diff options
| author | Andrii Nakryiko <andrii@kernel.org> | 2024-01-24 05:21:03 +0300 |
|---|---|---|
| committer | Alexei Starovoitov <ast@kernel.org> | 2024-01-25 03:21:01 +0300 |
| commit | caf8f28e036c4ba1e823355da6c0c01c39e70ab9 (patch) | |
| tree | bc60a1165bbbf9e13a1fa840f27298af3cbee67d /tools/include | |
| parent | 9ea7c4bf17e39d463eb4782f948f401d9764b1b3 (diff) | |
| download | linux-caf8f28e036c4ba1e823355da6c0c01c39e70ab9.tar.xz | |
bpf: Add BPF token support to BPF_PROG_LOAD command
Add basic support of BPF token to BPF_PROG_LOAD. BPF_F_TOKEN_FD flag
should be set in prog_flags field when providing prog_token_fd.
Wire through a set of allowed BPF program types and attach types,
derived from BPF FS at BPF token creation time. Then make sure we
perform bpf_token_capable() checks everywhere where it's relevant.
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20240124022127.2379740-7-andrii@kernel.org
Diffstat (limited to 'tools/include')
| -rw-r--r-- | tools/include/uapi/linux/bpf.h | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h index cb2c888e3bb4..d96708380e52 100644 --- a/tools/include/uapi/linux/bpf.h +++ b/tools/include/uapi/linux/bpf.h @@ -1028,6 +1028,7 @@ enum bpf_prog_type { BPF_PROG_TYPE_SK_LOOKUP, BPF_PROG_TYPE_SYSCALL, /* a program that can execute syscalls */ BPF_PROG_TYPE_NETFILTER, + __MAX_BPF_PROG_TYPE }; enum bpf_attach_type { @@ -1520,6 +1521,10 @@ union bpf_attr { * truncated), or smaller (if log buffer wasn't filled completely). */ __u32 log_true_size; + /* BPF token FD to use with BPF_PROG_LOAD operation. + * If provided, prog_flags should have BPF_F_TOKEN_FD flag set. + */ + __s32 prog_token_fd; }; struct { /* anonymous struct used by BPF_OBJ_* commands */ |