| Message ID | 20220602143748.673971-2-roberto.sassu@huawei.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | bpf: Per-operation map permissions | expand |
On Thu, Jun 2, 2022 at 7:38 AM Roberto Sassu <roberto.sassu@huawei.com> wrote: > > Introduce bpf_map_get_fd_by_id_flags(), to let a caller specify the open > flags needed for the operation. This could make an operation succeed, if > access to a map is restricted (i.e. it allows only certain operations). > > Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> > --- > tools/lib/bpf/bpf.c | 8 +++++++- > tools/lib/bpf/bpf.h | 1 + > tools/lib/bpf/libbpf.map | 1 + > 3 files changed, 9 insertions(+), 1 deletion(-) > > diff --git a/tools/lib/bpf/bpf.c b/tools/lib/bpf/bpf.c > index 240186aac8e6..33bac2006043 100644 > --- a/tools/lib/bpf/bpf.c > +++ b/tools/lib/bpf/bpf.c > @@ -1047,18 +1047,24 @@ int bpf_prog_get_fd_by_id(__u32 id) > return libbpf_err_errno(fd); > } > > -int bpf_map_get_fd_by_id(__u32 id) > +int bpf_map_get_fd_by_id_flags(__u32 id, __u32 flags) let's go the OPTS route instead so that we don't have to add any more new variants? We can probably use common bpf_get_fd_by_id_opts for map/prog/link/btf get_fd_by_id operations (and let's add all variants for consistency)? > { > union bpf_attr attr; > int fd; > > memset(&attr, 0, sizeof(attr)); > attr.map_id = id; > + attr.open_flags = flags; > > fd = sys_bpf_fd(BPF_MAP_GET_FD_BY_ID, &attr, sizeof(attr)); > return libbpf_err_errno(fd); > } > > +int bpf_map_get_fd_by_id(__u32 id) > +{ > + return bpf_map_get_fd_by_id_flags(id, 0); > +} > + > int bpf_btf_get_fd_by_id(__u32 id) > { > union bpf_attr attr; > diff --git a/tools/lib/bpf/bpf.h b/tools/lib/bpf/bpf.h > index cabc03703e29..20e4c852362d 100644 > --- a/tools/lib/bpf/bpf.h > +++ b/tools/lib/bpf/bpf.h > @@ -438,6 +438,7 @@ LIBBPF_API int bpf_map_get_next_id(__u32 start_id, __u32 *next_id); > LIBBPF_API int bpf_btf_get_next_id(__u32 start_id, __u32 *next_id); > LIBBPF_API int bpf_link_get_next_id(__u32 start_id, __u32 *next_id); > LIBBPF_API int bpf_prog_get_fd_by_id(__u32 id); > +LIBBPF_API int bpf_map_get_fd_by_id_flags(__u32 id, __u32 flags); > LIBBPF_API int bpf_map_get_fd_by_id(__u32 id); > LIBBPF_API int bpf_btf_get_fd_by_id(__u32 id); > LIBBPF_API int bpf_link_get_fd_by_id(__u32 id); > diff --git a/tools/lib/bpf/libbpf.map b/tools/lib/bpf/libbpf.map > index 38e284ff057d..019278e66836 100644 > --- a/tools/lib/bpf/libbpf.map > +++ b/tools/lib/bpf/libbpf.map > @@ -466,6 +466,7 @@ LIBBPF_1.0.0 { > libbpf_bpf_link_type_str; > libbpf_bpf_map_type_str; > libbpf_bpf_prog_type_str; > + bpf_map_get_fd_by_id_flags; > > local: *; > }; > -- > 2.25.1 >
diff --git a/tools/lib/bpf/bpf.c b/tools/lib/bpf/bpf.c index 240186aac8e6..33bac2006043 100644 --- a/tools/lib/bpf/bpf.c +++ b/tools/lib/bpf/bpf.c @@ -1047,18 +1047,24 @@ int bpf_prog_get_fd_by_id(__u32 id) return libbpf_err_errno(fd); } -int bpf_map_get_fd_by_id(__u32 id) +int bpf_map_get_fd_by_id_flags(__u32 id, __u32 flags) { union bpf_attr attr; int fd; memset(&attr, 0, sizeof(attr)); attr.map_id = id; + attr.open_flags = flags; fd = sys_bpf_fd(BPF_MAP_GET_FD_BY_ID, &attr, sizeof(attr)); return libbpf_err_errno(fd); } +int bpf_map_get_fd_by_id(__u32 id) +{ + return bpf_map_get_fd_by_id_flags(id, 0); +} + int bpf_btf_get_fd_by_id(__u32 id) { union bpf_attr attr; diff --git a/tools/lib/bpf/bpf.h b/tools/lib/bpf/bpf.h index cabc03703e29..20e4c852362d 100644 --- a/tools/lib/bpf/bpf.h +++ b/tools/lib/bpf/bpf.h @@ -438,6 +438,7 @@ LIBBPF_API int bpf_map_get_next_id(__u32 start_id, __u32 *next_id); LIBBPF_API int bpf_btf_get_next_id(__u32 start_id, __u32 *next_id); LIBBPF_API int bpf_link_get_next_id(__u32 start_id, __u32 *next_id); LIBBPF_API int bpf_prog_get_fd_by_id(__u32 id); +LIBBPF_API int bpf_map_get_fd_by_id_flags(__u32 id, __u32 flags); LIBBPF_API int bpf_map_get_fd_by_id(__u32 id); LIBBPF_API int bpf_btf_get_fd_by_id(__u32 id); LIBBPF_API int bpf_link_get_fd_by_id(__u32 id); diff --git a/tools/lib/bpf/libbpf.map b/tools/lib/bpf/libbpf.map index 38e284ff057d..019278e66836 100644 --- a/tools/lib/bpf/libbpf.map +++ b/tools/lib/bpf/libbpf.map @@ -466,6 +466,7 @@ LIBBPF_1.0.0 { libbpf_bpf_link_type_str; libbpf_bpf_map_type_str; libbpf_bpf_prog_type_str; + bpf_map_get_fd_by_id_flags; local: *; };
Introduce bpf_map_get_fd_by_id_flags(), to let a caller specify the open flags needed for the operation. This could make an operation succeed, if access to a map is restricted (i.e. it allows only certain operations). Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> --- tools/lib/bpf/bpf.c | 8 +++++++- tools/lib/bpf/bpf.h | 1 + tools/lib/bpf/libbpf.map | 1 + 3 files changed, 9 insertions(+), 1 deletion(-)