mirror of
https://git.proxmox.com/git/mirror_ubuntu-kernels.git
synced 2025-12-24 23:24:31 +00:00
a9c7c18b57
Introduce the data_input map, write-protected with a small eBPF program implementing the lsm/bpf_map hook. Then, ensure that bpf_map_get_fd_by_id() and bpf_map_get_fd_by_id_opts() with NULL opts don't succeed due to requesting read-write access to the write-protected map. Also, ensure that bpf_map_get_fd_by_id_opts() with open_flags in opts set to BPF_F_RDONLY instead succeeds. After obtaining a read-only fd, ensure that only map lookup succeeds and not update. Ensure that update works only with the read-write fd obtained at program loading time, when the write protection was not yet enabled. Finally, ensure that the other _opts variants of bpf_*_get_fd_by_id() don't work if the BPF_F_RDONLY flag is set in opts (due to the kernel not handling the open_flags member of bpf_attr). Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Link: https://lore.kernel.org/bpf/20221006110736.84253-7-roberto.sassu@huaweicloud.com |
||
|---|---|---|
| .. | ||
| crypto/chacha20-s390 | ||
| cxl | ||
| fault-injection | ||
| ktest | ||
| kunit | ||
| memblock | ||
| nvdimm | ||
| radix-tree | ||
| scatterlist | ||
| selftests | ||
| vsock | ||