diff options
| author | Yonghong Song <yhs@fb.com> | 2022-01-27 18:46:06 +0300 |
|---|---|---|
| committer | Alexei Starovoitov <ast@kernel.org> | 2022-01-27 23:03:46 +0300 |
| commit | c6f1bfe89ac95dc829dcb4ed54780da134ac5fce (patch) | |
| tree | d6d304eb322a72bab4b8d8b88a945a7fdb47b330 /LICENSES | |
| parent | 7472d5a642c94a0ee1882ff3038de72ffe803a01 (diff) | |
| download | linux-c6f1bfe89ac95dc829dcb4ed54780da134ac5fce.tar.xz | |
bpf: reject program if a __user tagged memory accessed in kernel way
BPF verifier supports direct memory access for BPF_PROG_TYPE_TRACING type
of bpf programs, e.g., a->b. If "a" is a pointer
pointing to kernel memory, bpf verifier will allow user to write
code in C like a->b and the verifier will translate it to a kernel
load properly. If "a" is a pointer to user memory, it is expected
that bpf developer should be bpf_probe_read_user() helper to
get the value a->b. Without utilizing BTF __user tagging information,
current verifier will assume that a->b is a kernel memory access
and this may generate incorrect result.
Now BTF contains __user information, it can check whether the
pointer points to a user memory or not. If it is, the verifier
can reject the program and force users to use bpf_probe_read_user()
helper explicitly.
In the future, we can easily extend btf_add_space for other
address space tagging, for example, rcu/percpu etc.
Signed-off-by: Yonghong Song <yhs@fb.com>
Link: https://lore.kernel.org/r/20220127154606.654961-1-yhs@fb.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Diffstat (limited to 'LICENSES')
0 files changed, 0 insertions, 0 deletions