Commit ed54124b authored by Andrii Nakryiko's avatar Andrii Nakryiko Committed by Alexei Starovoitov
Browse files

libbpf: support BPF token path setting through LIBBPF_BPF_TOKEN_PATH envvar 



To allow external admin authority to override default BPF FS location
(/sys/fs/bpf) for implicit BPF token creation, teach libbpf to recognize
LIBBPF_BPF_TOKEN_PATH envvar. If it is specified and user application
didn't explicitly specify neither bpf_token_path nor bpf_token_fd
option, it will be treated exactly like bpf_token_path option,
overriding default /sys/fs/bpf location and making BPF token mandatory.

Suggested-by: default avatarAlexei Starovoitov <ast@kernel.org>
Signed-off-by: default avatarAndrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/r/20231213190842.3844987-10-andrii@kernel.org


Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
parent 18678cf0

tools/lib/bpf/libbpf.c

+10 −4
Original line number Diff line number Diff line
@@ -7171,11 +7171,17 @@ static struct bpf_object *bpf_object_open(const char *path, const void *obj_buf, 
	/* non-empty token path can't be combined with invalid token FD */

	if (token_path && token_path[0] != '\0' && token_fd < 0)

		return ERR_PTR(-EINVAL);

	if (token_path && token_path[0] == '\0') {

	/* empty token path can't be combined with valid token FD */

		if (token_fd > 0)

	if (token_path && token_path[0] == '\0' && token_fd > 0)

		return ERR_PTR(-EINVAL);

	/* if user didn't specify bpf_token_path/bpf_token_fd explicitly,

	 * check if LIBBPF_BPF_TOKEN_PATH envvar was set and treat it as

	 * bpf_token_path option

	 */

	if (token_fd == 0 && !token_path)

		token_path = getenv("LIBBPF_BPF_TOKEN_PATH");

	/* empty token_path is equivalent to invalid token_fd */

	if (token_path && token_path[0] == '\0') {

		token_path = NULL;

		token_fd = -1;

	}

tools/lib/bpf/libbpf.h

+11 −2
Original line number Diff line number Diff line
@@ -185,8 +185,16 @@ struct bpf_object_open_opts { 
	 * attempt to create BPF token from default BPF FS mount point

	 * (/sys/fs/bpf), in case this default behavior is undesirable.

	 *

	 * If bpf_token_path and bpf_token_fd are not specified, libbpf will

	 * consult LIBBPF_BPF_TOKEN_PATH environment variable. If set, it will

	 * be taken as a value of bpf_token_path option and will force libbpf

	 * to either create BPF token from provided custom BPF FS path, or

	 * will disable implicit BPF token creation, if envvar value is an

	 * empty string.

	 *

	 * bpf_token_path and bpf_token_fd are mutually exclusive and only one

	 * of those options should be set.

	 * of those options should be set. Either of them overrides

	 * LIBBPF_BPF_TOKEN_PATH envvar.

	 */

	int bpf_token_fd;

	/* Path to BPF FS mount point to derive BPF token from.
@@ -200,7 +208,8 @@ struct bpf_object_open_opts { 
	 * point (/sys/fs/bpf), in case this default behavior is undesirable.

	 *

	 * bpf_token_path and bpf_token_fd are mutually exclusive and only one

	 * of those options should be set.

	 * of those options should be set. Either of them overrides

	 * LIBBPF_BPF_TOKEN_PATH envvar.

	 */

	const char *bpf_token_path;