tools: bpftool: add an option to prevent auto-mount of bpffs, tracefs

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

In order to make life easier for users, bpftool automatically attempts
to mount the BPF virtual file system, if it is not mounted already,
before trying to pin objects in it. Similarly, it attempts to mount
tracefs if necessary before trying to dump the trace pipe to the
console.

While mounting file systems on-the-fly can improve user experience, some
administrators might prefer to avoid that. Let's add an option to block
these mount attempts. Note that it does not prevent automatic mounting
of tracefs by debugfs for the "bpftool prog tracelog" command.

Signed-off-by: Quentin Monnet <quentin.monnet@netronome.com>
Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>

authored by

Quentin Monnet and committed by

Daniel Borkmann 7 years ago 33221307 be3245e2

+31 -2

7 changed files

expand all

tools

bpf

bpftool

Documentation

bpftool-map.rst

bpftool-prog.rst

bpftool.rst

common.c

main.c

main.h

tracelog.c

tools/bpf/bpftool/Documentation/bpftool-map.rst

··· 128 128 -f, --bpffs 129 129 Show file names of pinned maps. 130 130 131 + -n, --nomount 132 + Do not automatically attempt to mount any virtual file system 133 + (such as tracefs or BPF virtual file system) when necessary. 134 + 131 135 EXAMPLES 132 136 ======== 133 137 **# bpftool map show**

tools/bpf/bpftool/Documentation/bpftool-prog.rst

··· 161 161 -m, --mapcompat 162 162 Allow loading maps with unknown map definitions. 163 163 164 + -n, --nomount 165 + Do not automatically attempt to mount any virtual file system 166 + (such as tracefs or BPF virtual file system) when necessary. 167 + 164 168 EXAMPLES 165 169 ======== 166 170 **# bpftool prog show**

tools/bpf/bpftool/Documentation/bpftool.rst

··· 60 60 -m, --mapcompat 61 61 Allow loading maps with unknown map definitions. 62 62 63 + -n, --nomount 64 + Do not automatically attempt to mount any virtual file system 65 + (such as tracefs or BPF virtual file system) when necessary. 66 + 63 67 64 68 SEE ALSO 65 69 ========

tools/bpf/bpftool/common.c

··· 177 177 /* nothing to do if already mounted */ 178 178 goto out_free; 179 179 180 + if (block_mount) { 181 + p_err("no BPF file system found, not mounting it due to --nomount option"); 182 + err = -1; 183 + goto out_free; 184 + } 185 + 180 186 err = mnt_fs(dir, "bpf", err_str, ERR_MAX_LEN); 181 187 if (err) { 182 188 err_str[ERR_MAX_LEN - 1] = '\0';

+7 -1

tools/bpf/bpftool/main.c

··· 24 24 bool pretty_output; 25 25 bool json_output; 26 26 bool show_pinned; 27 + bool block_mount; 27 28 int bpf_flags; 28 29 struct pinned_obj_table prog_table; 29 30 struct pinned_obj_table map_table; ··· 314 313 { "version", no_argument, NULL, 'V' }, 315 314 { "bpffs", no_argument, NULL, 'f' }, 316 315 { "mapcompat", no_argument, NULL, 'm' }, 316 + { "nomount", no_argument, NULL, 'n' }, 317 317 { 0 } 318 318 }; 319 319 int opt, ret; ··· 323 321 pretty_output = false; 324 322 json_output = false; 325 323 show_pinned = false; 324 + block_mount = false; 326 325 bin_name = argv[0]; 327 326 328 327 hash_init(prog_table.table); 329 328 hash_init(map_table.table); 330 329 331 330 opterr = 0; 332 - while ((opt = getopt_long(argc, argv, "Vhpjfm", 331 + while ((opt = getopt_long(argc, argv, "Vhpjfmn", 333 332 options, NULL)) >= 0) { 334 333 switch (opt) { 335 334 case 'V': ··· 356 353 break; 357 354 case 'm': 358 355 bpf_flags = MAPS_RELAX_COMPAT; 356 + break; 357 + case 'n': 358 + block_mount = true; 359 359 break; 360 360 default: 361 361 p_err("unrecognized option '%s'", argv[optind - 1]);

+3 -1

tools/bpf/bpftool/main.h

··· 44 44 #define HELP_SPEC_PROGRAM \ 45 45 "PROG := { id PROG_ID | pinned FILE | tag PROG_TAG }" 46 46 #define HELP_SPEC_OPTIONS \ 47 - "OPTIONS := { {-j|--json} [{-p|--pretty}] | {-f|--bpffs} | {-m|--mapcompat}" 47 + "OPTIONS := { {-j|--json} [{-p|--pretty}] | {-f|--bpffs} |\n" \ 48 + "\t {-m|--mapcompat} | {-n|--nomount} }" 48 49 #define HELP_SPEC_MAP \ 49 50 "MAP := { id MAP_ID | pinned FILE }" 50 51 ··· 86 85 extern json_writer_t *json_wtr; 87 86 extern bool json_output; 88 87 extern bool show_pinned; 88 + extern bool block_mount; 89 89 extern int bpf_flags; 90 90 extern struct pinned_obj_table prog_table; 91 91 extern struct pinned_obj_table map_table;

tools/bpf/bpftool/tracelog.c

··· 91 91 if (found && validate_tracefs_mnt(mnt, TRACEFS_MAGIC)) 92 92 goto exit_found; 93 93 94 + if (block_mount) 95 + return false; 96 + 94 97 p_info("could not find tracefs, attempting to mount it now"); 95 98 /* Most of the time, tracefs is automatically mounted by debugfs at 96 99 * /sys/kernel/debug/tracing when we try to access it. If we could not