| Context |
Check |
Description |
| bpf/vmtest-bpf-next-PR |
success
|
PR summary
|
| bpf/vmtest-bpf-next-VM_Test-1 |
success
|
Logs for ShellCheck
|
| bpf/vmtest-bpf-next-VM_Test-0 |
success
|
Logs for Lint
|
| bpf/vmtest-bpf-next-VM_Test-2 |
success
|
Logs for Unittests
|
| bpf/vmtest-bpf-next-VM_Test-5 |
success
|
Logs for aarch64-gcc / build-release
|
| bpf/vmtest-bpf-next-VM_Test-3 |
success
|
Logs for Validate matrix.py
|
| bpf/vmtest-bpf-next-VM_Test-4 |
success
|
Logs for aarch64-gcc / build / build for aarch64 with gcc
|
| bpf/vmtest-bpf-next-VM_Test-6 |
success
|
Logs for aarch64-gcc / test (test_maps, false, 360) / test_maps on aarch64 with gcc
|
| bpf/vmtest-bpf-next-VM_Test-13 |
success
|
Logs for s390x-gcc / build-release
|
| bpf/vmtest-bpf-next-VM_Test-9 |
success
|
Logs for aarch64-gcc / test (test_verifier, false, 360) / test_verifier on aarch64 with gcc
|
| bpf/vmtest-bpf-next-VM_Test-11 |
success
|
Logs for aarch64-gcc / veristat-meta
|
| bpf/vmtest-bpf-next-VM_Test-10 |
success
|
Logs for aarch64-gcc / veristat-kernel
|
| bpf/vmtest-bpf-next-VM_Test-7 |
success
|
Logs for aarch64-gcc / test (test_progs, false, 360) / test_progs on aarch64 with gcc
|
| bpf/vmtest-bpf-next-VM_Test-8 |
success
|
Logs for aarch64-gcc / test (test_progs_no_alu32, false, 360) / test_progs_no_alu32 on aarch64 with gcc
|
| bpf/vmtest-bpf-next-VM_Test-12 |
success
|
Logs for s390x-gcc / build / build for s390x with gcc
|
| bpf/vmtest-bpf-next-VM_Test-16 |
success
|
Logs for s390x-gcc / test (test_verifier, false, 360) / test_verifier on s390x with gcc
|
| bpf/vmtest-bpf-next-VM_Test-17 |
success
|
Logs for s390x-gcc / veristat-kernel
|
| bpf/vmtest-bpf-next-VM_Test-18 |
success
|
Logs for s390x-gcc / veristat-meta
|
| bpf/vmtest-bpf-next-VM_Test-19 |
success
|
Logs for set-matrix
|
| bpf/vmtest-bpf-next-VM_Test-21 |
success
|
Logs for x86_64-gcc / build-release
|
| bpf/vmtest-bpf-next-VM_Test-20 |
success
|
Logs for x86_64-gcc / build / build for x86_64 with gcc
|
| bpf/vmtest-bpf-next-VM_Test-22 |
success
|
Logs for x86_64-gcc / test (test_maps, false, 360) / test_maps on x86_64 with gcc
|
| bpf/vmtest-bpf-next-VM_Test-23 |
success
|
Logs for x86_64-gcc / test (test_progs, false, 360) / test_progs on x86_64 with gcc
|
| bpf/vmtest-bpf-next-VM_Test-24 |
success
|
Logs for x86_64-gcc / test (test_progs-bpf_gcc, false, 360) / test_progs-bpf_gcc on x86_64 with gcc
|
| bpf/vmtest-bpf-next-VM_Test-25 |
success
|
Logs for x86_64-gcc / test (test_progs_no_alu32, false, 360) / test_progs_no_alu32 on x86_64 with gcc
|
| bpf/vmtest-bpf-next-VM_Test-26 |
success
|
Logs for x86_64-gcc / test (test_progs_no_alu32_parallel, true, 30) / test_progs_no_alu32_parallel on x86_64 with gcc
|
| bpf/vmtest-bpf-next-VM_Test-27 |
success
|
Logs for x86_64-gcc / test (test_progs_parallel, true, 30) / test_progs_parallel on x86_64 with gcc
|
| bpf/vmtest-bpf-next-VM_Test-28 |
success
|
Logs for x86_64-gcc / test (test_verifier, false, 360) / test_verifier on x86_64 with gcc
|
| bpf/vmtest-bpf-next-VM_Test-29 |
success
|
Logs for x86_64-gcc / veristat-kernel / x86_64-gcc veristat_kernel
|
| bpf/vmtest-bpf-next-VM_Test-30 |
success
|
Logs for x86_64-gcc / veristat-meta / x86_64-gcc veristat_meta
|
| bpf/vmtest-bpf-next-VM_Test-31 |
success
|
Logs for x86_64-llvm-17 / build / build for x86_64 with llvm-17
|
| bpf/vmtest-bpf-next-VM_Test-32 |
success
|
Logs for x86_64-llvm-17 / build-release / build for x86_64 with llvm-17-O2
|
| bpf/vmtest-bpf-next-VM_Test-33 |
success
|
Logs for x86_64-llvm-17 / test (test_maps, false, 360) / test_maps on x86_64 with llvm-17
|
| bpf/vmtest-bpf-next-VM_Test-34 |
success
|
Logs for x86_64-llvm-17 / test (test_progs, false, 360) / test_progs on x86_64 with llvm-17
|
| bpf/vmtest-bpf-next-VM_Test-35 |
success
|
Logs for x86_64-llvm-17 / test (test_progs-bpf_gcc, false, 360) / test_progs-bpf_gcc on x86_64 with llvm-17
|
| bpf/vmtest-bpf-next-VM_Test-36 |
success
|
Logs for x86_64-llvm-17 / test (test_progs_no_alu32, false, 360) / test_progs_no_alu32 on x86_64 with llvm-17
|
| bpf/vmtest-bpf-next-VM_Test-37 |
success
|
Logs for x86_64-llvm-17 / test (test_verifier, false, 360) / test_verifier on x86_64 with llvm-17
|
| bpf/vmtest-bpf-next-VM_Test-38 |
success
|
Logs for x86_64-llvm-17 / veristat-kernel
|
| bpf/vmtest-bpf-next-VM_Test-39 |
success
|
Logs for x86_64-llvm-17 / veristat-meta
|
| bpf/vmtest-bpf-next-VM_Test-40 |
success
|
Logs for x86_64-llvm-18 / build / build for x86_64 with llvm-18
|
| bpf/vmtest-bpf-next-VM_Test-41 |
success
|
Logs for x86_64-llvm-18 / build-release / build for x86_64 with llvm-18-O2
|
| bpf/vmtest-bpf-next-VM_Test-42 |
success
|
Logs for x86_64-llvm-18 / test (test_maps, false, 360) / test_maps on x86_64 with llvm-18
|
| bpf/vmtest-bpf-next-VM_Test-43 |
success
|
Logs for x86_64-llvm-18 / test (test_progs, false, 360) / test_progs on x86_64 with llvm-18
|
| bpf/vmtest-bpf-next-VM_Test-44 |
success
|
Logs for x86_64-llvm-18 / test (test_progs-bpf_gcc, false, 360) / test_progs-bpf_gcc on x86_64 with llvm-18
|
| bpf/vmtest-bpf-next-VM_Test-45 |
success
|
Logs for x86_64-llvm-18 / test (test_progs_cpuv4, false, 360) / test_progs_cpuv4 on x86_64 with llvm-18
|
| bpf/vmtest-bpf-next-VM_Test-46 |
success
|
Logs for x86_64-llvm-18 / test (test_progs_no_alu32, false, 360) / test_progs_no_alu32 on x86_64 with llvm-18
|
| bpf/vmtest-bpf-next-VM_Test-47 |
success
|
Logs for x86_64-llvm-18 / test (test_verifier, false, 360) / test_verifier on x86_64 with llvm-18
|
| bpf/vmtest-bpf-next-VM_Test-48 |
success
|
Logs for x86_64-llvm-18 / veristat-kernel
|
| bpf/vmtest-bpf-next-VM_Test-49 |
success
|
Logs for x86_64-llvm-18 / veristat-meta
|
| bpf/vmtest-bpf-next-VM_Test-14 |
success
|
Logs for s390x-gcc / test (test_progs, false, 360) / test_progs on s390x with gcc
|
| bpf/vmtest-bpf-next-VM_Test-15 |
success
|
Logs for s390x-gcc / test (test_progs_no_alu32, false, 360) / test_progs_no_alu32 on s390x with gcc
|
| netdev/series_format |
success
|
Posting correctly formatted
|
| netdev/tree_selection |
success
|
Clearly marked for bpf-next, async
|
| netdev/ynl |
success
|
Generated files up to date;
no warnings/errors;
no diff in generated;
|
| netdev/fixes_present |
success
|
Fixes tag not required for -next series
|
| netdev/header_inline |
success
|
No static functions without inline keyword in header files
|
| netdev/build_32bit |
success
|
Errors and warnings before: 1 this patch: 1
|
| netdev/build_tools |
success
|
No tools touched, skip
|
| netdev/cc_maintainers |
success
|
CCed 13 of 13 maintainers
|
| netdev/build_clang |
success
|
Errors and warnings before: 109 this patch: 109
|
| netdev/verify_signedoff |
success
|
Signed-off-by tag matches author and committer
|
| netdev/deprecated_api |
success
|
None detected
|
| netdev/check_selftest |
success
|
No net selftest shell script
|
| netdev/verify_fixes |
success
|
No Fixes tag
|
| netdev/build_allmodconfig_warn |
success
|
Errors and warnings before: 11 this patch: 11
|
| netdev/checkpatch |
fail
|
ERROR: Macros with complex values should be enclosed in parentheses
WARNING: line length of 92 exceeds 80 columns
|
| netdev/build_clang_rust |
success
|
No Rust files in patch. Skipping build
|
| netdev/kdoc |
success
|
Errors and warnings before: 0 this patch: 0
|
| netdev/source_inline |
success
|
Was 0 now: 0
|
@@ -22959,6 +22959,40 @@ static int process_fd_array(struct bpf_verifier_env *env, union bpf_attr *attr,
return 0;
}
+#define STRUCT_OPS_BASE_CAPS \
+ BPF_CAP_TEST_1, \
+ BPF_CAP_TEST_2, \
+ BPF_CAP_TEST_3
+
+static const enum bpf_capability struct_ops_caps[] = {
+ STRUCT_OPS_BASE_CAPS,
+ BPF_CAP_SCX_ANY
+};
+
+struct bpf_program_type_caps {
+ enum bpf_prog_type type;
+ u32 size;
+ const enum bpf_capability *capabilities;
+};
+
+static const struct bpf_program_type_caps bpf_default_capabilities[] = {
+ {
+ .type = BPF_PROG_TYPE_STRUCT_OPS,
+ .size = ARRAY_SIZE(struct_ops_caps),
+ .capabilities = struct_ops_caps
+ },
+};
+
+static void setup_bpf_capabilities(unsigned long *bpf_capabilities,
+ const struct bpf_program_type_caps *caps)
+{
+ int i;
+
+ bitmap_zero(bpf_capabilities, __MAX_BPF_CAP);
+ for (i = 0; i < caps->size; i++)
+ ENABLE_BPF_CAPABILITY(bpf_capabilities, caps->capabilities[i]);
+}
+
int bpf_check(struct bpf_prog **prog, union bpf_attr *attr, bpfptr_t uattr, __u32 uattr_size)
{
u64 start_time = ktime_get_ns();
@@ -22997,6 +23031,9 @@ int bpf_check(struct bpf_prog **prog, union bpf_attr *attr, bpfptr_t uattr, __u3
env->bypass_spec_v4 = bpf_bypass_spec_v4(env->prog->aux->token);
env->bpf_capable = is_priv = bpf_token_capable(env->prog->aux->token, CAP_BPF);
+ if (env->prog->type == BPF_PROG_TYPE_STRUCT_OPS)
+ setup_bpf_capabilities(env->bpf_capabilities, &bpf_default_capabilities[0]);
+
bpf_get_btf_vmlinux();
/* grab the mutex to protect few globals used by verifier */
This patch adds default BPF capabilities initialization for program types. Since this is a proof of concept, only BPF capabilities initialization for BPF_PROG_TYPE_STRUCT_OPS is added. BPF_PROG_TYPE_STRUCT_OPS enables only STRUCT_OPS_BASE_CAPS and BPF_CAP_SCX_ANY by default. Signed-off-by: Juntong Deng <juntong.deng@outlook.com> --- kernel/bpf/verifier.c | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+)