From patchwork Tue Jun 16 03:49:24 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Alexei Starovoitov <ast@plumgrid.com>
X-Patchwork-Id: 484777
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 0245A1401F0
	for <patchwork-incoming@ozlabs.org>;
	Tue, 16 Jun 2015 13:50:19 +1000 (AEST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751556AbbFPDte (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Mon, 15 Jun 2015 23:49:34 -0400
Received: from mail-pa0-f44.google.com ([209.85.220.44]:35760 "EHLO
	mail-pa0-f44.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1750917AbbFPDtc (ORCPT
	<rfc822;netdev@vger.kernel.org>); Mon, 15 Jun 2015 23:49:32 -0400
Received: by pacyx8 with SMTP id yx8so4050108pac.2
	for <netdev@vger.kernel.org>; Mon, 15 Jun 2015 20:49:31 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:date:message-id;
	bh=KudRsTFNqxqMVbFTt0iKWH2SVNsfDezgbggmxVQ7dac=;
	b=Tw5aMiQCgM3v/+T/UQfgM0SWEBif8wPXvpt7MgPAcGLbNgXM8MnSg4QEr6iTRuRcQN
	jbqRwVFuZCy163RHW2ZfDnFRtEKkZC1a/N12ZuDBMxb5DTzYFlT6mClK7emtbeUGYqeA
	j/KGYr6ZhnUfy9lDGifpIisumJg6hYtF8sC8czkCifLoncuhLEI/jFZEtKQT04zvytxd
	IKB4IauIW9SAOY5hw8kqc/69OPwsZYTuiswKtDGJr4Ex+1zLGoJx3Rh0tCyHObEA+zNO
	Asal1nivRFZzV9Fz80rzaIqAORi0PxBCoocK+Ss0XrLHu7ozhu+3BrDq52oOkAukxkLw
	kybQ==
X-Gm-Message-State: 
 ALoCoQme+II38RO/XjrWAwo7M9Z0R90uKDzePYMpwwokwfarhzzkHGUZLV704p4RZrX4e+UFlCX4
X-Received: by 10.70.128.68 with SMTP id nm4mr55073297pdb.74.1434426571684;
	Mon, 15 Jun 2015 20:49:31 -0700 (PDT)
Received: from localhost.localdomain ([12.229.56.227])
	by mx.google.com with ESMTPSA id
	d5sm13734082pdl.85.2015.06.15.20.49.30
	(version=TLSv1.1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
	Mon, 15 Jun 2015 20:49:30 -0700 (PDT)
From: Alexei Starovoitov <ast@plumgrid.com>
To: "David S. Miller" <davem@davemloft.net>
Cc: Daniel Borkmann <daniel@iogearbox.net>, netdev@vger.kernel.org
Subject: [PATCH net-next] bpf: disallow bpf tc programs access current->pid,
	uid
Date: Mon, 15 Jun 2015 20:49:24 -0700
Message-Id: <1434426564-6176-1-git-send-email-ast@plumgrid.com>
X-Mailer: git-send-email 1.7.9.5
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

Accessing current->pid/uid from cls_bpf may lead to misleading results and
should not be used when TC classifiers need accurate information about pid/uid.

Signed-off-by: Alexei Starovoitov <ast@plumgrid.com>
---
 net/core/filter.c |    6 ------
 1 file changed, 6 deletions(-)

diff --git a/net/core/filter.c b/net/core/filter.c
index 65ff107d3d29..be3098fb65e4 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -1461,12 +1461,6 @@ tc_cls_act_func_proto(enum bpf_func_id func_id)
 		return &bpf_l4_csum_replace_proto;
 	case BPF_FUNC_clone_redirect:
 		return &bpf_clone_redirect_proto;
-	case BPF_FUNC_get_current_pid_tgid:
-		return &bpf_get_current_pid_tgid_proto;
-	case BPF_FUNC_get_current_uid_gid:
-		return &bpf_get_current_uid_gid_proto;
-	case BPF_FUNC_get_current_comm:
-		return &bpf_get_current_comm_proto;
 	default:
 		return sk_filter_func_proto(func_id);
 	}