
|
Jeremy Cline |
d1b6f8c |
+++ b/kernel/panic.c
|
|
|
fb49733 |
@@ -399,7 +399,7 @@ const struct taint_flag taint_flags[TAINT_FLAGS_COUNT] = {
|
|
Jeremy Cline |
d1b6f8c |
[ TAINT_RESERVED28 ] = { '?', '-', false },
|
|
Jeremy Cline |
d1b6f8c |
[ TAINT_RESERVED29 ] = { '?', '-', false },
|
|
Jeremy Cline |
d1b6f8c |
[ TAINT_RESERVED30 ] = { '?', '-', false },
|
|
Jeremy Cline |
d1b6f8c |
- [ TAINT_RESERVED31 ] = { '?', '-', false },
|
|
Jeremy Cline |
d1b6f8c |
+ [ TAINT_UNPRIVILEGED_BPF ] = { 'u', ' ', false },
|
|
Jeremy Cline |
d1b6f8c |
};
|
|
|
d176dfc |
|
|
Jeremy Cline |
d1b6f8c |
/**
|
|
Jeremy Cline |
d1b6f8c |
--
|
|
|
d176dfc |
2.26.2
|
|
Jeremy Cline |
d1b6f8c |
|