Re: [PATCH V36 23/29] bpf: Restrict bpf when kernel lockdown is in... | netdev

Re: [PATCH V36 23/29] bpf: Restrict bpf when kernel lockdown is in confidentiality mode

From: Matthew Garrett <hidden>
Date: 2019-07-29 21:47:18
Also in: linux-api, linux-security-module, lkml

On Thu, Jul 18, 2019 at 12:45 PM Matthew Garrett
[off-list ref] wrote:

bpf_read() and bpf_read_str() could potentially be abused to (eg) allow
private keys in kernel memory to be leaked. Disable them if the kernel
has been locked down in confidentiality mode.

Suggested-by: Alexei Starovoitov <redacted>
Signed-off-by: Matthew Garrett <redacted>
cc: netdev@vger.kernel.org
cc: Chun-Yi Lee <jlee@suse.com>
cc: Alexei Starovoitov <redacted>
Cc: Daniel Borkmann <daniel@iogearbox.net>

Any further feedback on this?

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help