On Fri, 26 Mar 2021 at 20:14, Song Liu <song@xxxxxxxxxx> wrote: > > On Fri, Mar 26, 2021 at 9:07 AM Lorenz Bauer <lmb@xxxxxxxxxxxxxx> wrote: > > > > As for bpf_link, refuse creating a non-O_RDWR fd. Since program fds > > currently don't allow modifications this is a precaution, not a > > straight up bug fix. > > > > Signed-off-by: Lorenz Bauer <lmb@xxxxxxxxxxxxxx> > > --- > > kernel/bpf/inode.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/kernel/bpf/inode.c b/kernel/bpf/inode.c > > index dc56237d6960..d2de2abec35b 100644 > > --- a/kernel/bpf/inode.c > > +++ b/kernel/bpf/inode.c > > @@ -543,7 +543,7 @@ int bpf_obj_get_user(const char __user *pathname, int flags) > > return PTR_ERR(raw); > > For both patches, shall we do the check before bpf_obj_do_get(), which is a few > lines above? type is filled in by bpf_obj_do_get, so we can't avoid calling it. As Andrii mentions we need to allow flags for map. > > Thanks, > Song > > > > > if (type == BPF_TYPE_PROG) > > - ret = bpf_prog_new_fd(raw); > > + ret = (f_flags != O_RDWR) ? -EINVAL : bpf_prog_new_fd(raw); > > else if (type == BPF_TYPE_MAP) > > ret = bpf_map_new_fd(raw, f_flags); > > else if (type == BPF_TYPE_LINK) > > -- > > 2.27.0 > > -- Lorenz Bauer | Systems Engineer 6th Floor, County Hall/The Riverside Building, SE1 7PB, UK www.cloudflare.com
