Message ID | 20230912212906.3975866-9-andrii@kernel.org (mailing list archive) |
---|---|
State | Changes Requested |
Delegated to: | Paul Moore |
Headers | show |
Series | BPF token and BPF FS-based delegation | expand |
On Tue, Sep 12, 2023 at 2:30 PM Andrii Nakryiko <andrii@kernel.org> wrote: > > Add low-level wrapper API for BPF_TOKEN_CREATE command in bpf() syscall. > > Signed-off-by: Andrii Nakryiko <andrii@kernel.org> > --- > tools/lib/bpf/bpf.c | 19 +++++++++++++++++++ > tools/lib/bpf/bpf.h | 29 +++++++++++++++++++++++++++++ > tools/lib/bpf/libbpf.map | 1 + > 3 files changed, 49 insertions(+) > > diff --git a/tools/lib/bpf/bpf.c b/tools/lib/bpf/bpf.c > index b0f1913763a3..593ff9ea120d 100644 > --- a/tools/lib/bpf/bpf.c > +++ b/tools/lib/bpf/bpf.c > @@ -1271,3 +1271,22 @@ int bpf_prog_bind_map(int prog_fd, int map_fd, > ret = sys_bpf(BPF_PROG_BIND_MAP, &attr, attr_sz); > return libbpf_err_errno(ret); > } > + > +int bpf_token_create(int bpffs_path_fd, const char *bpffs_pathname, > + struct bpf_token_create_opts *opts) > +{ > + const size_t attr_sz = offsetofend(union bpf_attr, token_create); > + union bpf_attr attr; > + int fd; > + > + if (!OPTS_VALID(opts, bpf_token_create_opts)) > + return libbpf_err(-EINVAL); > + > + memset(&attr, 0, attr_sz); > + attr.token_create.bpffs_path_fd = bpffs_path_fd; > + attr.token_create.bpffs_pathname = ptr_to_u64(bpffs_pathname); > + attr.token_create.flags = OPTS_GET(opts, flags, 0); > + > + fd = sys_bpf_fd(BPF_TOKEN_CREATE, &attr, attr_sz); > + return libbpf_err_errno(fd); > +} > diff --git a/tools/lib/bpf/bpf.h b/tools/lib/bpf/bpf.h > index 74c2887cfd24..16d5c257066c 100644 > --- a/tools/lib/bpf/bpf.h > +++ b/tools/lib/bpf/bpf.h > @@ -635,6 +635,35 @@ struct bpf_test_run_opts { > LIBBPF_API int bpf_prog_test_run_opts(int prog_fd, > struct bpf_test_run_opts *opts); > > +struct bpf_token_create_opts { > + size_t sz; /* size of this struct for forward/backward compatibility */ > + __u32 flags; > + size_t :0; > +}; > +#define bpf_token_create_opts__last_field flags > + > +/** > + * @brief **bpf_token_create()** creates a new instance of BPF token, pinning > + * it at the specified location in BPF FS. > + * > + * BPF token created and pinned with this API can be subsequently opened using > + * bpf_obj_get() API to obtain FD that can be passed to bpf() syscall for > + * commands like BPF_PROG_LOAD, BPF_MAP_CREATE, etc. > + * > + * @param pin_path_fd O_PATH FD (see man 2 openat() for semantics) specifying, > + * in combination with *pin_pathname*, target location in BPF FS at which to > + * create and pin BPF token. > + * @param pin_pathname absolute or relative path specifying, in combination > + * with *pin_path_fd*, specifying in combination with *pin_path_fd*, target > + * location in BPF FS at which to create and pin BPF token. > + * @param opts optional BPF token creation options, can be NULL > + * this description is obviously outdated (there is no pinning involved anymore) and I just realized after sending patches out, I'll fix it for next revision > + * @return 0, on success; negative error code, otherwise (errno is also set to > + * the error code) > + */ > +LIBBPF_API int bpf_token_create(int bpffs_path_fd, const char *bpffs_pathname, > + struct bpf_token_create_opts *opts); > + > #ifdef __cplusplus > } /* extern "C" */ > #endif > diff --git a/tools/lib/bpf/libbpf.map b/tools/lib/bpf/libbpf.map > index 57712321490f..c45c28a5e14c 100644 > --- a/tools/lib/bpf/libbpf.map > +++ b/tools/lib/bpf/libbpf.map > @@ -400,4 +400,5 @@ LIBBPF_1.3.0 { > bpf_program__attach_netfilter; > bpf_program__attach_tcx; > bpf_program__attach_uprobe_multi; > + bpf_token_create; > } LIBBPF_1.2.0; > -- > 2.34.1 > >
diff --git a/tools/lib/bpf/bpf.c b/tools/lib/bpf/bpf.c index b0f1913763a3..593ff9ea120d 100644 --- a/tools/lib/bpf/bpf.c +++ b/tools/lib/bpf/bpf.c @@ -1271,3 +1271,22 @@ int bpf_prog_bind_map(int prog_fd, int map_fd, ret = sys_bpf(BPF_PROG_BIND_MAP, &attr, attr_sz); return libbpf_err_errno(ret); } + +int bpf_token_create(int bpffs_path_fd, const char *bpffs_pathname, + struct bpf_token_create_opts *opts) +{ + const size_t attr_sz = offsetofend(union bpf_attr, token_create); + union bpf_attr attr; + int fd; + + if (!OPTS_VALID(opts, bpf_token_create_opts)) + return libbpf_err(-EINVAL); + + memset(&attr, 0, attr_sz); + attr.token_create.bpffs_path_fd = bpffs_path_fd; + attr.token_create.bpffs_pathname = ptr_to_u64(bpffs_pathname); + attr.token_create.flags = OPTS_GET(opts, flags, 0); + + fd = sys_bpf_fd(BPF_TOKEN_CREATE, &attr, attr_sz); + return libbpf_err_errno(fd); +} diff --git a/tools/lib/bpf/bpf.h b/tools/lib/bpf/bpf.h index 74c2887cfd24..16d5c257066c 100644 --- a/tools/lib/bpf/bpf.h +++ b/tools/lib/bpf/bpf.h @@ -635,6 +635,35 @@ struct bpf_test_run_opts { LIBBPF_API int bpf_prog_test_run_opts(int prog_fd, struct bpf_test_run_opts *opts); +struct bpf_token_create_opts { + size_t sz; /* size of this struct for forward/backward compatibility */ + __u32 flags; + size_t :0; +}; +#define bpf_token_create_opts__last_field flags + +/** + * @brief **bpf_token_create()** creates a new instance of BPF token, pinning + * it at the specified location in BPF FS. + * + * BPF token created and pinned with this API can be subsequently opened using + * bpf_obj_get() API to obtain FD that can be passed to bpf() syscall for + * commands like BPF_PROG_LOAD, BPF_MAP_CREATE, etc. + * + * @param pin_path_fd O_PATH FD (see man 2 openat() for semantics) specifying, + * in combination with *pin_pathname*, target location in BPF FS at which to + * create and pin BPF token. + * @param pin_pathname absolute or relative path specifying, in combination + * with *pin_path_fd*, specifying in combination with *pin_path_fd*, target + * location in BPF FS at which to create and pin BPF token. + * @param opts optional BPF token creation options, can be NULL + * + * @return 0, on success; negative error code, otherwise (errno is also set to + * the error code) + */ +LIBBPF_API int bpf_token_create(int bpffs_path_fd, const char *bpffs_pathname, + struct bpf_token_create_opts *opts); + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/tools/lib/bpf/libbpf.map b/tools/lib/bpf/libbpf.map index 57712321490f..c45c28a5e14c 100644 --- a/tools/lib/bpf/libbpf.map +++ b/tools/lib/bpf/libbpf.map @@ -400,4 +400,5 @@ LIBBPF_1.3.0 { bpf_program__attach_netfilter; bpf_program__attach_tcx; bpf_program__attach_uprobe_multi; + bpf_token_create; } LIBBPF_1.2.0;
Add low-level wrapper API for BPF_TOKEN_CREATE command in bpf() syscall. Signed-off-by: Andrii Nakryiko <andrii@kernel.org> --- tools/lib/bpf/bpf.c | 19 +++++++++++++++++++ tools/lib/bpf/bpf.h | 29 +++++++++++++++++++++++++++++ tools/lib/bpf/libbpf.map | 1 + 3 files changed, 49 insertions(+)