summaryrefslogtreecommitdiffstats
path: root/kernel/events
diff options
context:
space:
mode:
authorAlexei Starovoitov <ast@fb.com>2016-04-07 03:43:28 +0200
committerDavid S. Miller <davem@davemloft.net>2016-04-08 03:04:26 +0200
commit32bbe0078afe86a8bf4c67c6b3477781b15e94dc (patch)
tree8c5290f51108de3a2c98cb7171942fb9d5e36ab2 /kernel/events
parentbpf: support bpf_get_stackid() and bpf_perf_event_output() in tracepoint prog... (diff)
downloadlinux-32bbe0078afe86a8bf4c67c6b3477781b15e94dc.tar.xz
linux-32bbe0078afe86a8bf4c67c6b3477781b15e94dc.zip
bpf: sanitize bpf tracepoint access
during bpf program loading remember the last byte of ctx access and at the time of attaching the program to tracepoint check that the program doesn't access bytes beyond defined in tracepoint fields This also disallows access to __dynamic_array fields, but can be relaxed in the future. Signed-off-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'kernel/events')
-rw-r--r--kernel/events/core.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/kernel/events/core.c b/kernel/events/core.c
index e5ffe97d6166..9a01019ff7c8 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -7133,6 +7133,14 @@ static int perf_event_set_bpf_prog(struct perf_event *event, u32 prog_fd)
return -EINVAL;
}
+ if (is_tracepoint) {
+ int off = trace_event_get_offsets(event->tp_event);
+
+ if (prog->aux->max_ctx_offset > off) {
+ bpf_prog_put(prog);
+ return -EACCES;
+ }
+ }
event->tp_event->prog = prog;
return 0;