Commit d79a3549 authored by Andrii Nakryiko's avatar Andrii Nakryiko Committed by Alexei Starovoitov

bpf: Consistently use BPF token throughout BPF verifier logic

Remove remaining direct queries to perfmon_capable() and bpf_capable()
in BPF verifier logic and instead use BPF token (if available) to make
decisions about privileges.
Signed-off-by: default avatarAndrii Nakryiko <andrii@kernel.org>
Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20240124022127.2379740-9-andrii@kernel.org
parent bbc1d247
...@@ -2261,24 +2261,24 @@ extern int sysctl_unprivileged_bpf_disabled; ...@@ -2261,24 +2261,24 @@ extern int sysctl_unprivileged_bpf_disabled;
bool bpf_token_capable(const struct bpf_token *token, int cap); bool bpf_token_capable(const struct bpf_token *token, int cap);
static inline bool bpf_allow_ptr_leaks(void) static inline bool bpf_allow_ptr_leaks(const struct bpf_token *token)
{ {
return perfmon_capable(); return bpf_token_capable(token, CAP_PERFMON);
} }
static inline bool bpf_allow_uninit_stack(void) static inline bool bpf_allow_uninit_stack(const struct bpf_token *token)
{ {
return perfmon_capable(); return bpf_token_capable(token, CAP_PERFMON);
} }
static inline bool bpf_bypass_spec_v1(void) static inline bool bpf_bypass_spec_v1(const struct bpf_token *token)
{ {
return cpu_mitigations_off() || perfmon_capable(); return cpu_mitigations_off() || bpf_token_capable(token, CAP_PERFMON);
} }
static inline bool bpf_bypass_spec_v4(void) static inline bool bpf_bypass_spec_v4(const struct bpf_token *token)
{ {
return cpu_mitigations_off() || perfmon_capable(); return cpu_mitigations_off() || bpf_token_capable(token, CAP_PERFMON);
} }
int bpf_map_new_fd(struct bpf_map *map, int flags); int bpf_map_new_fd(struct bpf_map *map, int flags);
......
...@@ -1140,7 +1140,7 @@ static inline bool bpf_jit_blinding_enabled(struct bpf_prog *prog) ...@@ -1140,7 +1140,7 @@ static inline bool bpf_jit_blinding_enabled(struct bpf_prog *prog)
return false; return false;
if (!bpf_jit_harden) if (!bpf_jit_harden)
return false; return false;
if (bpf_jit_harden == 1 && bpf_capable()) if (bpf_jit_harden == 1 && bpf_token_capable(prog->aux->token, CAP_BPF))
return false; return false;
return true; return true;
......
...@@ -82,7 +82,7 @@ static struct bpf_map *array_map_alloc(union bpf_attr *attr) ...@@ -82,7 +82,7 @@ static struct bpf_map *array_map_alloc(union bpf_attr *attr)
bool percpu = attr->map_type == BPF_MAP_TYPE_PERCPU_ARRAY; bool percpu = attr->map_type == BPF_MAP_TYPE_PERCPU_ARRAY;
int numa_node = bpf_map_attr_numa_node(attr); int numa_node = bpf_map_attr_numa_node(attr);
u32 elem_size, index_mask, max_entries; u32 elem_size, index_mask, max_entries;
bool bypass_spec_v1 = bpf_bypass_spec_v1(); bool bypass_spec_v1 = bpf_bypass_spec_v1(NULL);
u64 array_size, mask64; u64 array_size, mask64;
struct bpf_array *array; struct bpf_array *array;
......
...@@ -682,7 +682,7 @@ static bool bpf_prog_kallsyms_candidate(const struct bpf_prog *fp) ...@@ -682,7 +682,7 @@ static bool bpf_prog_kallsyms_candidate(const struct bpf_prog *fp)
void bpf_prog_kallsyms_add(struct bpf_prog *fp) void bpf_prog_kallsyms_add(struct bpf_prog *fp)
{ {
if (!bpf_prog_kallsyms_candidate(fp) || if (!bpf_prog_kallsyms_candidate(fp) ||
!bpf_capable()) !bpf_token_capable(fp->aux->token, CAP_BPF))
return; return;
bpf_prog_ksym_set_addr(fp); bpf_prog_ksym_set_addr(fp);
......
