Commit 5679ff2f authored by Kumar Kartikeya Dwivedi's avatar Kumar Kartikeya Dwivedi Committed by Alexei Starovoitov
Browse files

bpf: Move bpf_loop and bpf_for_each_map_elem under CAP_BPF 



They would require func_info which needs prog BTF anyway. Loading BTF
and setting the prog btf_fd while loading the prog indirectly requires
CAP_BPF, so just to reduce confusion, move both these helpers taking
callback under bpf_capable() protection as well, since they cannot be
used without CAP_BPF.

Signed-off-by: default avatarKumar Kartikeya Dwivedi <memxor@gmail.com>
Link: https://lore.kernel.org/r/20220823013117.24916-1-memxor@gmail.com


Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
parent f52c8947

kernel/bpf/helpers.c

+4 −4
Original line number Diff line number Diff line
@@ -1613,10 +1613,6 @@ bpf_base_func_proto(enum bpf_func_id func_id) 
		return &bpf_ringbuf_submit_dynptr_proto;

	case BPF_FUNC_ringbuf_discard_dynptr:

		return &bpf_ringbuf_discard_dynptr_proto;

	case BPF_FUNC_for_each_map_elem:

		return &bpf_for_each_map_elem_proto;

	case BPF_FUNC_loop:

		return &bpf_loop_proto;

	case BPF_FUNC_strncmp:

		return &bpf_strncmp_proto;

	case BPF_FUNC_strtol:
@@ -1659,6 +1655,10 @@ bpf_base_func_proto(enum bpf_func_id func_id) 
		return &bpf_timer_cancel_proto;

	case BPF_FUNC_kptr_xchg:

		return &bpf_kptr_xchg_proto;

	case BPF_FUNC_for_each_map_elem:

		return &bpf_for_each_map_elem_proto;

	case BPF_FUNC_loop:

		return &bpf_loop_proto;

	default:

		break;

	}