Commit be70bcd5 authored by Daniel Borkmann's avatar Daniel Borkmann Committed by Alexei Starovoitov

bpf: do not retain flags that are not tied to map lifetime

Both BPF_F_WRONLY / BPF_F_RDONLY flags are tied to the map file
descriptor, but not to the map object itself! Meaning, at map
creation time BPF_F_RDONLY can be set to make the map read-only
from syscall side, but this holds only for the returned fd, so
any other fd either retrieved via bpf file system or via map id
for the very same underlying map object can have read-write access
instead.

Given that, keeping the two flags around in the map_flags attribute
and exposing them to user space upon map dump is misleading and
may lead to false conclusions. Since these two flags are not
tied to the map object lets also not store them as map property.
Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
Acked-by: default avatarMartin KaFai Lau <kafai@fb.com>
Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
parent d8eca5bb
...@@ -166,13 +166,25 @@ void bpf_map_area_free(void *area) ...@@ -166,13 +166,25 @@ void bpf_map_area_free(void *area)
kvfree(area); kvfree(area);
} }
static u32 bpf_map_flags_retain_permanent(u32 flags)
{
/* Some map creation flags are not tied to the map object but
* rather to the map fd instead, so they have no meaning upon
* map object inspection since multiple file descriptors with
* different (access) properties can exist here. Thus, given
* this has zero meaning for the map itself, lets clear these
* from here.
*/
return flags & ~(BPF_F_RDONLY | BPF_F_WRONLY);
}
void bpf_map_init_from_attr(struct bpf_map *map, union bpf_attr *attr) void bpf_map_init_from_attr(struct bpf_map *map, union bpf_attr *attr)
{ {
map->map_type = attr->map_type; map->map_type = attr->map_type;
map->key_size = attr->key_size; map->key_size = attr->key_size;
map->value_size = attr->value_size; map->value_size = attr->value_size;
map->max_entries = attr->max_entries; map->max_entries = attr->max_entries;
map->map_flags = attr->map_flags; map->map_flags = bpf_map_flags_retain_permanent(attr->map_flags);
map->numa_node = bpf_map_attr_numa_node(attr); map->numa_node = bpf_map_attr_numa_node(attr);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment