iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bpf: allow for mount options to specify permissions

Browse Source 
Since we recently converted the BPF filesystem over to use mount_nodev(),
we now have the possibility to also hold mount options in sb's s_fs_info.
This work implements mount options support for specifying permissions on
the sb's inode, which will be used by tc when it manually needs to mount
the fs.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Daniel Borkmann 2016-11-26 01:28:08 +01:00 committed by David S. Miller
parent 21116b7068
commit a3af5f8001
1 changed files with 53 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
kernel/bpf/inode.c
View File

@ -18,6 +18,7 @@
#include <linux/namei.h> #include <linux/namei.h>
#include <linux/fs.h> #include <linux/fs.h>
#include <linux/kdev_t.h> #include <linux/kdev_t.h>
#include <linux/parser.h>
#include <linux/filter.h> #include <linux/filter.h>
#include <linux/bpf.h> #include <linux/bpf.h>
@ -364,15 +365,66 @@ static void bpf_evict_inode(struct inode *inode)
static const struct super_operations bpf_super_ops = { static const struct super_operations bpf_super_ops = {
.statfs = simple_statfs, .statfs = simple_statfs,
.drop_inode = generic_delete_inode, .drop_inode = generic_delete_inode,
.show_options = generic_show_options,
.evict_inode = bpf_evict_inode, .evict_inode = bpf_evict_inode,
}; };
enum {
OPT_MODE,
OPT_ERR,
};
static const match_table_t bpf_mount_tokens = {
{ OPT_MODE, "mode=%o" },
{ OPT_ERR, NULL },
};
struct bpf_mount_opts {
umode_t mode;
};
static int bpf_parse_options(char *data, struct bpf_mount_opts *opts)
{
substring_t args[MAX_OPT_ARGS];
int option, token;
char *ptr;
opts->mode = S_IRWXUGO;
while ((ptr = strsep(&data, ",")) != NULL) {
if (!*ptr)
continue;
token = match_token(ptr, bpf_mount_tokens, args);
switch (token) {
case OPT_MODE:
if (match_octal(&args[0], &option))
return -EINVAL;
opts->mode = option & S_IALLUGO;
break;
/* We might like to report bad mount options here, but
* traditionally we've ignored all mount options, so we'd
* better continue to ignore non-existing options for bpf.
*/
}
}
return 0;
}
static int bpf_fill_super(struct super_block *sb, void *data, int silent) static int bpf_fill_super(struct super_block *sb, void *data, int silent)
{ {
static struct tree_descr bpf_rfiles[] = { { "" } }; static struct tree_descr bpf_rfiles[] = { { "" } };
struct bpf_mount_opts opts;
struct inode *inode; struct inode *inode;
int ret; int ret;
save_mount_options(sb, data);
ret = bpf_parse_options(data, &opts);
if (ret)
return ret;
ret = simple_fill_super(sb, BPF_FS_MAGIC, bpf_rfiles); ret = simple_fill_super(sb, BPF_FS_MAGIC, bpf_rfiles);
if (ret) if (ret)
return ret; return ret;
@ -382,7 +434,7 @@ static int bpf_fill_super(struct super_block *sb, void *data, int silent)
inode = sb->s_root->d_inode; inode = sb->s_root->d_inode;
inode->i_op = &bpf_dir_iops; inode->i_op = &bpf_dir_iops;
inode->i_mode &= ~S_IALLUGO; inode->i_mode &= ~S_IALLUGO;
inode->i_mode |= S_ISVTX | S_IRWXUGO; inode->i_mode |= S_ISVTX | opts.mode;
return 0; return 0;
} }