[PATCH 18/27] bpf: Restrict kernel image access functions when the kernel is locked down
David Howells
dhowells at redhat.com
Thu Nov 9 17:15:04 UTC 2017
Alexei Starovoitov <alexei.starovoitov at gmail.com> wrote:
> > TBH, I've no idea how bpf does anything, so I can't say whether this is
> > better, overkill or insufficient.
>
> ok. To make it clear:
> Nacked-by: Alexei Starovoitov <ast at kernel.org>
> For the current patch.
> Unnecessary checks for no good reason in performance critical
> functions are not acceptable.
They aren't unnecessary checks.
Can you please suggest if there's some way more suitable than just killing bpf
entirely? I don't know the code, and I presume you do.
David
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list