git.ipfire.org Git - thirdparty/kernel/stable.git/commit

bpf: Gate dynptr API behind CAP_BPF

commit 8addbfc7b308d591f8a5f2f6bb24d08d9d79dfbb upstream.

This has been enabled for unprivileged programs for only one kernel
release, hence the expected annoyances due to this move are low. Users
using ringbuf can stick to non-dynptr APIs. The actual use cases dynptr
is meant to serve may not make sense in unprivileged BPF programs.

Hence, gate these helpers behind CAP_BPF and limit use to privileged
BPF programs.

Fixes: 263ae152e962 ("bpf: Add bpf_dynptr_from_mem for local dynptrs")
Fixes: bc34dee65a65 ("bpf: Dynptr support for ring buffers")
Fixes: 13bbbfbea759 ("bpf: Add bpf_dynptr_read and bpf_dynptr_write")
Fixes: 34d4ef5775f7 ("bpf: Add dynptr data slices")
Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com>
Link: https://lore.kernel.org/r/20220921143550.30247-1-memxor@gmail.com
Acked-by: Andrii Nakryiko <andrii@kernel.org>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

author	Kumar Kartikeya Dwivedi <memxor@gmail.com>
	Wed, 21 Sep 2022 14:35:50 +0000 (16:35 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 12 Oct 2022 07:39:04 +0000 (09:39 +0200)
commit	50fe01fa7640bc216bb1a47754a1f799c20eff8e
tree	f95db3d34c70fae16af96cb8ce12aa92260a5d4d	tree \| snapshot
parent	64517c21fd0f28b40a75d0d3121276b31399278e	commit \| diff