Re: An actual suggestion (Re: [GIT PULL] Kernel lockdown for secure boot)

Hi Mimi, On Thu, Apr 05, 2018 at 10:01:09AM -0400, Mimi Zohar wrote: > On Thu, 2018-04-05 at 10:16 +0800, joeyli wrote: > > Hi David, > > > > On Wed, Apr 04, 2018 at 05:17:24PM +0100, David Howells wrote: > > > Andy Lutomirski wrote: > > > > > > > Since this thread has devolved horribly, I'm g

Re: [PATCH 18/27] bpf: Restrict kernel image access functions when the kernel is locked down

On Fri, Oct 20, 2017 at 05:03:22PM +0100, David Howells wrote: > j...@suse.com wrote: > > > I think that we don't need to lock down sys_bpf() now because > > we didn't lock down other interfaces for reading arbitrary > > address like /dev/mem and /dev/kmem. > > Ummm... See patch 4. You even gav

Re: [PATCH 18/27] bpf: Restrict kernel image access functions when the kernel is locked down

On Fri, Oct 20, 2017 at 09:08:48AM +0100, David Howells wrote: > Hi Joey, > > Should I just lock down sys_bpf() entirely for now? We can always free it up > somewhat later. > > David OK~~ Please just remove my patch until we find out a way to verify bpf code or protect sensitive data in memory.

Re: [PATCH v3] acpi: handle the acpi hotplug schedule error

Hi Rafael, On Fri, Jul 07, 2017 at 03:16:40PM +0200, Rafael J. Wysocki wrote: > On Friday, July 07, 2017 02:22:42 PM Lee, Chun-Yi wrote: > > Kernel should decrements the reference count of acpi device > > when the scheduling of acpi hotplug work failed, and evaluates > > _OST to notify BIOS the fa