[02/14] bpf: Only sys admin can set no charge flag

Message ID	20220319173036.23352-3-laoar.shao@gmail.com (mailing list archive)
State	Rejected
Delegated to:	BPF
Headers	show Return-Path: <netdev-owner@kernel.org> From: Yafang Shao <laoar.shao@gmail.com> To: roman.gushchin@linux.dev, ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org, kafai@fb.com, songliubraving@fb.com, yhs@fb.com, john.fastabend@gmail.com, kpsingh@kernel.org, shuah@kernel.org Cc: netdev@vger.kernel.org, bpf@vger.kernel.org, linux-kselftest@vger.kernel.org, Yafang Shao <laoar.shao@gmail.com> Subject: [PATCH 02/14] bpf: Only sys admin can set no charge flag Date: Sat, 19 Mar 2022 17:30:24 +0000 Message-Id: <20220319173036.23352-3-laoar.shao@gmail.com> In-Reply-To: <20220319173036.23352-1-laoar.shao@gmail.com> References: <20220319173036.23352-1-laoar.shao@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	bpf: Allow not to charge bpf memory \| expand [00/14] bpf: Allow not to charge bpf memory [01/14] bpf: Introduce no charge flag for bpf map [02/14] bpf: Only sys admin can set no charge flag [03/14] bpf: Enable no charge in map _CREATE_FLAG_MASK [04/14] bpf: Introduce new parameter bpf_attr in bpf_map_area_alloc [05/14] bpf: Allow no charge in bpf_map_area_alloc [06/14] bpf: Allow no charge for allocation not at map creation time [07/14] bpf: Allow no charge in map specific allocation [08/14] bpf: Aggregate flags for BPF_PROG_LOAD command [09/14] bpf: Add no charge flag for bpf prog [10/14] bpf: Only sys admin can set no charge flag for bpf prog [11/14] bpf: Set __GFP_ACCOUNT at the callsite of bpf_prog_alloc [12/14] bpf: Allow no charge for bpf prog [13/14] bpf: selftests: Add test case for BPF_F_NO_CHARTE [14/14] bpf: selftests: Add test case for BPF_F_PROG_NO_CHARGE

Message ID

20220319173036.23352-3-laoar.shao@gmail.com (mailing list archive)

State

Rejected

Delegated to:

BPF

Headers

From: Yafang Shao <laoar.shao@gmail.com>
To: roman.gushchin@linux.dev, ast@kernel.org, daniel@iogearbox.net,
        andrii@kernel.org, kafai@fb.com, songliubraving@fb.com, yhs@fb.com,
        john.fastabend@gmail.com, kpsingh@kernel.org, shuah@kernel.org
Cc: netdev@vger.kernel.org, bpf@vger.kernel.org,
        linux-kselftest@vger.kernel.org, Yafang Shao <laoar.shao@gmail.com>
Subject: [PATCH 02/14] bpf: Only sys admin can set no charge flag
Date: Sat, 19 Mar 2022 17:30:24 +0000
Message-Id: <20220319173036.23352-3-laoar.shao@gmail.com>
In-Reply-To: <20220319173036.23352-1-laoar.shao@gmail.com>
References: <20220319173036.23352-1-laoar.shao@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

bpf: Allow not to charge bpf memory | expand

Checks

Context	Check	Description
bpf/vmtest-bpf-next-PR	success	PR summary
netdev/tree_selection	success	Guessing tree name failed - patch did not apply, async

Context

Check

Description

bpf/vmtest-bpf-next-PR

success

PR summary

netdev/tree_selection

success

Guessing tree name failed - patch did not apply, async

Commit Message

Yafang Shao March 19, 2022, 5:30 p.m. UTC

Only the sys admin has the privilege to account the bpf map memory into
root memcg only.

Signed-off-by: Yafang Shao <laoar.shao@gmail.com>
---
 kernel/bpf/syscall.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index 029f04588b1a..0cca3d7d0d84 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -852,6 +852,9 @@  static int map_create(union bpf_attr *attr)
 	    attr->map_extra != 0)
 		return -EINVAL;
 
+	if (attr->map_flags & BPF_F_NO_CHARGE && !capable(CAP_SYS_ADMIN))
+		return -EPERM;
+
 	f_flags = bpf_get_file_flag(attr->map_flags);
 	if (f_flags < 0)
 		return f_flags;