diff mbox series

[bpf,1/2] bpf: Restrict bpf_sys_bpf to CAP_PERFMON

Message ID 20220816205517.682470-1-zhuyifei@google.com (mailing list archive)
State Accepted
Commit 14b20b784f59bdd95f6f1cfb112c9818bcec4d84
Delegated to: BPF
Headers show
Series [bpf,1/2] bpf: Restrict bpf_sys_bpf to CAP_PERFMON | expand

Checks

Context Check Description
netdev/tree_selection success Clearly marked for bpf
netdev/fixes_present success Fixes tag present in non-next series
netdev/subject_prefix success Link
netdev/cover_letter success Single patches do not need cover letters
netdev/patch_count success Link
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 343 this patch: 343
netdev/cc_maintainers warning 6 maintainers not CCed: john.fastabend@gmail.com martin.lau@linux.dev kpsingh@kernel.org jolsa@kernel.org haoluo@google.com yhs@fb.com
netdev/build_clang success Errors and warnings before: 5 this patch: 5
netdev/module_param success Was 0 now: 0
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success Fixes tag looks correct
netdev/build_allmodconfig_warn success Errors and warnings before: 343 this patch: 343
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 8 lines checked
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0
bpf/vmtest-bpf-PR success PR summary
bpf/vmtest-bpf-VM_Test-1 success Logs for Kernel LATEST on ubuntu-latest with gcc
bpf/vmtest-bpf-VM_Test-2 success Logs for Kernel LATEST on ubuntu-latest with llvm-16
bpf/vmtest-bpf-VM_Test-3 success Logs for Kernel LATEST on z15 with gcc
bpf/vmtest-bpf-VM_Test-4 success Logs for llvm-toolchain
bpf/vmtest-bpf-VM_Test-5 success Logs for set-matrix

Commit Message

YiFei Zhu Aug. 16, 2022, 8:55 p.m. UTC 
The verifier cannot perform sufficient validation of any pointers
passed into bpf_attr and treats them as integers rather than pointers.
The helper will then read from arbitrary pointers passed into it.
Restrict the helper to CAP_PERFMON since the security model in
BPF of arbitrary kernel read is CAP_BPF + CAP_PERFMON.

Fixes: af2ac3e13e45 ("bpf: Prepare bpf syscall to be used from kernel and user space.")
Signed-off-by: YiFei Zhu <zhuyifei@google.com>
---
 kernel/bpf/syscall.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

patchwork-bot+netdevbpf@kernel.org Aug. 17, 2022, 10:30 p.m. UTC | #1 
Hello:

This series was applied to bpf/bpf.git (master)
by Daniel Borkmann <daniel@iogearbox.net>:

On Tue, 16 Aug 2022 20:55:16 +0000 you wrote:
> The verifier cannot perform sufficient validation of any pointers
> passed into bpf_attr and treats them as integers rather than pointers.
> The helper will then read from arbitrary pointers passed into it.
> Restrict the helper to CAP_PERFMON since the security model in
> BPF of arbitrary kernel read is CAP_BPF + CAP_PERFMON.
> 
> Fixes: af2ac3e13e45 ("bpf: Prepare bpf syscall to be used from kernel and user space.")
> Signed-off-by: YiFei Zhu <zhuyifei@google.com>
> 
> [...]

Here is the summary with links:
  - [bpf,1/2] bpf: Restrict bpf_sys_bpf to CAP_PERFMON
    https://git.kernel.org/bpf/bpf/c/14b20b784f59
  - [bpf,2/2] bpf: Add WARN_ON for recursive prog_run invocation
    (no matching commit)

You are awesome, thank you!
diff mbox series

Patch

diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index a4d40d98428a..27760627370d 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -5197,7 +5197,7 @@  syscall_prog_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
 {
 	switch (func_id) {
 	case BPF_FUNC_sys_bpf:
-		return &bpf_sys_bpf_proto;
+		return !perfmon_capable() ? NULL : &bpf_sys_bpf_proto;
 	case BPF_FUNC_btf_find_by_name_kind:
 		return &bpf_btf_find_by_name_kind_proto;
 	case BPF_FUNC_sys_close: