Commit 9ea7c4bf authored by Andrii Nakryiko's avatar Andrii Nakryiko Committed by Alexei Starovoitov
Browse files

bpf: Add BPF token support to BPF_BTF_LOAD command 



Accept BPF token FD in BPF_BTF_LOAD command to allow BTF data loading
through delegated BPF token. BPF_F_TOKEN_FD flag has to be specified
when passing BPF token FD. Given BPF_BTF_LOAD command didn't have flags
field before, we also add btf_flags field.

BTF loading is a pretty straightforward operation, so as long as BPF
token is created with allow_cmds granting BPF_BTF_LOAD command, kernel
proceeds to parsing BTF data and creating BTF object.

Signed-off-by: default avatarAndrii Nakryiko <andrii@kernel.org>
Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20240124022127.2379740-6-andrii@kernel.org
parent a177fc2b

include/uapi/linux/bpf.h

+5 −0
Original line number Diff line number Diff line
@@ -1632,6 +1632,11 @@ union bpf_attr { 
		 * truncated), or smaller (if log buffer wasn't filled completely).

		 */

		__u32		btf_log_true_size;

		__u32		btf_flags;

		/* BPF token FD to use with BPF_BTF_LOAD operation.

		 * If provided, btf_flags should have BPF_F_TOKEN_FD flag set.

		 */

		__s32		btf_token_fd;

	};



	struct {

kernel/bpf/syscall.c

+21 −2
Original line number Diff line number Diff line
@@ -4831,15 +4831,34 @@ static int bpf_obj_get_info_by_fd(const union bpf_attr *attr, 
	return err;

}



#define BPF_BTF_LOAD_LAST_FIELD btf_log_true_size

#define BPF_BTF_LOAD_LAST_FIELD btf_token_fd



static int bpf_btf_load(const union bpf_attr *attr, bpfptr_t uattr, __u32 uattr_size)

{

	struct bpf_token *token = NULL;



	if (CHECK_ATTR(BPF_BTF_LOAD))

		return -EINVAL;



	if (!bpf_capable())

	if (attr->btf_flags & ~BPF_F_TOKEN_FD)

		return -EINVAL;



	if (attr->btf_flags & BPF_F_TOKEN_FD) {

		token = bpf_token_get_from_fd(attr->btf_token_fd);

		if (IS_ERR(token))

			return PTR_ERR(token);

		if (!bpf_token_allow_cmd(token, BPF_BTF_LOAD)) {

			bpf_token_put(token);

			token = NULL;

		}

	}



	if (!bpf_token_capable(token, CAP_BPF)) {

		bpf_token_put(token);

		return -EPERM;

	}



	bpf_token_put(token);



	return btf_new_fd(attr, uattr, uattr_size);

}

tools/include/uapi/linux/bpf.h

+5 −0
Original line number Diff line number Diff line
@@ -1632,6 +1632,11 @@ union bpf_attr { 
		 * truncated), or smaller (if log buffer wasn't filled completely).

		 */

		__u32		btf_log_true_size;

		__u32		btf_flags;

		/* BPF token FD to use with BPF_BTF_LOAD operation.

		 * If provided, btf_flags should have BPF_F_TOKEN_FD flag set.

		 */

		__s32		btf_token_fd;

	};



	struct {