Alexei Starovoitov <alexei.starovoi...@gmail.com> wrote:
> > @@ -65,6 +65,11 @@ BPF_CALL_3(bpf_probe_read, void *, dst, u32, size, const
> > void *, unsafe_ptr)
> > {
> > int ret;
> >
> > + if (kernel_is_locked_down("BPF")) {
> > + memset(dst, 0, size);
> > + return -EPERM;
> > + }
>
> That doesn't help the lockdown purpose.
> If you don't trust the root the only way to prevent bpf read
> memory is to disable the whole thing.
> Have a single check in sys_bpf() to disallow everything if
> kernel_is_locked_down()
> and don't add overhead to critical path like bpf_probe_read().
TBH, I've no idea how bpf does anything, so I can't say whether this is
better, overkill or insufficient.
David
