From patchwork Sat Dec 28 16:39:30 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Andrei Enache <andreien@proton.me>
X-Patchwork-Id: 13922467
X-Patchwork-Delegate: bpf@iogearbox.net
Received: from mail-10699.protonmail.ch (mail-10699.protonmail.ch
 [79.135.106.99])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 956132744D
	for <bpf@vger.kernel.org>; Sat, 28 Dec 2024 16:39:35 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=79.135.106.99
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1735403977; cv=none;
 b=RhMS4jRzgwgmVpF7mUVUaTjapOvV6m7+1wggYZHU1FbzXID+ssq4dI/B7wid8V9cfTLeeEezU+/GJud1AxTRNKj9db1+8GurX0gHdOVZqyDZRRTChM9yslFV5OF2WUYOxLziWUZhQu4Y8axNmLA5L7vS/rTMKeva17H7F8X55gs=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1735403977; c=relaxed/simple;
	bh=HG+4RQjZ/cMRg9lXiDhqckUmbME18WI0HdHLMcdMhdc=;
	h=Date:To:From:Subject:Message-ID:MIME-Version:Content-Type;
 b=owqjSMNTj/zeogDM3odslWjm/HBkdIYCm/qdf+NIq/Vb49W1+CjfqdQ42y/bqtUoKf5U99F47j5w96oYT2En/vFaX/nrAij2h9erps+daDZjxUl4zqQ66spPOfdF0P0KoQ62kPqU3P4oNrRimlGg4p3xZbsuKEJx2yMlVjbHQhY=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=quarantine dis=none) header.from=proton.me;
 spf=pass smtp.mailfrom=proton.me;
 dkim=pass (2048-bit key) header.d=proton.me header.i=@proton.me
 header.b=b2n+VcSW; arc=none smtp.client-ip=79.135.106.99
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=quarantine dis=none) header.from=proton.me
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=proton.me
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=proton.me header.i=@proton.me
 header.b="b2n+VcSW"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=proton.me;
	s=xokottflwraypny4jxbupgon5e.protonmail; t=1735403973; x=1735663173;
	bh=iClUQrDKuK2L2rymLWAGi156zYTSfkRy4BnCAdGDA2o=;
	h=Date:To:From:Subject:Message-ID:Feedback-ID:From:To:Cc:Date:
	 Subject:Reply-To:Feedback-ID:Message-ID:BIMI-Selector:
	 List-Unsubscribe:List-Unsubscribe-Post;
	b=b2n+VcSWNDbxefFYAUGKKeKuBGiy1qqVPZwwdH3SWYHrSBy4dxK0jg199HJZEPUfS
	 GgkmMPexk14zAywVAr5gaVubEnXM6iCOFrr/x9HZDDnl+m+gV8Pln01Sx4A8QzkcmF
	 JmQKTrso6msVLKTRw5//DkzsvGADagak3UmzRtd+Wd/9v2mFetLwjuZyKhPpdBOx9C
	 m5ConeUAy5RxC/VXtOLSdf4tXDOXKUX6326y7eAuQKMD4apY6ij4OF4ZxheIiowT/I
	 dxXu78MfZnhsT4gIrHUimRVBagPsImXskaXeOE2nadePOz3BGUDTrHWc2BvFQA4Oww
	 LT6IHhwIYE/jg==
Date: Sat, 28 Dec 2024 16:39:30 +0000
To: "bpf@vger.kernel.org" <bpf@vger.kernel.org>
From: Andrei Enache <andreien@proton.me>
Subject: [PATCH bpf-next] bpf: Use non-executable memfds for maps
Message-ID: 
 <6qGQ7n8-hGVRUbVaU4K2NOdK93nEC-Ytb1ZCWhJyHoeIJgs0plTiTHLLQ8ghWSxjdhsu7VRiTD8SSqEW0eJyssE0FGOp4fn3wNG7TS-jsq8=@proton.me>
Feedback-ID: 46877017:user:proton
X-Pm-Message-ID: 1ada9794c1d5c68d7e66172cc59f267244210765
Precedence: bulk
X-Mailing-List: bpf@vger.kernel.org
List-Id: <bpf.vger.kernel.org>
List-Subscribe: <mailto:bpf+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:bpf+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
X-Patchwork-Delegate: bpf@iogearbox.net

This patch enables use of non-executable memfds for bpf maps. [1]
As this is a recent kernel feature, the code checks errno to make sure it is available.

[1] https://lwn.net/Articles/918106/

Signed-off-by: Andrei Enache <andreien@proton.me>
---
 tools/lib/bpf/libbpf.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

                return -errno;
        return fd;

diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
index 66173ddb5..490b41e2d 100644
--- a/tools/lib/bpf/libbpf.c
+++ b/tools/lib/bpf/libbpf.c
@@ -1732,11 +1732,22 @@ static int sys_memfd_create(const char *name, unsigned flags)
 #define MFD_CLOEXEC 0x0001U
 #endif
 

+#ifndef MFD_NOEXEC_SEAL
+#define MFD_NOEXEC_SEAL 0x0008U
+#endif
+
 static int create_placeholder_fd(void)
 {
        int fd;
+       int memfd;
+
+       memfd = sys_memfd_create("libbpf-placeholder-fd", MFD_CLOEXEC | MFD_NOEXEC_SEAL);
+
+       /* MFD_NOEXEC_SEAL is missing from older kernels */
+       if (errno == EINVAL)
+               memfd = sys_memfd_create("libbpf-placeholder-fd", MFD_CLOEXEC);
 

-       fd = ensure_good_fd(sys_memfd_create("libbpf-placeholder-fd", MFD_CLOEXEC));
+       fd = ensure_good_fd(memfd);
        if (fd < 0)