public-mirrors/linux
1
0
Fork 0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-08-05 16:54:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
linux/kernel/bpf
History
Udip Pant 7e40781cc8 bpf: verifier: Use target program's type for access verifications 
This patch adds changes in verifier to make decisions such as granting
of read / write access or enforcement of return code status based on
the program type of the target program while using dynamic program
extension (of type BPF_PROG_TYPE_EXT).

The BPF_PROG_TYPE_EXT type can be used to extend types such as XDP, SKB
and others. Since the BPF_PROG_TYPE_EXT program type on itself is just a
placeholder for those, we need this extended check for those extended
programs to actually work with proper access, while using this option.

Specifically, it introduces following changes:
- may_access_direct_pkt_data:
    allow access to packet data based on the target prog
- check_return_code:
    enforce return code based on the target prog
    (currently, this check is skipped for EXT program)
- check_ld_abs:
    check for 'may_access_skb' based on the target prog
- check_map_prog_compatibility:
    enforce the map compatibility check based on the target prog
- may_update_sockmap:
    allow sockmap update based on the target prog

Some other occurrences of prog->type is left as it without replacing
with the 'resolved' type:
- do_check_common() and check_attach_btf_id():
    already have specific logic to handle the EXT prog type
- jit_subprogs() and bpf_check():
    Not changed for jit compilation or while inferring env->ops

Next few patches in this series include selftests for some of these cases.

Signed-off-by: Udip Pant <udippant@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20200825232003.2877030-2-udippant@fb.com
2020-08-26 12:47:56 -07:00
..
preload bpf: Disallow BPF_PRELOAD in allmodconfig builds 2020-08-25 15:23:46 -07:00
arraymap.c bpf: Implement bpf iterator for array maps 2020-07-25 20:16:33 -07:00
bpf_inode_storage.c bpf: Implement bpf_local_storage for inodes 2020-08-25 15:00:04 -07:00
bpf_iter.c bpf: Implement link_query for bpf iterators 2020-08-21 14:01:39 -07:00
bpf_local_storage.c bpf: Split bpf_local_storage to bpf_sk_storage 2020-08-25 15:00:04 -07:00
bpf_lru_list.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 206 2019-05-30 11:29:53 -07:00
bpf_lru_list.h bpf: Fix a typo "inacitve" -> "inactive" 2020-04-06 21:54:10 +02:00
bpf_lsm.c bpf: Allow local storage to be used from LSM programs 2020-08-25 15:00:04 -07:00
bpf_struct_ops.c bpf: Move btf_resolve_size into __btf_resolve_size 2020-08-25 15:37:41 -07:00
bpf_struct_ops_types.h bpf: tcp: Support tcp_congestion_ops in bpf 2020-01-09 08:46:18 -08:00
btf.c bpf: Add BTF_SET_START/END macros 2020-08-25 15:37:41 -07:00
cgroup.c bpf: Add support for forced LINK_DETACH command 2020-08-01 20:38:28 -07:00
core.c bpf: Delete repeated words in comments 2020-08-07 18:57:24 +02:00
cpumap.c bpf: cpumap: Fix possible rcpu kthread hung 2020-07-21 09:15:28 -07:00
devmap.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2020-07-04 17:48:34 -07:00
disasm.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 295 2019-06-05 17:36:38 +02:00
disasm.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 295 2019-06-05 17:36:38 +02:00
dispatcher.c bpf: Remove bpf_image tree 2020-03-13 12:49:52 -07:00
hashtab.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2020-08-03 18:27:40 -07:00
helpers.c bpf: Implement BPF ring buffer and verifier support for it 2020-06-01 14:38:22 -07:00
inode.c bpf: Add kernel module with user mode driver that populates bpffs. 2020-08-20 16:02:36 +02:00
local_storage.c bpf/local_storage: Fix build without CONFIG_CGROUP 2020-07-25 20:16:36 -07:00
lpm_trie.c bpf: Remove redundant synchronize_rcu. 2020-07-01 08:07:13 -07:00
Makefile bpf: Implement bpf_local_storage for inodes 2020-08-25 15:00:04 -07:00
map_in_map.c bpf: Implement CAP_BPF 2020-05-15 17:29:41 +02:00
map_in_map.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 206 2019-05-30 11:29:53 -07:00
map_iter.c bpf: Implement link_query callbacks in map element iterators 2020-08-21 14:01:39 -07:00
net_namespace.c bpf: Add support for forced LINK_DETACH command 2020-08-01 20:38:28 -07:00
offload.c bpf, offload: Replace bitwise AND by logical AND in bpf_prog_offload_info_fill 2020-02-17 16:53:49 +01:00
percpu_freelist.c bpf: Dont iterate over possible CPUs with interrupts disabled 2020-02-24 16:18:20 -08:00
percpu_freelist.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 206 2019-05-30 11:29:53 -07:00
prog_iter.c bpf: Refactor bpf_iter_reg to have separate seq_info member 2020-07-25 20:16:32 -07:00
queue_stack_maps.c bpf: Remove redundant synchronize_rcu. 2020-07-01 08:07:13 -07:00
reuseport_array.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-07-11 00:46:00 -07:00
ringbuf.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-07-11 00:46:00 -07:00
stackmap.c bpf: Iterate through all PT_NOTE sections when looking for build id 2020-08-12 18:14:49 -07:00
syscall.c bpf: Implement bpf_local_storage for inodes 2020-08-25 15:00:04 -07:00
sysfs_btf.c bpf: Support llvm-objcopy for vmlinux BTF 2020-03-19 12:32:38 +01:00
task_iter.c bpf: Refactor to provide aux info to bpf_iter_init_seq_priv_t 2020-07-25 20:16:32 -07:00
tnum.c bpf: Verifier, do explicit ALU32 bounds tracking 2020-03-30 14:59:53 -07:00
trampoline.c bpf: lsm: Implement attach, detach and execution 2020-03-30 01:34:00 +02:00
verifier.c bpf: verifier: Use target program's type for access verifications 2020-08-26 12:47:56 -07:00