[PATCH 03/18] bpf-preload: Generalize object pinning from the kernel
Roberto Sassu
roberto.sassu at huawei.com
Mon Mar 28 17:50:18 UTC 2022
Rename bpf_iter_link_pin_kernel() to bpf_obj_do_pin_kernel(), to match the
user space counterpart bpf_obj_do_pin() and similarly to the latter, accept
a generic object pointer and its type, so that the preload method can pin
not only links but also maps and progs.
Signed-off-by: Roberto Sassu <roberto.sassu at huawei.com>
---
kernel/bpf/inode.c | 29 ++++++++++++++++++++++-------
1 file changed, 22 insertions(+), 7 deletions(-)
diff --git a/kernel/bpf/inode.c b/kernel/bpf/inode.c
index 1f2d468abf58..a9d725db4cf4 100644
--- a/kernel/bpf/inode.c
+++ b/kernel/bpf/inode.c
@@ -414,9 +414,10 @@ static const struct inode_operations bpf_dir_iops = {
.unlink = simple_unlink,
};
-/* pin iterator link into bpffs */
-static int bpf_iter_link_pin_kernel(struct dentry *parent,
- const char *name, struct bpf_link *link)
+/* pin object into bpffs */
+static int bpf_obj_do_pin_kernel(struct dentry *parent,
+ const char *name, void *raw,
+ enum bpf_type type)
{
umode_t mode = S_IFREG | S_IRUSR;
struct dentry *dentry;
@@ -428,8 +429,22 @@ static int bpf_iter_link_pin_kernel(struct dentry *parent,
inode_unlock(parent->d_inode);
return PTR_ERR(dentry);
}
- ret = bpf_mkobj_ops(dentry, mode, link, &bpf_link_iops,
- &bpf_iter_fops);
+
+ switch (type) {
+ case BPF_TYPE_PROG:
+ ret = bpf_mkprog(dentry, mode, raw);
+ break;
+ case BPF_TYPE_MAP:
+ ret = bpf_mkmap(dentry, mode, raw);
+ break;
+ case BPF_TYPE_LINK:
+ ret = bpf_mklink(dentry, mode, raw);
+ break;
+ default:
+ ret = -EOPNOTSUPP;
+ break;
+ }
+
dput(dentry);
inode_unlock(parent->d_inode);
return ret;
@@ -726,8 +741,8 @@ static int populate_bpffs(struct dentry *parent)
goto out_put;
for (i = 0; i < BPF_PRELOAD_LINKS; i++) {
bpf_link_inc(objs[i].link);
- err = bpf_iter_link_pin_kernel(parent,
- objs[i].link_name, objs[i].link);
+ err = bpf_obj_do_pin_kernel(parent, objs[i].link_name,
+ objs[i].link, BPF_TYPE_LINK);
if (err) {
bpf_link_put(objs[i].link);
goto out_put;
--
2.32.0
More information about the Linux-security-module-archive
mailing list