aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/include
diff options
context:
space:
mode:
authorLorenz Bauer <lmb@cloudflare.com>2020-06-29 10:56:26 +0100
committerAlexei Starovoitov <ast@kernel.org>2020-06-30 10:46:38 -0700
commit4ac2add65974e4efafb8d4ccd8fc5660417ea312 (patch)
tree5d10bfc9e7d53253556506bdbc0d02ca30386354 /include
parentbpf: flow_dissector: Check value of unused flags to BPF_PROG_ATTACH (diff)
downloadwireguard-linux-4ac2add65974e4efafb8d4ccd8fc5660417ea312.tar.xz
wireguard-linux-4ac2add65974e4efafb8d4ccd8fc5660417ea312.zip
bpf: flow_dissector: Check value of unused flags to BPF_PROG_DETACH
Using BPF_PROG_DETACH on a flow dissector program supports neither attach_flags nor attach_bpf_fd. Yet no value is enforced for them. Enforce that attach_flags are zero, and require the current program to be passed via attach_bpf_fd. This allows us to remove the check for CAP_SYS_ADMIN, since userspace can now no longer remove arbitrary flow dissector programs. Fixes: b27f7bb590ba ("flow_dissector: Move out netns_bpf prog callbacks") Signed-off-by: Lorenz Bauer <lmb@cloudflare.com> Signed-off-by: Alexei Starovoitov <ast@kernel.org> Link: https://lore.kernel.org/bpf/20200629095630.7933-3-lmb@cloudflare.com
Diffstat (limited to 'include')
-rw-r--r--include/linux/bpf-netns.h5
1 files changed, 3 insertions, 2 deletions
diff --git a/include/linux/bpf-netns.h b/include/linux/bpf-netns.h
index 4052d649f36d..47d5b0c708c9 100644
--- a/include/linux/bpf-netns.h
+++ b/include/linux/bpf-netns.h
@@ -33,7 +33,7 @@ int netns_bpf_prog_query(const union bpf_attr *attr,
union bpf_attr __user *uattr);
int netns_bpf_prog_attach(const union bpf_attr *attr,
struct bpf_prog *prog);
-int netns_bpf_prog_detach(const union bpf_attr *attr);
+int netns_bpf_prog_detach(const union bpf_attr *attr, enum bpf_prog_type ptype);
int netns_bpf_link_create(const union bpf_attr *attr,
struct bpf_prog *prog);
#else
@@ -49,7 +49,8 @@ static inline int netns_bpf_prog_attach(const union bpf_attr *attr,
return -EOPNOTSUPP;
}
-static inline int netns_bpf_prog_detach(const union bpf_attr *attr)
+static inline int netns_bpf_prog_detach(const union bpf_attr *attr,
+ enum bpf_prog_type ptype)
{
return -EOPNOTSUPP;
}
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.