Message ID | 20200720124737.118617-2-hch@lst.de |
---|---|
State | Deferred, archived |
Headers | show
Return-Path: <mptcp-bounces@lists.01.org> X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.01.org (client-ip=2001:19d0:306:5::1; helo=ml01.01.org; envelope-from=mptcp-bounces@lists.01.org; receiver=<UNKNOWN>) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=lst.de Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; secure) header.d=infradead.org header.i=@infradead.org header.a=rsa-sha256 header.s=casper.20170209 header.b=HIM07y0S; dkim-atps=neutral Received: from ml01.01.org (ml01.01.org [IPv6:2001:19d0:306:5::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4B9M3H0pj8z9sTM for <incoming@patchwork.ozlabs.org>; Mon, 20 Jul 2020 22:48:27 +1000 (AEST) Received: from ml01.vlan13.01.org (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 26D63123948A2; Mon, 20 Jul 2020 05:48:24 -0700 (PDT) Received-SPF: None (mailfrom) identity=mailfrom; client-ip=2001:8b0:10b:1236::1; helo=casper.infradead.org; envelope-from=batv+d9f98309abae8ab29895+6175+infradead.org+hch@casper.srs.infradead.org; receiver=<UNKNOWN> Received: from casper.infradead.org (casper.infradead.org [IPv6:2001:8b0:10b:1236::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 0DAD512387913 for <mptcp@lists.01.org>; Mon, 20 Jul 2020 05:48:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description; bh=BjAfLkPDE3yZtg4lK7QhOgoW888N1+wDiCi2cbIh45M=; b=HIM07y0S6HWIwmCN7WHloUTyD/ 90NWYxEF7A8OOMt+yg4W0FNSTev46GNQHm0M10gQP0DPfw41j+camChNVNUSzdAS2+W9B6xEJFxj0 4n2KStvYzNC3b3fLRhUHbpg0C1h1bH+rhr3+ykUcvcbFAUG565FRK+y1r6zNQk9xHx3nUtlG0xpfa R4b3lYzoJn2Vsv07mi0Lr720W4t4f2K5zuJDLvkLLB7iLOadFMXPV1+OtITvRH1r7qcG7E4NGoir+ m5wZVdfOiGPje1P9oONZz0Y/9ohF3QfiJ1TkC//hfbo3TJ3Y4xN43vztrFOMr/5DT0r0fJAP1prMs TGHdbaAg==; Received: from [2001:4bb8:105:4a81:2a8f:15b1:2c3:7be7] (helo=localhost) by casper.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1jxVCm-0004WM-TP; Mon, 20 Jul 2020 12:47:41 +0000 From: Christoph Hellwig <hch@lst.de> To: "David S. Miller" <davem@davemloft.net>, Jakub Kicinski <kuba@kernel.org>, Alexei Starovoitov <ast@kernel.org>, Daniel Borkmann <daniel@iogearbox.net>, Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>, Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>, Eric Dumazet <edumazet@google.com> Date: Mon, 20 Jul 2020 14:47:14 +0200 Message-Id: <20200720124737.118617-2-hch@lst.de> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200720124737.118617-1-hch@lst.de> References: <20200720124737.118617-1-hch@lst.de> MIME-Version: 1.0 X-SRS-Rewrite: SMTP reverse-path rewritten from <hch@infradead.org> by casper.infradead.org. See http://www.infradead.org/rpr.html Message-ID-Hash: ZZYCDM6WB6GI762YG7JAKW3ZMY3Q45YE X-Message-ID-Hash: ZZYCDM6WB6GI762YG7JAKW3ZMY3Q45YE X-MailFrom: BATV+d9f98309abae8ab29895+6175+infradead.org+hch@casper.srs.infradead.org X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation CC: linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, bpf@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, linux-sctp@vger.kernel.org, linux-hams@vger.kernel.org, linux-bluetooth@vger.kernel.org, bridge@lists.linux-foundation.org, linux-can@vger.kernel.org, dccp@vger.kernel.org, linux-decnet-user@lists.sourceforge.net, linux-wpan@vger.kernel.org, linux-s390@vger.kernel.org, mptcp@lists.01.org, lvs-devel@vger.kernel.org, rds-devel@oss.oracle.com, linux-afs@lists.infradead.org, tipc-discussion@lists.sourceforge.net, linux-x25@vger.kernel.org X-Mailman-Version: 3.1.1 Precedence: list Subject: [MPTCP] [PATCH 01/24] bpfilter: reject kernel addresses List-Id: Discussions regarding MPTCP upstreaming <mptcp.lists.01.org> Archived-At: <https://lists.01.org/hyperkitty/list/mptcp@lists.01.org/message/ZZYCDM6WB6GI762YG7JAKW3ZMY3Q45YE/> List-Archive: <https://lists.01.org/hyperkitty/list/mptcp@lists.01.org/> List-Help: <mailto:mptcp-request@lists.01.org?subject=help> List-Post: <mailto:mptcp@lists.01.org> List-Subscribe: <mailto:mptcp-join@lists.01.org> List-Unsubscribe: <mailto:mptcp-leave@lists.01.org> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit |
Series |
[01/24] bpfilter: reject kernel addresses
|
expand
|
diff --git a/net/bpfilter/bpfilter_kern.c b/net/bpfilter/bpfilter_kern.c index 2c31e82cb953af..977e9dad72ca4f 100644 --- a/net/bpfilter/bpfilter_kern.c +++ b/net/bpfilter/bpfilter_kern.c @@ -41,6 +41,11 @@ static int __bpfilter_process_sockopt(struct sock *sk, int optname, ssize_t n; int ret = -EFAULT; + if (uaccess_kernel()) { + pr_err("kernel access not supported\n"); + return -EFAULT; + } + req.is_set = is_set; req.pid = current->pid; req.cmd = optname;
When feeding addresses to userspace we can't support kernel addresses that were fed under set_fs(KERNEL_DS) from bpf-cgroup. Signed-off-by: Christoph Hellwig <hch@lst.de> --- net/bpfilter/bpfilter_kern.c | 5 +++++ 1 file changed, 5 insertions(+)