lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4dcd2d25-5955-4364-9b6a-42d66dee0a6b@kernel.org>
Date: Tue, 22 Jul 2025 16:01:18 +0100
From: Quentin Monnet <qmo@...nel.org>
To: Tao Chen <chen.dylane@...ux.dev>, ast@...nel.org, daniel@...earbox.net,
 andrii@...nel.org, martin.lau@...ux.dev, eddyz87@...il.com, song@...nel.org,
 yonghong.song@...ux.dev, john.fastabend@...il.com, kpsingh@...nel.org,
 sdf@...ichev.me, haoluo@...gle.com, jolsa@...nel.org, davem@...emloft.net,
 kuba@...nel.org, hawk@...nel.org
Cc: linux-kernel@...r.kernel.org, bpf@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: [PATCH bpf-next v2 1/3] bpftool: Add bpf_token show

2025-07-22 19:58 UTC+0800 ~ Tao Chen <chen.dylane@...ux.dev>
> Add `bpftool token show` command to get token info
> from bpffs in /proc/mounts.
> 
> Example plain output for `token show`:
> token_info  /sys/fs/bpf/token
> 	allowed_cmds:
> 	  map_create          prog_load
> 	allowed_maps:
> 	allowed_progs:
> 	  kprobe
> 	allowed_attachs:
> 	  xdp
> token_info  /sys/fs/bpf/token2
> 	allowed_cmds:
> 	  map_create          prog_load
> 	allowed_maps:
> 	allowed_progs:
> 	  kprobe
> 	allowed_attachs:
> 	  xdp
> 
> Example json output for `token show`:
> [{
> 	"token_info": "/sys/fs/bpf/token",
> 	"allowed_cmds": ["map_create", "prog_load"],
> 	"allowed_maps": [],
> 	"allowed_progs": ["kprobe"],
> 	"allowed_attachs": ["xdp"]
> }, {
> 	"token_info": "/sys/fs/bpf/token2",
> 	"allowed_cmds": ["map_create", "prog_load"],
> 	"allowed_maps": [],
> 	"allowed_progs": ["kprobe"],
> 	"allowed_attachs": ["xdp"]
> }]
> 
> Signed-off-by: Tao Chen <chen.dylane@...ux.dev>
> ---

> diff --git a/tools/bpf/bpftool/token.c b/tools/bpf/bpftool/token.c
> new file mode 100644
> index 00000000000..f72a116f9c6
> --- /dev/null
> +++ b/tools/bpf/bpftool/token.c

> +static int show_token_info(void)
> +{
> +	FILE *fp;
> +	struct mntent *ent;
> +	bool hit = false;
> +
> +	fp = setmntent(MOUNTS_FILE, "r");
> +	if (!fp) {
> +		p_err("Failed to open: %s", MOUNTS_FILE);
> +		return -1;
> +	}
> +
> +	if (json_output)
> +		jsonw_start_array(json_wtr);
> +
> +	while ((ent = getmntent(fp)) != NULL) {
> +		if (strncmp(ent->mnt_type, "bpf", 3) == 0) {
> +			if (has_delegate_options(ent->mnt_opts)) {
> +				__show_token_info(ent);
> +				hit = true;
> +			}
> +		}
> +	}
> +
> +	if (json_output)
> +		jsonw_end_array(json_wtr);
> +
> +	if (!hit)
> +		p_info("Token info not found");

Woops I take this one back. It made sense to have a p_info() message in
your v1 because you were only looking at one bpffs mount point, but now
we list all the ones we find, we should remove this message and silently
ignore mount points without token info (and I think we can remove the
"hit" variable entirely). Sorry! :)

The rest of this patch looks good to me, thank you

Quentin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