Re: [PATCH 18/27] bpf: Restrict kernel image access functions when the kernel is locked down

From: David Howells
Date: Thu Oct 19 2017 - 18:48:45 EST

Next message: Jin, Yao: "Re: [PATCH v4 2/6] perf record: Get the first sample time and last sample time"
Previous message: Dmitry Torokhov: "Re: [PATCH] media: input: Convert timers to use timer_setup()"
In reply to: David Howells: "Re: [PATCH 18/27] bpf: Restrict kernel image access functions when the kernel is locked down"
Next in thread: Alexei Starovoitov: "Re: [PATCH 18/27] bpf: Restrict kernel image access functions when the kernel is locked down"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx> wrote:

> > @@ -65,6 +65,11 @@ BPF_CALL_3(bpf_probe_read, void *, dst, u32, size, const void *, unsafe_ptr)
> > {
> > int ret;
> >
> > + if (kernel_is_locked_down("BPF")) {
> > + memset(dst, 0, size);
> > + return -EPERM;
> > + }
>
> That doesn't help the lockdown purpose.
> If you don't trust the root the only way to prevent bpf read
> memory is to disable the whole thing.
> Have a single check in sys_bpf() to disallow everything if kernel_is_locked_down()
> and don't add overhead to critical path like bpf_probe_read().

TBH, I've no idea how bpf does anything, so I can't say whether this is
better, overkill or insufficient.

David

Next message: Jin, Yao: "Re: [PATCH v4 2/6] perf record: Get the first sample time and last sample time"
Previous message: Dmitry Torokhov: "Re: [PATCH] media: input: Convert timers to use timer_setup()"
In reply to: David Howells: "Re: [PATCH 18/27] bpf: Restrict kernel image access functions when the kernel is locked down"
Next in thread: Alexei Starovoitov: "Re: [PATCH 18/27] bpf: Restrict kernel image access functions when the kernel is locked down"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]