From: Tao Chen <chen.dylane@linux.dev>
To: Andrii Nakryiko <andrii.nakryiko@gmail.com>
Cc: ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org,
martin.lau@linux.dev, eddyz87@gmail.com, song@kernel.org,
yonghong.song@linux.dev, john.fastabend@gmail.com,
kpsingh@kernel.org, sdf@fomichev.me, haoluo@google.com,
jolsa@kernel.org, willemb@google.com, kerneljasonxing@gmail.com,
bpf@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH bpf-next v2 1/2] bpf: Add struct bpf_token_info
Date: Wed, 16 Jul 2025 13:29:29 +0800 [thread overview]
Message-ID: <31dac2d6-da40-4b7c-a8ca-d67891e7326d@linux.dev> (raw)
In-Reply-To: <CAEf4BzbkfhqfpBt49h7SXYwbR1SK423pqf1328i8XujofjLYhQ@mail.gmail.com>
在 2025/7/16 05:52, Andrii Nakryiko 写道:
> On Mon, Jul 14, 2025 at 8:59 PM Tao Chen <chen.dylane@linux.dev> wrote:
>>
>> The 'commit 35f96de04127 ("bpf: Introduce BPF token object")' added
>> BPF token as a new kind of BPF kernel object. And BPF_OBJ_GET_INFO_BY_FD
>> already used to get BPF object info, so we can also get token info with
>> this cmd.
>> One usage scenario, when program runs failed with token, because of
>> the permission failure, we can report what BPF token is allowing with
>> this API for debugging.
>>
>> Signed-off-by: Tao Chen <chen.dylane@linux.dev>
>> ---
>> include/linux/bpf.h | 11 +++++++++++
>> include/uapi/linux/bpf.h | 8 ++++++++
>> kernel/bpf/syscall.c | 18 ++++++++++++++++++
>> kernel/bpf/token.c | 28 +++++++++++++++++++++++++++-
>> tools/include/uapi/linux/bpf.h | 8 ++++++++
>> 5 files changed, 72 insertions(+), 1 deletion(-)
>>
>
> LGTM, but see a nit below and in selftest patch
>
> Acked-by: Andrii Nakryiko <andrii@kernel.org>
>
> [...]
>
>>
>> +int bpf_token_get_info_by_fd(struct bpf_token *token,
>> + const union bpf_attr *attr,
>> + union bpf_attr __user *uattr)
>> +{
>> + struct bpf_token_info __user *uinfo;
>> + struct bpf_token_info info;
>> + u32 info_copy, uinfo_len;
>> +
>> + uinfo = u64_to_user_ptr(attr->info.info);
>> + uinfo_len = attr->info.info_len;
>> +
>> + info_copy = min_t(u32, uinfo_len, sizeof(info));
>
> you don't use info_len past this point, so just reassign it instead of
> adding another variable (info_copy); seems like some other
> get_info_by_fd functions use the same approach
>
will change it in v3, thanks.
>> + memset(&info, 0, sizeof(info));
>> +
>> + info.allowed_cmds = token->allowed_cmds;
>> + info.allowed_maps = token->allowed_maps;
>> + info.allowed_progs = token->allowed_progs;
>> + info.allowed_attachs = token->allowed_attachs;
>> +
>> + if (copy_to_user(uinfo, &info, info_copy) ||
>> + put_user(info_copy, &uattr->info.info_len))
>> + return -EFAULT;
>> +
>> + return 0;
>> +}
>> +
>
> [...]
--
Best Regards
Tao Chen
prev parent reply other threads:[~2025-07-16 5:29 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-15 3:58 [PATCH bpf-next v2 1/2] bpf: Add struct bpf_token_info Tao Chen
2025-07-15 3:58 ` [PATCH bpf-next v2 2/2] bpf/selftests: Add selftests for token info Tao Chen
2025-07-15 21:51 ` Andrii Nakryiko
2025-07-16 5:28 ` Tao Chen
2025-07-15 21:52 ` [PATCH bpf-next v2 1/2] bpf: Add struct bpf_token_info Andrii Nakryiko
2025-07-16 5:29 ` Tao Chen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=31dac2d6-da40-4b7c-a8ca-d67891e7326d@linux.dev \
--to=chen.dylane@linux.dev \
--cc=andrii.nakryiko@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=eddyz87@gmail.com \
--cc=haoluo@google.com \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kerneljasonxing@gmail.com \
--cc=kpsingh@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=martin.lau@linux.dev \
--cc=sdf@fomichev.me \
--cc=song@kernel.org \
--cc=willemb@google.com \
--cc=yonghong.song@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.