Message ID | 20220926154430.1552800-2-roberto.sassu@huaweicloud.com (mailing list archive) |
---|---|
State | New |
Headers | show |
Series | bpf: Enforce map fd modes in verifier | expand |
On Mon, Sep 26, 2022 at 8:45 AM Roberto Sassu <roberto.sassu@huaweicloud.com> wrote: > > From: Roberto Sassu <roberto.sassu@huawei.com> > > Define a new data structure called bpf_get_fd_opts, with the member > open_flags, to be used by callers of the _opts variants of > bpf_*_get_fd_by_id() to specify the permissions needed for the file > descriptor to be obtained. > > Also, introduce bpf_map_get_fd_by_id_opts(), to let the caller pass a > bpf_get_fd_opts structure. > > Finally, keep the existing bpf_map_get_fd_by_id(), and call > bpf_map_get_fd_by_id_opts() with NULL as opts argument, to request > read-write permissions (current behavior). > > Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> > --- looks good overall, but please see two nits below > tools/lib/bpf/bpf.c | 12 +++++++++++- > tools/lib/bpf/bpf.h | 10 ++++++++++ > tools/lib/bpf/libbpf.map | 3 ++- > 3 files changed, 23 insertions(+), 2 deletions(-) > > diff --git a/tools/lib/bpf/bpf.c b/tools/lib/bpf/bpf.c > index 1d49a0352836..4b03063edf1d 100644 > --- a/tools/lib/bpf/bpf.c > +++ b/tools/lib/bpf/bpf.c > @@ -948,19 +948,29 @@ int bpf_prog_get_fd_by_id(__u32 id) > return libbpf_err_errno(fd); > } > > -int bpf_map_get_fd_by_id(__u32 id) > +int bpf_map_get_fd_by_id_opts(__u32 id, > + const struct bpf_get_fd_opts *opts) > { > const size_t attr_sz = offsetofend(union bpf_attr, open_flags); > union bpf_attr attr; > int fd; > > + if (!OPTS_VALID(opts, bpf_get_fd_opts)) > + return libbpf_err(-EINVAL); > + > memset(&attr, 0, attr_sz); > attr.map_id = id; > + attr.open_flags = OPTS_GET(opts, open_flags, 0); > > fd = sys_bpf_fd(BPF_MAP_GET_FD_BY_ID, &attr, attr_sz); > return libbpf_err_errno(fd); > } > > +int bpf_map_get_fd_by_id(__u32 id) > +{ > + return bpf_map_get_fd_by_id_opts(id, NULL); > +} > + > int bpf_btf_get_fd_by_id(__u32 id) > { > const size_t attr_sz = offsetofend(union bpf_attr, open_flags); > diff --git a/tools/lib/bpf/bpf.h b/tools/lib/bpf/bpf.h > index 9c50beabdd14..38a1b7eccfc8 100644 > --- a/tools/lib/bpf/bpf.h > +++ b/tools/lib/bpf/bpf.h > @@ -365,7 +365,17 @@ LIBBPF_API int bpf_prog_get_next_id(__u32 start_id, __u32 *next_id); > LIBBPF_API int bpf_map_get_next_id(__u32 start_id, __u32 *next_id); > LIBBPF_API int bpf_btf_get_next_id(__u32 start_id, __u32 *next_id); > LIBBPF_API int bpf_link_get_next_id(__u32 start_id, __u32 *next_id); > + > +struct bpf_get_fd_opts { > + size_t sz; /* size of this struct for forward/backward compatibility */ > + __u32 open_flags; /* permissions requested for the operation on fd */ > + __u32 :0; this should be size_t: 0 > +}; > +#define bpf_get_fd_opts__last_field open_flags > + > LIBBPF_API int bpf_prog_get_fd_by_id(__u32 id); > +LIBBPF_API int bpf_map_get_fd_by_id_opts(__u32 id, > + const struct bpf_get_fd_opts *opts); > LIBBPF_API int bpf_map_get_fd_by_id(__u32 id); > LIBBPF_API int bpf_btf_get_fd_by_id(__u32 id); > LIBBPF_API int bpf_link_get_fd_by_id(__u32 id); > diff --git a/tools/lib/bpf/libbpf.map b/tools/lib/bpf/libbpf.map > index c1d6aa7c82b6..2e665b21d84f 100644 > --- a/tools/lib/bpf/libbpf.map > +++ b/tools/lib/bpf/libbpf.map > @@ -367,10 +367,11 @@ LIBBPF_1.0.0 { > libbpf_bpf_map_type_str; > libbpf_bpf_prog_type_str; > perf_buffer__buffer; > -}; > +} LIBBPF_0.8.0; > good catch, please send this as a separate fix, thanks! > LIBBPF_1.1.0 { > global: > + bpf_map_get_fd_by_id_opts; > user_ring_buffer__discard; > user_ring_buffer__free; > user_ring_buffer__new; > -- > 2.25.1 >
diff --git a/tools/lib/bpf/bpf.c b/tools/lib/bpf/bpf.c index 1d49a0352836..4b03063edf1d 100644 --- a/tools/lib/bpf/bpf.c +++ b/tools/lib/bpf/bpf.c @@ -948,19 +948,29 @@ int bpf_prog_get_fd_by_id(__u32 id) return libbpf_err_errno(fd); } -int bpf_map_get_fd_by_id(__u32 id) +int bpf_map_get_fd_by_id_opts(__u32 id, + const struct bpf_get_fd_opts *opts) { const size_t attr_sz = offsetofend(union bpf_attr, open_flags); union bpf_attr attr; int fd; + if (!OPTS_VALID(opts, bpf_get_fd_opts)) + return libbpf_err(-EINVAL); + memset(&attr, 0, attr_sz); attr.map_id = id; + attr.open_flags = OPTS_GET(opts, open_flags, 0); fd = sys_bpf_fd(BPF_MAP_GET_FD_BY_ID, &attr, attr_sz); return libbpf_err_errno(fd); } +int bpf_map_get_fd_by_id(__u32 id) +{ + return bpf_map_get_fd_by_id_opts(id, NULL); +} + int bpf_btf_get_fd_by_id(__u32 id) { const size_t attr_sz = offsetofend(union bpf_attr, open_flags); diff --git a/tools/lib/bpf/bpf.h b/tools/lib/bpf/bpf.h index 9c50beabdd14..38a1b7eccfc8 100644 --- a/tools/lib/bpf/bpf.h +++ b/tools/lib/bpf/bpf.h @@ -365,7 +365,17 @@ LIBBPF_API int bpf_prog_get_next_id(__u32 start_id, __u32 *next_id); LIBBPF_API int bpf_map_get_next_id(__u32 start_id, __u32 *next_id); LIBBPF_API int bpf_btf_get_next_id(__u32 start_id, __u32 *next_id); LIBBPF_API int bpf_link_get_next_id(__u32 start_id, __u32 *next_id); + +struct bpf_get_fd_opts { + size_t sz; /* size of this struct for forward/backward compatibility */ + __u32 open_flags; /* permissions requested for the operation on fd */ + __u32 :0; +}; +#define bpf_get_fd_opts__last_field open_flags + LIBBPF_API int bpf_prog_get_fd_by_id(__u32 id); +LIBBPF_API int bpf_map_get_fd_by_id_opts(__u32 id, + const struct bpf_get_fd_opts *opts); LIBBPF_API int bpf_map_get_fd_by_id(__u32 id); LIBBPF_API int bpf_btf_get_fd_by_id(__u32 id); LIBBPF_API int bpf_link_get_fd_by_id(__u32 id); diff --git a/tools/lib/bpf/libbpf.map b/tools/lib/bpf/libbpf.map index c1d6aa7c82b6..2e665b21d84f 100644 --- a/tools/lib/bpf/libbpf.map +++ b/tools/lib/bpf/libbpf.map @@ -367,10 +367,11 @@ LIBBPF_1.0.0 { libbpf_bpf_map_type_str; libbpf_bpf_prog_type_str; perf_buffer__buffer; -}; +} LIBBPF_0.8.0; LIBBPF_1.1.0 { global: + bpf_map_get_fd_by_id_opts; user_ring_buffer__discard; user_ring_buffer__free; user_ring_buffer__new;