diff mbox series

[2/2] Revert "UBUNTU: SAUCE: (efi-lockdown) bpf: Restrict kernel image access functions when the kernel is locked down"

Message ID 20200220000351.2350-3-tyhicks@canonical.com
State New
Headers show
Series Loosen Lockdown restrictions on bpf(2) (LP: #1863234) | expand

Commit Message

Tyler Hicks Feb. 20, 2020, 12:03 a.m. UTC 
BugLink: https://bugs.launchpad.net/bugs/1863234

This reverts commit 4882fa5a0c95fc8dbabd88a6a895b50450928ea7.

Allow some uses of the bpf(2) system call, while in Lockdown mode, now
that upstream commit 9d1f8be5cf42 ("bpf: Restrict bpf when kernel
lockdown is in confidentiality mode") is applied to restrict BPF reads.

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
---
 kernel/bpf/syscall.c | 3 ---
 1 file changed, 3 deletions(-)
diff mbox series

Patch

diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index 50a344ac8ff9..ee3087462bc9 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -2831,9 +2831,6 @@  SYSCALL_DEFINE3(bpf, int, cmd, union bpf_attr __user *, uattr, unsigned int, siz
 	if (sysctl_unprivileged_bpf_disabled && !capable(CAP_SYS_ADMIN))
 		return -EPERM;
 
-	if (kernel_is_locked_down("BPF"))
-		return -EPERM;
-
 	err = bpf_check_uarg_tail_zero(uattr, sizeof(attr), size);
 	if (err)
 		return err;