| From: |
| Andrii Nakryiko <andrii-AT-kernel.org> |
| To: |
| <bpf-AT-vger.kernel.org>, <ast-AT-kernel.org>, <daniel-AT-iogearbox.net>, <martin.lau-AT-kernel.org> |
| Subject: |
| [PATCH bpf-next 00/10] Centralize BPF permission checks |
| Date: |
| Tue, 02 May 2023 16:06:09 -0700 |
| Message-ID: |
| <20230502230619.2592406-1-andrii@kernel.org> |
| Cc: |
| <andrii-AT-kernel.org>, <kernel-team-AT-meta.com> |
| Archive-link: |
| Article |
This patch set refactors BPF subsystem permission checks for BPF maps and
programs, localizes them in one place, and ensures all parts of BPF ecosystem
(BPF verifier and JITs, and their supporting infra) use recorded effective
capabilities, stored in respective bpf_map or bpf_prog structs, for further
decision making.
This allows for more explicit and centralized handling of BPF-related
capabilities and makes for simpler further BPF permission model evolution, to
be proposed and discussed in follow up patch sets.
Andrii Nakryiko (10):
bpf: move unprivileged checks into map_create() and bpf_prog_load()
bpf: inline map creation logic in map_create() function
bpf: centralize permissions checks for all BPF map types
bpf: remember if bpf_map was unprivileged and use that consistently
bpf: drop unnecessary bpf_capable() check in BPF_MAP_FREEZE command
bpf: keep BPF_PROG_LOAD permission checks clear of validations
bpf: record effective capabilities at BPF prog load time
bpf: use recorded BPF prog effective caps when fetching helper protos
bpf: use recorded bpf_capable flag in JIT code
bpf: consistenly use program's recorded capabilities in BPF verifier
arch/arm/net/bpf_jit_32.c | 2 +-
arch/arm64/net/bpf_jit_comp.c | 2 +-
arch/loongarch/net/bpf_jit.c | 2 +-
arch/mips/net/bpf_jit_comp.c | 2 +-
arch/powerpc/net/bpf_jit_comp.c | 2 +-
arch/riscv/net/bpf_jit_core.c | 3 +-
arch/s390/net/bpf_jit_comp.c | 3 +-
arch/sparc/net/bpf_jit_comp_64.c | 2 +-
arch/x86/net/bpf_jit_comp.c | 3 +-
arch/x86/net/bpf_jit_comp32.c | 2 +-
drivers/media/rc/bpf-lirc.c | 2 +-
include/linux/bpf.h | 32 ++-
include/linux/filter.h | 8 +-
kernel/bpf/arraymap.c | 59 +++--
kernel/bpf/bloom_filter.c | 3 -
kernel/bpf/bpf_local_storage.c | 3 -
kernel/bpf/bpf_struct_ops.c | 3 -
kernel/bpf/cgroup.c | 6 +-
kernel/bpf/core.c | 22 +-
kernel/bpf/cpumap.c | 4 -
kernel/bpf/devmap.c | 3 -
kernel/bpf/hashtab.c | 6 -
kernel/bpf/helpers.c | 6 +-
kernel/bpf/lpm_trie.c | 3 -
kernel/bpf/map_in_map.c | 3 +-
kernel/bpf/queue_stack_maps.c | 4 -
kernel/bpf/reuseport_array.c | 3 -
kernel/bpf/stackmap.c | 3 -
kernel/bpf/syscall.c | 218 ++++++++++++------
kernel/bpf/trampoline.c | 2 +-
kernel/bpf/verifier.c | 23 +-
kernel/trace/bpf_trace.c | 2 +-
net/core/filter.c | 36 +--
net/core/sock_map.c | 4 -
net/ipv4/bpf_tcp_ca.c | 2 +-
net/netfilter/nf_bpf_link.c | 2 +-
net/xdp/xskmap.c | 4 -
.../bpf/prog_tests/unpriv_bpf_disabled.c | 6 +-
38 files changed, 280 insertions(+), 215 deletions(-)
--
2.34.1
