| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4dcd2d25-5955-4364-9b6a-42d66dee0a6b@kernel.org>
Date: Tue, 22 Jul 2025 16:01:18 +0100
From: Quentin Monnet <qmo@...nel.org>
To: Tao Chen <chen.dylane@...ux.dev>, ast@...nel.org, daniel@...earbox.net,
andrii@...nel.org, martin.lau@...ux.dev, eddyz87@...il.com, song@...nel.org,
yonghong.song@...ux.dev, john.fastabend@...il.com, kpsingh@...nel.org,
sdf@...ichev.me, haoluo@...gle.com, jolsa@...nel.org, davem@...emloft.net,
kuba@...nel.org, hawk@...nel.org
Cc: linux-kernel@...r.kernel.org, bpf@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: [PATCH bpf-next v2 1/3] bpftool: Add bpf_token show
2025-07-22 19:58 UTC+0800 ~ Tao Chen <chen.dylane@...ux.dev>
> Add `bpftool token show` command to get token info
> from bpffs in /proc/mounts.
>
> Example plain output for `token show`:
> token_info /sys/fs/bpf/token
> allowed_cmds:
> map_create prog_load
> allowed_maps:
> allowed_progs:
> kprobe
> allowed_attachs:
> xdp
> token_info /sys/fs/bpf/token2
> allowed_cmds:
> map_create prog_load
> allowed_maps:
> allowed_progs:
> kprobe
> allowed_attachs:
> xdp
>
> Example json output for `token show`:
> [{
> "token_info": "/sys/fs/bpf/token",
> "allowed_cmds": ["map_create", "prog_load"],
> "allowed_maps": [],
> "allowed_progs": ["kprobe"],
> "allowed_attachs": ["xdp"]
> }, {
> "token_info": "/sys/fs/bpf/token2",
> "allowed_cmds": ["map_create", "prog_load"],
> "allowed_maps": [],
> "allowed_progs": ["kprobe"],
> "allowed_attachs": ["xdp"]
> }]
>
> Signed-off-by: Tao Chen <chen.dylane@...ux.dev>
> ---
> diff --git a/tools/bpf/bpftool/token.c b/tools/bpf/bpftool/token.c
> new file mode 100644
> index 00000000000..f72a116f9c6
> --- /dev/null
> +++ b/tools/bpf/bpftool/token.c
> +static int show_token_info(void)
> +{
> + FILE *fp;
> + struct mntent *ent;
> + bool hit = false;
> +
> + fp = setmntent(MOUNTS_FILE, "r");
> + if (!fp) {
> + p_err("Failed to open: %s", MOUNTS_FILE);
> + return -1;
> + }
> +
> + if (json_output)
> + jsonw_start_array(json_wtr);
> +
> + while ((ent = getmntent(fp)) != NULL) {
> + if (strncmp(ent->mnt_type, "bpf", 3) == 0) {
> + if (has_delegate_options(ent->mnt_opts)) {
> + __show_token_info(ent);
> + hit = true;
> + }
> + }
> + }
> +
> + if (json_output)
> + jsonw_end_array(json_wtr);
> +
> + if (!hit)
> + p_info("Token info not found");
Woops I take this one back. It made sense to have a p_info() message in
your v1 because you were only looking at one bpffs mount point, but now
we list all the ones we find, we should remove this message and silently
ignore mount points without token info (and I think we can remove the
"hit" variable entirely). Sorry! :)
The rest of this patch looks good to me, thank you
Quentin
Powered by blists - more mailing lists