OpenCloudOS-Kernel/net
Daniel Borkmann 2e4a30983b bpf: restrict access to core bpf sysctls
Given BPF reaches far beyond just networking these days, it was
never intended to allow setting and in some cases reading those
knobs out of a user namespace root running without CAP_SYS_ADMIN,
thus tighten such access.

Also the bpf_jit_enable = 2 debugging mode should only be allowed
if kptr_restrict is not set since it otherwise can leak addresses
to the kernel log. Dump a note to the kernel log that this is for
debugging JITs only when enabled.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2018-01-19 18:37:00 -08:00
..
6lowpan License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
9p 9p: add missing module license for xen transport 2018-01-15 13:13:53 -05:00
802 treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
8021q net: delete /proc THIS_MODULE references 2018-01-16 15:01:33 -05:00
appletalk net: delete /proc THIS_MODULE references 2018-01-16 15:01:33 -05:00
atm net: delete /proc THIS_MODULE references 2018-01-16 15:01:33 -05:00
ax25 net: delete /proc THIS_MODULE references 2018-01-16 15:01:33 -05:00
batman-adv batman-adv: Convert packet.h to uapi header 2017-12-21 15:35:53 -05:00
bluetooth Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-01-17 00:10:42 -05:00
bpf bpf: add meta pointer for direct access 2017-09-26 13:36:44 -07:00
bridge netfilter: remove struct nf_afinfo and its helper functions 2018-01-08 18:11:02 +01:00
caif Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-01-11 22:13:42 -05:00
can net: delete /proc THIS_MODULE references 2018-01-16 15:01:33 -05:00
ceph We have a set of file locking improvements from Zheng, rbd rw/ro 2017-11-21 05:38:32 -10:00
core bpf: restrict access to core bpf sysctls 2018-01-19 18:37:00 -08:00
dcb rtnetlink: make rtnl_register accept a flags parameter 2017-08-09 16:57:38 -07:00
dccp net: dccp: Remove dccpprobe module 2018-01-02 14:27:30 -05:00
decnet net: delete /proc THIS_MODULE references 2018-01-16 15:01:33 -05:00
dns_resolver KEYS: Fix race between updating and finding a negative key 2017-10-18 09:12:40 +01:00
dsa net: dsa: Move padding into Broadcom tagger 2018-01-05 11:21:31 -05:00
ethernet
hsr net: hsr: Convert timers to use timer_setup() 2017-10-25 13:00:27 +09:00
ieee802154 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-11-04 09:26:51 +09:00
ife MAINTAINERS: Update Yotam's E-mail 2017-11-01 12:19:03 +09:00
ipv4 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-01-17 00:10:42 -05:00
ipv6 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-01-17 00:10:42 -05:00
ipx net: delete /proc THIS_MODULE references 2018-01-16 15:01:33 -05:00
iucv
kcm net: delete /proc THIS_MODULE references 2018-01-16 15:01:33 -05:00
key af_key: Fix memory leak in key_notify_policy. 2018-01-10 09:45:11 +01:00
l2tp net: delete /proc THIS_MODULE references 2018-01-16 15:01:33 -05:00
l3mdev
lapb treewide: Remove TIMER_FUNC_TYPE and TIMER_DATA_TYPE casts 2017-11-21 16:35:54 -08:00
llc net: delete /proc THIS_MODULE references 2018-01-16 15:01:33 -05:00
mac80211 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-01-09 10:37:00 -05:00
mac802154 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-11-04 09:26:51 +09:00
mpls net: use rtnl_register_module where needed 2017-12-04 11:32:39 -05:00
ncsi net/ncsi: Don't take any action on HNCDSC AEN 2017-12-18 14:50:11 -05:00
netfilter Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-01-09 10:37:00 -05:00
netlabel net/netlabel: Add list_next_rcu() in rcu_dereference(). 2017-11-18 10:32:41 +09:00
netlink Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-01-17 00:10:42 -05:00
netrom net: delete /proc THIS_MODULE references 2018-01-16 15:01:33 -05:00
nfc treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
nsh openvswitch: enable NSH support 2017-11-08 16:12:33 +09:00
openvswitch Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-01-17 00:10:42 -05:00
packet net: delete /proc THIS_MODULE references 2018-01-16 15:01:33 -05:00
phonet net: delete /proc THIS_MODULE references 2018-01-16 15:01:33 -05:00
psample MAINTAINERS: Update Yotam's E-mail 2017-11-01 12:19:03 +09:00
qrtr net: use rtnl_register_module where needed 2017-12-04 11:32:39 -05:00
rds Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-01-09 10:37:00 -05:00
rfkill
rose net: delete /proc THIS_MODULE references 2018-01-16 15:01:33 -05:00
rxrpc net: delete /proc THIS_MODULE references 2018-01-16 15:01:33 -05:00
sched net: sched: allow ingress and clsact qdiscs to share filter blocks 2018-01-17 14:53:57 -05:00
sctp Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-01-17 00:10:42 -05:00
smc smc: support variable CLC proposal messages 2017-12-07 15:03:12 -05:00
strparser strparser: Call sock_owned_by_user_nocheck 2017-12-28 14:28:22 -05:00
sunrpc NFS client fixes for Linux 4.15-rc4 2017-12-16 13:12:53 -08:00
switchdev net: bridge: Add/del switchdev object on host join/leave 2017-11-10 13:41:40 +09:00
tipc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-01-17 00:10:42 -05:00
tls net/tls: Fix inverted error codes to avoid endless loop 2018-01-15 14:21:57 -05:00
unix net: delete /proc THIS_MODULE references 2018-01-16 15:01:33 -05:00
vmw_vsock VSOCK: fix outdated sk_state value in hvs_release() 2017-12-05 15:07:37 -05:00
wimax License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
wireless Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-01-17 00:10:42 -05:00
x25 treewide: Remove TIMER_FUNC_TYPE and TIMER_DATA_TYPE casts 2017-11-21 16:35:54 -08:00
xfrm Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-01-17 00:10:42 -05:00
Kconfig netfilter: don't allocate space for arp/bridge hooks unless needed 2018-01-08 18:01:11 +01:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
compat.c net: compat: assert the size of cmsg copied in is as expected 2017-09-20 15:36:18 -07:00
socket.c bpf: get rid of pure_initcall dependency to enable jits 2018-01-19 18:37:00 -08:00
sysctl_net.c