Skip to content

GitLab

Switch branch/tag
History Find file
Clone
bpf: skip unnecessary capability check
Chenbo Feng authored 
commit 0fa4fe85

 upstream.

The current check statement in BPF syscall will do a capability check
for CAP_SYS_ADMIN before checking sysctl_unprivileged_bpf_disabled. This
code path will trigger unnecessary security hooks on capability checking
and cause false alarms on unprivileged process trying to get CAP_SYS_ADMIN
access. This can be resolved by simply switch the order of the statement
and CAP_SYS_ADMIN is not required anyway if unprivileged bpf syscall is
allowed.
Signed-off-by: default avatarChenbo Feng <fengc@google.com>
Acked-by: default avatarLorenzo Colitti <lorenzo@google.com>
Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
b4e02202
Name Last commit Last update
Documentation iio: ABI: Fix name of timestamp sysfs file
arch perf/x86/intel/uncore: Fix multi-domain PCI CHA enumeration bug on Skylake servers
block blk-mq: don't call io sched's .requeue_request when requeueing rq to ->dispatch
certs License cleanup: add SPDX GPL-2.0 license identifier to files with no license
crypto crypto: ecc - Fix NULL pointer deref. on no default_rng
drivers usb: xhci: Fix potential memory leak in xhci_disable_slot()
firmware License cleanup: add SPDX GPL-2.0 license identifier to files with no license
fs staging: ncpfs: memory corruption in ncp_read_kernel()
include drm/syncobj: Stop reusing the same struct file for all syncobj -> fd
init kmemcheck: stop using GFP_NOTRACK and SLAB_NOTRACK
ipc License cleanup: add SPDX GPL-2.0 license identifier to files with no license
kernel bpf: skip unnecessary capability check
lib mm/vmalloc: add interfaces to free unmapped page table
mm mm/vmscan: wake up flushers for legacy cgroups too
net ip_gre: fix potential memory leak in erspan_rcv
samples samples/bpf: adjust rlimit RLIMIT_MEMLOCK for xdp1
scripts kbuild: fix linker feature test macros when cross compiling with Clang
security /dev/mem: Add bounce buffer for copy-out
sound ALSA: hda/realtek - Always immediately update mute LED with pin VREF
tools x86/pkeys/selftests: Rename 'si_pkey' to 'siginfo_pkey'
usr initramfs: fix initramfs rebuilds w/ compression after disabling
virt KVM: arm/arm64: vgic: Don't populate multiple LRs with the same vintid
.cocciconfig scripts: add Linux .cocciconfig for coccinelle
.get_maintainer.ignore Add hch to .get_maintainer.ignore
.gitattributes .gitattributes: set git diff driver for C source code files
.gitignore kbuild: rpm-pkg: keep spec file until make mrproper
.mailmap .mailmap: Add Maciej W. Rozycki's Imagination e-mail address
COPYING [PATCH] update FSF address in COPYING
CREDITS MAINTAINERS: update TPM driver infrastructure changes
Kbuild License cleanup: add SPDX GPL-2.0 license identifier to files with no license
Kconfig License cleanup: add SPDX GPL-2.0 license identifier to files with no license
MAINTAINERS dt-bindings: Document mti,mips-cpc binding
Makefile kbuild: disable clang's default use of -fmerge-all-constants
README README: add a new README file, pointing to the Documentation/
README
Linux kernel
============

This file was moved to Documentation/admin-guide/README.rst

Please notice that there are several guides for kernel developers and users.
These guides can be rendered in a number of formats, like HTML and PDF.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
See Documentation/00-INDEX for a list of what is contained in each file.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.