diff mbox series

[v4,bpf-next,08/12] libbpf: add bpf_token_create() API

Message ID 20230912212906.3975866-9-andrii@kernel.org (mailing list archive)
State Changes Requested
Delegated to: Paul Moore
Headers show
Series BPF token and BPF FS-based delegation | expand

Commit Message

Andrii Nakryiko Sept. 12, 2023, 9:29 p.m. UTC
Add low-level wrapper API for BPF_TOKEN_CREATE command in bpf() syscall.

Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
---
 tools/lib/bpf/bpf.c      | 19 +++++++++++++++++++
 tools/lib/bpf/bpf.h      | 29 +++++++++++++++++++++++++++++
 tools/lib/bpf/libbpf.map |  1 +
 3 files changed, 49 insertions(+)

Comments

Andrii Nakryiko Sept. 12, 2023, 9:42 p.m. UTC | #1
On Tue, Sep 12, 2023 at 2:30 PM Andrii Nakryiko <andrii@kernel.org> wrote:
>
> Add low-level wrapper API for BPF_TOKEN_CREATE command in bpf() syscall.
>
> Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
> ---
>  tools/lib/bpf/bpf.c      | 19 +++++++++++++++++++
>  tools/lib/bpf/bpf.h      | 29 +++++++++++++++++++++++++++++
>  tools/lib/bpf/libbpf.map |  1 +
>  3 files changed, 49 insertions(+)
>
> diff --git a/tools/lib/bpf/bpf.c b/tools/lib/bpf/bpf.c
> index b0f1913763a3..593ff9ea120d 100644
> --- a/tools/lib/bpf/bpf.c
> +++ b/tools/lib/bpf/bpf.c
> @@ -1271,3 +1271,22 @@ int bpf_prog_bind_map(int prog_fd, int map_fd,
>         ret = sys_bpf(BPF_PROG_BIND_MAP, &attr, attr_sz);
>         return libbpf_err_errno(ret);
>  }
> +
> +int bpf_token_create(int bpffs_path_fd, const char *bpffs_pathname,
> +                    struct bpf_token_create_opts *opts)
> +{
> +       const size_t attr_sz = offsetofend(union bpf_attr, token_create);
> +       union bpf_attr attr;
> +       int fd;
> +
> +       if (!OPTS_VALID(opts, bpf_token_create_opts))
> +               return libbpf_err(-EINVAL);
> +
> +       memset(&attr, 0, attr_sz);
> +       attr.token_create.bpffs_path_fd = bpffs_path_fd;
> +       attr.token_create.bpffs_pathname = ptr_to_u64(bpffs_pathname);
> +       attr.token_create.flags = OPTS_GET(opts, flags, 0);
> +
> +       fd = sys_bpf_fd(BPF_TOKEN_CREATE, &attr, attr_sz);
> +       return libbpf_err_errno(fd);
> +}
> diff --git a/tools/lib/bpf/bpf.h b/tools/lib/bpf/bpf.h
> index 74c2887cfd24..16d5c257066c 100644
> --- a/tools/lib/bpf/bpf.h
> +++ b/tools/lib/bpf/bpf.h
> @@ -635,6 +635,35 @@ struct bpf_test_run_opts {
>  LIBBPF_API int bpf_prog_test_run_opts(int prog_fd,
>                                       struct bpf_test_run_opts *opts);
>
> +struct bpf_token_create_opts {
> +       size_t sz; /* size of this struct for forward/backward compatibility */
> +       __u32 flags;
> +       size_t :0;
> +};
> +#define bpf_token_create_opts__last_field flags
> +
> +/**
> + * @brief **bpf_token_create()** creates a new instance of BPF token, pinning
> + * it at the specified location in BPF FS.
> + *
> + * BPF token created and pinned with this API can be subsequently opened using
> + * bpf_obj_get() API to obtain FD that can be passed to bpf() syscall for
> + * commands like BPF_PROG_LOAD, BPF_MAP_CREATE, etc.
> + *
> + * @param pin_path_fd O_PATH FD (see man 2 openat() for semantics) specifying,
> + * in combination with *pin_pathname*, target location in BPF FS at which to
> + * create and pin BPF token.
> + * @param pin_pathname absolute or relative path specifying, in combination
> + * with *pin_path_fd*, specifying in combination with *pin_path_fd*, target
> + * location in BPF FS at which to create and pin BPF token.
> + * @param opts optional BPF token creation options, can be NULL
> + *

this description is obviously outdated (there is no pinning involved
anymore) and I just realized after sending patches out, I'll fix it
for next revision


