public-mirrors/linux
1
0
Fork 0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-08-03 15:55:38 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
linux/kernel/bpf
History
Alan Maguire c8644cd0ef bpf: refine kernel.unprivileged_bpf_disabled behaviour 
With unprivileged BPF disabled, all cmds associated with the BPF syscall
are blocked to users without CAP_BPF/CAP_SYS_ADMIN.  However there are
use cases where we may wish to allow interactions with BPF programs
without being able to load and attach them.  So for example, a process
with required capabilities loads/attaches a BPF program, and a process
with less capabilities interacts with it; retrieving perf/ring buffer
events, modifying map-specified config etc.  With all BPF syscall
commands blocked as a result of unprivileged BPF being disabled,
this mode of interaction becomes impossible for processes without
CAP_BPF.

As Alexei notes

"The bpf ACL model is the same as traditional file's ACL.
The creds and ACLs are checked at open().  Then during file's write/read
additional checks might be performed. BPF has such functionality already.
Different map_creates have capability checks while map_lookup has:
map_get_sys_perms(map, f) & FMODE_CAN_READ.
In other words it's enough to gate FD-receiving parts of bpf
with unprivileged_bpf_disabled sysctl.
The rest is handled by availability of FD and access to files in bpffs."

So key fd creation syscall commands BPF_PROG_LOAD and BPF_MAP_CREATE
are blocked with unprivileged BPF disabled and no CAP_BPF.

And as Alexei notes, map creation with unprivileged BPF disabled off
blocks creation of maps aside from array, hash and ringbuf maps.

Programs responsible for loading and attaching the BPF program
can still control access to its pinned representation by restricting
permissions on the pin path, as with normal files.

Signed-off-by: Alan Maguire <alan.maguire@oracle.com>
Acked-by: Yonghong Song <yhs@fb.com>
Acked-by: Shung-Hsi Yu <shung-hsi.yu@suse.com>
Acked-by: KP Singh <kpsingh@kernel.org>
Link: https://lore.kernel.org/r/1652970334-30510-2-git-send-email-alan.maguire@oracle.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2022-05-20 19:48:29 -07:00
..
preload bpf: Remove redundant slash 2022-03-07 22:19:32 -08:00
arraymap.c bpf: add bpf_map_lookup_percpu_elem for percpu map 2022-05-11 18:16:54 -07:00
bloom_filter.c bpf: Compute map_btf_id during build time 2022-04-26 11:35:21 -07:00
bpf_inode_storage.c bpf: Compute map_btf_id during build time 2022-04-26 11:35:21 -07:00
bpf_iter.c bpf: Remove redundant assignment to meta.seq in __task_seq_show() 2022-04-11 21:14:34 +02:00
bpf_local_storage.c bpf: Fix usage of trace RCU in local storage. 2022-04-19 17:55:45 -07:00
bpf_lru_list.c
bpf_lru_list.h
bpf_lsm.c bpf, x86: Attach a cookie to fentry/fexit/fmod_ret/lsm. 2022-05-10 21:58:31 -07:00
bpf_struct_ops.c bpf, x86: Generate trampolines from bpf_tramp_links 2022-05-10 17:50:40 -07:00
bpf_struct_ops_types.h bpf: Add dummy BPF STRUCT_OPS for test purpose 2021-11-01 14:10:00 -07:00
bpf_task_storage.c bpf: Compute map_btf_id during build time 2022-04-26 11:35:21 -07:00
btf.c bpf: Allow kfunc in tracing and syscall programs. 2022-05-20 19:28:33 -07:00
cgroup.c bpf: Use bpf_prog_run_array_cg_flags everywhere 2022-04-25 17:03:57 -07:00
core.c bpf: Fix combination of jit blinding and pointers to bpf subprogs. 2022-05-13 15:13:48 +02:00
cpumap.c bpf: Compute map_btf_id during build time 2022-04-26 11:35:21 -07:00
devmap.c bpf: Compute map_btf_id during build time 2022-04-26 11:35:21 -07:00
disasm.c bpf: Relicense disassembler as GPL-2.0-only OR BSD-2-Clause 2021-09-02 14:49:23 +02:00
disasm.h bpf: Relicense disassembler as GPL-2.0-only OR BSD-2-Clause 2021-09-02 14:49:23 +02:00
dispatcher.c
hashtab.c bpf: add bpf_map_lookup_percpu_elem for percpu map 2022-05-11 18:16:54 -07:00
helpers.c bpf: Add MEM_UNINIT as a bpf_type_flag 2022-05-13 15:56:26 -07:00
inode.c bpf: Convert bpf_preload.ko to use light skeleton. 2022-02-10 23:31:51 +01:00
Kconfig bpf: Add "live packet" mode for XDP in BPF_PROG_RUN 2022-03-09 14:19:22 -08:00
link_iter.c bpf: Add bpf_link iterator 2022-05-10 11:20:45 -07:00
local_storage.c bpf: Compute map_btf_id during build time 2022-04-26 11:35:21 -07:00
lpm_trie.c bpf: Compute map_btf_id during build time 2022-04-26 11:35:21 -07:00
Makefile bpf: Add bpf_link iterator 2022-05-10 11:20:45 -07:00
map_in_map.c bpf: Allow storing unreferenced kptr in map 2022-04-25 17:31:35 -07:00
map_in_map.h
map_iter.c bpf: Introduce MEM_RDONLY flag 2021-12-18 13:27:41 -08:00
mmap_unlock_work.h bpf: Introduce helper bpf_find_vma 2021-11-07 11:54:51 -08:00
net_namespace.c net: Add includes masked by netdevice.h including uapi/bpf.h 2021-12-29 20:03:05 -08:00
offload.c
percpu_freelist.c
percpu_freelist.h
prog_iter.c
queue_stack_maps.c bpf: Compute map_btf_id during build time 2022-04-26 11:35:21 -07:00
reuseport_array.c bpf: Compute map_btf_id during build time 2022-04-26 11:35:21 -07:00
ringbuf.c bpf: Compute map_btf_id during build time 2022-04-26 11:35:21 -07:00
stackmap.c bpf: Compute map_btf_id during build time 2022-04-26 11:35:21 -07:00
syscall.c bpf: refine kernel.unprivileged_bpf_disabled behaviour 2022-05-20 19:48:29 -07:00
sysfs_btf.c
task_iter.c bpf: Remove redundant assignment to meta.seq in __task_seq_show() 2022-04-11 21:14:34 +02:00
tnum.c
trampoline.c bpf: Fix potential array overflow in bpf_trampoline_get_progs() 2022-05-11 21:24:20 -07:00
verifier.c bpf: Add bpf_skc_to_mptcp_sock_proto 2022-05-20 15:29:00 -07:00