lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20190320173332.18105-6-alban@kinvolk.io>
Date:   Wed, 20 Mar 2019 18:33:31 +0100
From:   Alban Crequy <alban.crequy@...il.com>
To:     ast@...nel.org, daniel@...earbox.net
Cc:     netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
        alban@...volk.io, iago@...volk.io,
        Quentin Monnet <quentin.monnet@...ronome.com>
Subject: [PATCH bpf-next v1 6/7] tools: bpftool: fix bpffs mount when pinning subdirectories

From: Alban Crequy <alban@...volk.io>

When trying to pin at a path such as /sys/fs/bpf/subdir/mymap while the
bpffs is mounted at the standard path and the "subdir" directory didn't
exist, bpftool was failing and attempting to mount the bpffs on
/sys/fs/bpf/subdir/. The mount obviously failed, since "subdir" didn't
exist.

Commit 3fc27b71b894 ("tools: bpftool: try to mount bpffs if required for
pinning objects") says:

    The code for mnt_bpffs() is a copy of function bpf_mnt_fs() from
    iproute2 package (under lib/bpf.c, taken at commit 4b73d52f8a81), with
    modifications regarding handling of error messages.

However, the function bpf_mnt_fs() from iproute2 only works when its
parameter is the root of the bpffs (e.g. "/sys/fs/bfs").

iproute2/tc actually only mounts at the standard path "/sys/fs/bfs" or
at the path from the environment variable $TC_BPF_MNT. This patch
implements a similar strategy but uses the environment variable name
$BPFTOOL_BPF_MNT.

This patch still will not do the mkdir automatically. But at least,
there will be no error message about the mount.

Fixes: 3fc27b71b894 ("tools: bpftool: try to mount bpffs if required for pinning objects")
Cc: Quentin Monnet <quentin.monnet@...ronome.com>
Signed-off-by: Alban Crequy <alban@...volk.io>
---
 tools/bpf/bpftool/common.c | 20 ++++++++++++++++----
 tools/bpf/bpftool/main.h   |  6 ++++++
 2 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/tools/bpf/bpftool/common.c b/tools/bpf/bpftool/common.c
index e560cd8f66bc..4783cbbe8037 100644
--- a/tools/bpf/bpftool/common.c
+++ b/tools/bpf/bpftool/common.c
@@ -168,6 +168,8 @@ int mount_bpffs_for_pin(const char *name)
 	char *file;
 	char *dir;
 	int err = 0;
+	const char *mnt_env = getenv(BPF_DIR_MNT_ENV);
+	static const char *mnt;
 
 	file = malloc(strlen(name) + 1);
 	strcpy(file, name);
@@ -183,13 +185,23 @@ int mount_bpffs_for_pin(const char *name)
 		goto out_free;
 	}
 
-	err = mnt_fs(dir, "bpf", err_str, ERR_MAX_LEN);
+	mnt = mnt_env ? : BPF_DIR_MNT;
+
+	// Don't try to mount if wrong prefix: we don't want a leftover mount that is
+	// not going to help.
+	if (!is_prefix(mnt, dir)) {
+		p_err("refuse to mount BPF file system (%s) to pin the object (%s): wrong directory",
+		      mnt, name);
+		err = -1;
+		goto out_free;
+	}
+
+	err = mnt_fs(mnt, "bpf", err_str, ERR_MAX_LEN);
 	if (err) {
 		err_str[ERR_MAX_LEN - 1] = '\0';
-		p_err("can't mount BPF file system to pin the object (%s): %s",
-		      name, err_str);
+		p_err("can't mount BPF file system (%s) to pin the object (%s): %s",
+		      mnt, name, err_str);
 	}
-
 out_free:
 	free(file);
 	return err;
diff --git a/tools/bpf/bpftool/main.h b/tools/bpf/bpftool/main.h
index 7fc2973446d0..a2e28e600b72 100644
--- a/tools/bpf/bpftool/main.h
+++ b/tools/bpf/bpftool/main.h
@@ -18,6 +18,12 @@
 
 #define ptr_to_u64(ptr)	((__u64)(unsigned long)(ptr))
 
+/* If bpffs is not mounted, it can be automatically mounted at this location.
+ * The location can be changed with the environment variable $BPFTOOL_BPF_MNT.
+ */
+#define BPF_DIR_MNT	"/sys/fs/bpf"
+#define BPF_DIR_MNT_ENV	"BPFTOOL_BPF_MNT"
+
 #define NEXT_ARG()	({ argc--; argv++; if (argc < 0) usage(); })
 #define NEXT_ARGP()	({ (*argc)--; (*argv)++; if (*argc < 0) usage(); })
 #define BAD_ARG()	({ p_err("what is '%s'?", *argv); -1; })
-- 
2.20.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