Received: by 2002:a25:f815:0:0:0:0:0 with SMTP id u21csp2901223ybd; Mon, 24 Jun 2019 15:02:26 -0700 (PDT) X-Google-Smtp-Source: APXvYqxC7DkBWsP76JfW8ZA2/QIThC2wjSkTq2JrbsBoZ2Juj7s3wY6VKISFwWPH/XzEoSmqSNY6 X-Received: by 2002:a65:6647:: with SMTP id z7mr9018502pgv.349.1561413746000; Mon, 24 Jun 2019 15:02:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561413745; cv=none; d=google.com; s=arc-20160816; b=WLbnneqoMuETuu61RqLyv3rBXc3Pf/7KAHW/GSuXGgveZlX9/g63h+lZHyr7WAwPq3 FzJ/BJtJlb4Pzn3csPyBD23RYtkB4+uUPHZoP/rMOxRQ3CCWGlq68NQD/mEqZiyAtq/v MB3jn9bkUgagZwVBGZka66G+Fnc2ed0aGHUrFUIOz03ihPhjMgjvCLQi99vrGuhMdK6S JMsfJ3Mv/wJUOm2ng8+Ofw8CI3WvoIM/ja9bBzeGfQ3ZShgqcUds/3g6adgPWZcDDv2s AE7qPaN5a2v8rZfItx6IiD8wJdp206t0Kj/tgJClkig6nxEy+d7VgGnTPqonU7qku60x gxCw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=NlNgzMMFJ+7QwGx9xG98XqTbQWSzsaaFAnhIGC2h2XQ=; b=KylrP06PdpnbpcnsKqY2pd7DU/bRHLncfxGUDk8sr/ZmPSEDbLrjig534TC6K1ItDP hLutTuflQrBGme+i/aF+mq9xAjHDEpimRS0KvhsTRCBFSD4cdkpR1pVde2l660TSKxUb +i6RPZ5yvMiflBAq+1PYiPOpjSvHzwCOAvoH/zY0KiHnND73ZFZHp8dT+obQm/EFHlM7 083Yxe1MzsduYTeBIkhE7DMrtppLfGfsLCug3SgmIfwUl/99xfF1PMGfVZALauwiI+Ha ZWbeig9pUzVk7sPyqd+KdWQaRSEi46ioapJOJEhFXdKElSqjZ1RHcYvLVZICyx0MSc9d Mz3Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=NJGAPTmU; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 18si10759443pgy.84.2019.06.24.15.02.10; Mon, 24 Jun 2019 15:02:25 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=NJGAPTmU; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725916AbfFXUP6 (ORCPT + 99 others); Mon, 24 Jun 2019 16:15:58 -0400 Received: from mail-io1-f66.google.com ([209.85.166.66]:38663 "EHLO mail-io1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731569AbfFXUP5 (ORCPT ); Mon, 24 Jun 2019 16:15:57 -0400 Received: by mail-io1-f66.google.com with SMTP id j6so3828874ioa.5 for ; Mon, 24 Jun 2019 13:15:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=NlNgzMMFJ+7QwGx9xG98XqTbQWSzsaaFAnhIGC2h2XQ=; b=NJGAPTmUam9+dMN0mbGC1vA6isBRugH0cJzAQU6FeessvYEf6yigBykoLNvckboO3/ RxDkBfqV+yw42M+bQIm97RifrnkhMUPvAAhuDM72zLT4jB3DygRAWDY59fcJKHsJPX2+ 3+d2DIKgFvXJaFL9EUuz/R7kelADr+QazYAQ02FtZ4tYF2V/ieg29/jq+Lvo9zI/MXda IdSWU6kcTBgiUoXi9HmdgUEQdKeV09YSt0GzBD61kq1idQba5fMW/q+ThWkqOYpA32AK 92iFCn9RLi7EPpKuHTMTDKtB7kwTJcG4gFeNJwNP/zH/FEuLdiZkDxl404taFXuSNC2Q E50Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=NlNgzMMFJ+7QwGx9xG98XqTbQWSzsaaFAnhIGC2h2XQ=; b=VLtREp286b9VUZui4a4zwoTKV5C/iLTAHwk3cElK/tJslbW/KxkntsAX/PSOl4SmQp vXZoONmw3WRE2JuRyuXoy5GnOngSrkNVd8nyFjDUWXGeNOoogDYiaUirgceIVDBi4Qrb tVAF7LX/SY22GBQJ7LX5J82H+EA+2Uw9DbiiduBurLp5Os9vtxyNnDhLZKacZN9OvjL1 3WEGh527AlPUZV6YjT9fZBJJDYkk/Axh2srUUiAiijXp6nv+GRd+lGqlrwsFqh58NEjK 1Ar1EcxJY/1EQ4E2WL6ujgR1DtONKQcMpr79sduc2Ptb4jX2k01JqKmA1RdTwTRxxbPg riHg== X-Gm-Message-State: APjAAAVJanRw+OkZ2WPSnwX5EA6dLZ56e5HoUhufs1VrSBJK2iOJ9Ks1 s40HTF6vOTtMZgG3G2Ax7W0/tADaY7HqqjNy7R0zsw== X-Received: by 2002:a5d:9d97:: with SMTP id 23mr2139870ion.204.1561407356312; Mon, 24 Jun 2019 13:15:56 -0700 (PDT) MIME-Version: 1.0 References: <20190622000358.19895-1-matthewgarrett@google.com> <20190622000358.19895-24-matthewgarrett@google.com> <739e21b5-9559-d588-3542-bf0bc81de1b2@iogearbox.net> In-Reply-To: From: Matthew Garrett Date: Mon, 24 Jun 2019 13:15:44 -0700 Message-ID: Subject: Re: [PATCH V34 23/29] bpf: Restrict bpf when kernel lockdown is in confidentiality mode To: Andy Lutomirski Cc: Daniel Borkmann , James Morris , LSM List , Linux Kernel Mailing List , Linux API , David Howells , Alexei Starovoitov , Network Development , Chun-Yi Lee , Jann Horn , bpf@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jun 24, 2019 at 1:09 PM Andy Lutomirski wrote: > I'm confused. I understand why we're restricting bpf_probe_read(). > Why are we restricting bpf_probe_write_user() and bpf_trace_printk(), > though? Hmm. I think the thinking here was around exfiltration mechanisms, but if the read is blocked then that seems less likely. This seems to trace back to http://kernsec.org/pipermail/linux-security-module-archive/2017-October/003545.html - Joey, do you know the reasoning here?