[RFC PATCH bpf-next 1/4] bpf: add a sysctl to enable destructive bpf helpers

Artem Savkov <asavkov@xxxxxxxxxx> · Mon, 11 Jul 2022 10:32:17 +0200

Add a kernel.destructive_bpf_enabled sysctl knob to allow enabling bpf
helpers that can be destructive to the system. One such helper,
bpf_panic(), is added later in the series.

Signed-off-by: Artem Savkov <asavkov@xxxxxxxxxx>
---
 include/linux/bpf.h  |  6 ++++++
 kernel/bpf/syscall.c | 29 +++++++++++++++++++++++++++++
 2 files changed, 35 insertions(+)

diff --git a/include/linux/bpf.h b/include/linux/bpf.h
index 0edd7d2c0064..77972724bed7 100644
--- a/include/linux/bpf.h
+++ b/include/linux/bpf.h
@@ -1641,6 +1641,7 @@ bpf_map_alloc_percpu(const struct bpf_map *map, size_t size, size_t align,
 #endif
 
 extern int sysctl_unprivileged_bpf_disabled;
+extern int sysctl_destructive_bpf_enabled;
 
 static inline bool bpf_allow_ptr_leaks(void)
 {
@@ -1926,6 +1927,11 @@ static inline bool unprivileged_ebpf_enabled(void)
 	return !sysctl_unprivileged_bpf_disabled;
 }
 
+static inline bool destructive_ebpf_enabled(void)
+{
+	return sysctl_destructive_bpf_enabled;
+}
+
 #else /* !CONFIG_BPF_SYSCALL */
 static inline struct bpf_prog *bpf_prog_get(u32 ufd)
 {
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index 7d5af5b99f0d..1ce6541d90e1 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -57,6 +57,8 @@ static DEFINE_SPINLOCK(link_idr_lock);
 int sysctl_unprivileged_bpf_disabled __read_mostly =
 	IS_BUILTIN(CONFIG_BPF_UNPRIV_DEFAULT_OFF) ? 2 : 0;
 
+int sysctl_destructive_bpf_enabled __read_mostly = 0;
+
 static const struct bpf_map_ops * const bpf_map_types[] = {
 #define BPF_PROG_TYPE(_id, _name, prog_ctx_type, kern_ctx_type)
 #define BPF_MAP_TYPE(_id, _ops) \
@@ -5226,6 +5228,24 @@ static int bpf_unpriv_handler(struct ctl_table *table, int write,
 	return ret;
 }
 
+static int bpf_destructive_handler(struct ctl_table *table, int write,
+				   void *buffer, size_t *lenp, loff_t *ppos)
+{
+	int ret, destructive_enable = *(int *)table->data;
+	struct ctl_table tmp = *table;
+
+	if (write && !capable(CAP_SYS_ADMIN))
+		return -EPERM;
+
+	tmp.data = &destructive_enable;
+	ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
+	if (write && !ret) {
+		*(int *)table->data = destructive_enable;
+	}
+
+	return ret;
+}
+
 static struct ctl_table bpf_syscall_table[] = {
 	{
 		.procname	= "unprivileged_bpf_disabled",
@@ -5236,6 +5256,15 @@ static struct ctl_table bpf_syscall_table[] = {
 		.extra1		= SYSCTL_ZERO,
 		.extra2		= SYSCTL_TWO,
 	},
+	{
+		.procname	= "destructive_bpf_enabled",
+		.data		= &sysctl_destructive_bpf_enabled,
+		.maxlen		= sizeof(sysctl_destructive_bpf_enabled),
+		.mode		= 0644,
+		.proc_handler	= bpf_destructive_handler,
+		.extra1		= SYSCTL_ZERO,
+		.extra2		= SYSCTL_ONE,
+	},
 	{
 		.procname	= "bpf_stats_enabled",
 		.data		= &bpf_stats_enabled_key.key,
-- 
2.35.3







