diff options
| author | Mauro Carvalho Chehab <mchehab+huawei@kernel.org> | 2021-06-02 10:59:50 +0200 |
|---|---|---|
| committer | Mauro Carvalho Chehab <mchehab+huawei@kernel.org> | 2021-06-02 10:59:50 +0200 |
| commit | 80c1c54a2aa3c5177f73fc5d505668df56fb28b6 (patch) | |
| tree | d17e76cec3366309b27280a8a5b54935a3864fb6 /kernel/sysctl.c | |
| parent | 71c689dc2e732d4cb190aaf0edea73116b1611bd (diff) | |
| parent | 8124c8a6b35386f73523d27eacb71b5364a68c4c (diff) | |
Merge tag 'v5.13-rc4' into media_tree
Linux 5.13-rc4
* tag 'v5.13-rc4': (976 commits)
Linux 5.13-rc4
seccomp: Refactor notification handler to prepare for new semantics
selftests: kvm: fix overlapping addresses in memslot_perf_test
KVM: X86: Kill off ctxt->ud
KVM: X86: Fix warning caused by stale emulation context
KVM: X86: Use kvm_get_linear_rip() in single-step and #DB/#BP interception
Documentation: seccomp: Fix user notification documentation
MAINTAINERS: adjust to removing i2c designware platform data
perf vendor events powerpc: Fix eventcode of power10 JSON events
Revert "serial: 8250: 8250_omap: Fix possible interrupt storm"
i2c: s3c2410: fix possible NULL pointer deref on read message after write
i2c: mediatek: Disable i2c start_en and clear intr_stat brfore reset
perf stat: Fix error check for bpf_program__attach
cifs: change format of CIFS_FULL_KEY_DUMP ioctl
i2c: i801: Don't generate an interrupt on bus reset
i2c: mpc: implement erratum A-004447 workaround
powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P1010 i2c controllers
powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P2041 i2c controllers
dt-bindings: i2c: mpc: Add fsl,i2c-erratum-a004447 flag
i2c: busses: i2c-stm32f4: Remove incorrectly placed ' ' from function name
...
Diffstat (limited to 'kernel/sysctl.c')
| -rw-r--r-- | kernel/sysctl.c | 29 |
1 files changed, 24 insertions, 5 deletions
diff --git a/kernel/sysctl.c b/kernel/sysctl.c index 14edf84cc571..d4a78e08f6d8 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -225,7 +225,27 @@ static int bpf_stats_handler(struct ctl_table *table, int write, mutex_unlock(&bpf_stats_enabled_mutex); return ret; } -#endif + +static int bpf_unpriv_handler(struct ctl_table *table, int write, + void *buffer, size_t *lenp, loff_t *ppos) +{ + int ret, unpriv_enable = *(int *)table->data; + bool locked_state = unpriv_enable == 1; + struct ctl_table tmp = *table; + + if (write && !capable(CAP_SYS_ADMIN)) + return -EPERM; + + tmp.data = &unpriv_enable; + ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); + if (write && !ret) { + if (locked_state && unpriv_enable != 1) + return -EPERM; + *(int *)table->data = unpriv_enable; + } + return ret; +} +#endif /* CONFIG_BPF_SYSCALL && CONFIG_SYSCTL */ /* * /proc/sys support @@ -2600,10 +2620,9 @@ static struct ctl_table kern_table[] = { .data = &sysctl_unprivileged_bpf_disabled, .maxlen = sizeof(sysctl_unprivileged_bpf_disabled), .mode = 0644, - /* only handle a transition from default "0" to "1" */ - .proc_handler = proc_dointvec_minmax, - .extra1 = SYSCTL_ONE, - .extra2 = SYSCTL_ONE, + .proc_handler = bpf_unpriv_handler, + .extra1 = SYSCTL_ZERO, + .extra2 = &two, }, { .procname = "bpf_stats_enabled", |