Jakub Sitnicki wrote: > We have seen an influx of syzkaller reports where a BPF program attached to > a tracepoint triggers a locking rule violation by performing a map_delete > on a sockmap/sockhash. > > We don't intend to support this artificial use scenario. Extend the > existing verifier allowed-program-type check for updating sockmap/sockhash > to also cover deleting from a map. > > From now on only BPF programs which were previously allowed to update > sockmap/sockhash can delete from these map types. > > Reported-by: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx> > Reported-and-tested-by: syzbot+ec941d6e24f633a59172@xxxxxxxxxxxxxxxxxxxxxxxxx > Closes: https://syzkaller.appspot.com/bug?extid=ec941d6e24f633a59172 > Signed-off-by: Jakub Sitnicki <jakub@xxxxxxxxxxxxxx> > --- Acked-by: John Fastabend <john.fastabend@xxxxxxxxx>
