From: Jiri Olsa <jolsa@kernel.org>
To: Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Andrii Nakryiko <andrii@kernel.org>
Cc: bpf@vger.kernel.org, Martin KaFai Lau <kafai@fb.com>,
Song Liu <songliubraving@fb.com>, Yonghong Song <yhs@fb.com>,
John Fastabend <john.fastabend@gmail.com>,
KP Singh <kpsingh@chromium.org>,
Stanislav Fomichev <sdf@google.com>, Hao Luo <haoluo@google.com>
Subject: [PATCHv4 bpf-next 02/28] bpf: Add attach_type checks under bpf_prog_attach_check_attach_type
Date: Thu, 20 Jul 2023 13:35:24 +0200 [thread overview]
Message-ID: <20230720113550.369257-3-jolsa@kernel.org> (raw)
In-Reply-To: <20230720113550.369257-1-jolsa@kernel.org>
Add extra attach_type checks from link_create under
bpf_prog_attach_check_attach_type.
Suggested-by: Andrii Nakryiko <andrii@kernel.org>
Acked-by: Andrii Nakryiko <andrii@kernel.org>
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
---
kernel/bpf/syscall.c | 108 +++++++++++++++++++------------------------
1 file changed, 47 insertions(+), 61 deletions(-)
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index ee8cb1a174aa..7864cf4d653d 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -3654,34 +3654,6 @@ static int bpf_raw_tracepoint_open(const union bpf_attr *attr)
return fd;
}
-static int bpf_prog_attach_check_attach_type(const struct bpf_prog *prog,
- enum bpf_attach_type attach_type)
-{
- switch (prog->type) {
- case BPF_PROG_TYPE_CGROUP_SOCK:
- case BPF_PROG_TYPE_CGROUP_SOCK_ADDR:
- case BPF_PROG_TYPE_CGROUP_SOCKOPT:
- case BPF_PROG_TYPE_SK_LOOKUP:
- return attach_type == prog->expected_attach_type ? 0 : -EINVAL;
- case BPF_PROG_TYPE_CGROUP_SKB:
- if (!capable(CAP_NET_ADMIN))
- /* cg-skb progs can be loaded by unpriv user.
- * check permissions at attach time.
- */
- return -EPERM;
- return prog->enforce_expected_attach_type &&
- prog->expected_attach_type != attach_type ?
- -EINVAL : 0;
- case BPF_PROG_TYPE_KPROBE:
- if (prog->expected_attach_type == BPF_TRACE_KPROBE_MULTI &&
- attach_type != BPF_TRACE_KPROBE_MULTI)
- return -EINVAL;
- return 0;
- default:
- return 0;
- }
-}
-
static enum bpf_prog_type
attach_type_to_prog_type(enum bpf_attach_type attach_type)
{
@@ -3745,6 +3717,53 @@ attach_type_to_prog_type(enum bpf_attach_type attach_type)
}
}
+static int bpf_prog_attach_check_attach_type(const struct bpf_prog *prog,
+ enum bpf_attach_type attach_type)
+{
+ enum bpf_prog_type ptype;
+
+ switch (prog->type) {
+ case BPF_PROG_TYPE_CGROUP_SOCK:
+ case BPF_PROG_TYPE_CGROUP_SOCK_ADDR:
+ case BPF_PROG_TYPE_CGROUP_SOCKOPT:
+ case BPF_PROG_TYPE_SK_LOOKUP:
+ return attach_type == prog->expected_attach_type ? 0 : -EINVAL;
+ case BPF_PROG_TYPE_CGROUP_SKB:
+ if (!capable(CAP_NET_ADMIN))
+ /* cg-skb progs can be loaded by unpriv user.
+ * check permissions at attach time.
+ */
+ return -EPERM;
+ return prog->enforce_expected_attach_type &&
+ prog->expected_attach_type != attach_type ?
