diff options
| author | YiFei Zhu <zhuyifei@google.com> | 2022-08-16 23:55:16 +0300 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2022-09-08 12:23:57 +0300 |
| commit | 257f1447d7c245b81e23fa2ee932c737232c29ac (patch) | |
| tree | 707e4499a2084edd1eb048b2a6adb0f2f21b9662 | |
| parent | 10ee118a1756141f8e9c87aa7344ed12b41630a8 (diff) | |
| download | linux-257f1447d7c245b81e23fa2ee932c737232c29ac.tar.xz | |
bpf: Restrict bpf_sys_bpf to CAP_PERFMON
[ Upstream commit 14b20b784f59bdd95f6f1cfb112c9818bcec4d84 ]
The verifier cannot perform sufficient validation of any pointers passed
into bpf_attr and treats them as integers rather than pointers. The helper
will then read from arbitrary pointers passed into it. Restrict the helper
to CAP_PERFMON since the security model in BPF of arbitrary kernel read is
CAP_BPF + CAP_PERFMON.
Fixes: af2ac3e13e45 ("bpf: Prepare bpf syscall to be used from kernel and user space.")
Signed-off-by: YiFei Zhu <zhuyifei@google.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20220816205517.682470-1-zhuyifei@google.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
| -rw-r--r-- | kernel/bpf/syscall.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c index 82e83cfb4114..dd0fc2a86ce1 100644 --- a/kernel/bpf/syscall.c +++ b/kernel/bpf/syscall.c @@ -5153,7 +5153,7 @@ syscall_prog_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) { switch (func_id) { case BPF_FUNC_sys_bpf: - return &bpf_sys_bpf_proto; + return !perfmon_capable() ? NULL : &bpf_sys_bpf_proto; case BPF_FUNC_btf_find_by_name_kind: return &bpf_btf_find_by_name_kind_proto; case BPF_FUNC_sys_close: |