ACK: [SRU Eoan 0/2] Allow BPF tracing under lockdown

Kleber Souza kleber.souza at
Tue Mar 24 10:02:46 UTC 2020

On 2020-03-24 10:59, Thadeu Lima de Souza Cascardo wrote:
> Note: when testing bpftrace snap, it misdetects that the system is under
> confidentiality lockdown. I guess snapd does not allow some necessary access
> for bpftrace to work. I used the bpftrace deb.
> BugLink:
> [Impact]
> BPF tracing is allowed on Bionic and on Focal under integrity lockdown, which
> is going to be the default before release. Right now, Eoan does not allow
> kprobes and BPF reads under lockdown, preventing BPF tracing and kprobe
> tracing.
> [Test case]
> sudo bpftrace -e 'kprobe:do_nanosleep { printf("PID %d sleeping...\n", pid); }'
> sudo bpftrace -e 'tracepoint:syscalls:sys_enter_openat { printf("filename: [%s]; flags: [%d]\n", str(args->filename), args->flags); }'
> The last one should show the filename and flags.
> [Regression potential]
> This would allow privileged users to possibly read some kernel data that was
> not possible before. However, this is already possible on systems that are not
> under lockdown, which are all non-secure boot systems by default. This also
> matches the behavior of signed kernels of Bionic and Focal.
> Thadeu Lima de Souza Cascardo (2):
>   Revert "UBUNTU: SAUCE: (efi-lockdown) Lock down kprobes"
>   Revert "bpf: Restrict bpf when kernel lockdown is in confidentiality
>     mode"
>  kernel/kprobes.c         |  3 ---
>  kernel/trace/bpf_trace.c | 12 ------------
>  2 files changed, 15 deletions(-)

Acked-by: Kleber Sacilotto de Souza <kleber.souza at>

More information about the kernel-team mailing list