| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <70B42C4B-9730-4A09-BAB3-1F98D0EC93C7@fb.com>
Date: Tue, 16 Apr 2019 20:38:01 +0000
From: Song Liu <songliubraving@...com>
To: Andrey Ignatov <rdna@...com>
CC: Networking <netdev@...r.kernel.org>,
Alexei Starovoitov <ast@...nel.org>,
"daniel@...earbox.net" <daniel@...earbox.net>,
Kernel Team <Kernel-team@...com>
Subject: Re: [PATCH bpf-next] bpftool: Support sysctl hook
> On Apr 16, 2019, at 1:13 PM, Andrey Ignatov <rdna@...com> wrote:
>
> Add support for recently added BPF_PROG_TYPE_CGROUP_SYSCTL program type
> and BPF_CGROUP_SYSCTL attach type.
>
> Example of bpftool output with sysctl program from selftests:
>
> # bpftool p load ./test_sysctl_prog.o /mnt/bpf/sysctl_prog type cgroup/sysctl
> # bpftool p l
> 9: cgroup_sysctl name sysctl_tcp_mem tag 0dd05f81a8d0d52e gpl
> loaded_at 2019-04-16T12:57:27-0700 uid 0
> xlated 1008B jited 623B memlock 4096B
> # bpftool c a /mnt/cgroup2/bla sysctl id 9
> # bpftool c t
> CgroupPath
> ID AttachType AttachFlags Name
> /mnt/cgroup2/bla
> 9 sysctl sysctl_tcp_mem
> # bpftool c d /mnt/cgroup2/bla sysctl id 9
> # bpftool c t
> CgroupPath
> ID AttachType AttachFlags Name
>
> Signed-off-by: Andrey Ignatov <rdna@...com>
Acked-by: Song Liu <songliubraving@...com>
> ---
> tools/bpf/bpftool/Documentation/bpftool-cgroup.rst | 5 +++--
> tools/bpf/bpftool/Documentation/bpftool-prog.rst | 3 ++-
> tools/bpf/bpftool/bash-completion/bpftool | 7 ++++---
> tools/bpf/bpftool/cgroup.c | 3 ++-
> tools/bpf/bpftool/main.h | 1 +
> tools/bpf/bpftool/prog.c | 2 +-
> 6 files changed, 13 insertions(+), 8 deletions(-)
>
> diff --git a/tools/bpf/bpftool/Documentation/bpftool-cgroup.rst b/tools/bpf/bpftool/Documentation/bpftool-cgroup.rst
> index 5e3b7d9d7599..89b6b10e2183 100644
> --- a/tools/bpf/bpftool/Documentation/bpftool-cgroup.rst
> +++ b/tools/bpf/bpftool/Documentation/bpftool-cgroup.rst
> @@ -29,7 +29,7 @@ CGROUP COMMANDS
> | *PROG* := { **id** *PROG_ID* | **pinned** *FILE* | **tag** *PROG_TAG* }
> | *ATTACH_TYPE* := { **ingress** | **egress** | **sock_create** | **sock_ops** | **device** |
> | **bind4** | **bind6** | **post_bind4** | **post_bind6** | **connect4** | **connect6** |
> -| **sendmsg4** | **sendmsg6** }
> +| **sendmsg4** | **sendmsg6** | **sysctl** }
> | *ATTACH_FLAGS* := { **multi** | **override** }
>
> DESCRIPTION
> @@ -85,7 +85,8 @@ DESCRIPTION
> **sendmsg4** call to sendto(2), sendmsg(2), sendmmsg(2) for an
> unconnected udp4 socket (since 4.18);
> **sendmsg6** call to sendto(2), sendmsg(2), sendmmsg(2) for an
> - unconnected udp6 socket (since 4.18).
> + unconnected udp6 socket (since 4.18);
> + **sysctl** sysctl access (since 5.2).
>
> **bpftool cgroup detach** *CGROUP* *ATTACH_TYPE* *PROG*
> Detach *PROG* from the cgroup *CGROUP* and attach type
> diff --git a/tools/bpf/bpftool/Documentation/bpftool-prog.rst b/tools/bpf/bpftool/Documentation/bpftool-prog.rst
> index bb9bb00c0c2c..2f183ffd8351 100644
> --- a/tools/bpf/bpftool/Documentation/bpftool-prog.rst
> +++ b/tools/bpf/bpftool/Documentation/bpftool-prog.rst
> @@ -39,7 +39,8 @@ PROG COMMANDS
> | **cgroup/sock** | **cgroup/dev** | **lwt_in** | **lwt_out** | **lwt_xmit** |
> | **lwt_seg6local** | **sockops** | **sk_skb** | **sk_msg** | **lirc_mode2** |
> | **cgroup/bind4** | **cgroup/bind6** | **cgroup/post_bind4** | **cgroup/post_bind6** |
> -| **cgroup/connect4** | **cgroup/connect6** | **cgroup/sendmsg4** | **cgroup/sendmsg6**
> +| **cgroup/connect4** | **cgroup/connect6** | **cgroup/sendmsg4** | **cgroup/sendmsg6** |
> +| **cgroup/sysctl**
> | }
> | *ATTACH_TYPE* := {
> | **msg_verdict** | **stream_verdict** | **stream_parser** | **flow_dissector**
> diff --git a/tools/bpf/bpftool/bash-completion/bpftool b/tools/bpf/bpftool/bash-completion/bpftool
> index b803827d01e8..9f3ffe1e26ab 100644
> --- a/tools/bpf/bpftool/bash-completion/bpftool
> +++ b/tools/bpf/bpftool/bash-completion/bpftool
> @@ -370,7 +370,8 @@ _bpftool()
> lirc_mode2 cgroup/bind4 cgroup/bind6 \
> cgroup/connect4 cgroup/connect6 \
> cgroup/sendmsg4 cgroup/sendmsg6 \
> - cgroup/post_bind4 cgroup/post_bind6" -- \
> + cgroup/post_bind4 cgroup/post_bind6 \
> + cgroup/sysctl" -- \
> "$cur" ) )
> return 0
> ;;
> @@ -619,7 +620,7 @@ _bpftool()
> attach|detach)
> local ATTACH_TYPES='ingress egress sock_create sock_ops \
> device bind4 bind6 post_bind4 post_bind6 connect4 \
> - connect6 sendmsg4 sendmsg6'
> + connect6 sendmsg4 sendmsg6 sysctl'
> local ATTACH_FLAGS='multi override'
> local PROG_TYPE='id pinned tag'
> case $prev in
> @@ -629,7 +630,7 @@ _bpftool()
> ;;
> ingress|egress|sock_create|sock_ops|device|bind4|bind6|\
> post_bind4|post_bind6|connect4|connect6|sendmsg4|\
> - sendmsg6)
> + sendmsg6|sysctl)
> COMPREPLY=( $( compgen -W "$PROG_TYPE" -- \
> "$cur" ) )
> return 0
> diff --git a/tools/bpf/bpftool/cgroup.c b/tools/bpf/bpftool/cgroup.c
> index a81b34343eb8..7e22f115c8c1 100644
> --- a/tools/bpf/bpftool/cgroup.c
> +++ b/tools/bpf/bpftool/cgroup.c
> @@ -25,7 +25,7 @@
> " ATTACH_TYPE := { ingress | egress | sock_create |\n" \
> " sock_ops | device | bind4 | bind6 |\n" \
> " post_bind4 | post_bind6 | connect4 |\n" \
> - " connect6 | sendmsg4 | sendmsg6 }"
> + " connect6 | sendmsg4 | sendmsg6 | sysctl }"
>
> static const char * const attach_type_strings[] = {
> [BPF_CGROUP_INET_INGRESS] = "ingress",
> @@ -41,6 +41,7 @@ static const char * const attach_type_strings[] = {
> [BPF_CGROUP_INET6_POST_BIND] = "post_bind6",
> [BPF_CGROUP_UDP4_SENDMSG] = "sendmsg4",
> [BPF_CGROUP_UDP6_SENDMSG] = "sendmsg6",
> + [BPF_CGROUP_SYSCTL] = "sysctl",
> [__MAX_BPF_ATTACH_TYPE] = NULL,
> };
>
> diff --git a/tools/bpf/bpftool/main.h b/tools/bpf/bpftool/main.h
> index d7dd84d3c660..1ccc46169a19 100644
> --- a/tools/bpf/bpftool/main.h
> +++ b/tools/bpf/bpftool/main.h
> @@ -73,6 +73,7 @@ static const char * const prog_type_name[] = {
> [BPF_PROG_TYPE_LIRC_MODE2] = "lirc_mode2",
> [BPF_PROG_TYPE_SK_REUSEPORT] = "sk_reuseport",
> [BPF_PROG_TYPE_FLOW_DISSECTOR] = "flow_dissector",
> + [BPF_PROG_TYPE_CGROUP_SYSCTL] = "cgroup_sysctl",
> };
>
> extern const char * const map_type_name[];
> diff --git a/tools/bpf/bpftool/prog.c b/tools/bpf/bpftool/prog.c
> index 4b7a307b9fc9..fc495b27f0fc 100644
> --- a/tools/bpf/bpftool/prog.c
> +++ b/tools/bpf/bpftool/prog.c
> @@ -1060,7 +1060,7 @@ static int do_help(int argc, char **argv)
> " tracepoint | raw_tracepoint | xdp | perf_event | cgroup/skb |\n"
> " cgroup/sock | cgroup/dev | lwt_in | lwt_out | lwt_xmit |\n"
> " lwt_seg6local | sockops | sk_skb | sk_msg | lirc_mode2 |\n"
> - " sk_reuseport | flow_dissector |\n"
> + " sk_reuseport | flow_dissector | cgroup/sysctl |\n"
> " cgroup/bind4 | cgroup/bind6 | cgroup/post_bind4 |\n"
> " cgroup/post_bind6 | cgroup/connect4 | cgroup/connect6 |\n"
> " cgroup/sendmsg4 | cgroup/sendmsg6 }\n"
> --
> 2.17.1
>
Powered by blists - more mailing lists