All of lore.kernel.org
 help / color / mirror / Atom feed
From: Benjamin Tissoires <benjamin.tissoires@redhat.com>
To: Greg KH <gregkh@linuxfoundation.org>,
	Jiri Kosina <jikos@kernel.org>,
	Alexei Starovoitov <ast@kernel.org>,
	Daniel Borkmann <daniel@iogearbox.net>,
	Andrii Nakryiko <andrii@kernel.org>,
	Martin KaFai Lau <kafai@fb.com>, Song Liu <songliubraving@fb.com>,
	Yonghong Song <yhs@fb.com>,
	John Fastabend <john.fastabend@gmail.com>,
	KP Singh <kpsingh@kernel.org>, Shuah Khan <shuah@kernel.org>,
	Dave Marchevsky <davemarchevsky@fb.com>,
	Joe Stringer <joe@cilium.io>, Jonathan Corbet <corbet@lwn.net>
Cc: Tero Kristo <tero.kristo@linux.intel.com>,
	linux-kernel@vger.kernel.org, linux-input@vger.kernel.org,
	netdev@vger.kernel.org, bpf@vger.kernel.org,
	linux-kselftest@vger.kernel.org, linux-doc@vger.kernel.org,
	Benjamin Tissoires <benjamin.tissoires@redhat.com>,
	Sean Young <sean@mess.org>
Subject: [PATCH bpf-next v3 01/17] bpf: add new is_sys_admin_prog_type() helper
Date: Fri, 18 Mar 2022 17:15:12 +0100	[thread overview]
Message-ID: <20220318161528.1531164-2-benjamin.tissoires@redhat.com> (raw)
In-Reply-To: <20220318161528.1531164-1-benjamin.tissoires@redhat.com>

LIRC_MODE2 does not really need net_admin capability, but only sys_admin.

Extract a new helper for it, it will be also used for the HID bpf
implementation.

Cc: Sean Young <sean@mess.org>
Acked-by: Sean Young <sean@mess.org>
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>

---

changes in v3:
- dropped BPF_PROG_TYPE_EXT from the new helper

new in v2
---
 kernel/bpf/syscall.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index 9beb585be5a6..b88688264ad0 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -2165,7 +2165,6 @@ static bool is_net_admin_prog_type(enum bpf_prog_type prog_type)
 	case BPF_PROG_TYPE_LWT_SEG6LOCAL:
 	case BPF_PROG_TYPE_SK_SKB:
 	case BPF_PROG_TYPE_SK_MSG:
-	case BPF_PROG_TYPE_LIRC_MODE2:
 	case BPF_PROG_TYPE_FLOW_DISSECTOR:
 	case BPF_PROG_TYPE_CGROUP_DEVICE:
 	case BPF_PROG_TYPE_CGROUP_SOCK:
@@ -2202,6 +2201,16 @@ static bool is_perfmon_prog_type(enum bpf_prog_type prog_type)
 	}
 }
 
+static bool is_sys_admin_prog_type(enum bpf_prog_type prog_type)
+{
+	switch (prog_type) {
+	case BPF_PROG_TYPE_LIRC_MODE2:
+		return true;
+	default:
+		return false;
+	}
+}
+
 /* last field in 'union bpf_attr' used by this command */
 #define	BPF_PROG_LOAD_LAST_FIELD core_relo_rec_size
 
@@ -2252,6 +2261,8 @@ static int bpf_prog_load(union bpf_attr *attr, bpfptr_t uattr)
 		return -EPERM;
 	if (is_perfmon_prog_type(type) && !perfmon_capable())
 		return -EPERM;
+	if (is_sys_admin_prog_type(type) && !capable(CAP_SYS_ADMIN))
+		return -EPERM;
 
 	/* attach_prog_fd/attach_btf_obj_fd can specify fd of either bpf_prog
 	 * or btf, we need to check which one it is
-- 
2.35.1


  reply	other threads:[~2022-03-18 16:16 UTC|newest]

Thread overview: 44+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-03-18 16:15 [PATCH bpf-next v3 00/17] Introduce eBPF support for HID devices Benjamin Tissoires
2022-03-18 16:15 ` Benjamin Tissoires [this message]
2022-03-18 18:07   ` [PATCH bpf-next v3 01/17] bpf: add new is_sys_admin_prog_type() helper Song Liu
2022-03-18 16:15 ` [PATCH bpf-next v3 02/17] bpf: introduce hid program type Benjamin Tissoires
2022-03-18 20:48   ` Song Liu
2022-03-21 16:07     ` Benjamin Tissoires
2022-03-21 21:51       ` Song Liu
2022-03-22 11:06         ` Benjamin Tissoires
2022-03-18 16:15 ` [PATCH bpf-next v3 03/17] bpf/verifier: prevent non GPL programs to be loaded against HID Benjamin Tissoires
2022-03-18 20:51   ` Song Liu
2022-03-18 16:15 ` [PATCH bpf-next v3 04/17] libbpf: add HID program type and API Benjamin Tissoires
2022-03-18 20:53   ` Song Liu
2022-03-18 16:15 ` [PATCH bpf-next v3 05/17] HID: hook up with bpf Benjamin Tissoires
2022-03-18 21:02   ` Song Liu
2022-03-18 21:04     ` Song Liu
2022-03-18 16:15 ` [PATCH bpf-next v3 06/17] HID: allow to change the report descriptor from an eBPF program Benjamin Tissoires
2022-03-18 21:10   ` Song Liu
2022-03-21 16:20     ` Benjamin Tissoires
2022-03-21 22:03       ` Song Liu
2022-03-22 22:51   ` Alexei Starovoitov
2022-03-23 16:08     ` Benjamin Tissoires
2022-03-25 17:00       ` Andrii Nakryiko
2022-03-28  6:56         ` Benjamin Tissoires
2022-03-28 21:35           ` Andrii Nakryiko
2022-03-29 13:53             ` Benjamin Tissoires
2022-04-01 13:21               ` Benjamin Tissoires
2022-03-30 21:27       ` Alexei Starovoitov
2022-03-18 16:15 ` [PATCH bpf-next v3 07/17] selftests/bpf: add tests for the HID-bpf initial implementation Benjamin Tissoires
2022-03-18 16:15 ` [PATCH bpf-next v3 08/17] selftests/bpf: add report descriptor fixup tests Benjamin Tissoires
2022-03-18 16:15 ` [PATCH bpf-next v3 09/17] selftests/bpf: Add a test for BPF_F_INSERT_HEAD Benjamin Tissoires
2022-03-18 16:15 ` [PATCH bpf-next v3 10/17] selftests/bpf: add test for user call of HID bpf programs Benjamin Tissoires
2022-03-18 16:15 ` [PATCH bpf-next v3 11/17] samples/bpf: add new hid_mouse example Benjamin Tissoires
2022-03-18 16:15 ` [PATCH bpf-next v3 12/17] bpf/hid: add more HID helpers Benjamin Tissoires
2022-03-18 21:19   ` Song Liu
2022-03-21 16:24     ` Benjamin Tissoires
2022-03-18 16:15 ` [PATCH bpf-next v3 13/17] HID: bpf: implement hid_bpf_get|set_bits Benjamin Tissoires
2022-03-18 21:20   ` Song Liu
2022-03-18 16:15 ` [PATCH bpf-next v3 14/17] HID: add implementation of bpf_hid_raw_request Benjamin Tissoires
2022-03-18 16:15 ` [PATCH bpf-next v3 15/17] selftests/bpf: add tests for hid_{get|set}_bits helpers Benjamin Tissoires
2022-03-18 16:15 ` [PATCH bpf-next v3 16/17] selftests/bpf: add tests for bpf_hid_hw_request Benjamin Tissoires
2022-03-18 16:15 ` [PATCH bpf-next v3 17/17] Documentation: add HID-BPF docs Benjamin Tissoires
2022-03-18 18:05   ` Song Liu
2022-03-29 13:04 ` [PATCH bpf-next v3 00/17] Introduce eBPF support for HID devices Tero Kristo
2022-04-01  9:37   ` Benjamin Tissoires

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220318161528.1531164-2-benjamin.tissoires@redhat.com \
    --to=benjamin.tissoires@redhat.com \
    --cc=andrii@kernel.org \
    --cc=ast@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=corbet@lwn.net \
    --cc=daniel@iogearbox.net \
    --cc=davemarchevsky@fb.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=jikos@kernel.org \
    --cc=joe@cilium.io \
    --cc=john.fastabend@gmail.com \
    --cc=kafai@fb.com \
    --cc=kpsingh@kernel.org \
    --cc=linux-doc@vger.kernel.org \
    --cc=linux-input@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-kselftest@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=sean@mess.org \
    --cc=shuah@kernel.org \
    --cc=songliubraving@fb.com \
    --cc=tero.kristo@linux.intel.com \
    --cc=yhs@fb.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.