diff options
author | Alexei Starovoitov <ast@fb.com> | 2016-04-07 03:43:28 +0200 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2016-04-08 03:04:26 +0200 |
commit | 32bbe0078afe86a8bf4c67c6b3477781b15e94dc (patch) | |
tree | 8c5290f51108de3a2c98cb7171942fb9d5e36ab2 /kernel/events | |
parent | bpf: support bpf_get_stackid() and bpf_perf_event_output() in tracepoint prog... (diff) | |
download | linux-32bbe0078afe86a8bf4c67c6b3477781b15e94dc.tar.xz linux-32bbe0078afe86a8bf4c67c6b3477781b15e94dc.zip |
bpf: sanitize bpf tracepoint access
during bpf program loading remember the last byte of ctx access
and at the time of attaching the program to tracepoint check that
the program doesn't access bytes beyond defined in tracepoint fields
This also disallows access to __dynamic_array fields, but can be
relaxed in the future.
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'kernel/events')
-rw-r--r-- | kernel/events/core.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/kernel/events/core.c b/kernel/events/core.c index e5ffe97d6166..9a01019ff7c8 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -7133,6 +7133,14 @@ static int perf_event_set_bpf_prog(struct perf_event *event, u32 prog_fd) return -EINVAL; } + if (is_tracepoint) { + int off = trace_event_get_offsets(event->tp_event); + + if (prog->aux->max_ctx_offset > off) { + bpf_prog_put(prog); + return -EACCES; + } + } event->tp_event->prog = prog; return 0; |