[PATCH v3 5/5] bpf: save the program the user actually supplied
From: Tycho Andersen <hidden>
Date: 2015-09-30 18:15:21
Also in:
linux-api, lkml
Subsystem:
bpf [general] (safe dynamic programs and tools), bpf [networking] (tcx & tc bpf, sock_addr), networking [general], the rest · Maintainers:
Alexei Starovoitov, Daniel Borkmann, Andrii Nakryiko, Eduard Zingerman, Kumar Kartikeya Dwivedi, Martin KaFai Lau, "David S. Miller", Eric Dumazet, Jakub Kicinski, Paolo Abeni, Linus Torvalds
In some cases (e.g. seccomp) the program result might be translated from the original program the user supplied. If we're saving the result for checkpoint/restore, we should save exactly the program the user initially supplied. This causes problems when the translations seccomp makes are not allowed by bpf_check_classic. Signed-off-by: Tycho Andersen <redacted> CC: Kees Cook <redacted> CC: Will Drewry <wad@chromium.org> CC: Oleg Nesterov <oleg@redhat.com> CC: Andy Lutomirski <luto@amacapital.net> CC: Pavel Emelyanov <redacted> CC: Serge E. Hallyn <redacted> CC: Alexei Starovoitov <ast@kernel.org> CC: Daniel Borkmann <daniel@iogearbox.net> --- net/core/filter.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/net/core/filter.c b/net/core/filter.c
index 70995dd..5a4596b 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c@@ -845,8 +845,7 @@ int bpf_prog_store_orig_filter(struct bpf_prog *fp, fkprog = fp->orig_prog; fkprog->len = fprog->len; - fkprog->filter = kmemdup(fp->insns, fsize, - GFP_KERNEL | __GFP_NOWARN); + fkprog->filter = memdup_user(fprog->filter, fsize); if (!fkprog->filter) { kfree(fp->orig_prog); return -ENOMEM;
--
2.5.0