git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Toke Høiland-Jørgensen <toke@redhat.com>
	Fri, 25 Sep 2020 21:25:00 +0000 (23:25 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 29 Oct 2020 09:07:46 +0000 (10:07 +0100)
commit	c2ebc88260ff2c9b20b3ddd0a200a97bed899855
tree	4c86368c413691f23c768fc82c452889987ae5f9	tree
parent	7c37b28e0b37389f6807addebb0ef766d380c767	commit \| diff

bpf: disallow attaching modify_return tracing functions to other BPF programs

[ Upstream commit 1af9270e908cd50a4f5d815c9b6f794c7d57ed07 ]

From the checks and commit messages for modify_return, it seems it was
never the intention that it should be possible to attach a tracing program
with expected_attach_type == BPF_MODIFY_RETURN to another BPF program.
However, check_attach_modify_return() will only look at the function name,
so if the target function starts with "security_", the attach will be
allowed even for bpf2bpf attachment.

Fix this oversight by also blocking the modification if a target program is
supplied.

Fixes: 18644cec714a ("bpf: Fix use-after-free in fmod_ret check")
Fixes: 6ba43b761c41 ("bpf: Attachment verification for BPF_MODIFY_RETURN")
Acked-by: Andrii Nakryiko <andriin@fb.com>
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>