From e547ff3f803e779a3898f1f48447b29f43c54085 Mon Sep 17 00:00:00 2001 From: Chenbo Feng Date: Tue, 14 May 2019 19:42:57 -0700 Subject: bpf: relax inode permission check for retrieving bpf program For iptable module to load a bpf program from a pinned location, it only retrieve a loaded program and cannot change the program content so requiring a write permission for it might not be necessary. Also when adding or removing an unrelated iptable rule, it might need to flush and reload the xt_bpf related rules as well and triggers the inode permission check. It might be better to remove the write premission check for the inode so we won't need to grant write access to all the processes that flush and restore iptables rules. Signed-off-by: Chenbo Feng Signed-off-by: Alexei Starovoitov --- kernel/bpf/inode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/bpf/inode.c b/kernel/bpf/inode.c index bc53e5b20ddc..84a80b02db99 100644 --- a/kernel/bpf/inode.c +++ b/kernel/bpf/inode.c @@ -518,7 +518,7 @@ out: static struct bpf_prog *__get_prog_inode(struct inode *inode, enum bpf_prog_type type) { struct bpf_prog *prog; - int ret = inode_permission(inode, MAY_READ | MAY_WRITE); + int ret = inode_permission(inode, MAY_READ); if (ret) return ERR_PTR(ret); -- cgit v1.2.3 From bca844a8c92502b2aa5bd50a9094eaf01a1710c0 Mon Sep 17 00:00:00 2001 From: Stanislav Fomichev Date: Thu, 16 May 2019 09:46:57 -0700 Subject: selftests/bpf: add test_sysctl and map_tests/tests.h to .gitignore Missing files are: * tools/testing/selftests/bpf/map_tests/tests.h - autogenerated * tools/testing/selftests/bpf/test_sysctl - binary Fixes: 51a0e301a563 ("bpf: Add BPF_MAP_TYPE_SK_STORAGE test to test_maps") Fixes: 1f5fa9ab6e2e ("selftests/bpf: Test BPF_CGROUP_SYSCTL") Signed-off-by: Stanislav Fomichev Signed-off-by: Alexei Starovoitov --- tools/testing/selftests/bpf/.gitignore | 1 + tools/testing/selftests/bpf/map_tests/.gitignore | 1 + 2 files changed, 2 insertions(+) create mode 100644 tools/testing/selftests/bpf/map_tests/.gitignore diff --git a/tools/testing/selftests/bpf/.gitignore b/tools/testing/selftests/bpf/.gitignore index a877803e4ba8..dd5d69529382 100644 --- a/tools/testing/selftests/bpf/.gitignore +++ b/tools/testing/selftests/bpf/.gitignore @@ -31,6 +31,7 @@ test_section_names test_tcpnotify_user test_libbpf test_tcp_check_syncookie_user +test_sysctl alu32 libbpf.pc libbpf.so.* diff --git a/tools/testing/selftests/bpf/map_tests/.gitignore b/tools/testing/selftests/bpf/map_tests/.gitignore new file mode 100644 index 000000000000..45984a364647 --- /dev/null +++ b/tools/testing/selftests/bpf/map_tests/.gitignore @@ -0,0 +1 @@ +tests.h -- cgit v1.2.3 From ac4e0e055fee5751c78bba1fc9ce508a6874d916 Mon Sep 17 00:00:00 2001 From: Yonghong Song Date: Thu, 16 May 2019 10:17:31 -0700 Subject: tools/bpftool: move set_max_rlimit() before __bpf_object__open_xattr() For a host which has a lower rlimit for max locked memory (e.g., 64KB), the following error occurs in one of our production systems: # /usr/sbin/bpftool prog load /paragon/pods/52877437/home/mark.o \ /sys/fs/bpf/paragon_mark_21 type cgroup/skb \ map idx 0 pinned /sys/fs/bpf/paragon_map_21 libbpf: Error in bpf_object__probe_name():Operation not permitted(1). Couldn't load basic 'r0 = 0' BPF program. Error: failed to open object file The reason is due to low locked memory during bpf_object__probe_name() which probes whether program name is supported in kernel or not during __bpf_object__open_xattr(). bpftool program load already tries to relax mlock rlimit before bpf_object__load(). Let us move set_max_rlimit() before __bpf_object__open_xattr(), which fixed the issue here. Fixes: 47eff61777c7 ("bpf, libbpf: introduce bpf_object__probe_caps to test BPF capabilities") Signed-off-by: Yonghong Song Signed-off-by: Alexei Starovoitov --- tools/bpf/bpftool/prog.