From: Andrii Nakryiko <andrii.nakryiko@gmail.com>
To: Eduard Zingerman <eddyz87@gmail.com>
Cc: Andrii Nakryiko <andrii@kernel.org>,
bpf@vger.kernel.org, netdev@vger.kernel.org,
paul@paul-moore.com, brauner@kernel.org,
linux-fsdevel@vger.kernel.org,
linux-security-module@vger.kernel.org, keescook@chromium.org,
kernel-team@meta.com, sargun@sargun.me
Subject: Re: [PATCH bpf-next 0/8] BPF token support in libbpf's BPF object
Date: Mon, 11 Dec 2023 10:21:30 -0800 [thread overview]
Message-ID: <CAEf4BzbKJDkFbKo0UVGctZ8in9eD+abgncTXHFh2oZg1Gn21QA@mail.gmail.com> (raw)
In-Reply-To: <ce4bd46009b9b0b8fb2dbec83eaa3e4c476bb050.camel@gmail.com>
On Sun, Dec 10, 2023 at 7:30 AM Eduard Zingerman <eddyz87@gmail.com> wrote:
>
> On Thu, 2023-12-07 at 10:54 -0800, Andrii Nakryiko wrote:
> > Add fuller support for BPF token in high-level BPF object APIs. This is the
> > most frequently used way to work with BPF using libbpf, so supporting BPF
> > token there is critical.
> >
> > Patch #1 is improving kernel-side BPF_TOKEN_CREATE behavior by rejecting to
> > create "empty" BPF token with no delegation. This seems like saner behavior
> > which also makes libbpf's caching better overall. If we ever want to create
> > BPF token with no delegate_xxx options set on BPF FS, we can use a new flag to
> > enable that.
> >
> > Patches #2-#5 refactor libbpf internals, mostly feature detection code, to
> > prepare it from BPF token FD.
> >
> > Patch #6 adds options to pass BPF token into BPF object open options. It also
> > adds implicit BPF token creation logic to BPF object load step, even without
> > any explicit involvement of the user. If the environment is setup properly,
> > BPF token will be created transparently and used implicitly. This allows for
> > all existing application to gain BPF token support by just linking with
> > latest version of libbpf library. No source code modifications are required.
> > All that under assumption that privileged container management agent properly
> > set up default BPF FS instance at /sys/bpf/fs to allow BPF token creation.
> >
> > Patches #7-#8 adds more selftests, validating BPF object APIs work as expected
> > under unprivileged user namespaced conditions in the presence of BPF token.
>
> fwiw, I've read through this patch-set and have not noticed any issues,
> all seems good to me. Not sure if that worth much as I'm not terribly
> familiar with code base yet.
Every extra pair of eyes is worth it :) Not finding anything obviously
broken is still a good result, thanks!
>
> [...]
prev parent reply other threads:[~2023-12-11 18:21 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-07 18:54 [PATCH bpf-next 0/8] BPF token support in libbpf's BPF object Andrii Nakryiko
2023-12-07 18:54 ` [PATCH bpf-next 1/8] bpf: fail BPF_TOKEN_CREATE if no delegation option was set on BPF FS Andrii Nakryiko
2023-12-08 21:49 ` Christian Brauner
2023-12-08 22:42 ` Andrii Nakryiko
2023-12-11 21:33 ` John Fastabend
2023-12-07 18:54 ` [PATCH bpf-next 2/8] libbpf: split feature detectors definitions from cached results Andrii Nakryiko
2023-12-11 21:38 ` John Fastabend
2023-12-07 18:54 ` [PATCH bpf-next 3/8] libbpf: further decouple feature checking logic from bpf_object Andrii Nakryiko
2023-12-10 15:31 ` Eduard Zingerman
2023-12-11 18:20 ` Andrii Nakryiko
2023-12-11 21:41 ` John Fastabend
2023-12-11 22:50 ` Andrii Nakryiko
2023-12-07 18:54 ` [PATCH bpf-next 4/8] libbpf: move feature detection code into its own file Andrii Nakryiko
2023-12-11 21:41 ` John Fastabend
2023-12-07 18:54 ` [PATCH bpf-next 5/8] libbpf: wire up token_fd into feature probing logic Andrii Nakryiko
2023-12-11 21:44 ` John Fastabend
2023-12-07 18:54 ` [PATCH bpf-next 6/8] libbpf: wire up BPF token support at BPF object level Andrii Nakryiko
2023-12-11 22:56 ` John Fastabend
2023-12-12 0:05 ` Andrii Nakryiko
2023-12-12 0:26 ` John Fastabend
2023-12-07 18:54 ` [PATCH bpf-next 7/8] selftests/bpf: add BPF object loading tests with explicit token passing Andrii Nakryiko
2023-12-11 22:59 ` John Fastabend
2023-12-07 18:54 ` [PATCH bpf-next 8/8] selftests/bpf: add tests for BPF object load with implicit token Andrii Nakryiko
2023-12-11 23:00 ` John Fastabend
2023-12-10 15:30 ` [PATCH bpf-next 0/8] BPF token support in libbpf's BPF object Eduard Zingerman
2023-12-11 18:21 ` Andrii Nakryiko [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAEf4BzbKJDkFbKo0UVGctZ8in9eD+abgncTXHFh2oZg1Gn21QA@mail.gmail.com \
--to=andrii.nakryiko@gmail.com \
--cc=andrii@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=brauner@kernel.org \
--cc=eddyz87@gmail.com \
--cc=keescook@chromium.org \
--cc=kernel-team@meta.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=sargun@sargun.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).