linux-stable/security/lockdown
David Howells 9d1f8be5cf bpf: Restrict bpf when kernel lockdown is in confidentiality mode
bpf_read() and bpf_read_str() could potentially be abused to (eg) allow
private keys in kernel memory to be leaked. Disable them if the kernel
has been locked down in confidentiality mode.

Suggested-by: Alexei Starovoitov <alexei.starovoitov@gmail.com>
Signed-off-by: Matthew Garrett <mjg59@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
cc: netdev@vger.kernel.org
cc: Chun-Yi Lee <jlee@suse.com>
cc: Alexei Starovoitov <alexei.starovoitov@gmail.com>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: James Morris <jmorris@namei.org>
2019-08-19 21:54:16 -07:00
..
Kconfig lockdown: Enforce module signatures if the kernel is locked down 2019-08-19 21:54:15 -07:00
lockdown.c bpf: Restrict bpf when kernel lockdown is in confidentiality mode 2019-08-19 21:54:16 -07:00
Makefile security: Add a static lockdown policy LSM 2019-08-19 21:54:15 -07:00