Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / 1a4b7ee28bf7413af6513fb45ad0d0736048f866 / . / meta-phosphor / recipes-core / systemd / systemd / 0006-core-fix-the-check-if-CONFIG_CGROUP_BPF-is-on.patch
blob: 3645100ab814498a810c9ab98e48f769e932ce3a [file] [log] [blame]
Brad Bishop1a4b7ee2018-12-16 17:11:34 -0800[diff] [blame^]1From 4ea79c18f1e2081d59eaa0f1df479dbc7700779e Mon Sep 17 00:00:00 2001
2From: Ed Tanous <ed.tanous@intel.com>
3Date: Sun, 16 Dec 2018 18:27:06 -0800
Alexander Filippov2525cde2018-09-17 12:09:30 +0300[diff] [blame]4Subject: [PATCH] core: fix the check if CONFIG_CGROUP_BPF is on
5
6Since the commit torvalds/linux@fdb5c4531c1e0e50e609df83f736b6f3a02896e2
7the syscall BPF_PROG_ATTACH return EBADF when CONFIG_CGROUP_BPF is
8turned off and as result the bpf_firewall_supported() returns the
9incorrect value.
10
11This commmit replaces the syscall BPF_PROG_ATTACH with BPF_PROG_DETACH
12which is still work as expected.
13
14Resolves openbmc/linux#159
15See also systemd/systemd#7054
16
Brad Bishop1a4b7ee2018-12-16 17:11:34 -0800[diff] [blame^]17Originally written by:
18Alexander Filippov <a.filippov@yadro.com>
19
20Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Alexander Filippov2525cde2018-09-17 12:09:30 +0300[diff] [blame]21---
Brad Bishop1a4b7ee2018-12-16 17:11:34 -0800[diff] [blame^]22 src/core/bpf-firewall.c | 14 +++++++-------
23 1 file changed, 7 insertions(+), 7 deletions(-)
Alexander Filippov2525cde2018-09-17 12:09:30 +0300[diff] [blame]24
25diff --git a/src/core/bpf-firewall.c b/src/core/bpf-firewall.c
Brad Bishop1a4b7ee2018-12-16 17:11:34 -0800[diff] [blame^]26index 8b66ef73d..e68b70d0c 100644
Alexander Filippov2525cde2018-09-17 12:09:30 +0300[diff] [blame]27--- a/src/core/bpf-firewall.c
28+++ b/src/core/bpf-firewall.c
Brad Bishop1a4b7ee2018-12-16 17:11:34 -0800[diff] [blame^]29@@ -660,7 +660,7 @@ int bpf_firewall_supported(void) {
Alexander Filippov2525cde2018-09-17 12:09:30 +0300[diff] [blame]30 * b) whether the unified hierarchy is being used
31 * c) the BPF implementation in the kernel supports BPF LPM TRIE maps, which we require
32 * d) the BPF implementation in the kernel supports BPF_PROG_TYPE_CGROUP_SKB programs, which we require
33- * e) the BPF implementation in the kernel supports the BPF_PROG_ATTACH call, which we require
34+ * e) the BPF implementation in the kernel supports the BPF_PROG_DETACH call, which we require
35 *
36 */
37
Brad Bishop1a4b7ee2018-12-16 17:11:34 -0800[diff] [blame^]38@@ -714,7 +714,7 @@ int bpf_firewall_supported(void) {
Alexander Filippov2525cde2018-09-17 12:09:30 +0300[diff] [blame]39 * is turned off at kernel compilation time. This sucks of course: why does it allow us to create a cgroup BPF
40 * program if we can't do a thing with it later?
41 *
42- * We detect this case by issuing the BPF_PROG_ATTACH bpf() call with invalid file descriptors: if
43+ * We detect this case by issuing the BPF_PROG_DETACH bpf() call with invalid file descriptors: if
44 * CONFIG_CGROUP_BPF is turned off, then the call will fail early with EINVAL. If it is turned on the
45 * parameters are validated however, and that'll fail with EBADF then. */
46
Brad Bishop1a4b7ee2018-12-16 17:11:34 -0800[diff] [blame^]47@@ -724,15 +724,15 @@ int bpf_firewall_supported(void) {
Alexander Filippov2525cde2018-09-17 12:09:30 +0300[diff] [blame]48 .attach_bpf_fd = -1,
49 };
50
Brad Bishop1a4b7ee2018-12-16 17:11:34 -0800[diff] [blame^]51- if (bpf(BPF_PROG_ATTACH, &attr, sizeof(attr)) < 0) {
52+ if (bpf(BPF_PROG_DETACH, &attr, sizeof(attr)) < 0) {
53 if (errno != EBADF) {
54- log_debug_errno(errno, "Didn't get EBADF from BPF_PROG_ATTACH, BPF firewalling is not supported: %m");
55+ log_debug_errno(errno, "Didn't get EBADF from BPF_PROG_DETACH, BPF firewalling is not supported: %m");
56 return supported = BPF_FIREWALL_UNSUPPORTED;
57 }
Alexander Filippov2525cde2018-09-17 12:09:30 +0300[diff] [blame]58
Brad Bishop1a4b7ee2018-12-16 17:11:34 -0800[diff] [blame^]59 /* YAY! */
60 } else {
61- log_debug("Wut? Kernel accepted our invalid BPF_PROG_ATTACH call? Something is weird, assuming BPF firewalling is broken and hence not supported.");
62+ log_debug("Wut? Kernel accepted our invalid BPF_PROG_DETACH call? Something is weird, assuming BPF firewalling is broken and hence not supported.");
63 return supported = BPF_FIREWALL_UNSUPPORTED;
64 }
Alexander Filippov2525cde2018-09-17 12:09:30 +0300[diff] [blame]65
Brad Bishop1a4b7ee2018-12-16 17:11:34 -0800[diff] [blame^]66@@ -748,7 +748,7 @@ int bpf_firewall_supported(void) {
67 .attach_flags = BPF_F_ALLOW_MULTI,
68 };
69
70- if (bpf(BPF_PROG_ATTACH, &attr, sizeof(attr)) < 0) {
71+ if (bpf(BPF_PROG_DETACH, &attr, sizeof(attr)) < 0) {
72 if (errno == EBADF) {
73 log_debug_errno(errno, "Got EBADF when using BPF_F_ALLOW_MULTI, which indicates it is supported. Yay!");
74 return supported = BPF_FIREWALL_SUPPORTED_WITH_MULTI;
75@@ -761,7 +761,7 @@ int bpf_firewall_supported(void) {
76
77 return supported = BPF_FIREWALL_SUPPORTED;
78 } else {
79- log_debug("Wut? Kernel accepted our invalid BPF_PROG_ATTACH+BPF_F_ALLOW_MULTI call? Something is weird, assuming BPF firewalling is broken and hence not supported.");
80+ log_debug("Wut? Kernel accepted our invalid BPF_PROG_DETACH+BPF_F_ALLOW_MULTI call? Something is weird, assuming BPF firewalling is broken and hence not supported.");
81 return supported = BPF_FIREWALL_UNSUPPORTED;
82 }
Alexander Filippov2525cde2018-09-17 12:09:30 +0300[diff] [blame]83 }
84--
Brad Bishop1a4b7ee2018-12-16 17:11:34 -0800[diff] [blame^]852.17.1
Alexander Filippov2525cde2018-09-17 12:09:30 +0300[diff] [blame]86