diff mbox series

[bpf-next] bpf: Use non-executable memfds for maps

Message ID 6qGQ7n8-hGVRUbVaU4K2NOdK93nEC-Ytb1ZCWhJyHoeIJgs0plTiTHLLQ8ghWSxjdhsu7VRiTD8SSqEW0eJyssE0FGOp4fn3wNG7TS-jsq8=@proton.me (mailing list archive)
State Superseded
Delegated to: BPF
Headers show
Series [bpf-next] bpf: Use non-executable memfds for maps | expand

Checks

Context Check Description
netdev/tree_selection success Clearly marked for bpf-next
netdev/apply fail Patch does not apply to bpf-next-0
bpf/vmtest-bpf-net-PR fail merge-conflict

Commit Message

Andrei Enache Dec. 28, 2024, 4:39 p.m. UTC 
This patch enables use of non-executable memfds for bpf maps. [1]
As this is a recent kernel feature, the code checks errno to make sure it is available.

[1] https://lwn.net/Articles/918106/

Signed-off-by: Andrei Enache <andreien@proton.me>
---
 tools/lib/bpf/libbpf.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

                return -errno;
        return fd;
diff mbox series

Patch

diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
index 66173ddb5..490b41e2d 100644
--- a/tools/lib/bpf/libbpf.c
+++ b/tools/lib/bpf/libbpf.c
@@ -1732,11 +1732,22 @@  static int sys_memfd_create(const char *name, unsigned flags)
 #define MFD_CLOEXEC 0x0001U
 #endif
 

+#ifndef MFD_NOEXEC_SEAL
+#define MFD_NOEXEC_SEAL 0x0008U
+#endif
+
 static int create_placeholder_fd(void)
 {
        int fd;
+       int memfd;
+
+       memfd = sys_memfd_create("libbpf-placeholder-fd", MFD_CLOEXEC | MFD_NOEXEC_SEAL);
+
+       /* MFD_NOEXEC_SEAL is missing from older kernels */
+       if (errno == EINVAL)
+               memfd = sys_memfd_create("libbpf-placeholder-fd", MFD_CLOEXEC);
 

-       fd = ensure_good_fd(sys_memfd_create("libbpf-placeholder-fd", MFD_CLOEXEC));
+       fd = ensure_good_fd(memfd);
        if (fd < 0)