Received: by 10.213.65.68 with SMTP id h4csp2142575imn; Sun, 8 Apr 2018 20:48:39 -0700 (PDT) X-Google-Smtp-Source: AIpwx4/2Wk6JXXZBhY5we7W57vvAEIKU08Tf4UZXiHLAaX9lSeWbvDQ29SDkXSRC+68bLoh4+PnW X-Received: by 2002:a17:902:6bc9:: with SMTP id m9-v6mr35790039plt.146.1523245719122; Sun, 08 Apr 2018 20:48:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523245719; cv=none; d=google.com; s=arc-20160816; b=FPchQ5NM141Lp/SXdjTKsX76DrKqcV5l4eSiXERsqB4C6wpsdNP5lUK110t/aSYBSP XlrvLCSBpa3su7j4EGzIZjYPHrHAVv3sBq8RWqqdWJCGvBxUu4Xis08PAmOcuFVpWtJk XbvaD5wCRnk3EbI3iB/teW1uGW2f9YHeQYQjljQQFB0gULq+Sbq2BRVXAFZn1REHYYTR Iv9KypoIopqFslOUsYfrmGQfk7dSwhwlg1yxCR8goVpo5X1o54cFiWaF7oVOcrfDXn9J 3kkGmuiiXm5eYKPza9aqtdtLKyM4wCXnJzvlJEIJjBChw4ugGjP+CtKl5oxNduC517/m TXLA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:arc-authentication-results; bh=sY4DWADR5zD0FnXEoWisC3S7nBq7BX1+eyGjUPq6K/w=; b=p0gWdVFw4Rgj5KYUQvX4t1+wwjMzLrTU0BX30iV8Y6LgwXhHNPYUedUeXMpMsWlXRf xODUSgkL9F1wK9kBrj6VL6QqXjoUMpgZgrDogCKOnW2+jMoeW9wz0vYeoBu+JtB22U9G qoi9D5/Ix7EtgcRwdBekeBfUZ/2LbH6pwNgbm+aiVUv8WppPV/69bIBmLziL+m0cUlkd EECR97IJhE3DkyVWSCRI4zj7IKgyybY8u7xhi8pG0ZusRBrd5Uezh1dIpGHUA7DaL1rz F4G27koc3siugmjGHEImjJeqTPdfU6ppwiDYVTTAINNkYi7veSKgSnSQkbHsaD8O2BPo tZ1Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=gEXWU5c4; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y8si10574892pgq.230.2018.04.08.20.48.02; Sun, 08 Apr 2018 20:48:39 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=gEXWU5c4; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754495AbeDIDkR (ORCPT + 99 others); Sun, 8 Apr 2018 23:40:17 -0400 Received: from mail-pf0-f171.google.com ([209.85.192.171]:46098 "EHLO mail-pf0-f171.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754377AbeDIDkN (ORCPT ); Sun, 8 Apr 2018 23:40:13 -0400 Received: by mail-pf0-f171.google.com with SMTP id h69so5047457pfe.13; Sun, 08 Apr 2018 20:40:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=sY4DWADR5zD0FnXEoWisC3S7nBq7BX1+eyGjUPq6K/w=; b=gEXWU5c4MJz4kJHDMLVm26c+eNMwocGlxupJyhUcrsqh2FbPnh78GShyJraZRhk2Jf 8jRwDc2BxWjWOt3N+kfVpN5pNAJNaR/TCco+wp/NCst+qpUJJz8fmoQFu3zltfieoBWA 4RgzP2QYNw3ilfKb6bItEGoaqxrHm3VBb6AeZNCK7iATwrW5ex7ZfE5uY/QvQR2l5IbQ UC4PzIQtB9pNxvhb7PRHoR0DDhbp9gMdq5X8nNSQioW7OGj3Q69oqJxbhKGeYnj46TnI NAE4lr3yKhDV8L3Ofq2RN/HFFAdt1KpOj7X7LFoPK2G4g1+fU7au7G+dasl/oWPca5JR mrmg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=sY4DWADR5zD0FnXEoWisC3S7nBq7BX1+eyGjUPq6K/w=; b=f+7Vv2VJVtHcel+TcmXzOaE4xeSU/JNnxyaqwx/DV0KUEoHqGu43myPeLPsQ/3gx4x 2BMoGWeAO2ugOf4Nk8qUkSfN1aFo8y8B0k8Ep6pGDuGKnzNXbTELh6FfQjviwpC91m8K sdJ4bJg41RwG+/G1pB9b88C3ApNf2NsKIZq8QeBybafi1OIICgmGgkqcspaa/VA+j27L wee9x6XNpWYvRTm1YVYDbDV9Iwm1syo8fCunAT2ikRjjt0UFOyjytJ5ElSIspyV2CK5r hcxboLow7395Xi3jMLKIK3Hq7hiMT53qkAbTKc9wssxl845JHAUGAKPiJHVuITuMkfH+ amPA== X-Gm-Message-State: AElRT7Eg7sQoR+X6RuQb2cPIzwfJpLcmwf2CD2Gm7gdYlLWWbRWFh50A x1eUTyKgVqOgxJZHx8k6nh8= X-Received: by 10.98.204.214 with SMTP id j83mr27972066pfk.182.1523245212826; Sun, 08 Apr 2018 20:40:12 -0700 (PDT) Received: from ast-mbp.dhcp.thefacebook.com ([2620:10d:c090:200::6:e46c]) by smtp.gmail.com with ESMTPSA id g1sm22985690pgq.34.2018.04.08.20.40.11 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 08 Apr 2018 20:40:11 -0700 (PDT) Date: Sun, 8 Apr 2018 20:40:10 -0700 From: Alexei Starovoitov To: joeyli Cc: Andy Lutomirski , David Howells , Ard Biesheuvel , James Morris , One Thousand Gnomes , Linus Torvalds , Matthew Garrett , Greg KH , LKML , Justin Forbes , linux-man , LSM List , Linux API , Kees Cook , linux-efi , Daniel Borkmann Subject: Re: [GIT PULL] Kernel lockdown for secure boot Message-ID: <20180409034008.dyte7k5kgkbjh5is@ast-mbp.dhcp.thefacebook.com> References: <20180408080742.GE7362@linux-l9pv.suse> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180408080742.GE7362@linux-l9pv.suse> User-Agent: NeoMutt/20180223 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Apr 08, 2018 at 04:07:42PM +0800, joeyli wrote: > > > If the only thing that folks are paranoid about is reading > > arbitrary kernel memory with bpf_probe_read() helper > > then preferred patch would be to disable it during verification > > when in lockdown mode > > Sorry for I didn't fully understand your idea... > Do you mean that using bpf verifier to filter out bpf program that > uses bpf_probe_read()? Take a look bpf_get_trace_printk_proto(). Similarly we can add bpf_get_probe_read_proto() that will return NULL if lockdown is on. Then programs with bpf_probe_read() will be rejected by the verifier.