cgroups: bpf fixes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: bpf fixes
dcbb9e99 · Christian Brauner · 0e24c560 · dcbb9e99 · dcbb9e99
Unverified Commit dcbb9e99 authored Jan 30, 2021 by Christian Brauner
Show whitespace changes
Inline Side-by-side

Showing with 25 additions and 21 deletions

cgfsng.c src/lxc/cgroups/cgfsng.c +11 -11

cgroup2_devices.c src/lxc/cgroups/cgroup2_devices.c +14 -10

No files found.
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -2963,12 +2963,12 @@ __cgfsng_ops static bool cgfsng_setup_limits(struct cgroup_ops *ops,
 __cgfsng_ops static bool cgfsng_devices_activate(struct cgroup_ops *ops, struct lxc_handler *handler)
 {
 #ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX
-	__do_bpf_program_free struct bpf_program *devices = NULL;
+	__do_bpf_program_free struct bpf_program *prog = NULL;
 	int ret;
 	struct lxc_conf *conf;
 	struct hierarchy *unified;
 	struct lxc_list *it;
-	struct bpf_program *devices_old;
+	struct bpf_program *prog_old;
 	if (!ops)
 		return ret_set_errno(false, ENOENT);
@@ -2988,18 +2988,18 @@ __cgfsng_ops static bool cgfsng_devices_activate(struct cgroup_ops *ops, struct 
 	    !unified->container_full_path || lxc_list_empty(&conf->devices))
 		return true;
-	devices = bpf_program_new(BPF_PROG_TYPE_CGROUP_DEVICE);
+	prog = bpf_program_new(BPF_PROG_TYPE_CGROUP_DEVICE);
-	if (!devices)
+	if (!prog)
 		return log_error_errno(false, ENOMEM, "Failed to create new bpf program");
-	ret = bpf_program_init(devices);
+	ret = bpf_program_init(prog);
 	if (ret)
 		return log_error_errno(false, ENOMEM, "Failed to initialize bpf program");
 	lxc_list_for_each(it, &conf->devices) {
 		struct device_item *cur = it->elem;
-		ret = bpf_program_append_device(devices, cur);
+		ret = bpf_program_append_device(prog, cur);
 		if (ret)
 			return log_error_errno(false, ENOMEM, "Failed to add new rule to bpf device program: type %c, major %d, minor %d, access %s, allow %d, global_rule %d",
 					       cur->type,
@@ -3017,20 +3017,20 @@ __cgfsng_ops static bool cgfsng_devices_activate(struct cgroup_ops *ops, struct 
 		      cur->global_rule);
 	}
-	ret = bpf_program_finalize(devices);
+	ret = bpf_program_finalize(prog);
 	if (ret)
 		return log_error_errno(false, ENOMEM, "Failed to finalize bpf program");
-	ret = bpf_program_cgroup_attach(devices, BPF_CGROUP_DEVICE,
+	ret = bpf_program_cgroup_attach(prog, BPF_CGROUP_DEVICE,
 					unified->container_limit_path,
 					BPF_F_ALLOW_MULTI);
 	if (ret)
 		return log_error_errno(false, ENOMEM, "Failed to attach bpf program");
 	/* Replace old bpf program. */
-	devices_old = move_ptr(ops->cgroup2_devices);
+	prog_old = move_ptr(ops->cgroup2_devices);
-	ops->cgroup2_devices = move_ptr(devices);
+	ops->cgroup2_devices = move_ptr(prog);
-	devices = move_ptr(devices_old);
+	prog = move_ptr(prog_old);
 #endif
 	return true;
 }

