The purpose of this eBPF helper function is to read user memory, as used by security or monitoring eBPF programs. There is therefore no requirement to check user capabilities or uaccess here. Loading of eBPF applications using this helper type is already strictly limited to privileged/root users.
Additionally, this helper is called from an eBPF program, which does not support capabilities. It is therefore unable to pass in a capability as a __user ptr in PCuABI in the first place, so what is actually passed in is an address.
In order to access user memory with just an address, use make_user_ptr_for_read_uaccess() to generate a capability of appropriate bounds for the kernel to use.
Signed-off-by: Zachary Leaf zachary.leaf@arm.com --- kernel/bpf/helpers.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c index 4910d7b88239..c11f841baf4d 100644 --- a/kernel/bpf/helpers.c +++ b/kernel/bpf/helpers.c @@ -647,8 +647,10 @@ const struct bpf_func_proto bpf_event_output_data_proto = { };
BPF_CALL_3(bpf_copy_from_user, void *, dst, u32, size, - const void __user *, user_ptr) + ptraddr_t, addr) { + const void __user *user_ptr = + make_user_ptr_for_read_uaccess(addr, size); int ret = copy_from_user(dst, user_ptr, size);
if (unlikely(ret)) {