leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ab21c1b5f7
linux/tools/testing
History
Daniel Borkmann ab21c1b5f7 bpf: disallow direct packet access for unpriv in cg_skb 
Commit b39b5f411d ("bpf: add cg_skb_is_valid_access for
BPF_PROG_TYPE_CGROUP_SKB") added support for returning pkt pointers
for direct packet access. Given this program type is allowed for both
unprivileged and privileged users, we shouldn't allow unprivileged
ones to use it, e.g. besides others one reason would be to avoid any
potential speculation on the packet test itself, thus guard this for
root only.

Fixes: b39b5f411d ("bpf: add cg_skb_is_valid_access for BPF_PROG_TYPE_CGROUP_SKB")
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Cc: Song Liu <songliubraving@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2018-10-25 17:02:06 -07:00
..
fault-injection License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ktest These commits have either been sitting in my INBOX or have been 2018-04-11 16:42:27 -07:00
nvdimm tools/testing/nvdimm: improve emulation of smart injection 2018-07-31 17:05:19 -07:00
radix-tree test_ida: check_ida_destroy and check_ida_alloc 2018-08-21 23:54:21 -04:00
scatterlist tools/testing/scatterlist: Test new __sg_alloc_table_from_pages 2017-09-07 10:54:40 +01:00
selftests bpf: disallow direct packet access for unpriv in cg_skb 2018-10-25 17:02:06 -07:00
vsock VSOCK: add tools/testing/vsock/vsock_diag_test 2017-10-05 18:44:17 -07:00