git.baikalelectronics.ru Git - kernel.git/commit

author	Daniel Borkmann <daniel@iogearbox.net>
	Wed, 24 Oct 2018 20:05:46 +0000 (22:05 +0200)
committer	Alexei Starovoitov <ast@kernel.org>
	Fri, 26 Oct 2018 00:02:06 +0000 (17:02 -0700)
commit	667f2e377db5eca436cba049ec0943839bb91ba3
tree	e0e5d11319f153c2d31379f5c080f5d71dee35b2	tree \| snapshot
parent	d94153a6b5b4763409fe35a067c2a44babc3f56f	commit \| diff

bpf: fix cg_skb types to hint access type in may_access_direct_pkt_data

Commit 5143e8b978d6 ("bpf: add cg_skb_is_valid_access for
BPF_PROG_TYPE_CGROUP_SKB") added direct packet access for skbs in
cg_skb program types, however allowed access type was not added to
the may_access_direct_pkt_data() helper. Therefore the latter always
returns false. This is not directly an issue, it just means writes
are unconditionally disabled (which is correct) but also reads.
Latter is relevant in this function when BPF helpers may read direct
packet data which is unconditionally disabled then. Fix it by properly
adding BPF_PROG_TYPE_CGROUP_SKB to may_access_direct_pkt_data().

Fixes: 5143e8b978d6 ("bpf: add cg_skb_is_valid_access for BPF_PROG_TYPE_CGROUP_SKB")
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Cc: Song Liu <songliubraving@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>