Matthew Garrett <matthewgarrett@xxxxxxxxxx> wrote: > From: David Howells <dhowells@xxxxxxxxxx> > > bpf_read() and bpf_read_str() could potentially be abused to (eg) allow > private keys in kernel memory to be leaked. Disable them if the kernel > has been locked down in confidentiality mode. > > Suggested-by: Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx> > Signed-off-by: Matthew Garrett <mjg59@xxxxxxxxxx> > Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx> > cc: netdev@xxxxxxxxxxxxxxx > cc: Chun-Yi Lee <jlee@xxxxxxxx> > cc: Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx> > Cc: Daniel Borkmann <daniel@xxxxxxxxxxxxx> > Signed-off-by: James Morris <jmorris@xxxxxxxxx> Signed-off-by: David Howells <dhowells@xxxxxxxxxx>