| Message ID | 20220722171836.2852247-5-roberto.sassu@huawei.com (mailing list archive) |
|---|---|
| State | RFC |
| Delegated to: | BPF |
| Headers | show |
| Series | bpf: Per-operation map permissions | expand |
| Context | Check | Description |
|---|---|---|
| bpf/vmtest-bpf-next-PR | pending | PR summary |
| netdev/tree_selection | success | Guessing tree name failed - patch did not apply, async |
| bpf/vmtest-bpf-next-VM_Test-1 | pending | Logs for Kernel LATEST on ubuntu-latest with gcc |
| bpf/vmtest-bpf-next-VM_Test-2 | pending | Logs for Kernel LATEST on ubuntu-latest with llvm-15 |
| bpf/vmtest-bpf-next-VM_Test-3 | pending | Logs for Kernel LATEST on z15 with gcc |
On Fri, Jul 22, 2022 at 10:19 AM Roberto Sassu <roberto.sassu@huawei.com> wrote: > > Introduce bpf_map_get_fd_by_id_opts(), to let the caller pass a > bpf_get_fd_opts structure with flags set to the permissions necessary to > perform the operations on the obtained file descriptor. > > Don't check FEAT_GET_FD_BY_ID_OPEN_FLAGS, as current kernels already take > open_flags as last bpf_attr field for this request. > > Keep the existing bpf_map_get_fd_by_id(), and call > bpf_map_get_fd_by_id_opts() with NULL as opts argument, to request > read-write permissions. > > Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> > --- > tools/lib/bpf/bpf.c | 12 +++++++++++- > tools/lib/bpf/bpf.h | 2 ++ > tools/lib/bpf/libbpf.map | 1 + > 3 files changed, 14 insertions(+), 1 deletion(-) > > diff --git a/tools/lib/bpf/bpf.c b/tools/lib/bpf/bpf.c > index 9014a61bca83..4b574ad046f3 100644 > --- a/tools/lib/bpf/bpf.c > +++ b/tools/lib/bpf/bpf.c > @@ -957,18 +957,28 @@ int bpf_prog_get_fd_by_id(__u32 id) > return bpf_prog_get_fd_by_id_opts(id, NULL); > } > > -int bpf_map_get_fd_by_id(__u32 id) > +int bpf_map_get_fd_by_id_opts(__u32 id, > + const struct bpf_get_fd_opts *opts) > { > union bpf_attr attr; > int fd; > > + if (!OPTS_VALID(opts, bpf_get_fd_opts)) > + return libbpf_err(-EINVAL); > + > memset(&attr, 0, sizeof(attr)); > attr.map_id = id; > + attr.open_flags = OPTS_GET(opts, flags, 0); > > fd = sys_bpf_fd(BPF_MAP_GET_FD_BY_ID, &attr, sizeof(attr)); > return libbpf_err_errno(fd); > } > > +int bpf_map_get_fd_by_id(__u32 id) > +{ > + return bpf_map_get_fd_by_id_opts(id, NULL); > +} > + > int bpf_btf_get_fd_by_id(__u32 id) > { > union bpf_attr attr; > diff --git a/tools/lib/bpf/bpf.h b/tools/lib/bpf/bpf.h > index bc241343a0f9..d4b84d3f7e16 100644 > --- a/tools/lib/bpf/bpf.h > +++ b/tools/lib/bpf/bpf.h > @@ -366,6 +366,8 @@ LIBBPF_API int bpf_link_get_next_id(__u32 start_id, __u32 *next_id); > LIBBPF_API int bpf_prog_get_fd_by_id_opts(__u32 id, > const struct bpf_get_fd_opts *opts); > LIBBPF_API int bpf_prog_get_fd_by_id(__u32 id); > +LIBBPF_API int bpf_map_get_fd_by_id_opts(__u32 id, > + const struct bpf_get_fd_opts *opts); > LIBBPF_API int bpf_map_get_fd_by_id(__u32 