> + * @return 0, on success; negative error code, otherwise (errno is also set to
> + * the error code)
> + */
> +LIBBPF_API int bpf_token_create(int bpffs_path_fd, const char *bpffs_pathname,
> +                               struct bpf_token_create_opts *opts);
> +
>  #ifdef __cplusplus
>  } /* extern "C" */
>  #endif
> diff --git a/tools/lib/bpf/libbpf.map b/tools/lib/bpf/libbpf.map
> index 57712321490f..c45c28a5e14c 100644
> --- a/tools/lib/bpf/libbpf.map
> +++ b/tools/lib/bpf/libbpf.map
> @@ -400,4 +400,5 @@ LIBBPF_1.3.0 {
>                 bpf_program__attach_netfilter;
>                 bpf_program__attach_tcx;
>                 bpf_program__attach_uprobe_multi;
> +               bpf_token_create;
>  } LIBBPF_1.2.0;
> --
> 2.34.1
>
>
diff mbox series

Patch

diff --git a/tools/lib/bpf/bpf.c b/tools/lib/bpf/bpf.c
index b0f1913763a3..593ff9ea120d 100644
--- a/tools/lib/bpf/bpf.c
+++ b/tools/lib/bpf/bpf.c
@@ -1271,3 +1271,22 @@  int bpf_prog_bind_map(int prog_fd, int map_fd,
 	ret = sys_bpf(BPF_PROG_BIND_MAP, &attr, attr_sz);
 	return libbpf_err_errno(ret);
 }
+
+int bpf_token_create(int bpffs_path_fd, const char *bpffs_pathname,
+		     struct bpf_token_create_opts *opts)
+{
+	const size_t attr_sz = offsetofend(union bpf_attr, token_create);
+	union bpf_attr attr;
+	int fd;
+
+	if (!OPTS_VALID(opts, bpf_token_create_opts))
+		return libbpf_err(-EINVAL);
+
+	memset(&attr, 0, attr_sz);
+	attr.token_create.bpffs_path_fd = bpffs_path_fd;
+	attr.token_create.bpffs_pathname = ptr_to_u64(bpffs_pathname);
+	attr.token_create.flags = OPTS_GET(opts, flags, 0);
+
+	fd = sys_bpf_fd(BPF_TOKEN_CREATE, &attr, attr_sz);
+	return libbpf_err_errno(fd);
+}
diff --git a/tools/lib/bpf/bpf.h b/tools/lib/bpf/bpf.h
index 74c2887cfd24..16d5c257066c 100644
--- a/tools/lib/bpf/bpf.h
+++ b/tools/lib/bpf/bpf.h
@@ -635,6 +635,35 @@  struct bpf_test_run_opts {
 LIBBPF_API int bpf_prog_test_run_opts(int prog_fd,
 				      struct bpf_test_run_opts *opts);
 
+struct bpf_token_create_opts {
+	size_t sz; /* size of this struct for forward/backward compatibility */
+	__u32 flags;
+	size_t :0;
+};
+#define bpf_token_create_opts__last_field flags
+
+/**
+ * @brief **bpf_token_create()** creates a new instance of BPF token, pinning
+ * it at the specified location in BPF FS.
+ *
+ * BPF token created and pinned with this API can be subsequently opened using
+ * bpf_obj_get() API to obtain FD that can be passed to bpf() syscall for
+ * commands like BPF_PROG_LOAD, BPF_MAP_CREATE, etc.
+ *
+ * @param pin_path_fd O_PATH FD (see man 2 openat() for semantics) specifying,
+ * in combination with *pin_pathname*, target location in BPF FS at which to
+ * create and pin BPF token.
+ * @param pin_pathname absolute or relative path specifying, in combination
+ * with *pin_path_fd*, specifying in combination with *pin_path_fd*, target
+ * location in BPF FS at which to create and pin BPF token.
+ * @param opts optional BPF token creation options, can be NULL
+ *
+ * @return 0, on success; negative error code, otherwise (errno is also set to
+ * the error code)
+ */
+LIBBPF_API int bpf_token_create(int bpffs_path_fd, const char *bpffs_pathname,
+				struct bpf_token_create_opts *opts);
+
 #ifdef __cplusplus
 } /* extern "C" */
 #endif
diff --git a/tools/lib/bpf/libbpf.map b/tools/lib/bpf/libbpf.map
index 57712321490f..c45c28a5e14c 100644
--- a/tools/lib/bpf/libbpf.map
+++ b/tools/lib/bpf/libbpf.map
@@ -400,4 +400,5 @@  LIBBPF_1.3.0 {
 		bpf_program__attach_netfilter;
 		bpf_program__attach_tcx;
 		bpf_program__attach_uprobe_multi;
+		bpf_token_create;
 } LIBBPF_1.2.0;