diff options
author | Jakub Kicinski <kuba@kernel.org> | 2024-05-13 23:10:48 +0300 |
---|---|---|
committer | Jakub Kicinski <kuba@kernel.org> | 2024-05-13 23:10:48 +0300 |
commit | c9f9df3f6347b33ae770747c40bae38836e3658c (patch) | |
tree | 3a4e7a54dcdeffc70d8482794207174982bfdb4d /kernel | |
parent | 1164057b3c0093240e45517d711da2d1fd86789a (diff) | |
parent | 3e9bc0472b910d4115e16e9c2d684c7757cb6c60 (diff) | |
download | linux-c9f9df3f6347b33ae770747c40bae38836e3658c.tar.xz |
Merge tag 'for-netdev' of https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf
Daniel Borkmann says:
====================
pull-request: bpf 2024-05-13
We've added 3 non-merge commits during the last 2 day(s) which contain
a total of 2 files changed, 62 insertions(+), 8 deletions(-).
The main changes are:
1) Fix a case where syzkaller found that it's unexpectedly possible
to attach a cgroup_skb program to the sockopt hooks. The fix adds
missing attach_type enforcement for the link_create case along
with selftests, from Stanislav Fomichev.
* tag 'for-netdev' of https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf:
selftests/bpf: Add sockopt case to verify prog_type
selftests/bpf: Extend sockopt tests to use BPF_LINK_CREATE
bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE
====================
Link: https://lore.kernel.org/r/20240513041845.31040-1-daniel@iogearbox.net
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Diffstat (limited to 'kernel')
-rw-r--r-- | kernel/bpf/syscall.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c index c287925471f6..cb61d8880dbe 100644 --- a/kernel/bpf/syscall.c +++ b/kernel/bpf/syscall.c @@ -3985,6 +3985,11 @@ static int bpf_prog_attach_check_attach_type(const struct bpf_prog *prog, * check permissions at attach time. */ return -EPERM; + + ptype = attach_type_to_prog_type(attach_type); + if (prog->type != ptype) + return -EINVAL; + return prog->enforce_expected_attach_type && prog->expected_attach_type != attach_type ? -EINVAL : 0; |