bpf: flow_dissector: Check value of unused flags to BPF_PROG_DETACH - wireguard-linux

diff options

author	Lorenz Bauer <lmb@cloudflare.com>	2020-06-29 10:56:26 +0100
committer	Alexei Starovoitov <ast@kernel.org>	2020-06-30 10:46:38 -0700
commit	4ac2add65974e4efafb8d4ccd8fc5660417ea312 (patch)
tree	5d10bfc9e7d53253556506bdbc0d02ca30386354 /net
parent	bpf: flow_dissector: Check value of unused flags to BPF_PROG_ATTACH (diff)
download	wireguard-linux-4ac2add65974e4efafb8d4ccd8fc5660417ea312.tar.xz wireguard-linux-4ac2add65974e4efafb8d4ccd8fc5660417ea312.zip

bpf: flow_dissector: Check value of unused flags to BPF_PROG_DETACH

Using BPF_PROG_DETACH on a flow dissector program supports neither attach_flags nor attach_bpf_fd. Yet no value is enforced for them. Enforce that attach_flags are zero, and require the current program to be passed via attach_bpf_fd. This allows us to remove the check for CAP_SYS_ADMIN, since userspace can now no longer remove arbitrary flow dissector programs. Fixes: b27f7bb590ba ("flow_dissector: Move out netns_bpf prog callbacks") Signed-off-by: Lorenz Bauer <lmb@cloudflare.com> Signed-off-by: Alexei Starovoitov <ast@kernel.org> Link: https://lore.kernel.org/bpf/20200629095630.7933-3-lmb@cloudflare.com

Diffstat (limited to 'net')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: