diff mbox series

[v2,bpf-next] bpf: Use non-executable memfds for maps

Message ID eTid-pMaxx4d_gMkyFN6fgVGub01RRJYIl1SzTmRG7RtRlPUJOMrVfe2I1W8s0OBHBFy3UN2WGm_e6mak0nGcrZ4ZdxAYRUSDDcUSVMvNA4=@proton.me (mailing list archive)
State New
Delegated to: BPF
Headers show
Series [v2,bpf-next] bpf: Use non-executable memfds for maps | expand

Checks

Context Check Description
netdev/tree_selection success Clearly marked for bpf-next
netdev/apply fail Patch does not apply to bpf-next-0
bpf/vmtest-bpf-net-PR fail merge-conflict

Commit Message

Andrei Enache Dec. 28, 2024, 6 p.m. UTC 
This patch enables use of non-executable memfds for bpf maps. [1]
As this is a recent kernel feature, the code checks errno to make sure it is available.

---
Changes in v2:
- Rebase on dad704e
- Link to v1: https://lore.kernel.org/bpf/6qGQ7n8-hGVRUbVaU4K2NOdK93nEC-Ytb1ZCWhJyHoeIJgs0plTiTHLLQ8ghWSxjdhsu7VRiTD8SSqEW0eJyssE0FGOp4fn3wNG7TS-jsq8=@proton.me/

[1] https://lwn.net/Articles/918106/
[2] 


Signed-off-by: Andrei Enache <andreien@proton.me>
---
 tools/lib/bpf/libbpf.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

 		return -errno;
 	return fd;
diff mbox series

Patch

diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
index 66173ddb5..490b41e2d 100644
--- a/tools/lib/bpf/libbpf.c
+++ b/tools/lib/bpf/libbpf.c
@@ -1732,11 +1732,22 @@  static int sys_memfd_create(const char *name, unsigned flags)
 #define MFD_CLOEXEC 0x0001U
 #endif
 

+#ifndef MFD_NOEXEC_SEAL
+#define MFD_NOEXEC_SEAL 0x0008U
+#endif
+
 static int create_placeholder_fd(void)
 {
 	int fd;
+	int memfd;
+
+	memfd = sys_memfd_create("libbpf-placeholder-fd", MFD_CLOEXEC | MFD_NOEXEC_SEAL);
+
+	/* MFD_NOEXEC_SEAL is missing from older kernels */
+	if (errno == EINVAL)
+		memfd = sys_memfd_create("libbpf-placeholder-fd", MFD_CLOEXEC);
 

-	fd = ensure_good_fd(sys_memfd_create("libbpf-placeholder-fd", MFD_CLOEXEC));
+	fd = ensure_good_fd(memfd);
 	if (fd < 0)