On 09/11/2015 02:21 AM, Tycho Andersen wrote:
This patch adds a way for a process that is "real root" to access the
seccomp filters of another process. The process first does a
PTRACE_SECCOMP_GET_FILTER_FD to get an fd with that process' seccomp filter
attached, and then iterates on this with PTRACE_SECCOMP_NEXT_FILTER using
bpf(BPF_PROG_DUMP) to dump the actual program at each step.
Signed-off-by: Tycho Andersen <[email protected]>
CC: Kees Cook <[email protected]>
CC: Will Drewry <[email protected]>
CC: Oleg Nesterov <[email protected]>
CC: Andy Lutomirski <[email protected]>
CC: Pavel Emelyanov <[email protected]>
CC: Serge E. Hallyn <[email protected]>
CC: Alexei Starovoitov <[email protected]>
CC: Daniel Borkmann <[email protected]>
[...]
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index 58ae9f4..ac3ed1c 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -506,6 +506,30 @@ struct bpf_prog *bpf_prog_get(u32 ufd)
}
EXPORT_SYMBOL_GPL(bpf_prog_get);
+int bpf_prog_set(u32 ufd, struct bpf_prog *new)
+{
+ struct fd f;
+ struct bpf_prog *prog;
+
+ f = fdget(ufd);
+
+ prog = get_prog(f);
+ if (!IS_ERR(prog) && prog)
+ bpf_prog_put(prog);
+
+ atomic_inc(&new->aux->refcnt);
+ f.file->private_data = new;
+ fdput(f);
+ return 0;
So in case get_prog() fails, and for example f.file is infact NULL,
you assign the bpf prog then to ERR_PTR(-EBADF)'s private_data? :(
+}
+EXPORT_SYMBOL_GPL(bpf_prog_set);
+
+int bpf_new_fd(struct bpf_prog *prog, int flags)
+{
+ return anon_inode_getfd("bpf-prog", &bpf_prog_fops, prog, flags);
+}
+EXPORT_SYMBOL_GPL(bpf_new_fd);
Any reason why these two need to be exported for modules? Which
modules are using them?
I think modules should probably not mess with this.
If you already name it generic, it would also be good if bpf_new_fd()
is used in case of maps that call anon_inode_getfd(), too.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
