From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S932335AbdJWOvY (ORCPT <rfc822;w@1wt.eu>);
        Mon, 23 Oct 2017 10:51:24 -0400
Received: from mx1.redhat.com ([209.132.183.28]:33258 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1751198AbdJWOvX (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 23 Oct 2017 10:51:23 -0400
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com C612761D35
Authentication-Results: ext-mx10.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-Results: ext-mx10.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=dhowells@redhat.com
Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley
        Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United
        Kingdom.
        Registered in England and Wales under Company Registration No. 3798903
From: David Howells <dhowells@redhat.com>
In-Reply-To: <20171020230040.qlz5rnegldcpzzb7@ast-mbp>
References: <20171020230040.qlz5rnegldcpzzb7@ast-mbp> <20171020024732.GJ3285@linux-l9pv.suse> <150842463163.7923.11081723749106843698.stgit@warthog.procyon.org.uk> <150842476953.7923.18174368926573855810.stgit@warthog.procyon.org.uk> <20171019221829.7m5nczg3ltqmhzom@ast-mbp> <2582.1508486928@warthog.procyon.org.uk> <20171020155748.kzrvg6565oxh6gmb@linux-rasp2>
To: Alexei Starovoitov <alexei.starovoitov@gmail.com>
Cc: dhowells@redhat.com, jlee@suse.com, linux-kernel@vger.kernel.org,
        jforbes@redhat.com, Daniel Borkmann <daniel@iogearbox.net>,
        "David S. Miller" <davem@davemloft.net>, netdev@vger.kernel.org,
        Gary Lin <GLin@suse.com>
Subject: Re: [PATCH 18/27] bpf: Restrict kernel image access functions when the kernel is locked down
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <21227.1508770278.1@warthog.procyon.org.uk>
Date: Mon, 23 Oct 2017 15:51:18 +0100
Message-ID: <21228.1508770278@warthog.procyon.org.uk>
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Mon, 23 Oct 2017 14:51:22 +0000 (UTC)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Alexei Starovoitov <alexei.starovoitov@gmail.com> wrote:

> If you want to lock down read access you'd need to disable
> not only bpf, but all of kprobe and likey ftrace, since
> untrusted root can infer kernel data by observing function
> execution even if it cannot load modules and bpf progs.

Okay.

David