Revision 11bbd8b416f8abf40900dc5041152892f873d915 authored by Michal Koutný on 01 June 2019, 05:30:16 UTC, committed by Linus Torvalds on 01 June 2019, 22:51:31 UTC
Despite comment of validate_prctl_map claims there are no capability
checks, it is not completely true since commit 4d28df6152aa ("prctl: Allow
local CAP_SYS_ADMIN changing exe_file"). Extract the check out of the
function and make the function perform purely arithmetic checks.
This patch should not change any behavior, it is mere refactoring for
following patch.
[akpm@linux-foundation.org: coding style fixes]
Link: http://lkml.kernel.org/r/20190502125203.24014-2-mkoutny@suse.com
Signed-off-by: Michal Koutný <mkoutny@suse.com>
Reviewed-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Reviewed-by: Cyrill Gorcunov <gorcunov@gmail.com>
Cc: Kirill Tkhai <ktkhai@virtuozzo.com>
Cc: Laurent Dufour <ldufour@linux.ibm.com>
Cc: Mateusz Guzik <mguzik@redhat.com>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Yang Shi <yang.shi@linux.alibaba.com>
Cc: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
1 parent 8856ae4
test_cls_bpf.sh
#!/bin/bash
# SPDX-License-Identifier: GPL-2.0
function pktgen {
../pktgen/pktgen_bench_xmit_mode_netif_receive.sh -i $IFC -s 64 \
-m 90:e2:ba:ff:ff:ff -d 192.168.0.1 -t 4
local dropped=`tc -s qdisc show dev $IFC | tail -3 | awk '/drop/{print $7}'`
if [ "$dropped" == "0," ]; then
echo "FAIL"
else
echo "Successfully filtered " $dropped " packets"
fi
}
function test {
echo -n "Loading bpf program '$2'... "
tc qdisc add dev $IFC clsact
tc filter add dev $IFC ingress bpf da obj $1 sec $2
local status=$?
if [ $status -ne 0 ]; then
echo "FAIL"
else
echo "ok"
pktgen
fi
tc qdisc del dev $IFC clsact
}
IFC=test_veth
ip link add name $IFC type veth peer name pair_$IFC
ip link set $IFC up
ip link set pair_$IFC up
test ./parse_simple.o simple
test ./parse_varlen.o varlen
test ./parse_ldabs.o ldabs
ip link del dev $IFC
Computing file changes ...
