Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp1436308rwl; Sun, 26 Mar 2023 02:24:55 -0700 (PDT) X-Google-Smtp-Source: AKy350YZuJajArThRHPZDVpa6PDaZcBBrUuWTYxPMvUB4z1UeF2SbbfomLMcfiKn+JoQNmjT+/dh X-Received: by 2002:a17:906:b159:b0:93d:b767:9fea with SMTP id bt25-20020a170906b15900b0093db7679feamr7635991ejb.31.1679822694948; Sun, 26 Mar 2023 02:24:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1679822694; cv=none; d=google.com; s=arc-20160816; b=kz99EvR8CZDnOkG8Gd8gzhav9Ju37M/yS1tjlZ2ALMvhhSHycVbvi/Lmlm9pllZ7Zn acKO1dJKL6++JchRCrchL5NsszeKTpk88G6FHVAayqzGFduh/Hl8UjBfil3+x5ybRgxq /5ii01l4K0XXbL8de5JmsSnYmMT6EcpM2PHKWn1ZjbY1Jggs+Dq8ojRt4ttcV5rtkrfk pK9UfXDwBLNKrxB2UTqls8gL9fLoTesSpPaTXtFCk5MV55nWjbVrLiJZjYZ/GBYEzJr0 Pjaq7JKo87h12qDlWEAvAGmdReUVVbMt6GVlpTjlvCoomEroGFwwyG+7P4AJqNwTRzlU o47Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=jEt9rMCN/8rHzWzG6uXe7mNBDuuwgA3Px4yTSwTLem8=; b=Gv8VrtIsqab/hcGRLcrRVg4T4ZzKlNW9BPM0vdUzccknZzcYLyH5cBQStD1Hvk/vIP eDCpV7FmoljjBZ1tD5D8jDZNHh4g9htImH+3TzQQWRhbG7rAmhxGn/UXkxmnSqEVaG9/ FyfUbQwZRvdPPh4P4vKyY6NmmENSUy9Urq8l+pBK1yDQpsSkmegtG8qmak/eMCEqdP4E 4tuBP8ZTKI1bgPW1XtVsLiXvGiv7F59yzifCgU+L4cOARyYsl/sZ21J7y0zykIhfzbvh 1ikCq2ufARlbQ1z7gHGULTSupTE+kMJfRfwIF/H7CUyInSg4nvU0PbkAt8A6WzMHUsJz SiQg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=Uq763ijS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id gz18-20020a170906f2d200b0093f220a3f1fsi3028553ejb.626.2023.03.26.02.24.31; Sun, 26 Mar 2023 02:24:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=Uq763ijS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232100AbjCZJW4 (ORCPT + 99 others); Sun, 26 Mar 2023 05:22:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44302 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231990AbjCZJWm (ORCPT ); Sun, 26 Mar 2023 05:22:42 -0400 Received: from mail-qt1-x832.google.com (mail-qt1-x832.google.com [IPv6:2607:f8b0:4864:20::832]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6050F9778; Sun, 26 Mar 2023 02:22:27 -0700 (PDT) Received: by mail-qt1-x832.google.com with SMTP id x1so5867903qtr.7; Sun, 26 Mar 2023 02:22:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1679822547; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=jEt9rMCN/8rHzWzG6uXe7mNBDuuwgA3Px4yTSwTLem8=; b=Uq763ijSODYcUZCFGo67S6aCcVOADK/sW5Dhphk+A3w7DCkjTLE3pF/aqOMwlZOJ/e NTRke8IFf0+MSL1qxNnqFz/iFP8hN65vi+hsuhyAbf/D5GuqzYt3tc3VtVuz1Jm1H2Zu wy8odXBWigyiwb6xVj921Elg9aE4zfBRM2iTXwDBET2J2xDqQ4MZhDso/JojYggxaP7N sXtCT3qDkvU2yA9D/XxSC+Bes1Ckpji9D6vFx2wF9mST5N+oSXOt1S+7/0kqIvDQ+A7M Ij2VnMIWvehC+Om9PcFQNwRRYYDpE5JAL8bOCUfFuW5GlHFqoY75eZoO8dLMUh2FKZUy wBWw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1679822547; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=jEt9rMCN/8rHzWzG6uXe7mNBDuuwgA3Px4yTSwTLem8=; b=MzL/ppXaWW/3uJf8XBwHoKaDb0oIgALXRx9K1Ip4nPKa/GwscLhuuNqSd/ptv6VPtO UbLjxeJkMm1GlHS/xcm1gortBRfkbTdUBvghYeZ+IMdYHb2yT2+Vz0fM2+2ib2cl3oKp v+O8d0HO4ZinVrkPatvRUMDNj24wHCcIBwL6m+TKRffFzTthDTM4XILDXufzQ1kgnS+n HC0Oa2CYnP+sMZoZYQPWJYkAO7VyrecndWa0fs1a8Af2la0uvL1k/iIqTZw9GDonv5X3 sxGRDVg77j5E1pNOH6izR65ips1iOsX/Tw+m3WCSV5IGnBaxDaqp4z7Ox2N34ZYgUs+g k+Uw== X-Gm-Message-State: AO0yUKXGKlMKp81tJLUkfqNr5eF3a/FBZ+1HkkFBcV1mL49opjrN0b4X kItu2/qoOoMmsz91EEMxo7E= X-Received: by 2002:a05:622a:199a:b0:3bf:e4da:2367 with SMTP id u26-20020a05622a199a00b003bfe4da2367mr15703885qtc.3.1679822547030; Sun, 26 Mar 2023 02:22:27 -0700 (PDT) Received: from vultr.guest ([2001:19f0:1000:1a1f:5400:4ff:fe5e:1d32]) by smtp.gmail.com with ESMTPSA id y5-20020ac87085000000b003e014845d9esm10257987qto.74.2023.03.26.02.22.