mirror/libbpf
1
0
Fork 0
mirror of https://github.com/netdata/libbpf.git synced 2026-04-01 22:29:06 +08:00
Code Issues Packages Projects Releases Wiki Activity

bpf: Add BPF token support to BPF_PROG_LOAD command

Browse Source 
Add basic support of BPF token to BPF_PROG_LOAD. BPF_F_TOKEN_FD flag
should be set in prog_flags field when providing prog_token_fd.

Wire through a set of allowed BPF program types and attach types,
derived from BPF FS at BPF token creation time. Then make sure we
perform bpf_token_capable() checks everywhere where it's relevant.

Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20240124022127.2379740-7-andrii@kernel.org
This commit is contained in:
Andrii Nakryiko
2024-01-23 18:21:03 -08:00
committed by Andrii Nakryiko
parent eb9d10835c
commit 21fb08cb35
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
include/uapi/linux/bpf.h
View File

@@ -1028,6 +1028,7 @@ enum bpf_prog_type {
BPF_PROG_TYPE_SK_LOOKUP, BPF_PROG_TYPE_SK_LOOKUP,
BPF_PROG_TYPE_SYSCALL, /* a program that can execute syscalls */ BPF_PROG_TYPE_SYSCALL, /* a program that can execute syscalls */
BPF_PROG_TYPE_NETFILTER, BPF_PROG_TYPE_NETFILTER,
__MAX_BPF_PROG_TYPE
}; };
enum bpf_attach_type { enum bpf_attach_type {
@@ -1520,6 +1521,10 @@ union bpf_attr {
* truncated), or smaller (if log buffer wasn't filled completely). * truncated), or smaller (if log buffer wasn't filled completely).
*/ */
__u32 log_true_size; __u32 log_true_size;
/* BPF token FD to use with BPF_PROG_LOAD operation.
* If provided, prog_flags should have BPF_F_TOKEN_FD flag set.
*/
__s32 prog_token_fd;
}; };
struct { /* anonymous struct used by BPF_OBJ_* commands */ struct { /* anonymous struct used by BPF_OBJ_* commands */