lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <31473ddf364f4f16becfd5cd4b9cd7d2@huawei.com>
Date:   Wed, 20 Jul 2022 22:30:37 +0000
From:   Roberto Sassu <roberto.sassu@...wei.com>
To:     Stanislav Fomichev <sdf@...gle.com>
CC:     Joe Burton <jevburton.kernel@...il.com>,
        Andrii Nakryiko <andrii@...nel.org>,
        Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        Martin KaFai Lau <martin.lau@...ux.dev>,
        Song Liu <song@...nel.org>, Yonghong Song <yhs@...com>,
        John Fastabend <john.fastabend@...il.com>,
        KP Singh <kpsingh@...nel.org>, Hao Luo <haoluo@...gle.com>,
        Jiri Olsa <jolsa@...nel.org>,
        "bpf@...r.kernel.org" <bpf@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        Joe Burton <jevburton@...gle.com>
Subject: RE: [PATCH v2 bpf-next] libbpf: Add bpf_obj_get_opts()

> From: Stanislav Fomichev [mailto:sdf@...gle.com]
> Sent: Wednesday, July 20, 2022 5:57 PM
> On Wed, Jul 20, 2022 at 1:02 AM Roberto Sassu <roberto.sassu@...wei.com>
> wrote:
> >
> > > From: Stanislav Fomichev [mailto:sdf@...gle.com]
> > > Sent: Tuesday, July 19, 2022 10:40 PM
> > > On Tue, Jul 19, 2022 at 12:40 PM Joe Burton <jevburton.kernel@...il.com>
> > > wrote:
> > > >
> > > > From: Joe Burton <jevburton@...gle.com>
> > > >
> > > > Add an extensible variant of bpf_obj_get() capable of setting the
> > > > `file_flags` parameter.
> > > >
> > > > This parameter is needed to enable unprivileged access to BPF maps.
> > > > Without a method like this, users must manually make the syscall.
> > > >
> > > > Signed-off-by: Joe Burton <jevburton@...gle.com>
> > >
> > > Reviewed-by: Stanislav Fomichev <sdf@...gle.com>
> > >
> > > For context:
> > > We've found this out while we were trying to add support for unpriv
> > > processes to open pinned r-x maps.
> > > Maybe this deserves a test as well? Not sure.
> >
> > Hi Stanislav, Joe
> >
> > I noticed now this patch. I'm doing a broader work to add opts
> > to bpf_*_get_fd_by_id(). I also adjusted permissions of bpftool
> > depending on the operation type (e.g. show, dump: BPF_F_RDONLY).
> >
> > Will send it soon (I'm trying to solve an issue with the CI, where
> > libbfd is not available in the VM doing actual tests).
> 
> Is something like this patch included in your series as well? Can you
> use this new interface or do you need something different?

It is very similar. Except that I called it bpf_get_fd_opts, as it
is shared with the bpf_*_get_fd_by_id() functions. The member
name is just flags, plus an extra u32 for alignment.

It needs to be shared, as there are functions in bpftool calling
both. Since the meaning of flags is the same, seems ok sharing.

Roberto

> > Roberto
> >
> > > > ---
> > > >  tools/lib/bpf/bpf.c      | 10 ++++++++++
> > > >  tools/lib/bpf/bpf.h      |  9 +++++++++
> > > >  tools/lib/bpf/libbpf.map |  1 +
> > > >  3 files changed, 20 insertions(+)
> > > >
> > > > diff --git a/tools/lib/bpf/bpf.c b/tools/lib/bpf/bpf.c
> > > > index 5eb0df90eb2b..5acb0e8bd13c 100644
> > > > --- a/tools/lib/bpf/bpf.c
> > > > +++ b/tools/lib/bpf/bpf.c
> > > > @@ -578,12 +578,22 @@ int bpf_obj_pin(int fd, const char *pathname)
> > > >  }
> > > >
> > > >  int bpf_obj_get(const char *pathname)
> > > > +{
> > > > +       LIBBPF_OPTS(bpf_obj_get_opts, opts);
> > > > +       return bpf_obj_get_opts(pathname, &opts);
> > > > +}
> > > > +
> > > > +int bpf_obj_get_opts(const char *pathname, const struct
> bpf_obj_get_opts
> > > *opts)
> > > >  {
> > > >         union bpf_attr attr;
> > > >         int fd;
> > > >
> > > > +       if (!OPTS_VALID(opts, bpf_obj_get_opts))
> > > > +               return libbpf_err(-EINVAL);
> > > > +
> > > >         memset(&attr, 0, sizeof(attr));
> > > >         attr.pathname = ptr_to_u64((void *)pathname);
> > > > +       attr.file_flags = OPTS_GET(opts, file_flags, 0);
> > > >
> > > >         fd = sys_bpf_fd(BPF_OBJ_GET, &attr, sizeof(attr));
> > > >         return libbpf_err_errno(fd);
> > > > diff --git a/tools/lib/bpf/bpf.h b/tools/lib/bpf/bpf.h
> > > > index 88a7cc4bd76f..f31b493b5f9a 100644
> > > > --- a/tools/lib/bpf/bpf.h
> > > > +++ b/tools/lib/bpf/bpf.h
> > > > @@ -270,8 +270,17 @@ LIBBPF_API int bpf_map_update_batch(int fd,
> const
> > > void *keys, const void *values
> > > >                                     __u32 *count,
> > > >                                     const struct bpf_map_batch_opts *opts);
> > > >
> > > > +struct bpf_obj_get_opts {
> > > > +       size_t sz; /* size of this struct for forward/backward compatibility */
> > > > +
> > > > +       __u32 file_flags;
> > > > +};
> > > > +#define bpf_obj_get_opts__last_field file_flags
> > > > +
> > > >  LIBBPF_API int bpf_obj_pin(int fd, const char *pathname);
> > > >  LIBBPF_API int bpf_obj_get(const char *pathname);
> > > > +LIBBPF_API int bpf_obj_get_opts(const char *pathname,
> > > > +                               const struct bpf_obj_get_opts *opts);
> > > >
> > > >  struct bpf_prog_attach_opts {
> > > >         size_t sz; /* size of this struct for forward/backward compatibility */
> > > > diff --git a/tools/lib/bpf/libbpf.map b/tools/lib/bpf/libbpf.map
> > > > index 0625adb9e888..119e6e1ea7f1 100644
> > > > --- a/tools/lib/bpf/libbpf.map
> > > > +++ b/tools/lib/bpf/libbpf.map
> > > > @@ -355,6 +355,7 @@ LIBBPF_0.8.0 {
> > > >
> > > >  LIBBPF_1.0.0 {
> > > >         global:
> > > > +               bpf_obj_get_opts;
> > > >                 bpf_prog_query_opts;
> > > >                 bpf_program__attach_ksyscall;
> > > >                 btf__add_enum64;
> > > > --
> > > > 2.37.0.170.g444d1eabd0-goog
> > > >

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