This patch enables use of non-executable memfds for bpf maps. [1] As this is a recent kernel feature, the code checks at runtime to make sure it is available. --- Changes in v3: - Check return value before checking errno - Update newline style - Link to v2: https://lore.kernel.org/bpf/Z3LHcCgqY7kHs08S@krava/T/ [1] https://lwn.net/Articles/918106/ Signed-off-by: Andrei Enache <andreien@xxxxxxxxx> --- tools/lib/bpf/libbpf.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c index 66173ddb5..3a30c094d 100644 --- a/tools/lib/bpf/libbpf.c +++ b/tools/lib/bpf/libbpf.c @@ -1732,11 +1732,22 @@ static int sys_memfd_create(const char *name, unsigned flags) #define MFD_CLOEXEC 0x0001U #endif +#ifndef MFD_NOEXEC_SEAL +#define MFD_NOEXEC_SEAL 0x0008U +#endif + static int create_placeholder_fd(void) { int fd; + int memfd; + + memfd = sys_memfd_create("libbpf-placeholder-fd", MFD_CLOEXEC); + + /* MFD_NOEXEC_SEAL is missing from older kernels */ + if (memfd < 0 && errno == EINVAL) + memfd = sys_memfd_create("libbpf-placeholder-fd", MFD_CLOEXEC | MFD_NOEXEC_SEAL); - fd = ensure_good_fd(sys_memfd_create("libbpf-placeholder-fd", MFD_CLOEXEC)); + fd = ensure_good_fd(memfd); if (fd < 0) return -errno; return fd; -- 2.47.1
Attachment:
signature.asc
Description: OpenPGP digital signature
