Alexei Starovoitov wrote:
> > TBH, I've no idea how bpf does anything, so I can't say whether this is
> > better, overkill or insufficient.
>
> ok. To make it clear:
> Nacked-by: Alexei Starovoitov
> For the current patch.
> Unnecessary checks for
On Mon, Oct 23, 2017 at 03:53:00PM +0100, David Howells wrote:
> j...@suse.com wrote:
>
> > hm... patch 4 only prevents write_mem() but not read_mem().
> > Or I missed anything?
>
> Actually, yes, as it happens, patch 11 prevents you from even opening /dev/mem
> and /dev/kmem by locking down
j...@suse.com wrote:
> hm... patch 4 only prevents write_mem() but not read_mem().
> Or I missed anything?
Actually, yes, as it happens, patch 11 prevents you from even opening /dev/mem
and /dev/kmem by locking down open of /dev/port. So I've moved this bit to
patch 4, simplified and posted a
On Fri, Oct 20, 2017 at 05:03:22PM +0100, David Howells wrote:
> j...@suse.com wrote:
>
> > I think that we don't need to lock down sys_bpf() now because
> > we didn't lock down other interfaces for reading arbitrary
> > address like /dev/mem and /dev/kmem.
>
> Ummm... See patch 4. You even
j...@suse.com wrote:
> I think that we don't need to lock down sys_bpf() now because
> we didn't lock down other interfaces for reading arbitrary
> address like /dev/mem and /dev/kmem.
Ummm... See patch 4. You even gave me a Reviewed-by for it ;-)
David
--
To unsubscribe from this list: send
On Fri, Oct 20, 2017 at 09:08:48AM +0100, David Howells wrote:
> Hi Joey,
>
> Should I just lock down sys_bpf() entirely for now? We can always free it up
> somewhat later.
>
> David
OK~~ Please just remove my patch until we find out a way to
verify bpf code or protect sensitive data in
Hi Joey,
Should I just lock down sys_bpf() entirely for now? We can always free it up
somewhat later.
David
--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majord...@vger.kernel.org
More majordomo info at
On Thu, Oct 19, 2017 at 11:48:34PM +0100, David Howells wrote:
> Alexei Starovoitov wrote:
>
> > > @@ -65,6 +65,11 @@ BPF_CALL_3(bpf_probe_read, void *, dst, u32, size,
> > > const void *, unsafe_ptr)
> > > {
> > > int ret;
> > >
> > > + if
Alexei Starovoitov wrote:
> > @@ -65,6 +65,11 @@ BPF_CALL_3(bpf_probe_read, void *, dst, u32, size, const
> > void *, unsafe_ptr)
> > {
> > int ret;
> >
> > + if (kernel_is_locked_down("BPF")) {
> > + memset(dst, 0, size);
> > + return
On Thu, Oct 19, 2017 at 03:52:49PM +0100, David Howells wrote:
> From: Chun-Yi Lee
>
> There are some bpf functions can be used to read kernel memory:
> bpf_probe_read, bpf_probe_write_user and bpf_trace_printk. These allow
> private keys in kernel memory (e.g. the hibernation
10 matches
Mail list logo