From: Andrii Nakryiko <andrii.nakryiko@gmail.com>
To: Song Liu <song@kernel.org>
Cc: Lorenz Bauer <lmb@cloudflare.com>,
Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Andrii Nakryiko <andrii@kernel.org>,
kernel-team <kernel-team@cloudflare.com>,
Networking <netdev@vger.kernel.org>, bpf <bpf@vger.kernel.org>
Subject: Re: [PATCH bpf v2 2/2] bpf: program: refuse non-O_RDWR flags in BPF_OBJ_GET
Date: Sat, 27 Mar 2021 21:51:15 -0700 [thread overview]
Message-ID: <CAEf4BzbT93nToU=zRFjbgtKcOStoS4KDELZpdfT7dsN44a7fCA@mail.gmail.com> (raw)
In-Reply-To: <CAPhsuW7E4bhEGcboKQ5O=1o0iVNPLpJB1nrAgxweiZqGhZm-JQ@mail.gmail.com>
On Fri, Mar 26, 2021 at 1:14 PM Song Liu <song@kernel.org> wrote:
>
> On Fri, Mar 26, 2021 at 9:07 AM Lorenz Bauer <lmb@cloudflare.com> wrote:
> >
> > As for bpf_link, refuse creating a non-O_RDWR fd. Since program fds
> > currently don't allow modifications this is a precaution, not a
> > straight up bug fix.
> >
> > Signed-off-by: Lorenz Bauer <lmb@cloudflare.com>
> > ---
> > kernel/bpf/inode.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/kernel/bpf/inode.c b/kernel/bpf/inode.c
> > index dc56237d6960..d2de2abec35b 100644
> > --- a/kernel/bpf/inode.c
> > +++ b/kernel/bpf/inode.c
> > @@ -543,7 +543,7 @@ int bpf_obj_get_user(const char __user *pathname, int flags)
> > return PTR_ERR(raw);
>
> For both patches, shall we do the check before bpf_obj_do_get(), which is a few
> lines above?
Map does use f_flags, so we need to let them through. Or did you mean
to do a (type != BPF_TYPE_MAP && f_flags != O_RDWR) check?
Either way is fine with me, so:
Acked-by: Andrii Nakryiko <andrii@kernel.org>
>
> Thanks,
> Song
>
> >
> > if (type == BPF_TYPE_PROG)
> > - ret = bpf_prog_new_fd(raw);
> > + ret = (f_flags != O_RDWR) ? -EINVAL : bpf_prog_new_fd(raw);
> > else if (type == BPF_TYPE_MAP)
> > ret = bpf_map_new_fd(raw, f_flags);
> > else if (type == BPF_TYPE_LINK)
> > --
> > 2.27.0
> >
next prev parent reply other threads:[~2021-03-28 4:52 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-26 16:05 [PATCH bpf v2 1/2] bpf: link: refuse non-O_RDWR flags in BPF_OBJ_GET Lorenz Bauer
2021-03-26 16:05 ` [PATCH bpf v2 2/2] bpf: program: " Lorenz Bauer
2021-03-26 20:13 ` Song Liu
2021-03-28 4:51 ` Andrii Nakryiko [this message]
2021-03-29 8:19 ` Lorenz Bauer
2021-03-28 4:49 ` [PATCH bpf v2 1/2] bpf: link: " Andrii Nakryiko
2021-03-31 14:04 ` Lorenz Bauer
2021-04-01 18:04 ` Alexei Starovoitov
2021-04-01 21:44 ` Alexei Starovoitov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAEf4BzbT93nToU=zRFjbgtKcOStoS4KDELZpdfT7dsN44a7fCA@mail.gmail.com' \
--to=andrii.nakryiko@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=kernel-team@cloudflare.com \
--cc=lmb@cloudflare.com \
--cc=netdev@vger.kernel.org \
--cc=song@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.