[RFC,4/4] bpf: Restrict Checmate bpf programs to current kernel ABI

Commit Message

Sargun Dhillon Aug. 2, 2016, 11:27 p.m. UTC

At least while this is in testing, I think it makes sense to restrict
Checmate to loading programs that have been compiled with the current
kernel ABI. We can further stabilize the ABI, and perhaps lift this
restriction later.

Signed-off-by: Sargun Dhillon <sargun@sargun.me>
---
 kernel/bpf/syscall.c         | 2 +-
 samples/bpf/checmate1_kern.c | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

Patch

diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index 228f962..2a37b4d 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -741,7 +741,7 @@  static int bpf_prog_load(union bpf_attr *attr)
 	if (attr->insn_cnt >= BPF_MAXINSNS)
 		return -EINVAL;
 
-	if (type == BPF_PROG_TYPE_KPROBE &&
+	if ((type & (BPF_PROG_TYPE_KPROBE | BPF_PROG_TYPE_CHECMATE)) &&
 	    attr->kern_version != LINUX_VERSION_CODE)
 		return -EINVAL;
 
diff --git a/samples/bpf/checmate1_kern.c b/samples/bpf/checmate1_kern.c
index f78b66b..d4ec1fa 100644
--- a/samples/bpf/checmate1_kern.c
+++ b/samples/bpf/checmate1_kern.c
@@ -3,6 +3,7 @@ 
 #include <linux/in.h>
 #include <linux/checmate.h>
 #include "bpf_helpers.h"
+#include <linux/version.h>
 
 SEC("checmate")
 int prog(struct checmate_ctx *ctx)
@@ -24,4 +25,4 @@  int prog(struct checmate_ctx *ctx)
 }
 
 char _license[] SEC("license") = "GPL";
-
+u32 _version SEC("version") = LINUX_VERSION_CODE;