leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
mainlining shenanigans
918,044 Commits 2 Branches 0 Tags 5.1 GiB
C 97.7%
Assembly 1.1%
Shell 0.4%
Makefile 0.3%
Python 0.2%
Other 0.1%
2c78ee898d
Go to file
Alexei Starovoitov 2c78ee898d bpf: Implement CAP_BPF 
Implement permissions as stated in uapi/linux/capability.h
In order to do that the verifier allow_ptr_leaks flag is split
into four flags and they are set as:
  env->allow_ptr_leaks = bpf_allow_ptr_leaks();
  env->bypass_spec_v1 = bpf_bypass_spec_v1();
  env->bypass_spec_v4 = bpf_bypass_spec_v4();
  env->bpf_capable = bpf_capable();

The first three currently equivalent to perfmon_capable(), since leaking kernel
pointers and reading kernel memory via side channel attacks is roughly
equivalent to reading kernel memory with cap_perfmon.

'bpf_capable' enables bounded loops, precision tracking, bpf to bpf calls and
other verifier features. 'allow_ptr_leaks' enable ptr leaks, ptr conversions,
subtraction of pointers. 'bypass_spec_v1' disables speculative analysis in the
verifier, run time mitigations in bpf array, and enables indirect variable
access in bpf programs. 'bypass_spec_v4' disables emission of sanitation code
by the verifier.

That means that the networking BPF program loaded with CAP_BPF + CAP_NET_ADMIN
will have speculative checks done by the verifier and other spectre mitigation
applied. Such networking BPF program will not be able to leak kernel pointers
and will not be able to access arbitrary kernel memory.

Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20200513230355.7858-3-alexei.starovoitov@gmail.com
2020-05-15 17:29:41 +02:00
arch Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2020-05-14 20:31:21 -07:00
block block: remove the bd_openers checks in blk_drop_partitions 2020-04-30 10:25:43 -06:00
certs .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
crypto x86: update AS_* macros to binutils >=2.23, supporting ADX and AVX2 2020-04-09 00:12:48 +09:00
Documentation dt-bindings: dp83867: Convert DP83867 to yaml 2020-05-14 17:58:02 -07:00
drivers bpf: Implement CAP_BPF 2020-05-15 17:29:41 +02:00
fs Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2020-05-14 20:31:21 -07:00
include bpf: Implement CAP_BPF 2020-05-15 17:29:41 +02:00
init Kbuild updates for v5.7 (2nd) 2020-04-11 09:46:12 -07:00
ipc sysctl: pass kernel pointers to ->proc_handler 2020-04-27 02:07:40 -04:00
kernel bpf: Implement CAP_BPF 2020-05-15 17:29:41 +02:00
lib Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-05-06 22:10:13 -07:00
LICENSES LICENSES: Rename other to deprecated 2019-05-03 06:34:32 -06:00
mm Merge branch 'work.sysctl' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2020-04-28 21:23:38 +02:00
net bpf: Implement CAP_BPF 2020-05-15 17:29:41 +02:00
samples samples/bpf: xdp_redirect_cpu: Set MAX_CPUS according to NR_CPUS 2020-05-14 18:27:00 -07:00
scripts Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2020-05-14 20:31:21 -07:00
security bpf, capability: Introduce CAP_BPF 2020-05-15 17:29:41 +02:00
sound sound fixes for 5.7-rc4 2020-05-01 11:05:28 -07:00
tools bpf, bpftool: Allow probing for CONFIG_HZ from kernel config 2020-05-15 08:18:53 -07:00
usr kbuild: fix comment about missing include guard detection 2020-04-11 12:09:48 +09:00
virt KVM: Pass kvm_init()'s opaque param to additional arch funcs 2020-03-31 10:48:03 -04:00
.clang-format clang-format: Update with the latest for_each macro list 2020-04-18 13:49:33 +02:00
.cocciconfig
.get_maintainer.ignore Opt out of scripts/get_maintainer.pl 2019-05-16 10:53:40 -07:00
.gitattributes .gitattributes: use 'dts' diff driver for dts files 2019-12-04 19:44:11 -08:00
.gitignore .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
.mailmap mailmap: Add Sedat Dilek (replacement for expired email address) 2020-04-11 09:28:34 -07:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS MAINTAINERS: Hand MIPS over to Thomas 2020-02-24 22:43:18 -08:00
Kbuild kbuild: rename hostprogs-y/always to hostprogs/always-y 2020-02-04 01:53:07 +09:00
Kconfig docs: kbuild: convert docs to ReST and rename to *.rst 2019-06-14 14:21:21 -06:00
MAINTAINERS hinic: update huawei ethernet driver maintainer 2020-05-14 17:38:30 -07:00
Makefile Linux 5.7-rc4 2020-05-03 14:56:04 -07:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.