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 26 Mar 2023 02:22:26 -0700 (PDT) From: Yafang Shao To: ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org, kafai@fb.com, songliubraving@fb.com, yhs@fb.com, john.fastabend@gmail.com, kpsingh@kernel.org, sdf@google.com, haoluo@google.com, jolsa@kernel.org Cc: bpf@vger.kernel.org, linux-kernel@vger.kernel.org, Yafang Shao Subject: [RFC PATCH bpf-next 11/13] bpf: Allow iterating bpf objects with CAP_BPF in bpf namespace Date: Sun, 26 Mar 2023 09:22:06 +0000 Message-Id: <20230326092208.13613-12-laoar.shao@gmail.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230326092208.13613-1-laoar.shao@gmail.com> References: <20230326092208.13613-1-laoar.shao@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org CAP_SYS_ADMIN is not required to iterate bpf objects if a user is in a non-init bpf namespace. The user can iterate bpf maps, progs, and links in his bpf namespace but can't iterate the bpf objects in different bpf namespace. Signed-off-by: Yafang Shao --- include/linux/bpf_namespace.h | 8 ++++++++ kernel/bpf/syscall.c | 10 +++++----- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/include/linux/bpf_namespace.h b/include/linux/bpf_namespace.h index 50bd68c..f484791 100644 --- a/include/linux/bpf_namespace.h +++ b/include/linux/bpf_namespace.h @@ -5,6 +5,7 @@ #include #include #include +#include struct ubpf_obj_id { int nr; @@ -79,4 +80,11 @@ static inline int bpf_obj_id_vnr(struct bpf_obj_id *obj_id) { return bpf_obj_id_nr_ns(obj_id, current->nsproxy->bpf_ns); } + +static inline bool bpfns_capable(void) +{ + if (current->nsproxy->bpf_ns != &init_bpf_ns && capable(CAP_BPF)) + return true; + return false; +} #endif /* _LINUX_BPF_ID_NS_H */ diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c index 855d5f7..8a72694 100644 --- a/kernel/bpf/syscall.c +++ b/kernel/bpf/syscall.c @@ -3628,7 +3628,7 @@ static int bpf_obj_get_next_id(const union bpf_attr *attr, if (CHECK_ATTR(BPF_OBJ_GET_NEXT_ID) || next_id >= INT_MAX) return -EINVAL; - if (!capable(CAP_SYS_ADMIN)) + if (!capable(CAP_SYS_ADMIN) && !bpfns_capable()) return -EPERM; next_id++; @@ -3712,7 +3712,7 @@ static int bpf_prog_get_fd_by_id(const union bpf_attr *attr) if (CHECK_ATTR(BPF_PROG_GET_FD_BY_ID)) return -EINVAL; - if (!capable(CAP_SYS_ADMIN)) + if (!capable(CAP_SYS_ADMIN) && !bpfns_capable()) return -EPERM; prog = bpf_prog_by_id(id); @@ -3740,7 +3740,7 @@ static int bpf_map_get_fd_by_id(const union bpf_attr *attr) attr->open_flags & ~BPF_OBJ_FLAG_MASK) return -EINVAL; - if (!capable(CAP_SYS_ADMIN)) + if (!capable(CAP_SYS_ADMIN) && !bpfns_capable()) return -EPERM; f_flags = bpf_get_file_flag(attr->open_flags); @@ -4386,7 +4386,7 @@ static int bpf_task_fd_query(const union bpf_attr *attr, if (CHECK_ATTR(BPF_TASK_FD_QUERY)) return -EINVAL; - if (!capable(CAP_SYS_ADMIN)) + if (!capable(CAP_SYS_ADMIN) && !bpfns_capable()) return -EPERM; if (attr->task_fd_query.flags != 0) @@ -4781,7 +4781,7 @@ static int bpf_link_get_fd_by_id(const union bpf_attr *attr) if (CHECK_ATTR(BPF_LINK_GET_FD_BY_ID)) return -EINVAL; - if (!capable(CAP_SYS_ADMIN)) + if (!capable(CAP_SYS_ADMIN) && !bpfns_capable()) return -EPERM; link = bpf_link_by_id(id); -- 1.8.3.1