openkylin
/
linux
mirror of https://gitee.com/openkylin/linux.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity
linux/drivers/media/rc
History
Alexei Starovoitov 2c78ee898d bpf: Implement CAP_BPF 
Implement permissions as stated in uapi/linux/capability.h
In order to do that the verifier allow_ptr_leaks flag is split
into four flags and they are set as:
  env->allow_ptr_leaks = bpf_allow_ptr_leaks();
  env->bypass_spec_v1 = bpf_bypass_spec_v1();
  env->bypass_spec_v4 = bpf_bypass_spec_v4();
  env->bpf_capable = bpf_capable();

The first three currently equivalent to perfmon_capable(), since leaking kernel
pointers and reading kernel memory via side channel attacks is roughly
equivalent to reading kernel memory with cap_perfmon.

'bpf_capable' enables bounded loops, precision tracking, bpf to bpf calls and
other verifier features. 'allow_ptr_leaks' enable ptr leaks, ptr conversions,
subtraction of pointers. 'bypass_spec_v1' disables speculative analysis in the
verifier, run time mitigations in bpf array, and enables indirect variable
access in bpf programs. 'bypass_spec_v4' disables emission of sanitation code
by the verifier.

That means that the networking BPF program loaded with CAP_BPF + CAP_NET_ADMIN
will have speculative checks done by the verifier and other spectre mitigation
applied. Such networking BPF program will not be able to leak kernel pointers
and will not be able to access arbitrary kernel memory.

Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20200513230355.7858-3-alexei.starovoitov@gmail.com
 		2020-05-15 17:29:41 +02:00
..
img-ir media: Remove dev_err() usage after platform_get_irq() 2019-08-07 17:08:33 -03:00
keymaps media: rc: add keymap for Videostrong KII Pro 2020-02-24 16:27:44 +01:00
Kconfig treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
Makefile media: rc: rcmm decoder and encoder 2019-02-18 15:39:49 -05:00
ati_remote.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157 2019-05-30 11:26:37 -07:00
bpf-lirc.c bpf: Implement CAP_BPF 2020-05-15 17:29:41 +02:00
ene_ir.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157 2019-05-30 11:26:37 -07:00
ene_ir.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157 2019-05-30 11:26:37 -07:00
fintek-cir.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157 2019-05-30 11:26:37 -07:00
fintek-cir.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157 2019-05-30 11:26:37 -07:00
gpio-ir-recv.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 284 2019-06-05 17:36:37 +02:00
gpio-ir-tx.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 122 2019-05-24 17:39:03 +02:00
igorplugusb.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157 2019-05-30 11:26:37 -07:00
iguanair.c media: rc: iguanair: Replace zero-length array with flexible-array member 2020-03-02 10:47:07 +01:00
imon.c media: imon: invalid dereference in imon_touch_event 2019-10-24 18:58:16 -03:00
imon_raw.c media: imon_raw: simplify loop 2019-10-16 11:46:38 -03:00
ir-hix5hd2.c media: rc: ir-hix5hd2: add hi3796cv300-ir support 2020-01-08 11:48:20 +01:00
ir-imon-decoder.c media: rc: imon: report mouse events using rc-core's input device 2018-10-05 06:55:08 -04:00
ir-jvc-decoder.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 285 2019-06-05 17:36:37 +02:00
ir-mce_kbd-decoder.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 285 2019-06-05 17:36:37 +02:00
ir-nec-decoder.c media: rc: set timeout to smallest value required by enabled protocols 2018-04-20 09:14:31 -04:00
ir-rc5-decoder.c media: rc: decoders do not need to check for transitions 2018-05-14 07:16:24 -04:00
ir-rc6-decoder.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 285 2019-06-05 17:36:37 +02:00
ir-rcmm-decoder.c media: rc: increase rc-mm tolerance and add debug message 2019-10-07 07:32:41 -03:00
ir-rx51.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157 2019-05-30 11:26:37 -07:00
ir-sanyo-decoder.c media: rc: set timeout to smallest value required by enabled protocols 2018-04-20 09:14:31 -04:00
ir-sharp-decoder.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 285 2019-06-05 17:36:37 +02:00
ir-sony-decoder.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 285 2019-06-05 17:36:37 +02:00
ir-spi.c media: spi: IR LED: add missing of table registration 2019-05-22 15:27:37 -04:00
ir-xmp-decoder.c media: rc: fix spelling mistake "to" -> "too" 2020-03-02 09:50:29 +01:00
ite-cir.c media: rc/ite-cir: fix smatch warning 2019-11-08 07:26:33 +01:00
ite-cir.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157 2019-05-30 11:26:37 -07:00
lirc_dev.c media: rc: make scancodes 64 bit 2020-03-12 09:20:46 +01:00
mceusb.c media: mceusb: fix out of bounds read in MCE receiver buffer 2019-10-07 07:35:48 -03:00
meson-ir.c media: Remove dev_err() usage after platform_get_irq() 2019-08-07 17:08:33 -03:00
mtk-cir.c media: Remove dev_err() usage after platform_get_irq() 2019-08-07 17:08:33 -03:00
nuvoton-cir.c media: rc: Use scnprintf() for avoiding potential buffer overflow 2020-03-20 16:27:42 +01:00
nuvoton-cir.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157 2019-05-30 11:26:37 -07:00
pwm-ir-tx.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 122 2019-05-24 17:39:03 +02:00
rc-core-priv.h media: rc: Use the correct style for SPDX License Identifier 2019-10-07 07:44:33 -03:00
rc-ir-raw.c media: rc: fix several typos 2019-03-01 09:39:39 -05:00
rc-loopback.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157 2019-05-30 11:26:37 -07:00
rc-main.c media: rc: make scancodes 64 bit 2020-03-12 09:20:46 +01:00
redrat3.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157 2019-05-30 11:26:37 -07:00
serial_ir.c media: serial_ir: change "ignoring spike" to debug level 2020-01-03 16:29:33 +01:00
sir_ir.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
st_rc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
streamzap.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157 2019-05-30 11:26:37 -07:00
sunxi-cir.c media: Remove dev_err() usage after platform_get_irq() 2019-08-07 17:08:33 -03:00
tango-ir.c media: rc: Use devm_platform_ioremap_resource() in tango_ir_probe() 2019-10-07 07:44:56 -03:00
ttusbir.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157 2019-05-30 11:26:37 -07:00
winbond-cir.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157 2019-05-30 11:26:37 -07:00
xbox_remote.c media: rc: xbox_remote: add protocol and set timeout 2019-04-22 13:02:53 -04:00
zx-irdec.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00