Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.19 / b80e052c3ae6900f6dbcd502846650fd3a9828b7
commitb80e052c3ae6900f6dbcd502846650fd3a9828b7[log] [tgz]
authorKees Cook <keescook@chromium.org>Thu Jul 02 15:45:23 2020 -0700
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>Thu Jul 16 08:17:27 2020 +0200
tree0ad698ceedc945d72e8f3d58f54eaa85516db90f
parentbff4fad828795d3285697742181b05448ec0b08d [diff]
bpf: Check correct cred for CAP_SYSLOG in bpf_dump_raw_ok()

commit 63960260457a02af2a6cb35d75e6bdb17299c882 upstream.

When evaluating access control over kallsyms visibility, credentials at
open() time need to be used, not the "current" creds (though in BPF's
case, this has likely always been the same). Plumb access to associated
file->f_cred down through bpf_dump_raw_ok() and its callers now that
kallsysm_show_value() has been refactored to take struct cred.

Cc: Alexei Starovoitov <ast@kernel.org>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: bpf@vger.kernel.org
Cc: stable@vger.kernel.org
Fixes: 7105e828c087 ("bpf: allow for correlation of maps and helpers in dump")
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
3 files changed
tree: 0ad698ceedc945d72e8f3d58f54eaa85516db90f
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. LICENSES/
  15. mm/
  16. net/
  17. samples/
  18. scripts/
  19. security/
  20. sound/
  21. tools/
  22. usr/
  23. virt/
  24. .clang-format
  25. .cocciconfig
  26. .get_maintainer.ignore
  27. .gitattributes
  28. .gitignore
  29. .mailmap
  30. COPYING
  31. CREDITS
  32. Kbuild
  33. Kconfig
  34. MAINTAINERS
  35. Makefile
  36. README