lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 30 May 2022 10:45:13 +0200 From: Roberto Sassu <roberto.sassu@...wei.com> To: <ast@...nel.org>, <daniel@...earbox.net>, <andrii@...nel.org>, <kpsingh@...nel.org> CC: <bpf@...r.kernel.org>, <netdev@...r.kernel.org>, <linux-kselftest@...r.kernel.org>, <linux-kernel@...r.kernel.org>, Roberto Sassu <roberto.sassu@...wei.com> Subject: [PATCH 1/2] libbpf: Retry map access with read-only permission Retry map access with read-only permission, if access was denied when all permissions were requested (open_flags is set to zero). Write access might have been denied by the bpf_map security hook. Some operations, such as show and dump, don't need write permissions, so there is a good chance of success with retrying. Prefer this solution to extending the API, as otherwise a new mechanism would need to be implemented to determine the right permissions for an operation. Signed-off-by: Roberto Sassu <roberto.sassu@...wei.com> --- tools/lib/bpf/bpf.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tools/lib/bpf/bpf.c b/tools/lib/bpf/bpf.c index 240186aac8e6..b4eec39021a4 100644 --- a/tools/lib/bpf/bpf.c +++ b/tools/lib/bpf/bpf.c @@ -1056,6 +1056,11 @@ int bpf_map_get_fd_by_id(__u32 id) attr.map_id = id; fd = sys_bpf_fd(BPF_MAP_GET_FD_BY_ID, &attr, sizeof(attr)); + if (fd < 0) { + attr.open_flags = BPF_F_RDONLY; + fd = sys_bpf_fd(BPF_MAP_GET_FD_BY_ID, &attr, sizeof(attr)); + } + return libbpf_err_errno(fd); } -- 2.25.1
Powered by blists - more mailing lists