@@ -142,14 +142,8 @@ BPF_CALL_3(bpf_probe_read, void *, dst, u32, size, const void *, unsafe_ptr)
{
int ret;
- if (kernel_is_locked_down("BPF")) {
- ret = -EPERM;
- goto out;
- }
-
ret = probe_kernel_read(dst, unsafe_ptr, size);
if (unlikely(ret < 0))
-out:
memset(dst, 0, size);
return ret;
@@ -589,11 +583,6 @@ BPF_CALL_3(bpf_probe_read_str, void *, dst, u32, size,
{
int ret;
- if (kernel_is_locked_down("BPF")) {
- ret = -EPERM;
- goto out;
- }
-
/*
* The strncpy_from_unsafe() call will likely not fill the entire
* buffer, but that's okay in this circumstance as we're probing
@@ -605,7 +594,6 @@ BPF_CALL_3(bpf_probe_read_str, void *, dst, u32, size,
*/
ret = strncpy_from_unsafe(dst, unsafe_ptr, size);
if (unlikely(ret < 0))
-out:
memset(dst, 0, size);
return ret;
BugLink: https://bugs.launchpad.net/bugs/1868626 This reverts commit 311f07f8e2dbccc7dac8450548987996222675a5. Upstream lockdown support locks down bpf reads only above the integrity level. As we are moving to an integrity level on secure boot on Focal, and there is no BPF lockdown on Bionic too, this makes Eoan behave like those two releases. Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> --- kernel/trace/bpf_trace.c | 12 ------------ 1 file changed, 12 deletions(-)