diff options
| author | Tony Ambardar <itugrok@yahoo.com> | 2022-11-28 20:43:19 -0800 |
|---|---|---|
| committer | Hauke Mehrtens <hauke@hauke-m.de> | 2023-06-09 13:20:44 +0200 |
| commit | 11677aa44cc0ab423c520201ce067be2bdef730f (patch) | |
| tree | 272d32e47c9ddefdba68f7b0591444fdadfdc126 /target/linux/generic/backport-5.15/060-v5.18-01-bpf-selftests-Add-helpers-to-directly-use-the-capget.patch | |
| parent | 081dfcfb0fa9a928321af885b118b480635dfdd5 (diff) | |
| download | upstream-11677aa44cc0ab423c520201ce067be2bdef730f.tar.gz upstream-11677aa44cc0ab423c520201ce067be2bdef730f.tar.bz2 upstream-11677aa44cc0ab423c520201ce067be2bdef730f.zip | |
kernel: backport libcap workaround for BPF selftests
Recent libcap versions (>= 2.60) cause problems with BPF kselftests, so
backport an upstream patch that replaces libcap and drops the dependency.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 04981c716acab6b7a81f672f217e5c47ee42a0b6)
Diffstat (limited to 'target/linux/generic/backport-5.15/060-v5.18-01-bpf-selftests-Add-helpers-to-directly-use-the-capget.patch')
| -rw-r--r-- | target/linux/generic/backport-5.15/060-v5.18-01-bpf-selftests-Add-helpers-to-directly-use-the-capget.patch | 123 |
1 files changed, 123 insertions, 0 deletions
diff --git a/target/linux/generic/backport-5.15/060-v5.18-01-bpf-selftests-Add-helpers-to-directly-use-the-capget.patch b/target/linux/generic/backport-5.15/060-v5.18-01-bpf-selftests-Add-helpers-to-directly-use-the-capget.patch new file mode 100644 index 0000000000..4d544a30f5 --- /dev/null +++ b/target/linux/generic/backport-5.15/060-v5.18-01-bpf-selftests-Add-helpers-to-directly-use-the-capget.patch @@ -0,0 +1,123 @@ +From 5287acc6f097c0c18e54401b611a877a3083b68c Mon Sep 17 00:00:00 2001 +From: Martin KaFai Lau <kafai@fb.com> +Date: Wed, 16 Mar 2022 10:38:23 -0700 +Subject: [PATCH 1/3] bpf: selftests: Add helpers to directly use the capget + and capset syscall + +After upgrading to the newer libcap (>= 2.60), +the libcap commit aca076443591 ("Make cap_t operations thread safe.") +added a "__u8 mutex;" to the "struct _cap_struct". It caused a few byte +shift that breaks the assumption made in the "struct libcap" definition +in test_verifier.c. + +The bpf selftest usage only needs to enable and disable the effective +caps of the running task. It is easier to directly syscall the +capget and capset instead. It can also remove the libcap +library dependency. + +The cap_helpers.{c,h} is added. One __u64 is used for all CAP_* +bits instead of two __u32. + +Signed-off-by: Martin KaFai Lau <kafai@fb.com> +Signed-off-by: Alexei Starovoitov <ast@kernel.org> +Acked-by: John Fastabend <john.fastabend@gmail.com> +Link: https://lore.kernel.org/bpf/20220316173823.2036955-1-kafai@fb.com +--- + tools/testing/selftests/bpf/cap_helpers.c | 67 +++++++++++++++++++++++ + tools/testing/selftests/bpf/cap_helpers.h | 19 +++++++ + 2 files changed, 86 insertions(+) + create mode 100644 tools/testing/selftests/bpf/cap_helpers.c + create mode 100644 tools/testing/selftests/bpf/cap_helpers.h + +--- /dev/null ++++ b/tools/testing/selftests/bpf/cap_helpers.c +@@ -0,0 +1,67 @@ ++// SPDX-License-Identifier: GPL-2.0 ++#include "cap_helpers.h" ++ ++/* Avoid including <sys/capability.h> from the libcap-devel package, ++ * so directly declare them here and use them from glibc. ++ */ ++int capget(cap_user_header_t header, cap_user_data_t data); ++int capset(cap_user_header_t header, const cap_user_data_t data); ++ ++int cap_enable_effective(__u64 caps, __u64 *old_caps) ++{ ++ struct __user_cap_data_struct data[_LINUX_CAPABILITY_U32S_3]; ++ struct __user_cap_header_struct hdr = { ++ .version = _LINUX_CAPABILITY_VERSION_3, ++ }; ++ __u32 cap0 = caps; ++ __u32 cap1 = caps >> 32; ++ int err; ++ ++ err = capget(&hdr, data); ++ if (err) ++ return err; ++ ++ if (old_caps) ++ *old_caps = (__u64)(data[1].effective) << 32 | data[0].effective; ++ ++ if ((data[0].effective & cap0) == cap0 && ++ (data[1].effective & cap1) == cap1) ++ return 0; ++ ++ data[0].effective |= cap0; ++ data[1].effective |= cap1; ++ err = capset(&hdr, data); ++ if (err) ++ return err; ++ ++ return 0; ++} ++ ++int cap_disable_effective(__u64 caps, __u64 *old_caps) ++{ ++ struct __user_cap_data_struct data[_LINUX_CAPABILITY_U32S_3]; ++ struct __user_cap_header_struct hdr = { ++ .version = _LINUX_CAPABILITY_VERSION_3, ++ }; ++ __u32 cap0 = caps; ++ __u32 cap1 = caps >> 32; ++ int err; ++ ++ err = capget(&hdr, data); ++ if (err) ++ return err; ++ ++ if (old_caps) ++ *old_caps = (__u64)(data[1].effective) << 32 | data[0].effective; ++ ++ if (!(data[0].effective & cap0) && !(data[1].effective & cap1)) ++ return 0; ++ ++ data[0].effective &= ~cap0; ++ data[1].effective &= ~cap1; ++ err = capset(&hdr, data); ++ if (err) ++ return err; ++ ++ return 0; ++} +--- /dev/null ++++ b/tools/testing/selftests/bpf/cap_helpers.h +@@ -0,0 +1,19 @@ ++/* SPDX-License-Identifier: GPL-2.0 */ ++#ifndef __CAP_HELPERS_H ++#define __CAP_HELPERS_H ++ ++#include <linux/types.h> ++#include <linux/capability.h> ++ ++#ifndef CAP_PERFMON ++#define CAP_PERFMON 38 ++#endif ++ ++#ifndef CAP_BPF ++#define CAP_BPF 39 ++#endif ++ ++int cap_enable_effective(__u64 caps, __u64 *old_caps); ++int cap_disable_effective(__u64 caps, __u64 *old_caps); ++ ++#endif |