[PATCH V31 22/25] bpf: Restrict bpf when kernel lockdown is in confidentiality mode

Andy Lutomirski luto at kernel.org
Tue Mar 26 19:21:24 UTC 2019

On Tue, Mar 26, 2019 at 11:28 AM Matthew Garrett
<matthewgarrett at google.com> wrote:
> From: David Howells <dhowells at redhat.com>
> There are some bpf functions can be used to read kernel memory:
> bpf_probe_read, bpf_probe_write_user and bpf_trace_printk.  These allow
> private keys in kernel memory (e.g. the hibernation image signing key) to
> be read by an eBPF program and kernel memory to be altered without
> restriction. Disable them if the kernel has been locked down in
> confidentiality mode.


This is yet another reason to get the new improved bpf_probe_user_read
stuff landed!

More information about the Linux-security-module-archive mailing list