Re: [PATCH V34 23/29] bpf: Restrict bpf when kernel lockdown is in confidentiality mode

On Mon, Jun 24, 2019 at 2:22 PM Daniel Borkmann wrote: > Agree, for example, bpf_probe_write_user() can never write into > kernel memory (only user one). Just thinking out loud, wouldn't it > be cleaner and more generic to perform this check at the actual function > which performs the kernel memor

Re: [PATCH V34 23/29] bpf: Restrict bpf when kernel lockdown is in confidentiality mode

On 06/24/2019 10:08 PM, Andy Lutomirski wrote: > On Mon, Jun 24, 2019 at 12:54 PM Matthew Garrett wrote: >> On Mon, Jun 24, 2019 at 8:37 AM Daniel Borkmann wrote: >>> On 06/22/2019 02:03 AM, Matthew Garrett wrote: From: David Howells There are some bpf functions can be used to rea

Re: [PATCH V34 23/29] bpf: Restrict bpf when kernel lockdown is in confidentiality mode

On Mon, Jun 24, 2019 at 1:09 PM Andy Lutomirski wrote: > I'm confused. I understand why we're restricting bpf_probe_read(). > Why are we restricting bpf_probe_write_user() and bpf_trace_printk(), > though? Hmm. I think the thinking here was around exfiltration mechanisms, but if the read is blo

Re: [PATCH V34 23/29] bpf: Restrict bpf when kernel lockdown is in confidentiality mode

On Mon, Jun 24, 2019 at 12:54 PM Matthew Garrett wrote: > > On Mon, Jun 24, 2019 at 8:37 AM Daniel Borkmann wrote: > > > > On 06/22/2019 02:03 AM, Matthew Garrett wrote: > > > From: David Howells > > > > > > There are some bpf functions can be used to read kernel memory: > > > > Nit: that > > Fi

Re: [PATCH V34 23/29] bpf: Restrict bpf when kernel lockdown is in confidentiality mode

On Mon, Jun 24, 2019 at 8:37 AM Daniel Borkmann wrote: > > On 06/22/2019 02:03 AM, Matthew Garrett wrote: > > From: David Howells > > > > There are some bpf functions can be used to read kernel memory: > > Nit: that Fixed. > > bpf_probe_read, bpf_probe_write_user and bpf_trace_printk. These al

Re: [PATCH V34 23/29] bpf: Restrict bpf when kernel lockdown is in confidentiality mode

On 06/22/2019 02:03 AM, Matthew Garrett wrote: > From: David Howells > > There are some bpf functions can be used to read kernel memory: Nit: that > bpf_probe_read, bpf_probe_write_user and bpf_trace_printk. These allow Please explain how bpf_probe_write_user reads kernel memory ... ?! > pri

Re: [PATCH V34 23/29] bpf: Restrict bpf when kernel lockdown is in confidentiality mode

On Fri, Jun 21, 2019 at 05:03:52PM -0700, Matthew Garrett wrote: > From: David Howells > > There are some bpf functions can be used to read kernel memory: > bpf_probe_read, bpf_probe_write_user and bpf_trace_printk. These allow > private keys in kernel memory (e.g. the hibernation image signing

[PATCH V34 23/29] bpf: Restrict bpf when kernel lockdown is in confidentiality mode

From: David Howells There are some bpf functions can be used to read kernel memory: bpf_probe_read, bpf_probe_write_user and bpf_trace_printk. These allow private keys in kernel memory (e.g. the hibernation image signing key) to be read by an eBPF program and kernel memory to be altered without