On 12/13/23 11:23 PM, Andrii Nakryiko wrote:
Besides already supported special "any" value and hex bit mask, support
string-based parsing of delegation masks based on exact enumerator
names. Utilize BTF information of `enum bpf_cmd`, `enum bpf_map_type`,
`enum bpf_prog_type`, and `enum bpf_attach_type` types to find supported
symbolic names (ignoring __MAX_xxx guard values). So "BPF_PROG_LOAD" and
"BPF_MAP_CREATE" are valid values to specify for delegate_cmds options,
"BPF_MAP_TYPE_ARRAY" is among supported for map types, etc.
Besides supporting string values, we also support multiple values
specified at the same time, using colon (':') separator.
There are corresponding changes on bpf_show_options side to use known
values to print them in human-readable format, falling back to hex mask
printing, if there are any unrecognized bits. This shouldn't be
necessary when enum BTF information is present, but in general we should
always be able to fall back to this even if kernel was built without BTF.
Example below shows various ways to specify delegate_cmds options
through mount command and how mount options are printed back:
$ sudo mkdir -p /sys/fs/bpf/token
$ sudo mount -t bpf bpffs /sys/fs/bpf/token \
-o delegate_cmds=BPF_PROG_LOAD \
-o delegate_cmds=BPF_MAP_CREATE \
-o delegate_cmds=BPF_TOKEN_CREATE:BPF_BTF_LOAD:BPF_LINK_CREATE
$ mount | grep token
bpffs on /sys/fs/bpf/token type bpf (rw,relatime,delegate_cmds=BPF_MAP_CREATE:BPF_PROG_LOAD:BPF_BTF_LOAD:BPF_LINK_CREATE:BPF_TOKEN_CREATE)
Same approach works across delegate_maps, delegate_progs, and
delegate_attachs masks as well.
Signed-off-by: Andrii Nakryiko <andrii@xxxxxxxxxx>
LGTM, this needs a small rebase though given:
commit 750e785796bb72423b97cac21ecd0fa3b3b65610
Author: Jie Jiang <jiejiang@xxxxxxxxxxxx>
Date: Tue Dec 12 09:39:23 2023 +0000
bpf: Support uid and gid when mounting bpffs
Thanks,
Daniel
