From patchwork Mon Aug 5 21:29:01 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andy Lutomirski X-Patchwork-Id: 11077805 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B8B7914E5 for ; Mon, 5 Aug 2019 21:29:47 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A9BCE2894E for ; Mon, 5 Aug 2019 21:29:47 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 9E06328957; Mon, 5 Aug 2019 21:29:47 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3FA0D2894E for ; Mon, 5 Aug 2019 21:29:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730589AbfHEV3K (ORCPT ); Mon, 5 Aug 2019 17:29:10 -0400 Received: from mail.kernel.org ([198.145.29.99]:47088 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729834AbfHEV3K (ORCPT ); Mon, 5 Aug 2019 17:29:10 -0400 Received: from localhost (c-67-180-165-146.hsd1.ca.comcast.net [67.180.165.146]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id AF92D20B1F; Mon, 5 Aug 2019 21:29:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1565040549; bh=i/7VrDyauDUnOWh/jBVyZJrYNnTOpmGMAy5qLU3F4nw=; h=From:To:Cc:Subject:Date:From; b=Q1588paOMRvR+ZBYtYE+yN2FFfcmHIDgRgd7iH1g0yCzhvVexdsOJIPYQTBMBp5OZ 6WlMScw0n8g9isPJDN2JqBuEO90jnLk+X/oAxgXqbW6ojPhdBy9b6bZhW7QstRPBjk tOrIfnCooMM/BLNFIrB5H456SrU9o84P5zfumzOE= From: Andy Lutomirski To: LKML , Alexei Starovoitov Cc: Song Liu , Kees Cook , Networking , bpf , Daniel Borkmann , Alexei Starovoitov , Kernel Team , Lorenz Bauer , Jann Horn , Greg KH , Linux API , LSM List , Andy Lutomirski Subject: [WIP 0/4] bpf: A bit of progress toward unprivileged use Date: Mon, 5 Aug 2019 14:29:01 -0700 Message-Id: X-Mailer: git-send-email 2.21.0 MIME-Version: 1.0 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Other than the mknod() patch, this is not ready for prime time. These patches try to make progress toward making bpf() more useful without privilege Andy Lutomirski (4): bpf: Respect persistent map and prog access modes bpf: Don't require mknod() permission to pin an object bpf: Add a way to mark functions as requiring privilege bpf: Allow creating all program types without privilege include/linux/bpf.h | 30 +++++++++++++++----- include/linux/bpf_verifier.h | 1 + kernel/bpf/arraymap.c | 8 +++++- kernel/bpf/cgroup.c | 6 +++- kernel/bpf/inode.c | 29 +++++++++++-------- kernel/bpf/syscall.c | 54 +++++++++++++++++++++++++----------- kernel/bpf/verifier.c | 8 ++++++ kernel/events/core.c | 5 ++-- kernel/trace/bpf_trace.c | 1 + net/core/dev.c | 4 ++- net/core/filter.c | 8 ++++-- net/netfilter/xt_bpf.c | 5 ++-- net/packet/af_packet.c | 2 +- 13 files changed, 115 insertions(+), 46 deletions(-)