diff options
author | Roman Gushchin <guro@fb.com> | 2018-08-02 23:27:23 +0200 |
---|---|---|
committer | Daniel Borkmann <daniel@iogearbox.net> | 2018-08-03 00:47:32 +0200 |
commit | 7b5dd2bde72cd33313b63cf3ba1de6a9e443a65d (patch) | |
tree | 06a6c42736847c306dbb7e89d72933501b197e45 | |
parent | bpf/verifier: introduce BPF_PTR_TO_MAP_VALUE (diff) | |
download | linux-7b5dd2bde72cd33313b63cf3ba1de6a9e443a65d.tar.xz linux-7b5dd2bde72cd33313b63cf3ba1de6a9e443a65d.zip |
bpf: don't allow create maps of cgroup local storages
As there is one-to-one relation between a bpf program
and cgroup local storage map, there is no sense in
creating a map of cgroup local storage maps.
Forbid it explicitly to avoid possible side effects.
Signed-off-by: Roman Gushchin <guro@fb.com>
Cc: Alexei Starovoitov <ast@kernel.org>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
-rw-r--r-- | kernel/bpf/map_in_map.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/kernel/bpf/map_in_map.c b/kernel/bpf/map_in_map.c index 1da574612bea..3bfbf4464416 100644 --- a/kernel/bpf/map_in_map.c +++ b/kernel/bpf/map_in_map.c @@ -23,7 +23,8 @@ struct bpf_map *bpf_map_meta_alloc(int inner_map_ufd) * is a runtime binding. Doing static check alone * in the verifier is not enough. */ - if (inner_map->map_type == BPF_MAP_TYPE_PROG_ARRAY) { + if (inner_map->map_type == BPF_MAP_TYPE_PROG_ARRAY || + inner_map->map_type == BPF_MAP_TYPE_CGROUP_STORAGE) { fdput(f); return ERR_PTR(-ENOTSUPP); } |