[PATCH v2 8/9] bpftool: Adjust map permissions

From: Roberto Sassu
Date: Thu Jun 02 2022 - 10:39:55 EST


Request a read file descriptor for:
- map subcommands: show_subset, show, dump, lookup, getnext and pin;
- btf subcommand: dump;
- prog subcommand: show (metadata);
- struct_ops subcommands: show and dump;
- do_build_table_cb(), to show the path of a pinned map.

Signed-off-by: Roberto Sassu <roberto.sassu@xxxxxxxxxx>
---
tools/bpf/bpftool/btf.c | 5 +++--
tools/bpf/bpftool/common.c | 5 +++--
tools/bpf/bpftool/map.c | 10 +++++-----
tools/bpf/bpftool/prog.c | 2 +-
tools/bpf/bpftool/struct_ops.c | 4 ++--
5 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/tools/bpf/bpftool/btf.c b/tools/bpf/bpftool/btf.c
index 69a7695030f9..a36710903549 100644
--- a/tools/bpf/bpftool/btf.c
+++ b/tools/bpf/bpftool/btf.c
@@ -529,7 +529,8 @@ static int do_dump(int argc, char **argv)
return -1;
}

- fd = map_parse_fd_and_info(&argc, &argv, &info, &len, 0);
+ fd = map_parse_fd_and_info(&argc, &argv, &info, &len,
+ BPF_F_RDONLY);
if (fd < 0)
return -1;

@@ -730,7 +731,7 @@ build_btf_type_table(struct hashmap *tab, enum bpf_obj_type type,
fd = bpf_prog_get_fd_by_id(id);
break;
case BPF_OBJ_MAP:
- fd = bpf_map_get_fd_by_id(id);
+ fd = bpf_map_get_fd_by_id_flags(id, BPF_F_RDONLY);
break;
default:
err = -1;
diff --git a/tools/bpf/bpftool/common.c b/tools/bpf/bpftool/common.c
index 0816ea2f0be1..d20e1fa8a5fd 100644
--- a/tools/bpf/bpftool/common.c
+++ b/tools/bpf/bpftool/common.c
@@ -228,7 +228,7 @@ int do_pin_any(int argc, char **argv, int (*get_fd)(int *, char ***, __u32))
int err;
int fd;

- fd = get_fd(&argc, &argv, 0);
+ fd = get_fd(&argc, &argv, BPF_F_RDONLY);
if (fd < 0)
return fd;

@@ -401,7 +401,8 @@ static int do_build_table_cb(const char *fpath, const struct stat *sb,
if (typeflag != FTW_F)
goto out_ret;

- fd = open_obj_pinned(fpath, true, 0);
+ /* WARNING: setting flags to BPF_F_RDONLY has effect only for maps. */
+ fd = open_obj_pinned(fpath, true, BPF_F_RDONLY);
if (fd < 0)
goto out_ret;

diff --git a/tools/bpf/bpftool/map.c b/tools/bpf/bpftool/map.c
index f253f69879a9..e4346c834e07 100644
--- a/tools/bpf/bpftool/map.c
+++ b/tools/bpf/bpftool/map.c
@@ -634,7 +634,7 @@ static int do_show_subset(int argc, char **argv)
p_err("mem alloc failed");
return -1;
}
- nb_fds = map_parse_fds(&argc, &argv, &fds, 0);
+ nb_fds = map_parse_fds(&argc, &argv, &fds, BPF_F_RDONLY);
if (nb_fds < 1)
goto exit_free;

@@ -702,7 +702,7 @@ static int do_show(int argc, char **argv)
break;
}

- fd = bpf_map_get_fd_by_id(id);
+ fd = bpf_map_get_fd_by_id_flags(id, BPF_F_RDONLY);
if (fd < 0) {
if (errno == ENOENT)
continue;
@@ -910,7 +910,7 @@ static int do_dump(int argc, char **argv)
p_err("mem alloc failed");
return -1;
}
- nb_fds = map_parse_fds(&argc, &argv, &fds, 0);
+ nb_fds = map_parse_fds(&argc, &argv, &fds, BPF_F_RDONLY);
if (nb_fds < 1)
goto exit_free;

@@ -1077,7 +1077,7 @@ static int do_lookup(int argc, char **argv)
if (argc < 2)
usage();

- fd = map_parse_fd_and_info(&argc, &argv, &info, &len, 0);
+ fd = map_parse_fd_and_info(&argc, &argv, &info, &len, BPF_F_RDONLY);
if (fd < 0)
return -1;

@@ -1128,7 +1128,7 @@ static int do_getnext(int argc, char **argv)
if (argc < 2)
usage();

- fd = map_parse_fd_and_info(&argc, &argv, &info, &len, 0);
+ fd = map_parse_fd_and_info(&argc, &argv, &info, &len, BPF_F_RDONLY);
if (fd < 0)
return -1;

diff --git a/tools/bpf/bpftool/prog.c b/tools/bpf/bpftool/prog.c
index 05480bf26a00..58d573badcb4 100644
--- a/tools/bpf/bpftool/prog.c
+++ b/tools/bpf/bpftool/prog.c
@@ -251,7 +251,7 @@ static void *find_metadata(int prog_fd, struct bpf_map_info *map_info)
goto free_map_ids;

for (i = 0; i < prog_info.nr_map_ids; i++) {
- map_fd = bpf_map_get_fd_by_id(map_ids[i]);
+ map_fd = bpf_map_get_fd_by_id_flags(map_ids[i], BPF_F_RDONLY);
if (map_fd < 0)
goto free_map_ids;

diff --git a/tools/bpf/bpftool/struct_ops.c b/tools/bpf/bpftool/struct_ops.c
index e8252a76e115..ced5fe62b1d7 100644
--- a/tools/bpf/bpftool/struct_ops.c
+++ b/tools/bpf/bpftool/struct_ops.c
@@ -359,7 +359,7 @@ static int do_show(int argc, char **argv)
}

res = do_work_on_struct_ops(search_type, search_term, __do_show,
- NULL, json_wtr, 0);
+ NULL, json_wtr, BPF_F_RDONLY);

return cmd_retval(&res, !!search_term);
}
@@ -448,7 +448,7 @@ static int do_dump(int argc, char **argv)
d.prog_id_as_func_ptr = true;

res = do_work_on_struct_ops(search_type, search_term, __do_dump, &d,
- wtr, 0);
+ wtr, BPF_F_RDONLY);

if (!json_output)
jsonw_destroy(&wtr);
--
2.25.1