Hi David, First, thanks for your help to send out this series. On Wed, Apr 05, 2017 at 09:17:25PM +0100, David Howells wrote: > From: Chun-Yi Lee <jlee@xxxxxxxx> > > There are some bpf functions can be used to read kernel memory: > bpf_probe_read, bpf_probe_write_user and bpf_trace_printk. These allow > private keys in kernel memory (e.g. the hibernation image signing key) to > be read by an eBPF program. Prohibit those functions when the kernel is > locked down. > > Signed-off-by: Chun-Yi Lee <jlee@xxxxxxxx> > Signed-off-by: David Howells <dhowells@xxxxxxxxxx> > cc: netdev@xxxxxxxxxxxxxxx This patch is used with hibernation signature verification. I suggest that we can remove this patch from your series because we just lock down the hibernation function until hibernation verification get accepted. On the other hand, we are trying to enhance the bpf verifier to prevent bpf print reads specific memory addresses that have sensitive data. Thanks a lot! Joey Lee -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
