From: Lorenz Bauer <lmb@cloudflare.com>
Date: Fri, 26 Mar 2021 16:05:01 +0000 (+0000)
Subject: bpf: program: Refuse non-O_RDWR flags in BPF_OBJ_GET
X-Git-Tag: v5.12-rc7~13^2~35^2~1
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d37300ed1821;p=thirdparty%2Fkernel%2Flinux.git

bpf: program: Refuse non-O_RDWR flags in BPF_OBJ_GET

As for bpf_link, refuse creating a non-O_RDWR fd. Since program fds
currently don't allow modifications this is a precaution, not a
straight up bug fix.

Signed-off-by: Lorenz Bauer <lmb@cloudflare.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Andrii Nakryiko <andrii@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20210326160501.46234-2-lmb@cloudflare.com
---

diff --git a/kernel/bpf/inode.c b/kernel/bpf/inode.c
index dc56237d69600..d2de2abec35b6 100644
--- a/kernel/bpf/inode.c
+++ b/kernel/bpf/inode.c
@@ -543,7 +543,7 @@ int bpf_obj_get_user(const char __user *pathname, int flags)
 		return PTR_ERR(raw);
 
 	if (type == BPF_TYPE_PROG)
-		ret = bpf_prog_new_fd(raw);
+		ret = (f_flags != O_RDWR) ? -EINVAL : bpf_prog_new_fd(raw);
 	else if (type == BPF_TYPE_MAP)
 		ret = bpf_map_new_fd(raw, f_flags);
 	else if (type == BPF_TYPE_LINK)