subject:"\[PATCH V40 23\/29\] bpf\: Restrict bpf when kernel lockdown is in confidentiality mode"

Re: [PATCH V40 23/29] bpf: Restrict bpf when kernel lockdown is in confidentiality mode

2019-08-30 Thread David Howells

Matthew Garrett wrote: > From: David Howells > > bpf_read() and bpf_read_str() could potentially be abused to (eg) allow > private keys in kernel memory to be leaked. Disable them if the kernel > has been locked down in confidentiality mode. > > Suggested-by: Alexei Starovoitov > Signed-off-b

[PATCH V40 23/29] bpf: Restrict bpf when kernel lockdown is in confidentiality mode

2019-08-19 Thread Matthew Garrett

From: David Howells bpf_read() and bpf_read_str() could potentially be abused to (eg) allow private keys in kernel memory to be leaked. Disable them if the kernel has been locked down in confidentiality mode. Suggested-by: Alexei Starovoitov Signed-off-by: Matthew Garrett Reviewed-by: Kees Coo