...@@ -20830,7 +20830,12 @@ int bpf_check(struct bpf_prog **prog, union bpf_attr *attr, bpfptr_t uattr, __u3 ...@@ -20830,7 +20830,12 @@ int bpf_check(struct bpf_prog **prog, union bpf_attr *attr, bpfptr_t uattr, __u3
env->prog = *prog; env->prog = *prog;
env->ops = bpf_verifier_ops[env->prog->type]; env->ops = bpf_verifier_ops[env->prog->type];
env->fd_array = make_bpfptr(attr->fd_array, uattr.is_kernel); env->fd_array = make_bpfptr(attr->fd_array, uattr.is_kernel);
is_priv = bpf_capable();
env->allow_ptr_leaks = bpf_allow_ptr_leaks(env->prog->aux->token);
env->allow_uninit_stack = bpf_allow_uninit_stack(env->prog->aux->token);
env->bypass_spec_v1 = bpf_bypass_spec_v1(env->prog->aux->token);
env->bypass_spec_v4 = bpf_bypass_spec_v4(env->prog->aux->token);
env->bpf_capable = is_priv = bpf_token_capable(env->prog->aux->token, CAP_BPF);
bpf_get_btf_vmlinux(); bpf_get_btf_vmlinux();
...@@ -20862,12 +20867,6 @@ int bpf_check(struct bpf_prog **prog, union bpf_attr *attr, bpfptr_t uattr, __u3 ...@@ -20862,12 +20867,6 @@ int bpf_check(struct bpf_prog **prog, union bpf_attr *attr, bpfptr_t uattr, __u3
if (attr->prog_flags & BPF_F_ANY_ALIGNMENT) if (attr->prog_flags & BPF_F_ANY_ALIGNMENT)
env->strict_alignment = false; env->strict_alignment = false;
env->allow_ptr_leaks = bpf_allow_ptr_leaks();
env->allow_uninit_stack = bpf_allow_uninit_stack();
env->bypass_spec_v1 = bpf_bypass_spec_v1();
env->bypass_spec_v4 = bpf_bypass_spec_v4();
env->bpf_capable = bpf_capable();
if (is_priv) if (is_priv)
env->test_state_freq = attr->prog_flags & BPF_F_TEST_STATE_FREQ; env->test_state_freq = attr->prog_flags & BPF_F_TEST_STATE_FREQ;
env->test_reg_invariants = attr->prog_flags & BPF_F_TEST_REG_INVARIANTS; env->test_reg_invariants = attr->prog_flags & BPF_F_TEST_REG_INVARIANTS;
......
...@@ -8580,7 +8580,7 @@ static bool cg_skb_is_valid_access(int off, int size, ...@@ -8580,7 +8580,7 @@ static bool cg_skb_is_valid_access(int off, int size,
return false; return false;
case bpf_ctx_range(struct __sk_buff, data): case bpf_ctx_range(struct __sk_buff, data):
case bpf_ctx_range(struct __sk_buff, data_end): case bpf_ctx_range(struct __sk_buff, data_end):
if (!bpf_capable()) if (!bpf_token_capable(prog->aux->token, CAP_BPF))
return false; return false;
break; break;
} }
...@@ -8592,7 +8592,7 @@ static bool cg_skb_is_valid_access(int off, int size, ...@@ -8592,7 +8592,7 @@ static bool cg_skb_is_valid_access(int off, int size,
case bpf_ctx_range_till(struct __sk_buff, cb[0], cb[4]): case bpf_ctx_range_till(struct __sk_buff, cb[0], cb[4]):
break; break;
case bpf_ctx_range(struct __sk_buff, tstamp): case bpf_ctx_range(struct __sk_buff, tstamp):
if (!bpf_capable()) if (!bpf_token_capable(prog->aux->token, CAP_BPF))
return false; return false;
break; break;
default: default:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment