diff mbox series

[bpf-next] libbpf: Do not require executable permission for shared libraries

Message ID 20220806102021.3867130-1-hengqi.chen@gmail.com (mailing list archive)
State Accepted
Commit 9e32084ef1c33a87a736d6ce3fcb95b60dac9aa1
Delegated to: BPF
Headers show
Series [bpf-next] libbpf: Do not require executable permission for shared libraries | expand

Checks

Context Check Description
netdev/tree_selection success Clearly marked for bpf-next
netdev/fixes_present success Fixes tag not required for -next series
netdev/subject_prefix success Link
netdev/cover_letter success Single patches do not need cover letters
netdev/patch_count success Link
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 0 this patch: 0
netdev/cc_maintainers warning 10 maintainers not CCed: john.fastabend@gmail.com song@kernel.org sdf@google.com ast@kernel.org martin.lau@linux.dev daniel@iogearbox.net kpsingh@kernel.org jolsa@kernel.org haoluo@google.com yhs@fb.com
netdev/build_clang success Errors and warnings before: 0 this patch: 0
netdev/module_param success Was 0 now: 0
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 0 this patch: 0
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 25 lines checked
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0
bpf/vmtest-bpf-next-VM_Test-1 success Logs for Kernel LATEST on ubuntu-latest with gcc
bpf/vmtest-bpf-next-VM_Test-3 success Logs for Kernel LATEST on z15 with gcc
bpf/vmtest-bpf-next-VM_Test-2 success Logs for Kernel LATEST on ubuntu-latest with gcc
bpf/vmtest-bpf-next-VM_Test-4 success Logs for Kernel LATEST on ubuntu-latest with llvm-16
bpf/vmtest-bpf-next-VM_Test-5 success Logs for Kernel LATEST on z15 with gcc
bpf/vmtest-bpf-next-PR fail merge-conflict

Commit Message

Hengqi Chen Aug. 6, 2022, 10:20 a.m. UTC 
Currently, resolve_full_path() requires executable permission for both
programs and shared libraries. This causes failures on distos like Debian
since the shared libraries are not installed executable ([0]). Let's remove
executable permission check for shared libraries.

  [0]: https://www.debian.org/doc/debian-policy/

Reported-by: Goro Fuji <goro@fastly.com>
Signed-off-by: Hengqi Chen <hengqi.chen@gmail.com>
---
 tools/lib/bpf/libbpf.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

Comments

Yonghong Song Aug. 8, 2022, 5:18 p.m. UTC | #1 
On 8/6/22 3:20 AM, Hengqi Chen wrote:
> Currently, resolve_full_path() requires executable permission for both
> programs and shared libraries. This causes failures on distos like Debian
> since the shared libraries are not installed executable ([0]). Let's remove
> executable permission check for shared libraries.
> 
>    [0]: https://www.debian.org/doc/debian-policy/

The document is too big. Could you be more specific about
which chapter and copy-paste related statements in the commit message?

> 
> Reported-by: Goro Fuji <goro@fastly.com>
> Signed-off-by: Hengqi Chen <hengqi.chen@gmail.com>
> ---
>   tools/lib/bpf/libbpf.c | 7 ++++---
>   1 file changed, 4 insertions(+), 3 deletions(-)
> 
> diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
> index 77e3797cf75a..f0ce7423afb8 100644
> --- a/tools/lib/bpf/libbpf.c
> +++ b/tools/lib/bpf/libbpf.c
> @@ -10666,7 +10666,7 @@ static const char *arch_specific_lib_paths(void)
>   static int resolve_full_path(const char *file, char *result, size_t result_sz)
>   {
>   	const char *search_paths[3] = {};
> -	int i;
> +	int i, perm = R_OK;
>   
>   	if (str_has_sfx(file, ".so") || strstr(file, ".so.")) {
>   		search_paths[0] = getenv("LD_LIBRARY_PATH");
> @@ -10675,6 +10675,7 @@ static int resolve_full_path(const char *file, char *result, size_t result_sz)
>   	} else {
>   		search_paths[0] = getenv("PATH");
>   		search_paths[1] = "/usr/bin:/usr/sbin";
> +		perm |= X_OK;
>   	}
>   
>   	for (i = 0; i < ARRAY_SIZE(search_paths); i++) {
> @@ -10693,8 +10694,8 @@ static int resolve_full_path(const char *file, char *result, size_t result_sz)
>   			if (!seg_len)
>   				continue;
>   			snprintf(result, result_sz, "%.*s/%s", seg_len, s, file);
> -			/* ensure it is an executable file/link */
> -			if (access(result, R_OK | X_OK) < 0)
> +			/* ensure it has required permissions */
> +			if (access(result, perm) < 0)
>   				continue;
>   			pr_debug("resolved '%s' to '%s'\n", file, result);
>   			return 0;
Andrii Nakryiko Aug. 8, 2022, 10:10 p.m. UTC | #2 
On Mon, Aug 8, 2022 at 10:18 AM Yonghong Song <yhs@fb.com> wrote:
>
>
>
> On 8/6/22 3:20 AM, Hengqi Chen wrote:
> > Currently, resolve_full_path() requires executable permission for both
> > programs and shared libraries. This causes failures on distos like Debian
> > since the shared libraries are not installed executable ([0]). Let's remove
> > executable permission check for shared libraries.
> >
> >    [0]: https://www.debian.org/doc/debian-policy/
>
> The document is too big. Could you be more specific about
> which chapter and copy-paste related statements in the commit message?
>

I just dropped that link and added "and Linux is not requiring shared
libraries to have executable permissions". Pushed to bpf-next, thanks.


> >
> > Reported-by: Goro Fuji <goro@fastly.com>
> > Signed-off-by: Hengqi Chen <hengqi.chen@gmail.com>
> > ---
> >   tools/lib/bpf/libbpf.c | 7 ++++---
> >   1 file changed, 4 insertions(+), 3 deletions(-)
> >
> > diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
> > index 77e3797cf75a..f0ce7423afb8 100644
> > --- a/tools/lib/bpf/libbpf.c
> > +++ b/tools/lib/bpf/libbpf.c
> > @@ -10666,7 +10666,7 @@ static const char *arch_specific_lib_paths(void)
> >   static int resolve_full_path(const char *file, char *result, size_t result_sz)
> >   {
> >       const char *search_paths[3] = {};
> > -     int i;
> > +     int i, perm = R_OK;
> >
> >       if (str_has_sfx(file, ".so") || strstr(file, ".so.")) {
> >               search_paths[0] = getenv("LD_LIBRARY_PATH");
> > @@ -10675,6 +10675,7 @@ static int resolve_full_path(const char *file, char *result, size_t result_sz)
> >       } else {
> >               search_paths[0] = getenv("PATH");
> >               search_paths[1] = "/usr/bin:/usr/sbin";
> > +             perm |= X_OK;

I changed this bit a bit to just set perm = R_OK for library case and
explicitly perm = R_OK | X_OK for executable case. I think that makes
it a bit easier to follow (and it doesn't change the outcome).

Thanks for the quick follow up from Github issue!

> >       }
> >
> >       for (i = 0; i < ARRAY_SIZE(search_paths); i++) {
> > @@ -10693,8 +10694,8 @@ static int resolve_full_path(const char *file, char *result, size_t result_sz)
> >                       if (!seg_len)
> >                               continue;
> >                       snprintf(result, result_sz, "%.*s/%s", seg_len, s, file);
> > -                     /* ensure it is an executable file/link */
> > -                     if (access(result, R_OK | X_OK) < 0)
> > +                     /* ensure it has required permissions */
> > +                     if (access(result, perm) < 0)
> >                               continue;
> >                       pr_debug("resolved '%s' to '%s'\n", file, result);
> >                       return 0;
patchwork-bot+netdevbpf@kernel.org Aug. 8, 2022, 10:20 p.m. UTC | #3 
Hello:

This patch was applied to bpf/bpf-next.git (master)
by Andrii Nakryiko <andrii@kernel.org>:

On Sat,  6 Aug 2022 18:20:21 +0800 you wrote:
> Currently, resolve_full_path() requires executable permission for both
> programs and shared libraries. This causes failures on distos like Debian
> since the shared libraries are not installed executable ([0]). Let's remove
> executable permission check for shared libraries.
> 
>   [0]: https://www.debian.org/doc/debian-policy/
> 
> [...]

Here is the summary with links:
  - [bpf-next] libbpf: Do not require executable permission for shared libraries
    https://git.kernel.org/bpf/bpf-next/c/9e32084ef1c3

You are awesome, thank you!
diff mbox series

Patch

diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
index 77e3797cf75a..f0ce7423afb8 100644
--- a/tools/lib/bpf/libbpf.c
+++ b/tools/lib/bpf/libbpf.c
@@ -10666,7 +10666,7 @@  static const char *arch_specific_lib_paths(void)
 static int resolve_full_path(const char *file, char *result, size_t result_sz)
 {
 	const char *search_paths[3] = {};
-	int i;
+	int i, perm = R_OK;
 
 	if (str_has_sfx(file, ".so") || strstr(file, ".so.")) {
 		search_paths[0] = getenv("LD_LIBRARY_PATH");
@@ -10675,6 +10675,7 @@  static int resolve_full_path(const char *file, char *result, size_t result_sz)
 	} else {
 		search_paths[0] = getenv("PATH");
 		search_paths[1] = "/usr/bin:/usr/sbin";
+		perm |= X_OK;
 	}
 
 	for (i = 0; i < ARRAY_SIZE(search_paths); i++) {
@@ -10693,8 +10694,8 @@  static int resolve_full_path(const char *file, char *result, size_t result_sz)
 			if (!seg_len)
 				continue;
 			snprintf(result, result_sz, "%.*s/%s", seg_len, s, file);
-			/* ensure it is an executable file/link */
-			if (access(result, R_OK | X_OK) < 0)
+			/* ensure it has required permissions */
+			if (access(result, perm) < 0)
 				continue;
 			pr_debug("resolved '%s' to '%s'\n", file, result);
 			return 0;