On Sun, Nov 20, 2022 at 11:57 AM Yonghong Song <yhs@xxxxxx> wrote:
>
> @@ -8938,6 +8941,24 @@ static int check_kfunc_call(struct bpf_verifier_env *env, struct bpf_insn *insn,
> regs[BPF_REG_0].type = PTR_TO_BTF_ID | PTR_TRUSTED;
> regs[BPF_REG_0].btf = desc_btf;
> regs[BPF_REG_0].btf_id = meta.ret_btf_id;
> + } else if (meta.func_id == special_kfunc_list[KF_bpf_rdonly_cast]) {
> + if (!capable(CAP_PERFMON)) {
> + verbose(env,
> + "kfunc bpf_rdonly_cast requires CAP_PERFMON capability\n");
> + return -EACCES;
> + }
Just realized that bpf_cast_to_kern_ctx() has to be
gated by cap_perfmon as well.
Also the direct capable(CAP_PERFMON) is not quite correct.
It should at least be perfmon_capable().
But even better to use env->allow_ptr_leaks here.
