git.baikalelectronics.ru Git - kernel.git/commit

author	Lorenz Bauer <lmb@cloudflare.com>
	Mon, 29 Jun 2020 09:56:26 +0000 (10:56 +0100)
committer	Alexei Starovoitov <ast@kernel.org>
	Tue, 30 Jun 2020 17:46:38 +0000 (10:46 -0700)
commit	0a9d49396950781e471ffd06faadcc616865da77
tree	5d10bfc9e7d53253556506bdbc0d02ca30386354	tree \| snapshot
parent	726232787c238672462f6bc4ba95cae294430348	commit \| diff

bpf: flow_dissector: Check value of unused flags to BPF_PROG_DETACH

Using BPF_PROG_DETACH on a flow dissector program supports neither
attach_flags nor attach_bpf_fd. Yet no value is enforced for them.

Enforce that attach_flags are zero, and require the current program
to be passed via attach_bpf_fd. This allows us to remove the check
for CAP_SYS_ADMIN, since userspace can now no longer remove
arbitrary flow dissector programs.

Fixes: 52cd61d23445 ("flow_dissector: Move out netns_bpf prog callbacks")
Signed-off-by: Lorenz Bauer <lmb@cloudflare.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20200629095630.7933-3-lmb@cloudflare.com

include/linux/bpf-netns.h		diff \| blob \| history
kernel/bpf/net_namespace.c		diff \| blob \| history
kernel/bpf/syscall.c		diff \| blob \| history