kallsyms: Refactor kallsyms_show_value() to take cred

In order to perform future tests against the cred saved during open(), switch kallsyms_show_value() to operate on a cred, and have all current callers pass current_cred(). This makes it very obvious where callers are checking the wrong credential in their "read" contexts. These will be fixed in the coming patches. Additionally switch return value to bool, since it is always used as a direct permission check, not a 0-on-success, negative-on-error style function return. Cc: stable@vger.kernel.org Signed-off-by: Kees Cook <keescook@chromium.org>
author: Kees Cook <keescook@chromium.org> 2020-07-02 11:49:23 -0700
committer: Kees Cook <keescook@chromium.org> 2020-07-08 15:59:57 -0700
commit: 160251842cd35a75edfb0a1d76afa3eb674ff40a (patch)
tree: a1ce82f3b8d23a325c151bd998b815af9574617c /include/linux/filter.h
parent: Linux 5.8-rc2 (diff)
download: linux-dev-160251842cd35a75edfb0a1d76afa3eb674ff40a.tar.xz
linux-dev-160251842cd35a75edfb0a1d76afa3eb674ff40a.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/include/linux/filter.h b/include/linux/filter.h
index 259377723603..55104f6c78e8 100644
--- a/include/linux/filter.h
+++ b/include/linux/filter.h
@@ -889,7 +889,7 @@ static inline bool bpf_dump_raw_ok(void)
 	/* Reconstruction of call-sites is dependent on kallsyms,
 	 * thus make dump the same restriction.
 	 */
-	return kallsyms_show_value() == 1;
+	return kallsyms_show_value(current_cred());
 }
 
 struct bpf_prog *bpf_patch_insn_single(struct bpf_prog *prog, u32 off,
author	Kees Cook <keescook@chromium.org>	2020-07-02 11:49:23 -0700
committer	Kees Cook <keescook@chromium.org>	2020-07-08 15:59:57 -0700
commit	160251842cd35a75edfb0a1d76afa3eb674ff40a (patch)
tree	a1ce82f3b8d23a325c151bd998b815af9574617c /include/linux/filter.h
parent	Linux 5.8-rc2 (diff)
download	linux-dev-160251842cd35a75edfb0a1d76afa3eb674ff40a.tar.xz linux-dev-160251842cd35a75edfb0a1d76afa3eb674ff40a.zip