From 4c1b2a65f9c15942a79f9d5078f59c4b8108cdc4 Mon Sep 17 00:00:00 2001 From: Christoph Ostarek Date: Wed, 5 Jun 2024 18:03:05 +0200 Subject: [PATCH] bpf: lockdown for security disable writing into userspace Signed-off-by: Christoph Ostarek --- kernel/trace/bpf_trace.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c index 3fdde232eaa9..3363a1974e53 100644 --- a/kernel/trace/bpf_trace.c +++ b/kernel/trace/bpf_trace.c @@ -2,6 +2,7 @@ /* Copyright (c) 2011-2015 PLUMgrid, http://plumgrid.com * Copyright (c) 2016 Facebook */ +#include "linux/printk.h" #include #include #include @@ -326,6 +327,9 @@ static const struct bpf_func_proto bpf_probe_read_compat_str_proto = { BPF_CALL_3(bpf_probe_write_user, void __user *, unsafe_ptr, const void *, src, u32, size) { + printk("bpf_probe_write_user is disabled for security reasons"); + return -EPERM; + #if 0 /* * Ensure we're in user context which is safe for the helper to * run. This helper has no business in a kthread. @@ -346,6 +350,7 @@ BPF_CALL_3(bpf_probe_write_user, void __user *, unsafe_ptr, const void *, src, return -EPERM; return copy_to_user_nofault(unsafe_ptr, src, size); + #endif } static const struct bpf_func_proto bpf_probe_write_user_proto = { @@ -357,6 +362,7 @@ static const struct bpf_func_proto bpf_probe_write_user_proto = { .arg3_type = ARG_CONST_SIZE, }; +#if 0 static const struct bpf_func_proto *bpf_get_probe_write_proto(void) { if (!capable(CAP_SYS_ADMIN)) @@ -367,6 +373,7 @@ static const struct bpf_func_proto *bpf_get_probe_write_proto(void) return &bpf_probe_write_user_proto; } +#endif #define MAX_TRACE_PRINTK_VARARGS 3 #define BPF_TRACE_PRINTK_SIZE 1024 @@ -1450,8 +1457,8 @@ bpf_tracing_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) case BPF_FUNC_get_prandom_u32: return &bpf_get_prandom_u32_proto; case BPF_FUNC_probe_write_user: - return security_locked_down(LOCKDOWN_BPF_WRITE_USER) < 0 ? - NULL : bpf_get_probe_write_proto(); + printk("BPF_FUNC_probe_write_user requested, but locked down for security reasons"); + return NULL; case BPF_FUNC_probe_read_user: return &bpf_probe_read_user_proto; case BPF_FUNC_probe_read_kernel: