lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <c7c16253-eff3-4d34-80c3-884790ecfdb4@linux.dev>
Date: Tue, 24 Sep 2024 15:40:53 -0700
From: Martin KaFai Lau <martin.lau@...ux.dev>
To: Lin Yikai <yikai.lin@...o.com>
Cc: bpf@...r.kernel.org, opensource.kernel@...o.com,
 Andrii Nakryiko <andrii@...nel.org>, Eduard Zingerman <eddyz87@...il.com>,
 Mykola Lysenko <mykolal@...com>, Alexei Starovoitov <ast@...nel.org>,
 Daniel Borkmann <daniel@...earbox.net>, Song Liu <song@...nel.org>,
 Yonghong Song <yonghong.song@...ux.dev>,
 John Fastabend <john.fastabend@...il.com>, KP Singh <kpsingh@...nel.org>,
 Stanislav Fomichev <sdf@...ichev.me>, Hao Luo <haoluo@...gle.com>,
 Jiri Olsa <jolsa@...nel.org>, Shuah Khan <shuah@...nel.org>,
 Nathan Chancellor <nathan@...nel.org>,
 Nick Desaulniers <ndesaulniers@...gle.com>, Bill Wendling
 <morbo@...gle.com>, Justin Stitt <justinstitt@...gle.com>,
 linux-kselftest@...r.kernel.org, linux-kernel@...r.kernel.org,
 llvm@...ts.linux.dev
Subject: Re: [PATCH bpf-next v1] selftests/bpf:Enhance bpf ability to detect
 ksym read error by libcap

On 9/14/24 11:24 AM, Lin Yikai wrote:
> diff --git a/tools/testing/selftests/bpf/Makefile b/tools/testing/selftests/bpf/Makefile
> index 04716a5e43f1..369c5ad8fc4a 100644
> --- a/tools/testing/selftests/bpf/Makefile
> +++ b/tools/testing/selftests/bpf/Makefile
> @@ -183,7 +183,7 @@ NON_CHECK_FEAT_TARGETS := clean docs-clean
>   CHECK_FEAT := $(filter-out $(NON_CHECK_FEAT_TARGETS),$(or $(MAKECMDGOALS), "none"))
>   ifneq ($(CHECK_FEAT),)
>   FEATURE_USER := .selftests
> -FEATURE_TESTS := llvm
> +FEATURE_TESTS := llvm libcap
>   FEATURE_DISPLAY := $(FEATURE_TESTS)
>   
>   # Makefile.feature expects OUTPUT to end with a slash
> @@ -208,6 +208,11 @@ ifeq ($(feature-llvm),1)
>     LLVM_LDFLAGS += $(shell $(LLVM_CONFIG) --ldflags)
>   endif
>   
> +ifeq ($(feature-libcap), 1)
> +  CFLAGS += -DHAVE_LIBCAP_SUPPORT
> +  LDLIBS += -lcap
> +endif
> +

[ ... ]

> @@ -31,6 +35,55 @@ struct ksyms {
>   static struct ksyms *ksyms;
>   static pthread_mutex_t ksyms_mutex = PTHREAD_MUTEX_INITIALIZER;
>   
> +#ifdef HAVE_LIBCAP_SUPPORT
> +#include <sys/capability.h>
> +static bool bpf_cap__capable(cap_value_t cap)
> +{
> +	cap_flag_value_t val;
> +	cap_t caps = cap_get_proc();
> +
> +	if (!caps)
> +		return false;
> +
> +	if (cap_get_flag(caps, cap, CAP_EFFECTIVE, &val) != 0)

Instead of adding new dependency on libcap, please check if capget() can 
directly be used. Take a look at tools/testing/selftests/bpf/cap_helpers.c.

pw-bot: cr

> +		val = CAP_CLEAR;
> +
> +	if (cap_free(caps) != 0)
> +		return false;
> +
> +	return val == CAP_SET;
> +}

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