bpf: Gate dynptr API behind CAP_BPF

commit 8addbfc7 upstream.

This has been enabled for unprivileged programs for only one kernel
release, hence the expected annoyances due to this move are low. Users
using ringbuf can stick to non-dynptr APIs. The actual use cases dynptr
is meant to serve may not make sense in unprivileged BPF programs.

Hence, gate these helpers behind CAP_BPF and limit use to privileged
BPF programs.

Fixes: 263ae152 ("bpf: Add bpf_dynptr_from_mem for local dynptrs")
Fixes: bc34dee6 ("bpf: Dynptr support for ring buffers")
Fixes: 13bbbfbe ("bpf: Add bpf_dynptr_read and bpf_dynptr_write")
Fixes: 34d4ef57 ("bpf: Add dynptr data slices")
Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com>
Link: https://lore.kernel.org/r/20220921143550.30247-1-memxor@gmail.com


Acked-by: Andrii Nakryiko <andrii@kernel.org>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>