On Wed, Sep 21, 2022 at 1:27 AM Kumar Kartikeya Dwivedi
<memxor@xxxxxxxxx> wrote:
>
> This has been enabled for unprivileged programs for only one kernel
> release, hence the expected annoyances due to this move are low. Users
> using ringbuf can stick to non-dynptr APIs. The actual use cases dynptr
> is meant to serve may not make sense in unprivileged BPF programs.
>
> Hence, gate these helpers behind CAP_BPF and limit use to privileged
> BPF programs.
>
> Fixes: 263ae152e962 ("bpf: Add bpf_dynptr_from_mem for local dynptrs")
> Fixes: bc34dee65a65 ("bpf: Dynptr support for ring buffers")
> Fixes: 13bbbfbea759 ("bpf: Add bpf_dynptr_read and bpf_dynptr_write")
> Fixes: 34d4ef5775f7 ("bpf: Add dynptr data slices")
> Cc: stable@xxxxxxxxxxxxxxx # v5.19+
> Signed-off-by: Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx>
> ---
Acked-by: Andrii Nakryiko <andrii@xxxxxxxxxx>
> kernel/bpf/helpers.c | 28 ++++++++++++++--------------
> 1 file changed, 14 insertions(+), 14 deletions(-)
>
> diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c
> index 41aeaf3862ec..f57a08b6dddb 100644
> --- a/kernel/bpf/helpers.c
> +++ b/kernel/bpf/helpers.c
> @@ -1607,26 +1607,12 @@ bpf_base_func_proto(enum bpf_func_id func_id)
> return &bpf_ringbuf_discard_proto;
> case BPF_FUNC_ringbuf_query:
> return &bpf_ringbuf_query_proto;
> - case BPF_FUNC_ringbuf_reserve_dynptr:
> - return &bpf_ringbuf_reserve_dynptr_proto;
> - case BPF_FUNC_ringbuf_submit_dynptr:
> - return &bpf_ringbuf_submit_dynptr_proto;
> - case BPF_FUNC_ringbuf_discard_dynptr:
> - return &bpf_ringbuf_discard_dynptr_proto;
> case BPF_FUNC_strncmp:
> return &bpf_strncmp_proto;
> case BPF_FUNC_strtol:
> return &bpf_strtol_proto;
> case BPF_FUNC_strtoul:
> return &bpf_strtoul_proto;
> - case BPF_FUNC_dynptr_from_mem:
> - return &bpf_dynptr_from_mem_proto;
> - case BPF_FUNC_dynptr_read:
> - return &bpf_dynptr_read_proto;
> - case BPF_FUNC_dynptr_write:
> - return &bpf_dynptr_write_proto;
> - case BPF_FUNC_dynptr_data:
> - return &bpf_dynptr_data_proto;
> default:
> break;
> }
> @@ -1659,6 +1645,20 @@ bpf_base_func_proto(enum bpf_func_id func_id)
> return &bpf_for_each_map_elem_proto;
> case BPF_FUNC_loop:
> return &bpf_loop_proto;
> + case BPF_FUNC_ringbuf_reserve_dynptr:
> + return &bpf_ringbuf_reserve_dynptr_proto;
> + case BPF_FUNC_ringbuf_submit_dynptr:
> + return &bpf_ringbuf_submit_dynptr_proto;
> + case BPF_FUNC_ringbuf_discard_dynptr:
> + return &bpf_ringbuf_discard_dynptr_proto;
> + case BPF_FUNC_dynptr_from_mem:
> + return &bpf_dynptr_from_mem_proto;
> + case BPF_FUNC_dynptr_read:
> + return &bpf_dynptr_read_proto;
> + case BPF_FUNC_dynptr_write:
> + return &bpf_dynptr_write_proto;
> + case BPF_FUNC_dynptr_data:
> + return &bpf_dynptr_data_proto;
> default:
> break;
> }
> --
> 2.34.1
>
