Git Repo - linux.git/commit

author	Alexei Starovoitov <[email protected]>
	Fri, 25 Nov 2022 22:06:17 +0000 (14:06 -0800)
committer	Andrii Nakryiko <[email protected]>
	Wed, 30 Nov 2022 23:33:48 +0000 (15:33 -0800)
commit	c67cae551f0df80421b5703ee56ff5e2fe9c4de6
tree	cc1878eacd432087d36231fd8669971a5e963c70	tree \| snapshot
parent	996c060e2bb90e5caef42849846b56da21ea88d9	commit \| diff

bpf: Tighten ptr_to_btf_id checks.

The networking programs typically don't require CAP_PERFMON, but through kfuncs
like bpf_cast_to_kern_ctx() they can access memory through PTR_TO_BTF_ID. In
such case enforce CAP_PERFMON.
Also make sure that only GPL programs can access kernel data structures.
All kfuncs require GPL already.

Also remove allow_ptr_to_map_access. It's the same as allow_ptr_leaks and
different name for the same check only causes confusion.

Fixes: fd264ca02094 ("bpf: Add a kfunc to type cast from bpf uapi ctx to kernel ctx")
Fixes: 50c6b8a9aea2 ("selftests/bpf: Add a test for btf_type_tag "percpu"")
Signed-off-by: Alexei Starovoitov <[email protected]>
Signed-off-by: Andrii Nakryiko <[email protected]>
Acked-by: Yonghong Song <[email protected]>
Link: https://lore.kernel.org/bpf/[email protected]

include/linux/bpf.h		diff \| blob \| blame \| history
include/linux/bpf_verifier.h		diff \| blob \| blame \| history
kernel/bpf/verifier.c		diff \| blob \| blame \| history
tools/testing/selftests/bpf/progs/btf_type_tag_percpu.c		diff \| blob \| blame \| history
tools/testing/selftests/bpf/verifier/map_ptr.c		diff \| blob \| blame \| history