| Message ID | 20240426231621.2716876-1-sdf@google.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE | expand |
Hello: This series was applied to bpf/bpf.git (master) by Martin KaFai Lau <martin.lau@kernel.org>: On Fri, 26 Apr 2024 16:16:17 -0700 you wrote: > Syzkaller found a case where it's possible to attach cgroup_skb program > to the sockopt hooks. Apparently it's currently possible to do that, > but only when using BPF_LINK_CREATE API. The first patch in the series > has more info on why that happens. > > Stanislav Fomichev (3): > bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in > BPF_LINK_CREATE > selftests/bpf: Extend sockopt tests to use BPF_LINK_CREATE > selftests/bpf: Add sockopt case to verify prog_type > > [...] Here is the summary with links: - [bpf,1/3] bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE https://git.kernel.org/bpf/bpf/c/543576ec15b1 - [bpf,2/3] selftests/bpf: Extend sockopt tests to use BPF_LINK_CREATE https://git.kernel.org/bpf/bpf/c/d70b2660e75b - [bpf,3/3] selftests/bpf: Add sockopt case to verify prog_type https://git.kernel.org/bpf/bpf/c/095ddb501b39 You are awesome, thank you!
Syzkaller found a case where it's possible to attach cgroup_skb program to the sockopt hooks. Apparently it's currently possible to do that, but only when using BPF_LINK_CREATE API. The first patch in the series has more info on why that happens. Stanislav Fomichev (3): bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE selftests/bpf: Extend sockopt tests to use BPF_LINK_CREATE selftests/bpf: Add sockopt case to verify prog_type kernel/bpf/syscall.c | 5 ++ .../selftests/bpf/prog_tests/sockopt.c | 65 ++++++++++++++++--- 2 files changed, 62 insertions(+), 8 deletions(-)