git.maquefel.me Git - linux.git/commit

author	Hari Bathini <hbathini@linux.ibm.com>
	Tue, 12 Oct 2021 12:30:56 +0000 (18:00 +0530)
committer	Michael Ellerman <mpe@ellerman.id.au>
	Thu, 25 Nov 2021 00:25:32 +0000 (11:25 +1100)
commit	e919c0b2323bedec00e1ecc6280498ff81f59b15
tree	e9bbfdc999d8addf95719e740a51a76a69428a7f	tree \| snapshot
parent	23b51916ee129833453d8a3d6bde0ff392f82fce	commit \| diff

bpf ppc32: Access only if addr is kernel address

With KUAP enabled, any kernel code which wants to access userspace
needs to be surrounded by disable-enable KUAP. But that is not
happening for BPF_PROBE_MEM load instruction. Though PPC32 does not
support read protection, considering the fact that PTR_TO_BTF_ID
(which uses BPF_PROBE_MEM mode) could either be a valid kernel pointer
or NULL but should never be a pointer to userspace address, execute
BPF_PROBE_MEM load only if addr is kernel address, otherwise set
dst_reg=0 and move on.

This will catch NULL, valid or invalid userspace pointers. Only bad
kernel pointer will be handled by BPF exception table.

[Alexei suggested for x86]

Suggested-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Hari Bathini <hbathini@linux.ibm.com>
Reviewed-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20211012123056.485795-9-hbathini@linux.ibm.com