Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit fba01951 authored by Al Viro's avatar Al Viro Committed by Chenbo Feng
Browse files

BACKPORT: fix "netfilter: xt_bpf: Fix XT_BPF_MODE_FD_PINNED mode of 'xt_bpf_info_v1'" 



Descriptor table is a shared object; it's not a place where you can
stick temporary references to files, especially when we don't need
an opened file at all.

Cc: stable@vger.kernel.org # v4.14
Fixes: 98589a09 ("netfilter: xt_bpf: Fix XT_BPF_MODE_FD_PINNED mode of 'xt_bpf_info_v1'")
Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
Signed-off-by: default avatarChenbo Feng <fengc@google.com>

Removed the code related to function bpf_prog_get_ok() since it is not
exsit in current android tree.
(cherry picked from commit 040ee69226f8a96b7943645d68f41d5d44b5ff7d)

Change-Id: If7a602128cdea4b4b50c8effb215c9bca7449515
parent 03a01b78

include/linux/bpf.h

+8 −0
Original line number Diff line number Diff line
@@ -332,6 +332,8 @@ static inline void bpf_long_memcpy(void *dst, const void *src, u32 size) 
/* verify correctness of eBPF program */

int bpf_check(struct bpf_prog **fp, union bpf_attr *attr);



struct bpf_prog *bpf_prog_get_type_path(const char *name, enum bpf_prog_type type);



/* Map specifics */

struct net_device  *__dev_map_lookup_elem(struct bpf_map *map, u32 key);

void __dev_map_insert_ctx(struct bpf_map *map, u32 index);
@@ -394,6 +396,12 @@ static inline int bpf_obj_get_user(const char __user *pathname, int flags) 
	return -EOPNOTSUPP;

}



static inline struct bpf_prog *bpf_prog_get_type_path(const char *name,

				enum bpf_prog_type type)

{

	return ERR_PTR(-EOPNOTSUPP);

}



static inline struct net_device  *__dev_map_lookup_elem(struct bpf_map *map,

						       u32 key)

{

kernel/bpf/inode.c

+36 −1
Original line number Diff line number Diff line
@@ -368,7 +368,42 @@ int bpf_obj_get_user(const char __user *pathname, int flags) 
	putname(pname);

	return ret;

}

EXPORT_SYMBOL_GPL(bpf_obj_get_user);



static struct bpf_prog *__get_prog_inode(struct inode *inode, enum bpf_prog_type type)

{

	struct bpf_prog *prog;

	int ret = inode_permission(inode, MAY_READ | MAY_WRITE);

	if (ret)

		return ERR_PTR(ret);



	if (inode->i_op == &bpf_map_iops)

		return ERR_PTR(-EINVAL);

	if (inode->i_op != &bpf_prog_iops)

		return ERR_PTR(-EACCES);



	prog = inode->i_private;



	ret = security_bpf_prog(prog);

	if (ret < 0)

		return ERR_PTR(ret);



	return bpf_prog_inc(prog);

}



struct bpf_prog *bpf_prog_get_type_path(const char *name, enum bpf_prog_type type)

{

	struct bpf_prog *prog;

	struct path path;

	int ret = kern_path(name, LOOKUP_FOLLOW, &path);

	if (ret)

		return ERR_PTR(ret);

	prog = __get_prog_inode(d_backing_inode(path.dentry), type);

	if (!IS_ERR(prog))

		touch_atime(&path);

	path_put(&path);

	return prog;

}

EXPORT_SYMBOL(bpf_prog_get_type_path);



/*

 * Display the mount options in /proc/mounts.

net/netfilter/xt_bpf.c

+2 −11
Original line number Diff line number Diff line
@@ -55,21 +55,12 @@ static int __bpf_mt_check_fd(int fd, struct bpf_prog **ret) 


static int __bpf_mt_check_path(const char *path, struct bpf_prog **ret)

{

	mm_segment_t oldfs = get_fs();

	int retval, fd;



	if (strnlen(path, XT_BPF_PATH_MAX) == XT_BPF_PATH_MAX)

		return -EINVAL;



	set_fs(KERNEL_DS);

	fd = bpf_obj_get_user(path, 0);

	set_fs(oldfs);

	if (fd < 0)

		return fd;

	*ret = bpf_prog_get_type_path(path, BPF_PROG_TYPE_SOCKET_FILTER);

	return PTR_ERR_OR_ZERO(*ret);



	retval = __bpf_mt_check_fd(fd, ret);

	sys_close(fd);

	return retval;

}



static int bpf_mt_check(const struct xt_mtchk_param *par)