| 1 |
From 702b62a2eead72e41d0ea01a15165d756708d4cf Mon Sep 17 00:00:00 2001 |
| 2 |
From: Sasha Levin <sashal@kernel.org> |
| 3 |
Date: Tue, 16 Aug 2022 20:55:16 +0000 |
| 4 |
Subject: bpf: Restrict bpf_sys_bpf to CAP_PERFMON |
| 5 |
|
| 6 |
From: YiFei Zhu <zhuyifei@google.com> |
| 7 |
|
| 8 |
[ Upstream commit 14b20b784f59bdd95f6f1cfb112c9818bcec4d84 ] |
| 9 |
|
| 10 |
The verifier cannot perform sufficient validation of any pointers passed |
| 11 |
into bpf_attr and treats them as integers rather than pointers. The helper |
| 12 |
will then read from arbitrary pointers passed into it. Restrict the helper |
| 13 |
to CAP_PERFMON since the security model in BPF of arbitrary kernel read is |
| 14 |
CAP_BPF + CAP_PERFMON. |
| 15 |
|
| 16 |
Fixes: af2ac3e13e45 ("bpf: Prepare bpf syscall to be used from kernel and user space.") |
| 17 |
Signed-off-by: YiFei Zhu <zhuyifei@google.com> |
| 18 |
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> |
| 19 |
Acked-by: Alexei Starovoitov <ast@kernel.org> |
| 20 |
Link: https://lore.kernel.org/bpf/20220816205517.682470-1-zhuyifei@google.com |
| 21 |
Signed-off-by: Sasha Levin <sashal@kernel.org> |
| 22 |
--- |
| 23 |
kernel/bpf/syscall.c | 2 +- |
| 24 |
1 file changed, 1 insertion(+), 1 deletion(-) |
| 25 |
|
| 26 |
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c |
| 27 |
index 82e83cfb4114a..dd0fc2a86ce17 100644 |
| 28 |
--- a/kernel/bpf/syscall.c |
| 29 |
+++ b/kernel/bpf/syscall.c |
| 30 |
@@ -5153,7 +5153,7 @@ syscall_prog_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) |
| 31 |
{ |
| 32 |
switch (func_id) { |
| 33 |
case BPF_FUNC_sys_bpf: |
| 34 |
- return &bpf_sys_bpf_proto; |
| 35 |
+ return !perfmon_capable() ? NULL : &bpf_sys_bpf_proto; |
| 36 |
case BPF_FUNC_btf_find_by_name_kind: |
| 37 |
return &bpf_btf_find_by_name_kind_proto; |
| 38 |
case BPF_FUNC_sys_close: |
| 39 |
-- |
| 40 |
2.35.1 |
| 41 |
|
Parent Directory
| 
Revision Log