[PATCH bpf 0/3] bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE

Stanislav Fomichev <sdf@xxxxxxxxxx> · Fri, 26 Apr 2024 16:16:17 -0700

Syzkaller found a case where it's possible to attach cgroup_skb program
to the sockopt hooks. Apparently it's currently possible to do that,
but only when using BPF_LINK_CREATE API. The first patch in the series
has more info on why that happens.

Stanislav Fomichev (3):
  bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in
    BPF_LINK_CREATE
  selftests/bpf: Extend sockopt tests to use BPF_LINK_CREATE
  selftests/bpf: Add sockopt case to verify prog_type

 kernel/bpf/syscall.c                          |  5 ++
 .../selftests/bpf/prog_tests/sockopt.c        | 65 ++++++++++++++++---
 2 files changed, 62 insertions(+), 8 deletions(-)

-- 
2.44.0.769.g3c40516874-goog