diff options
author | Alexei Starovoitov <ast@fb.com> | 2016-04-06 18:43:28 -0700 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2016-04-07 21:04:26 -0400 |
commit | 32bbe0078afe86a8bf4c67c6b3477781b15e94dc (patch) | |
tree | 8c5290f51108de3a2c98cb7171942fb9d5e36ab2 /kernel/events | |
parent | 9940d67c93b5bb7ddcf862b41b1847cb728186c4 (diff) | |
download | op-kernel-dev-32bbe0078afe86a8bf4c67c6b3477781b15e94dc.zip op-kernel-dev-32bbe0078afe86a8bf4c67c6b3477781b15e94dc.tar.gz |
bpf: sanitize bpf tracepoint access
during bpf program loading remember the last byte of ctx access
and at the time of attaching the program to tracepoint check that
the program doesn't access bytes beyond defined in tracepoint fields
This also disallows access to __dynamic_array fields, but can be
relaxed in the future.
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'kernel/events')
-rw-r--r-- | kernel/events/core.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/kernel/events/core.c b/kernel/events/core.c index e5ffe97..9a01019 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -7133,6 +7133,14 @@ static int perf_event_set_bpf_prog(struct perf_event *event, u32 prog_fd) return -EINVAL; } + if (is_tracepoint) { + int off = trace_event_get_offsets(event->tp_event); + + if (prog->aux->max_ctx_offset > off) { + bpf_prog_put(prog); + return -EACCES; + } + } event->tp_event->prog = prog; return 0; |