LinuxLists.cc - Re: [PATCH 18/27] bpf: Restrict kernel image access functions when the kernel is locked down

2017-10-20 16:37:32

Subject: Re: [PATCH 18/27] bpf: Restrict kernel image access functions when the kernel is locked down

On Fri, Oct 20, 2017 at 09:08:48AM +0100, David Howells wrote:
> Hi Joey,
>
> Should I just lock down sys_bpf() entirely for now? We can always free it up
> somewhat later.
>
> David

OK~~ Please just remove my patch until we find out a way to
verify bpf code or protect sensitive data in memory.

I think that we don't need to lock down sys_bpf() now because
we didn't lock down other interfaces for reading arbitrary
address like /dev/mem and /dev/kmem.

Thanks a lot!
Joey Lee

From 1581795146685006900@xxx Fri Oct 20 16:36:45 +0000 2017
X-GM-THRID: 1581706293786105139
X-Gmail-Labels: Inbox,Category Forums

2017-10-20 16:36:45

by David Howells

[permalink] [raw]

Subject: Re: [PATCH 18/27] bpf: Restrict kernel image access functions when the kernel is locked down

[email protected] wrote:

> I think that we don't need to lock down sys_bpf() now because
> we didn't lock down other interfaces for reading arbitrary
> address like /dev/mem and /dev/kmem.

Ummm... See patch 4. You even gave me a Reviewed-by for it ;-)

David

From 1581763248658618872@xxx Fri Oct 20 08:09:44 +0000 2017
X-GM-THRID: 1581706293786105139
X-Gmail-Labels: Inbox,Category Forums