Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ccae0951 authored by Toke Høiland-Jørgensen's avatar Toke Høiland-Jørgensen Committed by Harshit Jain
Browse files

BACKPORT: devmap: Allow map lookups from eBPF 



We don't currently allow lookups into a devmap from eBPF, because the map
lookup returns a pointer directly to the dev->ifindex, which shouldn't be
modifiable from eBPF.

However, being able to do lookups in devmaps is useful to know (e.g.)
whether forwarding to a specific interface is enabled. Currently, programs
work around this by keeping a shadow map of another type which indicates
whether a map index is valid.

Since we now have a flag to make maps read-only from the eBPF side, we can
simply lift the lookup restriction if we make sure this flag is always set.

Change-Id: I42b1430605c6837710fd903a0c8abf2c7dc13f16
Signed-off-by: default avatarToke Høiland-Jørgensen <toke@redhat.com>
Acked-by: default avatarJonathan Lemon <jonathan.lemon@gmail.com>
Acked-by: default avatarAndrii Nakryiko <andriin@fb.com>
Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
Signed-off-by: default avatarCyber Knight <cyberknight755@gmail.com>
parent 9e08286f

include/uapi/linux/bpf.h

+3 −0
Original line number Diff line number Diff line
@@ -231,6 +231,9 @@ enum bpf_attach_type { 
#define BPF_F_RDONLY		(1U << 3)

#define BPF_F_WRONLY		(1U << 4)



/* Flags for accessing BPF object from program side. */

#define BPF_F_RDONLY_PROG	(1U << 7)



union bpf_attr {

	struct { /* anonymous struct used by BPF_MAP_CREATE command */

		__u32	map_type;	/* one of enum bpf_map_type */

kernel/bpf/devmap.c

+5 −0
Original line number Diff line number Diff line
@@ -115,6 +115,11 @@ static struct bpf_map *dev_map_alloc(union bpf_attr *attr) 
	    attr->value_size != 4 || attr->map_flags & ~DEV_CREATE_FLAG_MASK)

		return ERR_PTR(-EINVAL);



	/* Lookup returns a pointer straight to dev->ifindex, so make sure the

	 * verifier prevents writes from the BPF side

	 */

	attr->map_flags |= BPF_F_RDONLY_PROG;



	dtab = kzalloc(sizeof(*dtab), GFP_USER);

	if (!dtab)

		return ERR_PTR(-ENOMEM);

kernel/bpf/verifier.c

+2 −5
Original line number Diff line number Diff line
@@ -1763,13 +1763,10 @@ static int check_map_func_compatibility(struct bpf_map *map, int func_id) 
		    func_id != BPF_FUNC_current_task_under_cgroup)

			goto error;

		break;

	/* devmap returns a pointer to a live net_device ifindex that we cannot

	 * allow to be modified from bpf side. So do not allow lookup elements

	 * for now.

	 */

	case BPF_MAP_TYPE_DEVMAP:

	case BPF_MAP_TYPE_DEVMAP_HASH:

		if (func_id != BPF_FUNC_redirect_map)

		if (func_id != BPF_FUNC_redirect_map &&

		    func_id != BPF_FUNC_map_lookup_elem)

			goto error;

		break;

	case BPF_MAP_TYPE_ARRAY_OF_MAPS: