diff mbox series

[v2,8/9] bpftool: Adjust map permissions

Message ID 20220602143748.673971-9-roberto.sassu@huawei.com (mailing list archive)
State Changes Requested
Delegated to: BPF
Headers show
Series bpf: Per-operation map permissions | expand

Checks

Context Check Description
bpf/vmtest-bpf-next-PR fail PR summary
bpf/vmtest-bpf-next-VM_Test-3 fail Logs for Kernel LATEST on z15 with gcc
bpf/vmtest-bpf-next-VM_Test-1 fail Logs for Kernel LATEST on ubuntu-latest with gcc
bpf/vmtest-bpf-next-VM_Test-2 fail Logs for Kernel LATEST on ubuntu-latest with llvm-15
netdev/tree_selection success Not a local patch

Commit Message

Roberto Sassu June 2, 2022, 2:37 p.m. UTC
Request a read file descriptor for:
- map subcommands: show_subset, show, dump, lookup, getnext and pin;
- btf subcommand: dump;
- prog subcommand: show (metadata);
- struct_ops subcommands: show and dump;
- do_build_table_cb(), to show the path of a pinned map.

Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
---
 tools/bpf/bpftool/btf.c        |  5 +++--
 tools/bpf/bpftool/common.c     |  5 +++--
 tools/bpf/bpftool/map.c        | 10 +++++-----
 tools/bpf/bpftool/prog.c       |  2 +-
 tools/bpf/bpftool/struct_ops.c |  4 ++--
 5 files changed, 14 insertions(+), 12 deletions(-)
diff mbox series

Patch

diff --git a/tools/bpf/bpftool/btf.c b/tools/bpf/bpftool/btf.c
index 69a7695030f9..a36710903549 100644
--- a/tools/bpf/bpftool/btf.c
+++ b/tools/bpf/bpftool/btf.c
@@ -529,7 +529,8 @@  static int do_dump(int argc, char **argv)
 			return -1;
 		}
 
-		fd = map_parse_fd_and_info(&argc, &argv, &info, &len, 0);
+		fd = map_parse_fd_and_info(&argc, &argv, &info, &len,
+					   BPF_F_RDONLY);
 		if (fd < 0)
 			return -1;
 
@@ -730,7 +731,7 @@  build_btf_type_table(struct hashmap *tab, enum bpf_obj_type type,
 			fd = bpf_prog_get_fd_by_id(id);
 			break;
 		case BPF_OBJ_MAP:
-			fd = bpf_map_get_fd_by_id(id);
+			fd = bpf_map_get_fd_by_id_flags(id, BPF_F_RDONLY);
 			break;
 		default:
 			err = -1;
diff --git a/tools/bpf/bpftool/common.c b/tools/bpf/bpftool/common.c
index 0816ea2f0be1..d20e1fa8a5fd 100644
--- a/tools/bpf/bpftool/common.c
+++ b/tools/bpf/bpftool/common.c
@@ -228,7 +228,7 @@  int do_pin_any(int argc, char **argv, int (*get_fd)(int *, char ***, __u32))
 	int err;
 	int fd;
 
-	fd = get_fd(&argc, &argv, 0);
+	fd = get_fd(&argc, &argv, BPF_F_RDONLY);
 	if (fd < 0)
 		return fd;
 
@@ -401,7 +401,8 @@  static int do_build_table_cb(const char *fpath, const struct stat *sb,
 	if (typeflag != FTW_F)
 		goto out_ret;
 
-	fd = open_obj_pinned(fpath, true, 0);
+	/* WARNING: setting flags to BPF_F_RDONLY has effect only for maps. */
+	fd = open_obj_pinned(fpath, true, BPF_F_RDONLY);
 	if (fd < 0)
 		goto out_ret;
 
diff --git a/tools/bpf/bpftool/map.c b/tools/bpf/bpftool/map.c
index f253f69879a9..e4346c834e07 100644
--- a/tools/bpf/bpftool/map.c
+++ b/tools/bpf/bpftool/map.c
@@ -634,7 +634,7 @@  static int do_show_subset(int argc, char **argv)
 		p_err("mem alloc failed");
 		return -1;
 	}
-	nb_fds = map_parse_fds(&argc, &argv, &fds, 0);
+	nb_fds = map_parse_fds(&argc, &argv, &fds, BPF_F_RDONLY);
 	if (nb_fds < 1)
 		goto exit_free;
 
@@ -702,7 +702,7 @@  static int do_show(int argc, char **argv)
 			break;
 		}
 
-		fd = bpf_map_get_fd_by_id(id);
+		fd = bpf_map_get_fd_by_id_flags(id, BPF_F_RDONLY);
 		if (fd < 0) {
 			if (errno == ENOENT)
 				continue;
@@ -910,7 +910,7 @@  static int do_dump(int argc, char **argv)
 		p_err("mem alloc failed");
 		return -1;
 	}
-	nb_fds = map_parse_fds(&argc, &argv, &fds, 0);
+	nb_fds = map_parse_fds(&argc, &argv, &fds, BPF_F_RDONLY);
 	if (nb_fds < 1)
 		goto exit_free;
 
@@ -1077,7 +1077,7 @@  static int do_lookup(int argc, char **argv)
 	if (argc < 2)
 		usage();
 
-	fd = map_parse_fd_and_info(&argc, &argv, &info, &len, 0);
+	fd = map_parse_fd_and_info(&argc, &argv, &info, &len, BPF_F_RDONLY);
 	if (fd < 0)
 		return -1;
 
@@ -1128,7 +1128,7 @@  static int do_getnext(int argc, char **argv)
 	if (argc < 2)
 		usage();
 
-	fd = map_parse_fd_and_info(&argc, &argv, &info, &len, 0);
+	fd = map_parse_fd_and_info(&argc, &argv, &info, &len, BPF_F_RDONLY);
 	if (fd < 0)
 		return -1;
 
diff --git a/tools/bpf/bpftool/prog.c b/tools/bpf/bpftool/prog.c
index 05480bf26a00..58d573badcb4 100644
--- a/tools/bpf/bpftool/prog.c
+++ b/tools/bpf/bpftool/prog.c
@@ -251,7 +251,7 @@  static void *find_metadata(int prog_fd, struct bpf_map_info *map_info)
 		goto free_map_ids;
 
 	for (i = 0; i < prog_info.nr_map_ids; i++) {
-		map_fd = bpf_map_get_fd_by_id(map_ids[i]);
+		map_fd = bpf_map_get_fd_by_id_flags(map_ids[i], BPF_F_RDONLY);
 		if (map_fd < 0)
 			goto free_map_ids;
 
diff --git a/tools/bpf/bpftool/struct_ops.c b/tools/bpf/bpftool/struct_ops.c
index e8252a76e115..ced5fe62b1d7 100644
--- a/tools/bpf/bpftool/struct_ops.c
+++ b/tools/bpf/bpftool/struct_ops.c
@@ -359,7 +359,7 @@  static int do_show(int argc, char **argv)
 	}
 
 	res = do_work_on_struct_ops(search_type, search_term, __do_show,
-				    NULL, json_wtr, 0);
+				    NULL, json_wtr, BPF_F_RDONLY);
 
 	return cmd_retval(&res, !!search_term);
 }
@@ -448,7 +448,7 @@  static int do_dump(int argc, char **argv)
 	d.prog_id_as_func_ptr = true;
 
 	res = do_work_on_struct_ops(search_type, search_term, __do_dump, &d,
-				    wtr, 0);
+				    wtr, BPF_F_RDONLY);
 
 	if (!json_output)
 		jsonw_destroy(&wtr);