Skip to content

bpftool: Use appropriate permissions for map access #9023

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
kernel-patches-daemon-bpf wants to merge 2 commits into from
Closed

bpftool: Use appropriate permissions for map access #9023

kernel-patches-daemon-bpf wants to merge 2 commits into from

Conversation

@kernel-patches-daemon-bpf
Copy link

@kernel-patches-daemon-bpf kernel-patches-daemon-bpf bot commented May 30, 2025

Pull request for series with
subject: bpftool: Use appropriate permissions for map access
version: 1
url: https://patchwork.kernel.org/project/netdevbpf/list/?series=967616

@kernel-patches-daemon-bpf
Copy link
Author

kernel-patches-daemon-bpf bot commented May 30, 2025

Upstream branch: 90b83ef
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=967616
version: 1

@kernel-patches-daemon-bpf
Copy link
Author

kernel-patches-daemon-bpf bot commented May 30, 2025

Upstream branch: 90b83ef
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=967616
version: 1

@kernel-patches-daemon-bpf kernel-patches-daemon-bpf bot force-pushed the series/967616=>bpf-next branch from aa3cfcd to 99d6695 Compare May 30, 2025 13:43
@kernel-patches-daemon-bpf
Copy link
Author

kernel-patches-daemon-bpf bot commented May 30, 2025

Upstream branch: 90b83ef
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=967616
version: 1

@kernel-patches-daemon-bpf kernel-patches-daemon-bpf bot force-pushed the series/967616=>bpf-next branch from 99d6695 to 3fb48b6 Compare May 30, 2025 14:52
@kernel-patches-daemon-bpf
Copy link
Author

kernel-patches-daemon-bpf bot commented May 30, 2025

Upstream branch: 90b83ef
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=967674
version: 2

@kernel-patches-daemon-bpf kernel-patches-daemon-bpf bot force-pushed the series/967616=>bpf-next branch from 3fb48b6 to b173ea5 Compare May 30, 2025 16:55
@kernel-patches-daemon-bpf
Copy link
Author

kernel-patches-daemon-bpf bot commented Jun 1, 2025

Upstream branch: bb1556e
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=967674
version: 2

@kernel-patches-daemon-bpf kernel-patches-daemon-bpf bot force-pushed the series/967616=>bpf-next branch from b173ea5 to 7a0bb19 Compare June 1, 2025 18:04
@kernel-patches-daemon-bpf
Copy link
Author

kernel-patches-daemon-bpf bot commented Jun 2, 2025

Upstream branch: bb1556e
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=967674
version: 2

@kernel-patches-daemon-bpf kernel-patches-daemon-bpf bot force-pushed the series/967616=>bpf-next branch from 7a0bb19 to c94f339 Compare June 2, 2025 06:42
@kernel-patches-daemon-bpf
Copy link
Author

kernel-patches-daemon-bpf bot commented Jun 2, 2025

Upstream branch: cd2e103
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=967674
version: 2

@kernel-patches-daemon-bpf kernel-patches-daemon-bpf bot force-pushed the series/967616=>bpf-next branch from c94f339 to 37a5888 Compare June 2, 2025 17:52
@kernel-patches-daemon-bpf
Copy link
Author

kernel-patches-daemon-bpf bot commented Jun 2, 2025

Upstream branch: cd2e103
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=967674
version: 2

@kernel-patches-daemon-bpf kernel-patches-daemon-bpf bot force-pushed the series/967616=>bpf-next branch from 37a5888 to 1310ce5 Compare June 2, 2025 17:58
@slava-at-cs
bpftool: Use appropriate permissions for map access
503b223 
Modify several functions in tools/bpf/bpftool/common.c to allow
specification of requested access for file descriptors, such as
read-only access.

Update bpftool to request only read access for maps when write
access is not required. This fixes errors when reading from maps
that are protected from modification via security_bpf_map.

Signed-off-by: Slava Imameev <[email protected]>
@slava-at-cs
selftests/bpf: Add test for bpftool access to read-only protected maps
e29c2bc 
Add selftest cases that validate bpftool's expected behavior when
accessing maps protected from modification via security_bpf_map.

The test includes a BPF program attached to security_bpf_map with two maps:
- A protected map that only allows read-only access
- An unprotected map that allows full access

The test script attaches the BPF program to security_bpf_map and
verifies that for the bpftool map command:
- Read access works on both maps
- Write access fails on the protected map
- Write access succeeds on the unprotected map
- These behaviors remain consistent when the maps are pinned

Signed-off-by: Slava Imameev <[email protected]>
@kernel-patches-daemon-bpf
Copy link
Author

kernel-patches-daemon-bpf bot commented Jun 5, 2025

Upstream branch: 7fdaba9
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=967674
version: 2

@kernel-patches-daemon-bpf kernel-patches-daemon-bpf bot force-pushed the series/967616=>bpf-next branch from 1310ce5 to e29c2bc Compare June 5, 2025 16:32
@kernel-patches-daemon-bpf
Copy link
Author

kernel-patches-daemon-bpf bot commented Jun 5, 2025

At least one diff in series https://patchwork.kernel.org/project/netdevbpf/list/?series=967674 expired. Closing PR.

@kernel-patches-daemon-bpf kernel-patches-daemon-bpf bot deleted the series/967616=>bpf-next branch June 7, 2025 23:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

bpf-next changes-requested V2-ci-pass V2

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@slava-at-cs