tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
bpf: disallow bpf tc programs access current->pid,uid
Accessing current->pid/uid from cls_bpf may lead to misleading results and
should not be used when TC classifiers need accurate information about pid/uid.
Signed-off-by: Alexei Starovoitov <ast@plumgrid.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
authored by
Alexei Starovoitov
and committed by
David S. Miller
89d256bb
ea6bb99e
-6
-6
net/core/filter.c
-6
net/core/filter.c
···
1461
1461
return &bpf_l4_csum_replace_proto;
1462
1462
case BPF_FUNC_clone_redirect:
1463
1463
return &bpf_clone_redirect_proto;
1464
-
case BPF_FUNC_get_current_pid_tgid:
1465
-
return &bpf_get_current_pid_tgid_proto;
1466
-
case BPF_FUNC_get_current_uid_gid:
1467
-
return &bpf_get_current_uid_gid_proto;
1468
-
case BPF_FUNC_get_current_comm:
1469
-
return &bpf_get_current_comm_proto;
1470
1464
default:
1471
1465
return sk_filter_func_proto(func_id);
1472
1466
}