1 |
From 702b62a2eead72e41d0ea01a15165d756708d4cf Mon Sep 17 00:00:00 2001 |
2 |
From: Sasha Levin <sashal@kernel.org> |
3 |
Date: Tue, 16 Aug 2022 20:55:16 +0000 |
4 |
Subject: bpf: Restrict bpf_sys_bpf to CAP_PERFMON |
5 |
|
6 |
From: YiFei Zhu <zhuyifei@google.com> |
7 |
|
8 |
[ Upstream commit 14b20b784f59bdd95f6f1cfb112c9818bcec4d84 ] |
9 |
|
10 |
The verifier cannot perform sufficient validation of any pointers passed |
11 |
into bpf_attr and treats them as integers rather than pointers. The helper |
12 |
will then read from arbitrary pointers passed into it. Restrict the helper |
13 |
to CAP_PERFMON since the security model in BPF of arbitrary kernel read is |
14 |
CAP_BPF + CAP_PERFMON. |
15 |
|
16 |
Fixes: af2ac3e13e45 ("bpf: Prepare bpf syscall to be used from kernel and user space.") |
17 |
Signed-off-by: YiFei Zhu <zhuyifei@google.com> |
18 |
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> |
19 |
Acked-by: Alexei Starovoitov <ast@kernel.org> |
20 |
Link: https://lore.kernel.org/bpf/20220816205517.682470-1-zhuyifei@google.com |
21 |
Signed-off-by: Sasha Levin <sashal@kernel.org> |
22 |
--- |
23 |
kernel/bpf/syscall.c | 2 +- |
24 |
1 file changed, 1 insertion(+), 1 deletion(-) |
25 |
|
26 |
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c |
27 |
index 82e83cfb4114a..dd0fc2a86ce17 100644 |
28 |
--- a/kernel/bpf/syscall.c |
29 |
+++ b/kernel/bpf/syscall.c |
30 |
@@ -5153,7 +5153,7 @@ syscall_prog_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) |
31 |
{ |
32 |
switch (func_id) { |
33 |
case BPF_FUNC_sys_bpf: |
34 |
- return &bpf_sys_bpf_proto; |
35 |
+ return !perfmon_capable() ? NULL : &bpf_sys_bpf_proto; |
36 |
case BPF_FUNC_btf_find_by_name_kind: |
37 |
return &bpf_btf_find_by_name_kind_proto; |
38 |
case BPF_FUNC_sys_close: |
39 |
-- |
40 |
2.35.1 |
41 |
|