+ -EINVAL : 0;
+ case BPF_PROG_TYPE_EXT:
+ return 0;
+ case BPF_PROG_TYPE_NETFILTER:
+ if (attach_type != BPF_NETFILTER)
+ return -EINVAL;
+ return 0;
+ case BPF_PROG_TYPE_PERF_EVENT:
+ case BPF_PROG_TYPE_TRACEPOINT:
+ if (attach_type != BPF_PERF_EVENT)
+ return -EINVAL;
+ return 0;
+ case BPF_PROG_TYPE_KPROBE:
+ if (prog->expected_attach_type == BPF_TRACE_KPROBE_MULTI &&
+ attach_type != BPF_TRACE_KPROBE_MULTI)
+ return -EINVAL;
+ if (attach_type != BPF_PERF_EVENT &&
+ attach_type != BPF_TRACE_KPROBE_MULTI)
+ return -EINVAL;
+ return 0;
+ default:
+ ptype = attach_type_to_prog_type(attach_type);
+ if (ptype == BPF_PROG_TYPE_UNSPEC || ptype != prog->type)
+ return -EINVAL;
+ return 0;
+ }
+}
+
#define BPF_PROG_ATTACH_LAST_FIELD replace_bpf_fd
#define BPF_F_ATTACH_MASK \
@@ -4810,7 +4829,6 @@ static int bpf_map_do_batch(const union bpf_attr *attr,
#define BPF_LINK_CREATE_LAST_FIELD link_create.kprobe_multi.cookies
static int link_create(union bpf_attr *attr, bpfptr_t uattr)
{
- enum bpf_prog_type ptype;
struct bpf_prog *prog;
int ret;
@@ -4829,38 +4847,6 @@ static int link_create(union bpf_attr *attr, bpfptr_t uattr)
if (ret)
goto out;
- switch (prog->type) {
- case BPF_PROG_TYPE_EXT:
- break;
- case BPF_PROG_TYPE_NETFILTER:
- if (attr->link_create.attach_type != BPF_NETFILTER) {
- ret = -EINVAL;
- goto out;
- }
- break;
- case BPF_PROG_TYPE_PERF_EVENT:
- case BPF_PROG_TYPE_TRACEPOINT:
- if (attr->link_create.attach_type != BPF_PERF_EVENT) {
- ret = -EINVAL;
- goto out;
- }
- break;
- case BPF_PROG_TYPE_KPROBE:
- if (attr->link_create.attach_type != BPF_PERF_EVENT &&
- attr->link_create.attach_type != BPF_TRACE_KPROBE_MULTI) {
- ret = -EINVAL;
- goto out;
- }
- break;
- default:
- ptype = attach_type_to_prog_type(attr->link_create.attach_type);
- if (ptype == BPF_PROG_TYPE_UNSPEC || ptype != prog->type) {
- ret = -EINVAL;
- goto out;
- }
- break;
- }
-
switch (prog->type) {
case BPF_PROG_TYPE_CGROUP_SKB:
case BPF_PROG_TYPE_CGROUP_SOCK:
--
2.41.0
next prev parent reply other threads:[~2023-07-20 11:36 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-20 11:35 [PATCHv4 bpf-next 00/28] bpf: Add multi uprobe link Jiri Olsa
2023-07-20 11:35 ` [PATCHv4 bpf-next 01/28] bpf: Switch BPF_F_KPROBE_MULTI_RETURN macro to enum Jiri Olsa
2023-07-20 11:35 ` Jiri Olsa [this message]
2023-07-20 11:35 ` [PATCHv4 bpf-next 03/28] bpf: Add multi uprobe link Jiri Olsa
2023-07-20 11:35 ` [PATCHv4 bpf-next 04/28] bpf: Add cookies support for uprobe_multi link Jiri Olsa
2023-07-21 2:18 ` Yafang Shao
2023-07-21 7:39 ` Jiri Olsa
2023-07-20 11:35 ` [PATCHv4 bpf-next 05/28] bpf: Add pid filter " Jiri Olsa
2023-07-21 2:55 ` Yafang Shao
2023-07-21 8:31 ` Oleg Nesterov
2023-07-21 8:54 ` Oleg Nesterov
2023-07-21 9:05 ` Yafang Shao
