This patch enables use of non-executable memfds for bpf maps. [1] As this is a recent kernel feature, the code checks errno to make sure it is available. --- Changes in v2: - Rebase on dad704e - Link to v1: https://lore.kernel.org/bpf/6qGQ7n8-hGVRUbVaU4K2NOdK93nEC-Ytb1ZCWhJyHoeIJgs0plTiTHLLQ8ghWSxjdhsu7VRiTD8SSqEW0eJyssE0FGOp4fn3wNG7TS-jsq8=@proton.me/ [1] https://lwn.net/Articles/918106/ [2] Signed-off-by: Andrei Enache <andreien@xxxxxxxxx> --- tools/lib/bpf/libbpf.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c index 66173ddb5..490b41e2d 100644 --- a/tools/lib/bpf/libbpf.c +++ b/tools/lib/bpf/libbpf.c @@ -1732,11 +1732,22 @@ static int sys_memfd_create(const char *name, unsigned flags) #define MFD_CLOEXEC 0x0001U #endif +#ifndef MFD_NOEXEC_SEAL +#define MFD_NOEXEC_SEAL 0x0008U +#endif + static int create_placeholder_fd(void) { int fd; + int memfd; + + memfd = sys_memfd_create("libbpf-placeholder-fd", MFD_CLOEXEC | MFD_NOEXEC_SEAL); + + /* MFD_NOEXEC_SEAL is missing from older kernels */ + if (errno == EINVAL) + memfd = sys_memfd_create("libbpf-placeholder-fd", MFD_CLOEXEC); - fd = ensure_good_fd(sys_memfd_create("libbpf-placeholder-fd", MFD_CLOEXEC)); + fd = ensure_good_fd(memfd); if (fd < 0) return -errno; return fd; -- 2.47.1
Attachment:
signature.asc
Description: OpenPGP digital signature