Skip to content

GitLab

Switch branch/tag
History Find file
Clone
bpf: Add lockdown check for probe_write_user helper
Daniel Borkmann authored 
commit 51e1bb9e upstream.

Back then, commit 96ae5227 ("bpf: Add bpf_probe_write_user BPF helper
to be called in tracers") added the bpf_probe_write_user() helper in order
to allow to override user space memory. Its original goal was to have a
facility to "debug, divert, and manipulate execution of semi-cooperative
processes" under CAP_SYS_ADMIN. Write to kernel was explicitly disallowed
since it would otherwise tamper with its integrity.

One use case was shown in cf9b1199 ("samples/bpf: Add test/example of
using bpf_probe_write_user bpf helper") where the program DNATs traffic
at the time of connect(2) syscall, meaning, it rewrites the arguments to
a syscall while they're still in userspace, and before the syscall has a
chance to copy the argument into kernel space. These days we have better
mechanisms in BPF for achieving the same (e.g. for load-balancers), but
without having to write to userspace memory.

Of co...
95421b33
Name Last commit Last update
..
apparmor Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
bpf bpf: Implement task local storage
integrity evm: fix writing <securityfs>/evm overflow
keys trusted-keys: match tpm_get_ops on all return paths
landlock landlock: Enable user space to infer supported features
loadpin LSM: Add "contents" flag to kernel_read_file hook
lockdown Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
safesetid LSM: SafeSetID: Fix code specification by scripts/checkpatch.pl
selinux selinux: correct the return value when loads initial sids
smack smackfs: restrict bytes count in smk_set_cipso()
tomoyo tomoyo: don't special case PF_IO_WORKER for PF_KTHREAD
yama task_work: cleanup notification modes
Kconfig landlock: Set up the security framework and manage credentials
Kconfig.hardening kasan: remove redundant config option
Makefile landlock: Add object management
commoncap.c Merge tag 'fixes-v5.13' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
device_cgroup.c device_cgroup: Fix RCU list debugging warning
inode.c Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
lsm_audit.c make dump_common_audit_data() safe to be called from RCU pathwalk
min_addr.c sysctl: pass kernel pointers to ->proc_handler
security.c bpf: Add lockdown check for probe_write_user helper