summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRoman Gushchin <guro@fb.com>2018-08-02 23:27:23 +0200
committerDaniel Borkmann <daniel@iogearbox.net>2018-08-03 00:47:32 +0200
commit7b5dd2bde72cd33313b63cf3ba1de6a9e443a65d (patch)
tree06a6c42736847c306dbb7e89d72933501b197e45
parentbpf/verifier: introduce BPF_PTR_TO_MAP_VALUE (diff)
downloadlinux-7b5dd2bde72cd33313b63cf3ba1de6a9e443a65d.tar.xz
linux-7b5dd2bde72cd33313b63cf3ba1de6a9e443a65d.zip
bpf: don't allow create maps of cgroup local storages
As there is one-to-one relation between a bpf program and cgroup local storage map, there is no sense in creating a map of cgroup local storage maps. Forbid it explicitly to avoid possible side effects. Signed-off-by: Roman Gushchin <guro@fb.com> Cc: Alexei Starovoitov <ast@kernel.org> Cc: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Martin KaFai Lau <kafai@fb.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
-rw-r--r--kernel/bpf/map_in_map.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/kernel/bpf/map_in_map.c b/kernel/bpf/map_in_map.c
index 1da574612bea..3bfbf4464416 100644
--- a/kernel/bpf/map_in_map.c
+++ b/kernel/bpf/map_in_map.c
@@ -23,7 +23,8 @@ struct bpf_map *bpf_map_meta_alloc(int inner_map_ufd)
* is a runtime binding. Doing static check alone
* in the verifier is not enough.
*/
- if (inner_map->map_type == BPF_MAP_TYPE_PROG_ARRAY) {
+ if (inner_map->map_type == BPF_MAP_TYPE_PROG_ARRAY ||
+ inner_map->map_type == BPF_MAP_TYPE_CGROUP_STORAGE) {
fdput(f);
return ERR_PTR(-ENOTSUPP);
}