From: Alexei Starovoitov <ast@kernel.org>
Date: Thu, 17 Oct 2019 23:09:33 -0700
Subject: bpf: Fix bpf_attr.attach_btf_id check
Patch-mainline: Queued in subsystem maintainer repository
Git-repo: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Git-commit: c108e3c1bdbd0783d7c19ee80abb0591f79029e8
References: bsc#1155518

Only raw_tracepoint program type can have bpf_attr.attach_btf_id >= 0.
Make sure to reject other program types that accidentally set it to non-zero.

Fixes: ccfe29eb29c2 ("bpf: Add attach_btf_id attribute to program load")
Reported-by: Andrii Nakryiko <andriin@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Yonghong Song <yhs@fb.com>
Link: https://lore.kernel.org/bpf/20191018060933.2950231-1-ast@kernel.org
Acked-by: Gary Lin <glin@suse.com>
---
 kernel/bpf/syscall.c |   17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -1582,6 +1582,17 @@ bpf_prog_load_check_attach(enum bpf_prog
 			   u32 btf_id)
 {
 	switch (prog_type) {
+	case BPF_PROG_TYPE_RAW_TRACEPOINT:
+		if (btf_id > BTF_MAX_TYPE)
+			return -EINVAL;
+		break;
+	default:
+		if (btf_id)
+			return -EINVAL;
+		break;
+	}
+
+	switch (prog_type) {
 	case BPF_PROG_TYPE_CGROUP_SOCK:
 		switch (expected_attach_type) {
 		case BPF_CGROUP_INET_SOCK_CREATE:
@@ -1621,13 +1632,7 @@ bpf_prog_load_check_attach(enum bpf_prog
 		default:
 			return -EINVAL;
 		}
-	case BPF_PROG_TYPE_RAW_TRACEPOINT:
-		if (btf_id > BTF_MAX_TYPE)
-			return -EINVAL;
-		return 0;
 	default:
-		if (btf_id)
-			return -EINVAL;
 		return 0;
 	}
 }