From: Daniel Borkmann <daniel@iogearbox.net>
To: Hannes Frederic Sowa <hannes@stressinduktion.org>,
netdev@vger.kernel.org
Cc: ast@kernel.org, daniel@iogearbox.com, jbenc@redhat.com,
aconole@bytheb.org
Subject: Re: [PATCH net-next 4/6] bpf: track if the bpf program was loaded with SYS_ADMIN capabilities
Date: Wed, 26 Apr 2017 23:04:26 +0200 [thread overview]
Message-ID: <59010B5A.6060509@iogearbox.net> (raw)
In-Reply-To: <20170426182419.14574-5-hannes@stressinduktion.org>
On 04/26/2017 08:24 PM, Hannes Frederic Sowa wrote:
> Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Ahh, looks this got swapped with 3/6.
> ---
> include/linux/filter.h | 6 ++++--
> kernel/bpf/core.c | 4 +++-
> kernel/bpf/syscall.c | 7 ++++---
> kernel/bpf/verifier.c | 4 ++--
> net/core/filter.c | 6 +++---
> 5 files changed, 16 insertions(+), 11 deletions(-)
>
> diff --git a/include/linux/filter.h b/include/linux/filter.h
> index 63624c619e371b..635311f57bf24f 100644
> --- a/include/linux/filter.h
> +++ b/include/linux/filter.h
> @@ -413,7 +413,8 @@ struct bpf_prog {
> locked:1, /* Program image locked? */
> gpl_compatible:1, /* Is filter GPL compatible? */
> cb_access:1, /* Is control block accessed? */
> - dst_needed:1; /* Do we need dst entry? */
> + dst_needed:1, /* Do we need dst entry? */
> + priv_cap_sys_admin:1; /* Where we loaded as sys_admin? */
> kmemcheck_bitfield_end(meta);
> enum bpf_prog_type type; /* Type of BPF program */
[...]
> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> index 6f8b6ed690be93..24c9dac374770f 100644
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c
> @@ -3488,7 +3488,7 @@ int bpf_check(struct bpf_prog **prog, union bpf_attr *attr)
> if (ret < 0)
> goto skip_full_check;
>
> - env->allow_ptr_leaks = capable(CAP_SYS_ADMIN);
> + env->allow_ptr_leaks = env->prog->priv_cap_sys_admin;
>
> ret = do_check(env);
>
> @@ -3589,7 +3589,7 @@ int bpf_analyzer(struct bpf_prog *prog, const struct bpf_ext_analyzer_ops *ops,
> if (ret < 0)
> goto skip_full_check;
>
> - env->allow_ptr_leaks = capable(CAP_SYS_ADMIN);
> + env->allow_ptr_leaks = prog->priv_cap_sys_admin;
>
> ret = do_check(env);
>
> diff --git a/net/core/filter.c b/net/core/filter.c
> index 9a37860a80fc78..dc020d40bb770a 100644
> --- a/net/core/filter.c
> +++ b/net/core/filter.c
> @@ -1100,7 +1100,7 @@ int bpf_prog_create(struct bpf_prog **pfp, struct sock_fprog_kern *fprog)
> if (!bpf_check_basics_ok(fprog->filter, fprog->len))
> return -EINVAL;
>
> - fp = bpf_prog_alloc(bpf_prog_size(fprog->len), 0);
> + fp = bpf_prog_alloc(bpf_prog_size(fprog->len), 0, false);
> if (!fp)
> return -ENOMEM;
>
Did you check that transferring allow_ptr_leaks doesn't have a side
effect on the nfp JIT? I believe it can also do cbpf migrations to
a certain extend.
next prev parent reply other threads:[~2017-04-26 21:04 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-26 18:24 [PATCH net-next 0/6] bpf: list all loaded ebpf programs in /proc/bpf/programs Hannes Frederic Sowa
2017-04-26 18:24 ` [PATCH net-next 1/6] bpf: bpf_lock needs only block bottom half Hannes Frederic Sowa
2017-04-26 18:24 ` [PATCH net-next 2/6] bpf: rename bpf_kallsyms to bpf_progs, ksym_lnode to bpf_progs_head Hannes Frederic Sowa
2017-04-26 18:24 ` [PATCH net-next 3/6] bpf: bpf_progs stores all loaded programs Hannes Frederic Sowa
2017-04-26 20:44 ` Daniel Borkmann
2017-04-26 18:24 ` [PATCH net-next 4/6] bpf: track if the bpf program was loaded with SYS_ADMIN capabilities Hannes Frederic Sowa
2017-04-26 21:04 ` Daniel Borkmann [this message]
2017-04-27 11:39 ` Hannes Frederic Sowa
2017-04-26 21:08 ` Alexei Starovoitov
2017-04-27 13:17 ` Hannes Frederic Sowa
2017-04-27 7:27 ` kbuild test robot
2017-04-27 10:09 ` kbuild test robot
2017-04-26 18:24 ` [PATCH net-next 5/6] bpf: add skeleton for procfs printing of bpf_progs Hannes Frederic Sowa
2017-04-26 18:24 ` [PATCH net-next 6/6] bpf: show bpf programs Hannes Frederic Sowa
2017-04-26 21:25 ` Alexei Starovoitov
2017-04-27 13:28 ` Hannes Frederic Sowa
2017-04-26 21:35 ` Daniel Borkmann
2017-04-27 13:22 ` Hannes Frederic Sowa
2017-04-27 16:00 ` David Miller
2017-04-27 16:28 ` Hannes Frederic Sowa
2017-04-27 16:40 ` David Miller
-- strict thread matches above, loose matches on Subject: below --
2017-04-27 14:49 [PATCH net-next 4/6] bpf: track if the bpf program was loaded with SYS_ADMIN capabilities Alexei Starovoitov
2017-04-27 14:56 ` Jiri Benc
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=59010B5A.6060509@iogearbox.net \
--to=daniel@iogearbox.net \
--cc=aconole@bytheb.org \
--cc=ast@kernel.org \
--cc=daniel@iogearbox.com \
--cc=hannes@stressinduktion.org \
--cc=jbenc@redhat.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.