lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Fri, 26 May 2023 11:09:21 -0400
From: Max Tottenham <mtottenh@...mai.com>
To: <netdev@...r.kernel.org>
CC: <stephen@...workplumber.org>, <johunt@...mai.com>,
        Max Tottenham
	<mtottenh@...mai.com>
Subject: [RFC PATCH v2 iproute2 1/1] tc/f_bpf.c: Add ability to specify eBPF map pin path

Allow users of TCs eBPF classifier to specify a path for pinning eBPF
maps via the use of the 'pin_path' argument. For example:

tc -filter add dev ens3 ingress bpf object-file ./bpf_shared.o section \
  ingress pin_path /sys/fs/bpf/my_prog verbose da

Will create/pin any maps under /sys/fs/bpf/my_prog/..., or reuse
existing maps there if present.

Signed-off-by: Max Tottenham <mtottenh@...mai.com>
---
 include/bpf_util.h |  1 +
 lib/bpf_legacy.c   | 11 +++++++++--
 lib/bpf_libbpf.c   | 14 +++++++-------
 man/man8/tc-bpf.8  |  8 ++++++++
 tc/f_bpf.c         |  4 +++-
 5 files changed, 28 insertions(+), 10 deletions(-)

diff --git a/include/bpf_util.h b/include/bpf_util.h
index 6a5f8ec6..e7ad643b 100644
--- a/include/bpf_util.h
+++ b/include/bpf_util.h
@@ -70,6 +70,7 @@ struct bpf_cfg_in {
 	const char *section;
 	const char *prog_name;
 	const char *uds;
+	const char *pin_path;
 	enum bpf_prog_type type;
 	enum bpf_mode mode;
 	__u32 ifindex;
diff --git a/lib/bpf_legacy.c b/lib/bpf_legacy.c
index 8ac64235..18b2760c 100644
--- a/lib/bpf_legacy.c
+++ b/lib/bpf_legacy.c
@@ -827,7 +827,7 @@ static int bpf_obj_pinned(const char *pathname, enum bpf_prog_type type)
 
 static int bpf_do_parse(struct bpf_cfg_in *cfg, const bool *opt_tbl)
 {
-	const char *file, *section, *uds_name, *prog_name;
+	const char *file, *section, *uds_name, *prog_name, *pin_path;
 	bool verbose = false;
 	int i, ret, argc;
 	char **argv;
@@ -858,7 +858,7 @@ static int bpf_do_parse(struct bpf_cfg_in *cfg, const bool *opt_tbl)
 	}
 
 	NEXT_ARG();
-	file = section = uds_name = prog_name = NULL;
+	file = section = uds_name = prog_name = pin_path = NULL;
 	if (cfg->mode == EBPF_OBJECT || cfg->mode == EBPF_PINNED) {
 		file = *argv;
 		NEXT_ARG_FWD();
@@ -901,6 +901,12 @@ static int bpf_do_parse(struct bpf_cfg_in *cfg, const bool *opt_tbl)
 			NEXT_ARG_FWD();
 		}
 
+		if (argc > 0 && strcmp(*argv, "pin_path") == 0) {
+			NEXT_ARG();
+			pin_path = *argv;
+			NEXT_ARG_FWD();
+		}
+
 		if (__bpf_prog_meta[cfg->type].may_uds_export) {
 			uds_name = getenv(BPF_ENV_UDS);
 			if (argc > 0 && !uds_name &&
@@ -939,6 +945,7 @@ static int bpf_do_parse(struct bpf_cfg_in *cfg, const bool *opt_tbl)
 	cfg->argv    = argv;
 	cfg->verbose = verbose;
 	cfg->prog_name = prog_name;
+	cfg->pin_path = pin_path;
 
 	return ret;
 }
diff --git a/lib/bpf_libbpf.c b/lib/bpf_libbpf.c
index e1c211a1..9cfd4561 100644
--- a/lib/bpf_libbpf.c
+++ b/lib/bpf_libbpf.c
@@ -226,7 +226,6 @@ static int handle_legacy_maps(struct bpf_object *obj)
 
 	bpf_object__for_each_map(map, obj) {
 		map_name = bpf_map__name(map);
-
 		ret = handle_legacy_map_in_map(obj, map, map_name);
 		if (ret)
 			return ret;
@@ -277,16 +276,17 @@ static int load_bpf_object(struct bpf_cfg_in *cfg)
 	char root_path[PATH_MAX];
 	struct bpf_map *map;
 	int prog_fd, ret = 0;
-
-	ret = iproute2_get_root_path(root_path, PATH_MAX);
-	if (ret)
-		return ret;
-
+	if (cfg->pin_path) {
+		strncpy(root_path , cfg->pin_path, PATH_MAX-1);
+	} else {
+		ret = iproute2_get_root_path(root_path, PATH_MAX);
+		if (ret)
+			return ret;
+	}
 	DECLARE_LIBBPF_OPTS(bpf_object_open_opts, open_opts,
 			.relaxed_maps = true,
 			.pin_root_path = root_path,
 	);
-
 	obj = bpf_object__open_file(cfg->object, &open_opts);
 	if (libbpf_get_error(obj)) {
 		fprintf(stderr, "ERROR: opening BPF object file failed\n");
diff --git a/man/man8/tc-bpf.8 b/man/man8/tc-bpf.8
index 01230ce6..df2e87e6 100644
--- a/man/man8/tc-bpf.8
+++ b/man/man8/tc-bpf.8
@@ -22,6 +22,8 @@ UDS_FILE ] [
 |
 .B skip_sw
 ] [
+.B pin_path
+PATH ] [
 .B police
 POLICE_SPEC ] [
 .B action
@@ -189,6 +191,12 @@ forces the offload and disables running the eBPF program in the kernel.
 If hardware offload is not possible and this flag was set kernel will
 report an error and filter will not be installed at all.
 
+.SS pin_path
+points to a path under bpffs. On loading an eBPF object file, if the file
+contains a section named "maps" with eBPF map specifications, this path will be
+checked for existing pinned maps with matching names. If existing maps are
+found, they will be reused.
+
 .SS police
 is an optional parameter for an eBPF/cBPF classifier that specifies a
 police in
diff --git a/tc/f_bpf.c b/tc/f_bpf.c
index a6d4875f..9f121b00 100644
--- a/tc/f_bpf.c
+++ b/tc/f_bpf.c
@@ -28,7 +28,7 @@ static void explain(void)
 		"\n"
 		"eBPF use case:\n"
 		" object-file FILE [ section CLS_NAME ] [ export UDS_FILE ]"
-		" [ verbose ] [ direct-action ] [ skip_hw | skip_sw ]\n"
+		" [ verbose ] [ direct-action ] [ skip_hw | skip_sw ] [ pin_path PATH ]\n"
 		" object-pinned FILE [ direct-action ] [ skip_hw | skip_sw ]\n"
 		"\n"
 		"Common remaining options:\n"
@@ -48,6 +48,8 @@ static void explain(void)
 		"Where UDS_FILE points to a unix domain socket file in order\n"
 		"to hand off control of all created eBPF maps to an agent.\n"
 		"\n"
+		"Where PATH points to a path under bpffs where all eBPF maps will be pinned.\n"
+		"\n"
 		"ACTION_SPEC := ... look at individual actions\n"
 		"NOTE: CLASSID is parsed as hexadecimal input.\n",
 		bpf_prog_to_default_section(bpf_type));
-- 
2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