id); > LIBBPF_API int bpf_btf_get_fd_by_id(__u32 id); > LIBBPF_API int bpf_link_get_fd_by_id(__u32 id); > diff --git a/tools/lib/bpf/libbpf.map b/tools/lib/bpf/libbpf.map > index ab818612a585..83dc18b5e5cf 100644 > --- a/tools/lib/bpf/libbpf.map > +++ b/tools/lib/bpf/libbpf.map > @@ -365,4 +365,5 @@ LIBBPF_1.0.0 { > libbpf_bpf_prog_type_str; > perf_buffer__buffer; > bpf_prog_get_fd_by_id_opts; > + bpf_map_get_fd_by_id_opts; keep in mind that this list is alphabetically sorted > }; > -- > 2.25.1 >
diff --git a/tools/lib/bpf/bpf.c b/tools/lib/bpf/bpf.c index 9014a61bca83..4b574ad046f3 100644 --- a/tools/lib/bpf/bpf.c +++ b/tools/lib/bpf/bpf.c @@ -957,18 +957,28 @@ int bpf_prog_get_fd_by_id(__u32 id) return bpf_prog_get_fd_by_id_opts(id, NULL); } -int bpf_map_get_fd_by_id(__u32 id) +int bpf_map_get_fd_by_id_opts(__u32 id, + const struct bpf_get_fd_opts *opts) { union bpf_attr attr; int fd; + if (!OPTS_VALID(opts, bpf_get_fd_opts)) + return libbpf_err(-EINVAL); + memset(&attr, 0, sizeof(attr)); attr.map_id = id; + attr.open_flags = OPTS_GET(opts, flags, 0); fd = sys_bpf_fd(BPF_MAP_GET_FD_BY_ID, &attr, sizeof(attr)); return libbpf_err_errno(fd); } +int bpf_map_get_fd_by_id(__u32 id) +{ + return bpf_map_get_fd_by_id_opts(id, NULL); +} + int bpf_btf_get_fd_by_id(__u32 id) { union bpf_attr attr; diff --git a/tools/lib/bpf/bpf.h b/tools/lib/bpf/bpf.h index bc241343a0f9..d4b84d3f7e16 100644 --- a/tools/lib/bpf/bpf.h +++ b/tools/lib/bpf/bpf.h @@ -366,6 +366,8 @@ LIBBPF_API int bpf_link_get_next_id(__u32 start_id, __u32 *next_id); LIBBPF_API int bpf_prog_get_fd_by_id_opts(__u32 id, const struct bpf_get_fd_opts *opts); LIBBPF_API int bpf_prog_get_fd_by_id(__u32 id); +LIBBPF_API int bpf_map_get_fd_by_id_opts(__u32 id, + const struct bpf_get_fd_opts *opts); LIBBPF_API int bpf_map_get_fd_by_id(__u32 id); LIBBPF_API int bpf_btf_get_fd_by_id(__u32 id); LIBBPF_API int bpf_link_get_fd_by_id(__u32 id); diff --git a/tools/lib/bpf/libbpf.map b/tools/lib/bpf/libbpf.map index ab818612a585..83dc18b5e5cf 100644 --- a/tools/lib/bpf/libbpf.map +++ b/tools/lib/bpf/libbpf.map @@ -365,4 +365,5 @@ LIBBPF_1.0.0 { libbpf_bpf_prog_type_str; perf_buffer__buffer; bpf_prog_get_fd_by_id_opts; + bpf_map_get_fd_by_id_opts; };
Introduce bpf_map_get_fd_by_id_opts(), to let the caller pass a bpf_get_fd_opts structure with flags set to the permissions necessary to perform the operations on the obtained file descriptor. Don't check FEAT_GET_FD_BY_ID_OPEN_FLAGS, as current kernels already take open_flags as last bpf_attr field for this request. Keep the existing bpf_map_get_fd_by_id(), and call bpf_map_get_fd_by_id_opts() with NULL as opts argument, to request read-write permissions. Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> --- tools/lib/bpf/bpf.c | 12 +++++++++++- tools/lib/bpf/bpf.h | 2 ++ tools/lib/bpf/libbpf.map | 1 + 3 files changed, 14 insertions(+), 1 deletion(-)