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/bpf/bpftool/prog.c b/tools/bpf/bpftool/prog.c index fc495b27f0fc..26336bad0442 100644 --- a/tools/bpf/bpftool/prog.c +++ b/tools/bpf/bpftool/prog.c @@ -879,6 +879,8 @@ static int load_with_options(int argc, char **argv, bool first_prog_only) } } + set_max_rlimit(); + obj = __bpf_object__open_xattr(&attr, bpf_flags); if (IS_ERR_OR_NULL(obj)) { p_err("failed to open object file"); @@ -958,8 +960,6 @@ static int load_with_options(int argc, char **argv, bool first_prog_only) goto err_close_obj; } - set_max_rlimit(); - err = bpf_object__load(obj); if (err) { p_err("failed to load object file"); -- cgit v1.2.3 From d72386fe7a8472f859333b078fd8bb9d254d51f2 Mon Sep 17 00:00:00 2001 From: Andrii Nakryiko Date: Wed, 15 May 2019 20:39:27 -0700 Subject: libbpf: move logging helpers into libbpf_internal.h libbpf_util.h header was recently exposed as public as a dependency of xsk.h. In addition to memory barriers, it contained logging helpers, which are not supposed to be exposed. This patch moves those into libbpf_internal.h, which is kept as an internal header. Cc: Stanislav Fomichev Cc: Daniel Borkmann Fixes: 7080da890984 ("libbpf: add libbpf_util.h to header install.") Signed-off-by: Andrii Nakryiko Signed-off-by: Alexei Starovoitov --- tools/lib/bpf/btf.c | 2 +- tools/lib/bpf/libbpf.c | 1 - tools/lib/bpf/libbpf_internal.h | 13 +++++++++++++ tools/lib/bpf/libbpf_util.h | 13 ------------- tools/lib/bpf/xsk.c | 2 +- 5 files changed, 15 insertions(+), 16 deletions(-) diff --git a/tools/lib/bpf/btf.c b/tools/lib/bpf/btf.c index 75eaf10b9e1a..03348c4d6bd4 100644 --- a/tools/lib/bpf/btf.c +++ b/tools/lib/bpf/btf.c @@ -11,7 +11,7 @@ #include "btf.h" #include "bpf.h" #include "libbpf.h" -#include "libbpf_util.h" +#include "libbpf_internal.h" #define max(a, b) ((a) > (b) ? (a) : (b)) #define min(a, b) ((a) < (b) ? (a) : (b)) diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c index 3562b6ef5fdc..197b574406b3 100644 --- a/tools/lib/bpf/libbpf.c +++ b/tools/lib/bpf/libbpf.c @@ -43,7 +43,6 @@ #include "bpf.h" #include "btf.h" #include "str_error.h" -#include "libbpf_util.h" #include "libbpf_internal.h" #ifndef EM_BPF diff --git a/tools/lib/bpf/libbpf_internal.h b/tools/lib/bpf/libbpf_internal.h index 789e435b5900..f3025b4d90e1 100644 --- a/tools/lib/bpf/libbpf_internal.h +++ b/tools/lib/bpf/libbpf_internal.h @@ -21,6 +21,19 @@ #define BTF_PARAM_ENC(name, type) (name), (type) #define BTF_VAR_SECINFO_ENC(type, offset, size) (type), (offset), (size) +extern void libbpf_print(enum libbpf_print_level level, + const char *format, ...) + __attribute__((format(printf, 2, 3))); + +#define __pr(level, fmt, ...) \ +do { \ + libbpf_print(level, "libbpf: " fmt, ##__VA_ARGS__); \ +} while (0) + +#define pr_warning(fmt, ...) __pr(LIBBPF_WARN, fmt, ##__VA_ARGS__) +#define