[RFC PATCH bpf-next 2/2] bpf: relax CAP_SYS_ADMIN requirement for BPF_PROG_TEST_RUN

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Edwin Peer <epeer@juniper.net>
To: "netdev@vger.kernel.org" <netdev@vger.kernel.org>
Cc: "ast@kernel.org" <ast@kernel.org>,
	"daniel@iogearbox.net" <daniel@iogearbox.net>,
	Edwin Peer <epeer@juniper.net>
Subject: [RFC PATCH bpf-next 2/2] bpf: relax CAP_SYS_ADMIN requirement for BPF_PROG_TEST_RUN
Date: Thu, 19 Dec 2019 01:36:27 +0000	[thread overview]
Message-ID: <20191219013534.125342-3-epeer@juniper.net> (raw)
In-Reply-To: <20191219013534.125342-1-epeer@juniper.net>

Introduce a bpf_prog_get_lax() API to provide unprivileged access to BPF
programs. The new API is provided to make explicit the intent to allow
such access at a given call site, however, it is not exposed beyond the
syscall interface here as there is no plan to use this beyond
BPF_PROG_TEST_RUN at this stage. The semantics remain unchanged for all
other existing callers.

This change allows unprivileged users to execute BPF_PROG_TEST_RUN for
all BPF program types.

Signed-off-by: Edwin Peer <epeer@juniper.net>
---
 kernel/bpf/syscall.c | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index 8e56768ebc06..970aeff9a9d9 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -1578,7 +1578,7 @@ bool bpf_prog_get_ok(struct bpf_prog *prog,
 }
 
 static struct bpf_prog *__bpf_prog_get(u32 ufd, enum bpf_prog_type *attach_type,
-				       bool attach_drv)
+				       bool attach_drv, bool privilege_required)
 {
 	struct fd f = fdget(ufd);
 	struct bpf_prog *prog;
@@ -1587,7 +1587,8 @@ static struct bpf_prog *__bpf_prog_get(u32 ufd, enum bpf_prog_type *attach_type,
 	if (IS_ERR(prog))
 		return prog;
 	if (prog->type != BPF_PROG_TYPE_SOCKET_FILTER &&
-	    prog->type != BPF_PROG_TYPE_CGROUP_SKB && !prog->privileged_load) {
+	    prog->type != BPF_PROG_TYPE_CGROUP_SKB &&
+	    privilege_required && !prog->privileged_load) {
 		prog = ERR_PTR(-EPERM);
 		goto out;
 	}
@@ -1604,13 +1605,18 @@ static struct bpf_prog *__bpf_prog_get(u32 ufd, enum bpf_prog_type *attach_type,
 
 struct bpf_prog *bpf_prog_get(u32 ufd)
 {
-	return __bpf_prog_get(ufd, NULL, false);
+	return __bpf_prog_get(ufd, NULL, false, true);
+}
+
+struct bpf_prog *bpf_prog_get_lax(u32 ufd)
+{
+	return __bpf_prog_get(ufd, NULL, false, false);
 }
 
 struct bpf_prog *bpf_prog_get_type_dev(u32 ufd, enum bpf_prog_type type,
 				       bool attach_drv)
 {
-	return __bpf_prog_get(ufd, &type, attach_drv);
+	return __bpf_prog_get(ufd, &type, attach_drv, true);
 }
 EXPORT_SYMBOL_GPL(bpf_prog_get_type_dev);
 
@@ -2254,8 +2260,6 @@ static int bpf_prog_test_run(const union bpf_attr *attr,
 	struct bpf_prog *prog;
 	int ret = -ENOTSUPP;
 
-	if (!capable(CAP_SYS_ADMIN))
-		return -EPERM;
 	if (CHECK_ATTR(BPF_PROG_TEST_RUN))
 		return -EINVAL;
 
@@ -2267,7 +2271,7 @@ static int bpf_prog_test_run(const union bpf_attr *attr,
 	    (!attr->test.ctx_size_out && attr->test.ctx_out))
 		return -EINVAL;
 
-	prog = bpf_prog_get(attr->test.prog_fd);
+	prog = bpf_prog_get_lax(attr->test.prog_fd);
 	if (IS_ERR(prog))
 		return PTR_ERR(prog);
 
-- 
2.24.1

next prev parent reply	other threads:[~2019-12-19  2:18 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-12-19  1:36 [RFC PATCH bpf-next 0/2] unprivileged BPF_PROG_TEST_RUN Edwin Peer
2019-12-19  1:36 ` Edwin Peer [this message]
2019-12-19  1:36 ` [RFC PATCH bpf-next 1/2] bpf: defer capability checks until program attach Edwin Peer
2019-12-19  7:19 ` [RFC PATCH bpf-next 0/2] unprivileged BPF_PROG_TEST_RUN Y Song
2019-12-19 14:50   ` Edwin Peer
2019-12-19 15:47     ` Daniel Borkmann
2019-12-19 17:05       ` Edwin Peer
2019-12-19 19:26         ` Alexei Starovoitov
2019-12-19 20:06           ` Edwin Peer
2019-12-19 21:52             ` Alexei Starovoitov

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:8e56768ebc0 dfblob:970aeff9a9d )
 OR (
bs:"[RFC PATCH bpf-next 2/2] bpf: relax CAP_SYS_ADMIN requirement for BPF_PROG_TEST_RUN" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20191219013534.125342-3-epeer@juniper.net \
    --to=epeer@juniper.net \
    --cc=ast@kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.