[PATCH 2/2] Revert "UBUNTU: SAUCE: (efi-lockdown) bpf: Restrict kernel image access functions when the kernel is locked down"

[Tyler Hicks]

BugLink: https://bugs.launchpad.net/bugs/1863234

This reverts commit 2a68c65abae66d28e2acb3245cb156ae2ea6eb1d.

Allow some uses of the bpf(2) system call, while in Lockdown mode, now
that upstream commit 9d1f8be5cf42 ("bpf: Restrict bpf when kernel
lockdown is in confidentiality mode") is applied to restrict BPF reads.

Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
---
 kernel/bpf/syscall.c | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index 4de66792826f..1f74b8002abe 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -2622,9 +2622,6 @@ SYSCALL_DEFINE3(bpf, int, cmd, union bpf_attr __user *, uattr, unsigned int, siz
 	if (sysctl_unprivileged_bpf_disabled && !capable(CAP_SYS_ADMIN))
 		return -EPERM;
 
-	if (kernel_is_locked_down("BPF"))
-		return -EPERM;
-
 	err = bpf_check_uarg_tail_zero(uattr, sizeof(attr), size);
 	if (err)
 		return err;
-- 
2.17.1