From: Daniel Borkmann <daniel@iogearbox.net>
To: Roberto Sassu <roberto.sassu@huawei.com>,
ast@kernel.org, andrii@kernel.org, kpsingh@kernel.org
Cc: bpf@vger.kernel.org, netdev@vger.kernel.org,
linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 1/2] libbpf: Retry map access with read-only permission
Date: Mon, 30 May 2022 23:55:10 +0200 [thread overview]
Message-ID: <4089f118-662c-4ea2-131f-c8a9b702b6ca@iogearbox.net> (raw)
In-Reply-To: <20220530084514.10170-2-roberto.sassu@huawei.com>
On 5/30/22 10:45 AM, Roberto Sassu wrote:
> Retry map access with read-only permission, if access was denied when all
> permissions were requested (open_flags is set to zero). Write access might
> have been denied by the bpf_map security hook.
>
> Some operations, such as show and dump, don't need write permissions, so
> there is a good chance of success with retrying.
>
> Prefer this solution to extending the API, as otherwise a new mechanism
> would need to be implemented to determine the right permissions for an
> operation.
>
> Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
> ---
> tools/lib/bpf/bpf.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/tools/lib/bpf/bpf.c b/tools/lib/bpf/bpf.c
> index 240186aac8e6..b4eec39021a4 100644
> --- a/tools/lib/bpf/bpf.c
> +++ b/tools/lib/bpf/bpf.c
> @@ -1056,6 +1056,11 @@ int bpf_map_get_fd_by_id(__u32 id)
> attr.map_id = id;
>
> fd = sys_bpf_fd(BPF_MAP_GET_FD_BY_ID, &attr, sizeof(attr));
> + if (fd < 0) {
> + attr.open_flags = BPF_F_RDONLY;
> + fd = sys_bpf_fd(BPF_MAP_GET_FD_BY_ID, &attr, sizeof(attr));
> + }
> +
But then what about bpf_obj_get() API in libbpf? attr.file_flags has similar
purpose as attr.open_flags in this case.
The other issue is that this could have upgrade implications, e.g. where an
application bailed out before, it is now passing wrt bpf_map_get_fd_by_id(),
but then suddenly failing during map update calls.
Imho, it might be better to be explicit about user intent w/o the lib doing
guess work upon failure cases (... or have the BPF LSM set the attr.open_flags
to BPF_F_RDONLY from within the BPF prog).
> return libbpf_err_errno(fd);
> }
>
>
next prev parent reply other threads:[~2022-05-30 21:55 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-30 8:45 [PATCH 0/2] bpf: Retry access to a map in read-only mode Roberto Sassu
2022-05-30 8:45 ` [PATCH 1/2] libbpf: Retry map access with read-only permission Roberto Sassu
2022-05-30 21:55 ` Daniel Borkmann [this message]
2022-05-31 8:47 ` Roberto Sassu
2022-05-30 8:45 ` [PATCH 2/2] selftests/bpf: Add test for retrying access to map with read-only perm Roberto Sassu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4089f118-662c-4ea2-131f-c8a9b702b6ca@iogearbox.net \
--to=daniel@iogearbox.net \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=kpsingh@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=roberto.sassu@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox