Google Git
Sign in
kernel / pub / scm / linux / kernel / git / luto / linux / 968f3551247a43e1104b198f2e58fb0595d425e7
commit968f3551247a43e1104b198f2e58fb0595d425e7[log] [tgz]
authorAndy Lutomirski <luto@kernel.org>Mon Aug 05 10:03:37 2019 -0700
committerAndy Lutomirski <luto@kernel.org>Mon Aug 05 14:01:56 2019 -0700
tree8bc15181661684670896a31a8f84bd173176f25a
parent3bb110117c983f781f545e69ce35d4fcdd0c543b [diff]
bpf: Add a way to mark functions as requiring privilege

This is horribly incomplete:

 - I only marked one function as requiring privilege, and there are
   surely more.

 - Checking is_priv is probably not the right thing to do.  This should
   probably do something more clever.  At the very lease, it needs to
   integrate with the upcoming lockdown LSM infrastructure.

 - The seen_privileged_funcs mechanism is probably not a good solution.
   Instead we should check something while we still have enough context
   to give a good error message.  But we *don't* want to check for
   capabilities up front before even seeing a function call, since we
   don't want to inadvertently generate audit events for privileges that
   are never used.

So it's the idea that counts :)

Signed-off-by: Andy Lutomirski <luto@kernel.org>
4 files changed
tree: 8bc15181661684670896a31a8f84bd173176f25a
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. LICENSES/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .clang-format
  24. .cocciconfig
  25. .get_maintainer.ignore
  26. .gitattributes
  27. .gitignore
  28. .mailmap
  29. COPYING
  30. CREDITS
  31. Kbuild
  32. Kconfig
  33. MAINTAINERS
  34. Makefile
  35. README