git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/commit

author	Hao Luo <haoluo@google.com>
	Thu, 28 Apr 2022 23:57:48 +0000 (16:57 -0700)
committer	Stefan Bader <stefan.bader@canonical.com>
	Wed, 22 Jun 2022 12:22:28 +0000 (14:22 +0200)
commit	91cb7edca4e8869ade94b55e195676b3fbc4df68
tree	36b9963f6cf88e3403e38cfa3b447afc6652679f	tree
parent	c2e4196c86e2add0274a437ce14fe46a8b69e13e	commit \| diff

bpf: Make per_cpu_ptr return rdonly PTR_TO_MEM.

BugLink: https://bugs.launchpad.net/bugs/1976135
commit 34d3a78c681e8e7844b43d1a2f4671a04249c821 upstream.

Tag the return type of {per, this}_cpu_ptr with RDONLY_MEM. The
returned value of this pair of helpers is kernel object, which
can not be updated by bpf programs. Previously these two helpers
return PTR_OT_MEM for kernel objects of scalar type, which allows
one to directly modify the memory. Now with RDONLY_MEM tagging,
the verifier will reject programs that write into RDONLY_MEM.

Fixes: 63d9b80dcf2c ("bpf: Introducte bpf_this_cpu_ptr()")
Fixes: eaa6bcb71ef6 ("bpf: Introduce bpf_per_cpu_ptr()")
Fixes: 4976b718c355 ("bpf: Introduce pseudo_btf_id")
Signed-off-by: Hao Luo <haoluo@google.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20211217003152.48334-8-haoluo@google.com
Cc: stable@vger.kernel.org # 5.15.x
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

kernel/bpf/helpers.c		diff \| blob \| blame \| history
kernel/bpf/verifier.c		diff \| blob \| blame \| history