On Tue, Mar 26, 2019 at 11:28 AM Matthew Garrett <matthewgarrett@xxxxxxxxxx> wrote: > > From: David Howells <dhowells@xxxxxxxxxx> > > There are some bpf functions can be used to read kernel memory: > bpf_probe_read, bpf_probe_write_user and bpf_trace_printk. These allow > private keys in kernel memory (e.g. the hibernation image signing key) to > be read by an eBPF program and kernel memory to be altered without > restriction. Disable them if the kernel has been locked down in > confidentiality mode. > :) This is yet another reason to get the new improved bpf_probe_user_read stuff landed!