--- a/src/lxc/cgroups/cgroup2_devices.c
+++ b/src/lxc/cgroups/cgroup2_devices.c
@@ -179,7 +179,7 @@ struct bpf_program *bpf_program_new(uint32_t prog_type)
 	prog = zalloc(sizeof(struct bpf_program));
 	if (!prog)
-		return NULL;
+		return ret_set_errno(NULL, ENOMEM);
 	prog->prog_type = prog_type;
 	prog->kernel_fd = -EBADF;
@@ -323,7 +323,7 @@ int bpf_program_finalize(struct bpf_program *prog)
 static int bpf_program_load_kernel(struct bpf_program *prog, char *log_buf,
 				   __u32 log_size, __u32 log_level)
 {
-	union bpf_attr attr;
+	union bpf_attr *attr;
 	if ((log_size != 0 && !log_buf) || (log_size == 0 && log_buf))
 		return ret_errno(EINVAL);
@@ -333,7 +333,7 @@ static int bpf_program_load_kernel(struct bpf_program *prog, char *log_buf,
 		return 0;
 	}
-	attr = (union bpf_attr){
+	attr = &(union bpf_attr){
 		.prog_type	= prog->prog_type,
 		.insns		= PTR_TO_UINT64(prog->instructions),
 		.insn_cnt	= prog->n_instructions,
@@ -343,7 +343,7 @@ static int bpf_program_load_kernel(struct bpf_program *prog, char *log_buf,
 		.log_size	= log_size,
 	};
-	prog->kernel_fd = bpf(BPF_PROG_LOAD, &attr, sizeof(attr));
+	prog->kernel_fd = bpf(BPF_PROG_LOAD, attr, sizeof(*attr));
 	if (prog->kernel_fd < 0)
 		return log_error_errno(-1, errno, "Failed to load bpf program: %s",
 				       log_buf ?: "(null)");
@@ -357,7 +357,7 @@ int bpf_program_cgroup_attach(struct bpf_program *prog, int type,
 {
 	__do_close int fd = -EBADF;
 	__do_free char *copy = NULL;
-	union bpf_attr attr;
+	union bpf_attr *attr;
 	int ret;
 	if (!path || !prog)
@@ -389,14 +389,14 @@ int bpf_program_cgroup_attach(struct bpf_program *prog, int type,
 	if (fd < 0)
 		return log_error_errno(-1, errno, "Failed to open cgroup path %s", path);
-	attr = (union bpf_attr){
+	attr = &(union bpf_attr){
 		.attach_type	= type,
 		.target_fd	= fd,
 		.attach_bpf_fd	= prog->kernel_fd,
 		.attach_flags	= flags,
 	};
-	ret = bpf(BPF_PROG_ATTACH, &attr, sizeof(attr));
+	ret = bpf(BPF_PROG_ATTACH, attr, sizeof(*attr));
 	if (ret < 0)
 		return log_error_errno(-1, errno, "Failed to attach bpf program");
@@ -425,15 +425,15 @@ int bpf_program_cgroup_detach(struct bpf_program *prog)
 			return log_error_errno(-1, errno, "Failed to open attach cgroup %s",
 					       prog->attached_path);
 	} else {
-		union bpf_attr attr;
+		union bpf_attr *attr;
-		attr = (union bpf_attr){
+		attr = &(union bpf_attr){
 			.attach_type	= prog->attached_type,
 			.target_fd	= fd,
 			.attach_bpf_fd	= prog->kernel_fd,
 		};
-		ret = bpf(BPF_PROG_DETACH, &attr, sizeof(attr));
+		ret = bpf(BPF_PROG_DETACH, attr, sizeof(*attr));
 		if (ret < 0)
 			return log_error_errno(-1, errno, "Failed to detach bpf program from cgroup %s",
 					       prog->attached_path);
@@ -536,6 +536,10 @@ bool bpf_devices_cgroup_supported(void)
 	if (!prog)
 		return log_trace(false, "Failed to allocate new bpf device cgroup program");
+	ret = bpf_program_init(prog);
+	if (ret)
+		return log_error_errno(false, ENOMEM, "Failed to initialize bpf program");
 	ret = bpf_program_add_instructions(prog, dummy, ARRAY_SIZE(dummy));
 	if (ret < 0)
 		return log_trace(false, "Failed to add new instructions to bpf device cgroup program");