cgroups: remove compile-time bpf support detection

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: remove compile-time bpf support detection
928937b1 · Christian Brauner · 7fc77b1a · 928937b1 · 928937b1 · 928937b1
Unverified Commit 928937b1 authored Feb 18, 2021 by Christian Brauner
6 changed files
--- a/configure.ac
+++ b/configure.ac
@@ -385,10 +385,6 @@ AM_COND_IF([ENABLE_CAP],
        AC_CHECK_LIB(cap,cap_get_file, AC_DEFINE(LIBCAP_SUPPORTS_FILE_CAPABILITIES,1,[Have cap_get_file]),[],[])
        AC_SUBST([CAP_LIBS], [-lcap])])
-AC_CHECK_HEADERS([linux/bpf.h], [
-	AC_CHECK_TYPES([struct bpf_cgroup_dev_ctx], [], [], [[#include <linux/bpf.h>]])
-], [], [])
 # Configuration examples
 AC_ARG_ENABLE([examples],
 	[AS_HELP_STRING([--enable-examples], [install examples [default=yes]])],

--- a/src/lxc/api_extensions.h
+++ b/src/lxc/api_extensions.h
@@ -34,9 +34,7 @@ static char *api_extensions[] = {
 	"network_gateway_device_route",
 	"network_phys_macvlan_mtu",
 	"network_veth_router",
-#ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX
 	"cgroup2_devices",
-#endif
 	"cgroup2",
 	"pidfd",
 	"cgroup_advanced_isolation",

--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -864,11 +864,9 @@ __cgfsng_ops static void cgfsng_payload_destroy(struct cgroup_ops *ops,
 		return;
 	}
-#ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX
 	ret = bpf_program_cgroup_detach(handler->cgroup_ops->cgroup2_devices);
 	if (ret < 0)
 		WARN("Failed to detach bpf program from cgroup");
-#endif
 	if (!lxc_list_empty(&handler->conf->id_map)) {
 		struct generic_userns_exec_data wrap = {
@@ -3104,7 +3102,6 @@ static int bpf_device_cgroup_prepare(struct cgroup_ops *ops,
 				     struct lxc_conf *conf, const char *key,
 				     const char *val)
 {
-#ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX
 	struct device_item device_item = {};
 	int ret;
@@ -3118,7 +3115,6 @@ static int bpf_device_cgroup_prepare(struct cgroup_ops *ops,
 	ret = bpf_list_add_device(conf, &device_item);
 	if (ret < 0)
 		return -1;
-#endif
 	return 0;
 }
@@ -3172,7 +3168,6 @@ __cgfsng_ops static bool cgfsng_setup_limits(struct cgroup_ops *ops,
 __cgfsng_ops static bool cgfsng_devices_activate(struct cgroup_ops *ops, struct lxc_handler *handler)
 {
-#ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX
 	__do_bpf_program_free struct bpf_program *prog = NULL;
 	int ret;
 	struct lxc_conf *conf;
@@ -3252,7 +3247,6 @@ __cgfsng_ops static bool cgfsng_devices_activate(struct cgroup_ops *ops, struct 
 	prog_old = move_ptr(ops->cgroup2_devices);
 	ops->cgroup2_devices = move_ptr(prog);
 	prog = move_ptr(prog_old);
-#endif
 	return true;
 }

--- a/src/lxc/cgroups/cgroup2_devices.c
+++ b/src/lxc/cgroups/cgroup2_devices.c
@@ -22,10 +22,6 @@
 #include "macro.h"
 #include "memory_utils.h"
-#ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX
-#include <linux/bpf.h>
-#include <linux/filter.h>
 lxc_log_define(cgroup2_devices, cgroup);
 #define BPF_LOG_BUF_SIZE (1 << 23) /* 8MB */
@@ -567,4 +563,3 @@ bool bpf_devices_cgroup_supported(void)
 	return log_trace(true, "The bpf device cgroup is supported");
 }
-#endif
--- a/src/lxc/cgroups/cgroup2_devices.h
+++ b/src/lxc/cgroups/cgroup2_devices.h
@@ -24,33 +24,15 @@
 #include "memory_utils.h"
 #include "syscall_numbers.h"
-#ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX
+#include "include/bpf.h"
-#include <linux/bpf.h>
+#include "include/bpf_common.h"
-#include <linux/filter.h>
-#endif
-#ifndef BPF_F_ALLOW_OVERRIDE
-#define BPF_F_ALLOW_OVERRIDE (1U << 0)
-#endif
-#ifndef BPF_F_ALLOW_MULTI
-#define BPF_F_ALLOW_MULTI (1U << 1)
-#endif
-#ifndef BPF_F_REPLACE
-#define BPF_F_REPLACE (1U << 2)
-#endif
 #ifndef HAVE_BPF
+static inline int bpf_lxc(int cmd, union bpf_attr *attr, size_t size)
-union bpf_attr;
-static inline int missing_bpf(int cmd, union bpf_attr *attr, size_t size)
 {
 	return syscall(__NR_bpf, cmd, attr, size);
 }
+#define bpf bpf_lxc
-#define bpf missing_bpf
 #endif /* HAVE_BPF */
 struct bpf_program {
@@ -59,9 +41,7 @@ struct bpf_program {
 	__u32 prog_type;
 	size_t n_instructions;
-#ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX
 	struct bpf_insn *instructions;
-#endif /* HAVE_STRUCT_BPF_CGROUP_DEV_CTX */
 	int fd_cgroup;
 	int attached_type;
@@ -77,7 +57,6 @@ static inline bool bpf_device_block_all(const struct bpf_program *prog)
 static inline bool bpf_device_add(const struct bpf_program *prog,
 				  struct device_item *device)
 {
-#ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX
 	if (device->global_rule > LXC_BPF_DEVICE_CGROUP_LOCAL_RULE)
 		return false;
@@ -88,14 +67,12 @@ static inline bool bpf_device_add(const struct bpf_program *prog,
 	/* We're allowing all devices so skip individual allow rules. */
 	if (!bpf_device_block_all(prog) && device->allow)
 		return false;
-#endif
 	return true;
 }
 static inline void bpf_device_set_type(struct bpf_program *prog,
 				       struct lxc_list *devices)
 {
-#ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX
 	struct lxc_list *it;
 	lxc_list_for_each (it, devices) {
@@ -104,10 +81,8 @@ static inline void bpf_device_set_type(struct bpf_program *prog,
 		if (cur->global_rule > LXC_BPF_DEVICE_CGROUP_LOCAL_RULE)
 			prog->device_list_type = cur->global_rule;
 	}
-#endif
 }
-#ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX
 __hidden extern struct bpf_program *bpf_program_new(__u32 prog_type);
 __hidden extern int bpf_program_init(struct bpf_program *prog);
 __hidden extern int bpf_program_append_device(struct bpf_program *prog, struct device_item *device);
@@ -123,62 +98,6 @@ __hidden extern bool bpf_devices_cgroup_supported(void);
 __hidden extern int bpf_list_add_device(struct lxc_conf *conf, struct device_item *device);
-#else /* !HAVE_STRUCT_BPF_CGROUP_DEV_CTX */
-static inline struct bpf_program *bpf_program_new(__u32 prog_type)
-{
-	return ret_set_errno(NULL, ENOSYS);
-}
-static inline int bpf_program_init(struct bpf_program *prog)
-{
-	return ret_errno(ENOSYS);
-}
-static inline int bpf_program_append_device(struct bpf_program *prog, char type,
-					    int major, int minor,
-					    const char *access, int allow)
-{
-	return ret_errno(ENOSYS);
-}
-static inline int bpf_program_finalize(struct bpf_program *prog)
-{
-	return ret_errno(ENOSYS);
-}
-static inline int bpf_program_cgroup_attach(struct bpf_program *prog, int type,
-					    int fd_cgroup, int replace_bpf_fd,
-					    __u32 flags)
-{
-	return ret_errno(ENOSYS);
-}
-static inline int bpf_program_cgroup_detach(struct bpf_program *prog)
-{
-	return ret_errno(ENOSYS);
-}
-static inline void bpf_program_free(struct bpf_program *prog)
-{
-}
-static inline void bpf_device_program_free(struct cgroup_ops *ops)
-{
-}
-static inline bool bpf_devices_cgroup_supported(void)
-{
-	return ret_set_errno(false, ENOSYS);
-}
-static inline int bpf_list_add_device(struct lxc_conf *conf,
-				      struct device_item *device)
-{
-	return ret_errno(ENOSYS);
-}
-#endif /* !HAVE_STRUCT_BPF_CGROUP_DEV_CTX */
 define_cleanup_function(struct bpf_program *, bpf_program_free);
 #define __do_bpf_program_free call_cleaner(bpf_program_free)

--- a/src/lxc/commands.c
+++ b/src/lxc/commands.c
@@ -1168,7 +1168,6 @@ static int lxc_cmd_add_state_client_callback(__owns int fd, struct lxc_cmd_req *
 int lxc_cmd_add_bpf_device_cgroup(const char *name, const char *lxcpath,
 				  struct device_item *device)
 {
-#ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX
 	int stopped = 0;
 	struct lxc_cmd_rr cmd = {
 		.req = {
@@ -1188,16 +1187,12 @@ int lxc_cmd_add_bpf_device_cgroup(const char *name, const char *lxcpath,
 		return log_error_errno(-1, errno, "Failed to add new bpf device cgroup rule");
 	return 0;
-#else
-	return ret_set_errno(-1, ENOSYS);
-#endif
 }
 static int lxc_cmd_add_bpf_device_cgroup_callback(int fd, struct lxc_cmd_req *req,
 						  struct lxc_handler *handler,
 						  struct lxc_epoll_descr *descr)
 {
-#ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX
 	__do_bpf_program_free struct bpf_program *devices = NULL;
 	struct lxc_cmd_rsp rsp = {0};
 	struct lxc_conf *conf = handler->conf;
@@ -1298,9 +1293,6 @@ respond:
 		return LXC_CMD_REAP_CLIENT_FD;
 	return 0;
-#else
-	return ret_set_errno(-1, ENOSYS);
-#endif
 }
 int lxc_cmd_console_log(const char *name, const char *lxcpath,