mbox series

[bpf-next,v6,0/4] Support freplace prog from user namespace

Message ID 20250317174039.161275-1-mykyta.yatsenko5@gmail.com (mailing list archive)
Headers show
Series Support freplace prog from user namespace | expand

Message

Mykyta Yatsenko March 17, 2025, 5:40 p.m. UTC 
From: Mykyta Yatsenko <yatsenko@meta.com>

Freplace programs can't be loaded from user namespace, as
bpf_program__set_attach_target() requires searching for target prog BTF,
which is locked under CAP_SYS_ADMIN.
This patch set enables this use case by:
1. Relaxing capable check in bpf's BPF_BTF_GET_FD_BY_ID, check for CAP_BPF
instead of CAP_SYS_ADMIN, support BPF token in attr argument.
2. Pass BPF token around libbpf from bpf_program__set_attach_target() to
bpf syscall where capable check is.
3. Validate positive/negative scenarios in selftests

This patch set is enabled by the recent libbpf change[1], that
introduced bpf_object__prepare() API. Calling bpf_object__prepare() for
freplace program before bpf_program__set_attach_target() initializes BPF
token, which is then passed to bpf syscall by libbpf.

[1] https://lore.kernel.org/all/20250303135752.158343-1-mykyta.yatsenko5@gmail.com/

Mykyta Yatsenko (4):
  bpf: BPF token support for BPF_BTF_GET_FD_BY_ID
  bpf: return prog btf_id without capable check
  libbpf: pass BPF token from find_prog_btf_id to BPF_BTF_GET_FD_BY_ID
  selftests/bpf: test freplace from user namespace

 include/uapi/linux/bpf.h                      |  1 +
 kernel/bpf/syscall.c                          | 27 +++++-
 tools/include/uapi/linux/bpf.h                |  1 +
 tools/lib/bpf/bpf.c                           |  3 +-
 tools/lib/bpf/bpf.h                           |  3 +-
 tools/lib/bpf/btf.c                           | 15 ++-
 tools/lib/bpf/libbpf.c                        | 10 +-
 tools/lib/bpf/libbpf_internal.h               |  1 +
 .../testing/selftests/bpf/prog_tests/token.c  | 97 ++++++++++++++++++-
 .../selftests/bpf/progs/priv_freplace_prog.c  | 13 +++
 tools/testing/selftests/bpf/progs/priv_prog.c |  6 +-
 11 files changed, 160 insertions(+), 17 deletions(-)
 create mode 100644 tools/testing/selftests/bpf/progs/priv_freplace_prog.c

Comments

patchwork-bot+netdevbpf@kernel.org March 17, 2025, 8:50 p.m. UTC | #1 
Hello:

This series was applied to bpf/bpf-next.git (master)
by Andrii Nakryiko <andrii@kernel.org>:

On Mon, 17 Mar 2025 17:40:35 +0000 you wrote:
> From: Mykyta Yatsenko <yatsenko@meta.com>
> 
> Freplace programs can't be loaded from user namespace, as
> bpf_program__set_attach_target() requires searching for target prog BTF,
> which is locked under CAP_SYS_ADMIN.
> This patch set enables this use case by:
> 1. Relaxing capable check in bpf's BPF_BTF_GET_FD_BY_ID, check for CAP_BPF
> instead of CAP_SYS_ADMIN, support BPF token in attr argument.
> 2. Pass BPF token around libbpf from bpf_program__set_attach_target() to
> bpf syscall where capable check is.
> 3. Validate positive/negative scenarios in selftests
> 
> [...]

Here is the summary with links:
  - [bpf-next,v6,1/4] bpf: BPF token support for BPF_BTF_GET_FD_BY_ID
    https://git.kernel.org/bpf/bpf-next/c/0de445d18e36
  - [bpf-next,v6,2/4] bpf: return prog btf_id without capable check
    https://git.kernel.org/bpf/bpf-next/c/07651ccda9ff
  - [bpf-next,v6,3/4] libbpf: pass BPF token from find_prog_btf_id to BPF_BTF_GET_FD_BY_ID
    https://git.kernel.org/bpf/bpf-next/c/974ef9f0d23e
  - [bpf-next,v6,4/4] selftests/bpf: test freplace from user namespace
    https://git.kernel.org/bpf/bpf-next/c/a024843d92cc

You are awesome, thank you!