[PATCH bpf-next v2 4/7] bpf: Attachment verification for BPF_MODIFY_RETURN
Andrii Nakryiko
andrii.nakryiko at gmail.com
Wed Mar 4 05:12:57 UTC 2020
On Tue, Mar 3, 2020 at 5:56 PM KP Singh <kpsingh at chromium.org> wrote:
>
> From: KP Singh <kpsingh at google.com>
>
> - Allow BPF_MODIFY_RETURN attachment only to functions that are:
>
> * Whitelisted by for error injection i.e. by checking
> within_error_injection_list. Similar disucssions happened for the
> bpf_overrie_return helper.
2 typos: discussions and bpf_override_return ;)
>
> * security hooks, this is expected to be cleaned up with the LSM
> changes after the KRSI patches introduce the LSM_HOOK macro:
>
> https://lore.kernel.org/bpf/20200220175250.10795-1-kpsingh@chromium.org/
>
> - The attachment is currently limited to functions that return an int.
> This can be extended later other types (e.g. PTR).
>
> Signed-off-by: KP Singh <kpsingh at google.com>
> ---
Acked-by: Andrii Nakryiko <andriin at fb.com>
> kernel/bpf/btf.c | 28 ++++++++++++++++++++--------
> kernel/bpf/verifier.c | 31 +++++++++++++++++++++++++++++++
> 2 files changed, 51 insertions(+), 8 deletions(-)
>
[...]
More information about the Linux-security-module-archive
mailing list