bpf: Remove unnecessary CAP_MAC_ADMIN check
authorKP Singh <kpsingh@google.com>
Thu, 5 Mar 2020 20:49:55 +0000 (21:49 +0100)
committerAlexei Starovoitov <ast@kernel.org>
Thu, 5 Mar 2020 22:27:22 +0000 (14:27 -0800)
While well intentioned, checking CAP_MAC_ADMIN for attaching
BPF_MODIFY_RETURN tracing programs to "security_" functions is not
necessary as tracing BPF programs already require CAP_SYS_ADMIN.

Fixes: 6ba43b761c41 ("bpf: Attachment verification for BPF_MODIFY_RETURN")
Signed-off-by: KP Singh <kpsingh@google.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20200305204955.31123-1-kpsingh@chromium.org
kernel/bpf/verifier.c

index ae32517d4ccda8eeae01fa03f504704bbd080e05..55d376c53f7d3b4eb8e0be580a357f86697f1431 100644 (file)
@@ -9808,20 +9808,13 @@ static int check_attach_modify_return(struct bpf_verifier_env *env)
        struct bpf_prog *prog = env->prog;
        unsigned long addr = (unsigned long) prog->aux->trampoline->func.addr;
 
-       if (within_error_injection_list(addr))
-               return 0;
-
        /* This is expected to be cleaned up in the future with the KRSI effort
         * introducing the LSM_HOOK macro for cleaning up lsm_hooks.h.
         */
-       if (!strncmp(SECURITY_PREFIX, prog->aux->attach_func_name,
-                    sizeof(SECURITY_PREFIX) - 1)) {
-
-               if (!capable(CAP_MAC_ADMIN))
-                       return -EPERM;
-
+       if (within_error_injection_list(addr) ||
+           !strncmp(SECURITY_PREFIX, prog->aux->attach_func_name,
+                    sizeof(SECURITY_PREFIX) - 1))
                return 0;
-       }
 
        verbose(env, "fmod_ret attach_btf_id %u (%s) is not modifiable\n",
                prog->aux->attach_btf_id, prog->aux->attach_func_name);