bpf: Move bpf_loop and bpf_for_each_map_elem under CAP_BPF

They would require func_info which needs prog BTF anyway. Loading BTF
and setting the prog btf_fd while loading the prog indirectly requires
CAP_BPF, so just to reduce confusion, move both these helpers taking
callback under bpf_capable() protection as well, since they cannot be
used without CAP_BPF.

Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com>
Link: https://lore.kernel.org/r/20220823013117.24916-1-memxor@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c
index 2f470937874034d056c6e1f98ce86dcdae098f31..fc08035f14ed6eb8674268b4f4eefd48484aaade 100644 (file)
--- a/kernel/bpf/helpers.c
+++ b/kernel/bpf/helpers.c
@@ -1613,10 +1613,6 @@ bpf_base_func_proto(enum bpf_func_id func_id)
                return &bpf_ringbuf_submit_dynptr_proto;
        case BPF_FUNC_ringbuf_discard_dynptr:
                return &bpf_ringbuf_discard_dynptr_proto;
-       case BPF_FUNC_for_each_map_elem:
-               return &bpf_for_each_map_elem_proto;
-       case BPF_FUNC_loop:
-               return &bpf_loop_proto;
        case BPF_FUNC_strncmp:
                return &bpf_strncmp_proto;
        case BPF_FUNC_strtol:
@@ -1659,6 +1655,10 @@ bpf_base_func_proto(enum bpf_func_id func_id)
                return &bpf_timer_cancel_proto;
        case BPF_FUNC_kptr_xchg:
                return &bpf_kptr_xchg_proto;
+       case BPF_FUNC_for_each_map_elem:
+               return &bpf_for_each_map_elem_proto;
+       case BPF_FUNC_loop:
+               return &bpf_loop_proto;
        default:
                break;
        }