[PATCH bpf-next v2 4/7] bpf: Attachment verification for BPF_MODIFY_RETURN
kpsingh at chromium.org
Wed Mar 4 15:13:37 UTC 2020
On 03-Mär 21:12, Andrii Nakryiko wrote:
> On Tue, Mar 3, 2020 at 5:56 PM KP Singh <kpsingh at chromium.org> wrote:
> > From: KP Singh <kpsingh at google.com>
> > - Allow BPF_MODIFY_RETURN attachment only to functions that are:
> > * Whitelisted by for error injection i.e. by checking
> > within_error_injection_list. Similar disucssions happened for the
> > bpf_overrie_return helper.
> 2 typos: discussions and bpf_override_return ;)
/me bows his head in shame ;) Fixed.
> > * security hooks, this is expected to be cleaned up with the LSM
> > changes after the KRSI patches introduce the LSM_HOOK macro:
> > https://email@example.com/
> > - The attachment is currently limited to functions that return an int.
> > This can be extended later other types (e.g. PTR).
> > Signed-off-by: KP Singh <kpsingh at google.com>
> > ---
> Acked-by: Andrii Nakryiko <andriin at fb.com>
> > kernel/bpf/btf.c | 28 ++++++++++++++++++++--------
> > kernel/bpf/verifier.c | 31 +++++++++++++++++++++++++++++++
> > 2 files changed, 51 insertions(+), 8 deletions(-)
More information about the Linux-security-module-archive