pr_info(fmt, ...) __pr(LIBBPF_INFO, fmt, ##__VA_ARGS__) +#define pr_debug(fmt, ...) __pr(LIBBPF_DEBUG, fmt, ##__VA_ARGS__) + int libbpf__probe_raw_btf(const char *raw_types, size_t types_len, const char *str_sec, size_t str_len); diff --git a/tools/lib/bpf/libbpf_util.h b/tools/lib/bpf/libbpf_util.h index da94c4cb2e4d..59c779c5790c 100644 --- a/tools/lib/bpf/libbpf_util.h +++ b/tools/lib/bpf/libbpf_util.h @@ -10,19 +10,6 @@ extern "C" { #endif -extern void libbpf_print(enum libbpf_print_level level, - const char *format, ...) - __attribute__((format(printf, 2, 3))); - -#define __pr(level, fmt, ...) \ -do { \ - libbpf_print(level, "libbpf: " fmt, ##__VA_ARGS__); \ -} while (0) - -#define pr_warning(fmt, ...) __pr(LIBBPF_WARN, fmt, ##__VA_ARGS__) -#define pr_info(fmt, ...) __pr(LIBBPF_INFO, fmt, ##__VA_ARGS__) -#define pr_debug(fmt, ...) __pr(LIBBPF_DEBUG, fmt, ##__VA_ARGS__) - /* Use these barrier functions instead of smp_[rw]mb() when they are * used in a libbpf header file. That way they can be built into the * application that uses libbpf. diff --git a/tools/lib/bpf/xsk.c b/tools/lib/bpf/xsk.c index a3d1a302bc9c..38667b62f1fe 100644 --- a/tools/lib/bpf/xsk.c +++ b/tools/lib/bpf/xsk.c @@ -29,7 +29,7 @@ #include "bpf.h" #include "libbpf.h" -#include "libbpf_util.h" +#include "libbpf_internal.h" #include "xsk.h" #ifndef SOL_XDP -- cgit v1.2.3 From 7ed4b4e60bb1dd3df7a45dfbde3a96efce9df7eb Mon Sep 17 00:00:00 2001 From: Alexei Starovoitov Date: Thu, 16 May 2019 21:34:11 -0700 Subject: selftests/bpf: fix bpf_get_current_task Fix bpf_get_current_task() declaration. Signed-off-by: Alexei Starovoitov Acked-by: Andrii Nakryiko Signed-off-by: Daniel Borkmann --- tools/testing/selftests/bpf/bpf_helpers.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/bpf/bpf_helpers.h b/tools/testing/selftests/bpf/bpf_helpers.h index 6e80b66d7fb1..5f6f9e7aba2a 100644 --- a/tools/testing/selftests/bpf/bpf_helpers.h +++ b/tools/testing/selftests/bpf/bpf_helpers.h @@ -278,7 +278,7 @@ static int (*bpf_skb_change_type)(void *ctx, __u32 type) = (void *) BPF_FUNC_skb_change_type; static unsigned int (*bpf_get_hash_recalc)(void *ctx) = (void *) BPF_FUNC_get_hash_recalc; -static unsigned long long (*bpf_get_current_task)(void *ctx) = +static unsigned long long (*bpf_get_current_task)(void) = (void *) BPF_FUNC_get_current_task; static int (*bpf_skb_change_tail)(void *ctx, __u32 len, __u64 flags) = (void *) BPF_FUNC_skb_change_tail; -- cgit v1.2.3 From 9c3ddee1246411a3c9c39bfa5457e49579027f0c Mon Sep 17 00:00:00 2001 From: Andrii Nakryiko Date: Thu, 16 May 2019 23:21:29 -0700 Subject: bpftool: fix BTF raw dump of FWD's fwd_kind kflag bit determines whether FWD is for struct or union. Use that bit. Fixes: c93cc69004df ("bpftool: add ability to dump BTF types") Signed-off-by: Andrii Nakryiko Signed-off-by: Daniel Borkmann --- tools/bpf/bpftool/btf.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/bpf/bpftool/btf.c b/tools/bpf/bpftool/btf.c index 58a2cd002a4b..7317438ecd9e 100644 --- a/tools/bpf/bpftool/btf.c +++ b/tools/bpf/bpftool/btf.c @@ -208,8 +208,8 @@ static int dump_btf_type(const struct btf *btf, __u32 id, break; } case BTF_KIND_FWD: { - const char *fwd_kind = BTF_INFO_KIND(t->info) ? "union" - : "struct"; + const char *fwd_kind = BTF_INFO_KFLAG(t->info) ? "union" + : "struct"; if (json_output) jsonw_string_field(w, "fwd_kind", fwd_kind); -- cgit v1.2.3