| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <dbc46a1a-9363-4ef7-ae70-d02fca6ecd37@linux.dev>
Date: Wed, 23 Jul 2025 00:10:55 +0800
From: Tao Chen <chen.dylane@...ux.dev>
To: Quentin Monnet <qmo@...nel.org>, ast@...nel.org, daniel@...earbox.net,
andrii@...nel.org, martin.lau@...ux.dev, eddyz87@...il.com, song@...nel.org,
yonghong.song@...ux.dev, john.fastabend@...il.com, kpsingh@...nel.org,
sdf@...ichev.me, haoluo@...gle.com, jolsa@...nel.org, davem@...emloft.net,
kuba@...nel.org, hawk@...nel.org
Cc: linux-kernel@...r.kernel.org, bpf@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: [PATCH bpf-next v2 1/3] bpftool: Add bpf_token show
在 2025/7/22 23:01, Quentin Monnet 写道:
> 2025-07-22 19:58 UTC+0800 ~ Tao Chen <chen.dylane@...ux.dev>
>> Add `bpftool token show` command to get token info
>> from bpffs in /proc/mounts.
>>
>> Example plain output for `token show`:
>> token_info /sys/fs/bpf/token
>> allowed_cmds:
>> map_create prog_load
>> allowed_maps:
>> allowed_progs:
>> kprobe
>> allowed_attachs:
>> xdp
>> token_info /sys/fs/bpf/token2
>> allowed_cmds:
>> map_create prog_load
>> allowed_maps:
>> allowed_progs:
>> kprobe
>> allowed_attachs:
>> xdp
>>
>> Example json output for `token show`:
>> [{
>> "token_info": "/sys/fs/bpf/token",
>> "allowed_cmds": ["map_create", "prog_load"],
>> "allowed_maps": [],
>> "allowed_progs": ["kprobe"],
>> "allowed_attachs": ["xdp"]
>> }, {
>> "token_info": "/sys/fs/bpf/token2",
>> "allowed_cmds": ["map_create", "prog_load"],
>> "allowed_maps": [],
>> "allowed_progs": ["kprobe"],
>> "allowed_attachs": ["xdp"]
>> }]
>>
>> Signed-off-by: Tao Chen <chen.dylane@...ux.dev>
>> ---
>
>> diff --git a/tools/bpf/bpftool/token.c b/tools/bpf/bpftool/token.c
>> new file mode 100644
>> index 00000000000..f72a116f9c6
>> --- /dev/null
>> +++ b/tools/bpf/bpftool/token.c
>
>> +static int show_token_info(void)
>> +{
>> + FILE *fp;
>> + struct mntent *ent;
>> + bool hit = false;
>> +
>> + fp = setmntent(MOUNTS_FILE, "r");
>> + if (!fp) {
>> + p_err("Failed to open: %s", MOUNTS_FILE);
>> + return -1;
>> + }
>> +
>> + if (json_output)
>> + jsonw_start_array(json_wtr);
>> +
>> + while ((ent = getmntent(fp)) != NULL) {
>> + if (strncmp(ent->mnt_type, "bpf", 3) == 0) {
>> + if (has_delegate_options(ent->mnt_opts)) {
>> + __show_token_info(ent);
>> + hit = true;
>> + }
>> + }
>> + }
>> +
>> + if (json_output)
>> + jsonw_end_array(json_wtr);
>> +
>> + if (!hit)
>> + p_info("Token info not found");
>
> Woops I take this one back. It made sense to have a p_info() message in
> your v1 because you were only looking at one bpffs mount point, but now
> we list all the ones we find, we should remove this message and silently
> ignore mount points without token info (and I think we can remove the
> "hit" variable entirely). Sorry! :)
>
It‘s okay, i will remove it in v3, thanks anyway.
> The rest of this patch looks good to me, thank you
>
> Quentin
--
Best Regards
Tao Chen
Powered by blists - more mailing lists