[PATCH] bpf: lsm: Disable or enable BPF LSM at boot time

From: Lorenzo Fontana
Date: Mon Jul 06 2020 - 12:57:17 EST

Next message: Mark Rutland: "Re: [PATCH v2 3/4] arm64: arch_timer: Disable the compat vdso for cores affected by ARM64_WORKAROUND_1418040"
Previous message: Mark Rutland: "Re: [PATCH v2 2/4] arm64: arch_timer: Allow an workaround descriptor to disable compat vdso"
Next in thread: Daniel Borkmann: "Re: [PATCH] bpf: lsm: Disable or enable BPF LSM at boot time"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This option adds a kernel parameter 'bpf_lsm',
which allows the BPF LSM to be disabled at boot.
The purpose of this option is to allow a single kernel
image to be distributed with the BPF LSM built in,
but not necessarily enabled.

Signed-off-by: Lorenzo Fontana <fontanalorenz@xxxxxxxxx>
---
Documentation/admin-guide/kernel-parameters.txt | 8 ++++++++
init/Kconfig | 12 ++++++++++++
security/bpf/hooks.c | 16 ++++++++++++++++
3 files changed, 36 insertions(+)

diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index fb95fad81c79..c0d5955279d7 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -4575,6 +4575,14 @@
1 -- enable.
Default value is set via kernel config option.

+ bpf_lsm= [BPF_LSM] Disable or enable LSM Instrumentation
+ with BPF at boot time.
+ Format: { "0" | "1" }
+ See init/Kconfig help text.
+ 0 -- disable.
+ 1 -- enable.
+ Default value is 1.
+
serialnumber [BUGS=X86-32]

shapers= [NET]
diff --git a/init/Kconfig b/init/Kconfig
index a46aa8f3174d..410547e4342e 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1659,6 +1659,18 @@ config BPF_LSM

If you are unsure how to answer this question, answer N.

+config BPF_LSM_BOOTPARAM
+ bool "LSM Instrumentation with BPF boot parameter"
+ depends on BPF_LSM
+ help
+ This option adds a kernel parameter 'bpf_lsm', which allows LSM
+ instrumentation with BPF to be disabled at boot.
+ If this option is selected, the BPF LSM
+ functionality can be disabled with bpf_lsm=0 on the kernel
+ command line. The purpose of this option is to allow a single
+ kernel image to be distributed with the BPF LSM built in, but not
+ necessarily enabled.
+
config BPF_SYSCALL
bool "Enable bpf() system call"
select BPF
diff --git a/security/bpf/hooks.c b/security/bpf/hooks.c
index 32d32d485451..6a4b4f63976c 100644
--- a/security/bpf/hooks.c
+++ b/security/bpf/hooks.c
@@ -3,9 +3,24 @@
/*
* Copyright (C) 2020 Google LLC.
*/
+
+#include <linux/init.h>
#include <linux/lsm_hooks.h>
#include <linux/bpf_lsm.h>

+int bpf_lsm_enabled_boot __initdata = 1;
+#ifdef CONFIG_BPF_LSM_BOOTPARAM
+static int __init bpf_lsm_enabled_setup(char *str)
+{
+ unsigned long enabled;
+
+ if (!kstrtoul(str, 0, &enabled))
+ bpf_lsm_enabled_boot = enabled ? 1 : 0;
+ return 1;
+}
+__setup("bpf_lsm=", bpf_lsm_enabled_setup);
+#endif
+
static struct security_hook_list bpf_lsm_hooks[] __lsm_ro_after_init = {
#define LSM_HOOK(RET, DEFAULT, NAME, ...) \
LSM_HOOK_INIT(NAME, bpf_lsm_##NAME),
@@ -23,4 +38,5 @@ static int __init bpf_lsm_init(void)
DEFINE_LSM(bpf) = {
.name = "bpf",
.init = bpf_lsm_init,
+ .enabled = &bpf_lsm_enabled_boot,
};
--
2.27.0

Next message: Mark Rutland: "Re: [PATCH v2 3/4] arm64: arch_timer: Disable the compat vdso for cores affected by ARM64_WORKAROUND_1418040"
Previous message: Mark Rutland: "Re: [PATCH v2 2/4] arm64: arch_timer: Allow an workaround descriptor to disable compat vdso"
Next in thread: Daniel Borkmann: "Re: [PATCH] bpf: lsm: Disable or enable BPF LSM at boot time"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]