Git Repo - linux.git/commit

author	David Howells <[email protected]>
	Tue, 20 Aug 2019 00:17:59 +0000 (17:17 -0700)
committer	James Morris <[email protected]>
	Tue, 20 Aug 2019 04:54:16 +0000 (21:54 -0700)
commit	9d1f8be5cf42b497a3bddf1d523f2bb142e9318c
tree	fc926ba08f6b2b69c2b9341de2a16d2870b25bda	tree \| snapshot
parent	a94549dd87f5ea4ca50fee493df08a2dc6256b53	commit \| diff

bpf: Restrict bpf when kernel lockdown is in confidentiality mode

bpf_read() and bpf_read_str() could potentially be abused to (eg) allow
private keys in kernel memory to be leaked. Disable them if the kernel
has been locked down in confidentiality mode.

Suggested-by: Alexei Starovoitov <[email protected]>
Signed-off-by: Matthew Garrett <[email protected]>
Reviewed-by: Kees Cook <[email protected]>
cc: [email protected]
cc: Chun-Yi Lee <[email protected]>
cc: Alexei Starovoitov <[email protected]>
Cc: Daniel Borkmann <[email protected]>
Signed-off-by: James Morris <[email protected]>

include/linux/security.h		diff \| blob \| blame \| history
kernel/trace/bpf_trace.c		diff \| blob \| blame \| history
security/lockdown/lockdown.c		diff \| blob \| blame \| history