Re: [PATCH V31 22/25] bpf: Restrict bpf when kernel lockdown is in confidentiality mode

From: Andy Lutomirski
Date: Tue Mar 26 2019 - 15:21:40 EST

Next message: Matthew Garrett: "Re: [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down"
Previous message: Andy Lutomirski: "Re: [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down"
In reply to: Matthew Garrett: "[PATCH V31 22/25] bpf: Restrict bpf when kernel lockdown is in confidentiality mode"
Next in thread: Matthew Garrett: "[PATCH V31 21/25] Lock down kprobes when in confidentiality mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Mar 26, 2019 at 11:28 AM Matthew Garrett
<matthewgarrett@xxxxxxxxxx> wrote:
>
> From: David Howells <dhowells@xxxxxxxxxx>
>
> There are some bpf functions can be used to read kernel memory:
> bpf_probe_read, bpf_probe_write_user and bpf_trace_printk. These allow
> private keys in kernel memory (e.g. the hibernation image signing key) to
> be read by an eBPF program and kernel memory to be altered without
> restriction. Disable them if the kernel has been locked down in
> confidentiality mode.
>

:)

This is yet another reason to get the new improved bpf_probe_user_read
stuff landed!

Next message: Matthew Garrett: "Re: [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down"
Previous message: Andy Lutomirski: "Re: [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down"
In reply to: Matthew Garrett: "[PATCH V31 22/25] bpf: Restrict bpf when kernel lockdown is in confidentiality mode"
Next in thread: Matthew Garrett: "[PATCH V31 21/25] Lock down kprobes when in confidentiality mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]