bpf: BPF token support for BPF_BTF_GET_FD_BY_ID (0de445d1) · Commits · git / linux-net

include/uapi/linux/bpf.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -1652,6 +1652,7 @@ union bpf_attr {
		};
		__u32 next_id;
		__u32 open_flags;
		__s32 fd_by_id_token_fd;
		};

		struct { /* anonymous struct used by BPF_OBJ_GET_INFO_BY_FD */

+21 −2

Original line number	Diff line number	Diff line
		@@ -5120,15 +5120,34 @@ static int bpf_btf_load(const union bpf_attr *attr, bpfptr_t uattr, __u32 uattr_
		return btf_new_fd(attr, uattr, uattr_size);
		}

		#define BPF_BTF_GET_FD_BY_ID_LAST_FIELD btf_id
		#define BPF_BTF_GET_FD_BY_ID_LAST_FIELD fd_by_id_token_fd

		static int bpf_btf_get_fd_by_id(const union bpf_attr *attr)
		{
		struct bpf_token *token = NULL;

		if (CHECK_ATTR(BPF_BTF_GET_FD_BY_ID))
		return -EINVAL;

		if (!capable(CAP_SYS_ADMIN))
		if (attr->open_flags & ~BPF_F_TOKEN_FD)
		return -EINVAL;

		if (attr->open_flags & BPF_F_TOKEN_FD) {
		token = bpf_token_get_from_fd(attr->fd_by_id_token_fd);
		if (IS_ERR(token))
		return PTR_ERR(token);
		if (!bpf_token_allow_cmd(token, BPF_BTF_GET_FD_BY_ID)) {
		bpf_token_put(token);
		token = NULL;
		}
		}

		if (!bpf_token_capable(token, CAP_SYS_ADMIN)) {
		bpf_token_put(token);
		return -EPERM;
		}

		bpf_token_put(token);

		return btf_get_fd_by_id(attr->btf_id);
		}

+1 −0

Original line number	Diff line number	Diff line
		@@ -1652,6 +1652,7 @@ union bpf_attr {
		};
		__u32 next_id;
		__u32 open_flags;
		__s32 fd_by_id_token_fd;
		};

		struct { /* anonymous struct used by BPF_OBJ_GET_INFO_BY_FD */