RE: [PATCH v3 bpf-next 00/10] BPF token support in libbpf's BPF object

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Andrii Nakryiko wrote:
> Add fuller support for BPF token in high-level BPF object APIs. This is the
> most frequently used way to work with BPF using libbpf, so supporting BPF
> token there is critical.
> 
> Patch #1 is improving kernel-side BPF_TOKEN_CREATE behavior by rejecting to
> create "empty" BPF token with no delegation. This seems like saner behavior
> which also makes libbpf's caching better overall. If we ever want to create
> BPF token with no delegate_xxx options set on BPF FS, we can use a new flag to
> enable that.
> 
> Patches #2-#5 refactor libbpf internals, mostly feature detection code, to
> prepare it from BPF token FD.
> 
> Patch #6 adds options to pass BPF token into BPF object open options. It also
> adds implicit BPF token creation logic to BPF object load step, even without
> any explicit involvement of the user. If the environment is setup properly,
> BPF token will be created transparently and used implicitly. This allows for
> all existing application to gain BPF token support by just linking with
> latest version of libbpf library. No source code modifications are required.
> All that under assumption that privileged container management agent properly
> set up default BPF FS instance at /sys/bpf/fs to allow BPF token creation.
> 
> Patches #7-#8 adds more selftests, validating BPF object APIs work as expected
> under unprivileged user namespaced conditions in the presence of BPF token.
> 
> Patch #9 extends libbpf with LIBBPF_BPF_TOKEN_PATH envvar knowledge, which can
> be used to override custom BPF FS location used for implicit BPF token
> creation logic without needing to adjust application code. This allows admins
> or container managers to mount BPF token-enabled BPF FS at non-standard
> location without the need to coordinate with applications.
> LIBBPF_BPF_TOKEN_PATH can also be used to disable BPF token implicit creation
> by setting it to an empty value. Patch #10 tests this new envvar functionality.
> 
> v2->v3:
>   - move some stray feature cache refactorings into patch #4 (Alexei);
>   - add LIBBPF_BPF_TOKEN_PATH envvar support (Alexei);

We can do same thing from golang ebpf lib when we get around to adding it.
Looks good to me.

I see its merged but, Ack for me.

> v1->v2:
>   - remove minor code redundancies (Eduard, John);
>   - add acks and rebase.
> 
> Andrii Nakryiko (10):
>   bpf: fail BPF_TOKEN_CREATE if no delegation option was set on BPF FS
>   libbpf: split feature detectors definitions from cached results
>   libbpf: further decouple feature checking logic from bpf_object
>   libbpf: move feature detection code into its own file
>   libbpf: wire up token_fd into feature probing logic
>   libbpf: wire up BPF token support at BPF object level
>   selftests/bpf: add BPF object loading tests with explicit token
>     passing
>   selftests/bpf: add tests for BPF object load with implicit token
>   libbpf: support BPF token path setting through LIBBPF_BPF_TOKEN_PATH
>     envvar
>   selftests/bpf: add tests for LIBBPF_BPF_TOKEN_PATH envvar
> 
>  kernel/bpf/token.c                            |  10 +-
>  tools/lib/bpf/Build                           |   2 +-
>  tools/lib/bpf/bpf.c                           |   9 +-
>  tools/lib/bpf/btf.c                           |   7 +-
>  tools/lib/bpf/elf.c                           |   2 -
>  tools/lib/bpf/features.c                      | 478 +++++++++++++++
>  tools/lib/bpf/libbpf.c                        | 573 ++++--------------
>  tools/lib/bpf/libbpf.h                        |  37 +-
>  tools/lib/bpf/libbpf_internal.h               |  36 +-
>  tools/lib/bpf/libbpf_probes.c                 |   8 +-
>  tools/lib/bpf/str_error.h                     |   3 +
>  .../testing/selftests/bpf/prog_tests/token.c  | 347 +++++++++++
>  tools/testing/selftests/bpf/progs/priv_map.c  |  13 +
>  tools/testing/selftests/bpf/progs/priv_prog.c |  13 +
>  14 files changed, 1065 insertions(+), 473 deletions(-)
>  create mode 100644 tools/lib/bpf/features.c
>  create mode 100644 tools/testing/selftests/bpf/progs/priv_map.c
>  create mode 100644 tools/testing/selftests/bpf/progs/priv_prog.c
> 
> -- 
> 2.34.1
> 
> 






[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux