[PATCH 01/24] bpfilter: reject kernel addresses

From: Christoph Hellwig
Date: Mon Jul 20 2020 - 08:53:04 EST

Next message: Christoph Hellwig: "[PATCH 02/24] bpfilter: fix up a sparse annotation"
Previous message: Hari Bathini: "[PATCH v4 02/12] powerpc/kexec_file: mark PPC64 specific code"
In reply to: Christoph Hellwig: "[PATCH 05/24] net: switch sock_setbindtodevice to sockptr_t"
Next in thread: Christoph Hellwig: "[PATCH 02/24] bpfilter: fix up a sparse annotation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

When feeding addresses to userspace we can't support kernel addresses
that were fed under set_fs(KERNEL_DS) from bpf-cgroup.

Signed-off-by: Christoph Hellwig <hch@xxxxxx>
---
net/bpfilter/bpfilter_kern.c | 5 +++++
1 file changed, 5 insertions(+)

diff --git a/net/bpfilter/bpfilter_kern.c b/net/bpfilter/bpfilter_kern.c
index 2c31e82cb953af..977e9dad72ca4f 100644
--- a/net/bpfilter/bpfilter_kern.c
+++ b/net/bpfilter/bpfilter_kern.c
@@ -41,6 +41,11 @@ static int __bpfilter_process_sockopt(struct sock *sk, int optname,
ssize_t n;
int ret = -EFAULT;

+ if (uaccess_kernel()) {
+ pr_err("kernel access not supported\n");
+ return -EFAULT;
+ }
+
req.is_set = is_set;
req.pid = current->pid;
req.cmd = optname;
--
2.27.0

Next message: Christoph Hellwig: "[PATCH 02/24] bpfilter: fix up a sparse annotation"
Previous message: Hari Bathini: "[PATCH v4 02/12] powerpc/kexec_file: mark PPC64 specific code"
In reply to: Christoph Hellwig: "[PATCH 05/24] net: switch sock_setbindtodevice to sockptr_t"
Next in thread: Christoph Hellwig: "[PATCH 02/24] bpfilter: fix up a sparse annotation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]