From 490591b3427f073e99d02e66d247074895f6a87a Mon Sep 17 00:00:00 2001 From: Paul Chaignon Date: Thu, 5 Sep 2024 00:20:49 +0200 Subject: sys/linux: cover BPF tokens The new BPF_TOKEN_CREATE bpf(2) command was introduced in commit [1] upstream. This command takes a BPF filesystem fd and returns a BPF token [2]. This token can then be passed to commands BPF_PROG_LOAD, BPF_MAP_CREATE, and BPF_BTF_LOAD and the kernel will use it to check if the operation is allowed. What operations a token allows is defined by the mount options of the BPF filesystem. No flags are currently supported for the BPF_TOKEN_CREATE command. The fd should point to the BPF filesystem, but we don't have a specific resource for this yet so just point to a generic fd. This command also doesn't add support for the new mount options. 1 - https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35f96de04127 2 - https://lwn.net/Articles/947173/ Signed-off-by: Paul Chaignon --- sys/linux/test/btf_id | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'sys/linux/test/btf_id') diff --git a/sys/linux/test/btf_id b/sys/linux/test/btf_id index a3588bf32..6692f533d 100644 --- a/sys/linux/test/btf_id +++ b/sys/linux/test/btf_id @@ -4,7 +4,7 @@ r0 = syz_btf_id_by_name$bpf_lsm(&AUTO='bpf_lsm_path_mkdir\x00') # Load the bpf program. -r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &AUTO=@bpf_lsm={0x1d, AUTO, &AUTO=@framed={{AUTO, AUTO, AUTO, AUTO, 0x0, AUTO, AUTO, AUTO, 0x0}, [], AUTO}, &AUTO='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000", 0x0, 0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xa0) +r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &AUTO=@bpf_lsm={0x1d, AUTO, &AUTO=@framed={{AUTO, AUTO, AUTO, AUTO, 0x0, AUTO, AUTO, AUTO, 0x0}, [], AUTO}, &AUTO='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000", 0x0, 0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value=AUTO}, 0xa0) # Attach the bpf program to the lsm hook. @@ -14,6 +14,6 @@ r2 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &AUTO={AUTO, r1}, 0x10) r3 = syz_btf_id_by_name$bpf_lsm(&AUTO='bpf_lsm_path_mkdir\x00') -r4 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &AUTO=@bpf_lsm={0x1d, AUTO, &AUTO=@framed={{AUTO, AUTO, AUTO, AUTO, 0x0, AUTO, AUTO, AUTO, 0x0}, [], AUTO}, &AUTO='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000", 0x0, 0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xa0) +r4 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &AUTO=@bpf_lsm={0x1d, AUTO, &AUTO=@framed={{AUTO, AUTO, AUTO, AUTO, 0x0, AUTO, AUTO, AUTO, 0x0}, [], AUTO}, &AUTO='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000", 0x0, 0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value=AUTO}, 0xa0) r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &AUTO={AUTO, r4}, 0x10) -- cgit mrf-deployment