2023-07-21 10:41 ` Jiri Olsa
2023-07-20 11:35 ` [PATCHv4 bpf-next 06/28] bpf: Add bpf_get_func_ip helper support for uprobe link Jiri Olsa
2023-07-20 11:35 ` [PATCHv4 bpf-next 07/28] libbpf: Add uprobe_multi attach type and link names Jiri Olsa
2023-07-20 11:35 ` [PATCHv4 bpf-next 08/28] libbpf: Move elf_find_func_offset* functions to elf object Jiri Olsa
2023-07-20 11:35 ` [PATCHv4 bpf-next 09/28] libbpf: Add elf_open/elf_close functions Jiri Olsa
2023-07-20 11:35 ` [PATCHv4 bpf-next 10/28] libbpf: Add elf symbol iterator Jiri Olsa
2023-07-20 11:35 ` [PATCHv4 bpf-next 11/28] libbpf: Add elf_resolve_syms_offsets function Jiri Olsa
2023-07-20 11:35 ` [PATCHv4 bpf-next 12/28] libbpf: Add elf_resolve_pattern_offsets function Jiri Olsa
2023-07-20 11:35 ` [PATCHv4 bpf-next 13/28] libbpf: Add bpf_link_create support for multi uprobes Jiri Olsa
2023-07-20 11:35 ` [PATCHv4 bpf-next 14/28] libbpf: Add bpf_program__attach_uprobe_multi function Jiri Olsa
2023-07-20 11:35 ` [PATCHv4 bpf-next 15/28] libbpf: Add support for u[ret]probe.multi[.s] program sections Jiri Olsa
2023-07-20 11:35 ` [PATCHv4 bpf-next 16/28] libbpf: Add uprobe multi link detection Jiri Olsa
2023-07-20 11:35 ` [PATCHv4 bpf-next 17/28] libbpf: Add uprobe multi link support to bpf_program__attach_usdt Jiri Olsa
2023-07-20 11:35 ` [PATCHv4 bpf-next 18/28] selftests/bpf: Move get_time_ns to testing_helpers.h Jiri Olsa
2023-07-20 11:35 ` [PATCHv4 bpf-next 19/28] selftests/bpf: Add uprobe_multi skel test Jiri Olsa
2023-07-20 11:35 ` [PATCHv4 bpf-next 20/28] selftests/bpf: Add uprobe_multi api test Jiri Olsa
2023-07-20 11:35 ` [PATCHv4 bpf-next 21/28] selftests/bpf: Add uprobe_multi link test Jiri Olsa
2023-07-20 11:35 ` [PATCHv4 bpf-next 22/28] selftests/bpf: Add uprobe_multi test program Jiri Olsa
2023-07-20 11:35 ` [PATCHv4 bpf-next 23/28] selftests/bpf: Add uprobe_multi bench test Jiri Olsa
2023-07-20 11:35 ` [PATCHv4 bpf-next 24/28] selftests/bpf: Add uprobe_multi usdt test code Jiri Olsa
2023-07-20 11:35 ` [PATCHv4 bpf-next 25/28] selftests/bpf: Add uprobe_multi usdt bench test Jiri Olsa
2023-07-20 11:35 ` [PATCHv4 bpf-next 26/28] selftests/bpf: Add uprobe_multi cookie test Jiri Olsa
2023-07-20 11:35 ` [PATCHv4 bpf-next 27/28] selftests/bpf: Add uprobe_multi pid filter tests Jiri Olsa
2023-07-20 11:35 ` [PATCHv4 bpf-next 28/28] selftests/bpf: Add extra link to uprobe_multi tests Jiri Olsa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230720113550.369257-3-jolsa@kernel.org \
--to=jolsa@kernel.org \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=haoluo@google.com \
--cc=john.fastabend@gmail.com \
--cc=kafai@fb.com \
--cc=kpsingh@chromium.org \
--cc=sdf@google.com \
--cc=songliubraving@fb.com \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).