]>
git.ipfire.org Git - thirdparty/systemd.git/blob - src/basic/bpf-program.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
3 This file is part of systemd.
5 Copyright 2016 Daniel Mack
10 #include <sys/types.h>
13 #include "alloc-util.h"
14 #include "bpf-program.h"
18 #include "path-util.h"
21 int bpf_program_new(uint32_t prog_type
, BPFProgram
**ret
) {
22 _cleanup_(bpf_program_unrefp
) BPFProgram
*p
= NULL
;
24 p
= new0(BPFProgram
, 1);
29 p
->prog_type
= prog_type
;
37 BPFProgram
*bpf_program_ref(BPFProgram
*p
) {
47 BPFProgram
*bpf_program_unref(BPFProgram
*p
) {
57 /* Unfortunately, the kernel currently doesn't implicitly detach BPF programs from their cgroups when the last
58 * fd to the BPF program is closed. This has nasty side-effects since this means that abnormally terminated
59 * programs that attached one of their BPF programs to a cgroup will leave this programs pinned for good with
60 * zero chance of recovery, until the cgroup is removed. This is particularly problematic if the cgroup in
61 * question is the root cgroup (or any other cgroup belonging to a service that cannot be restarted during
62 * operation, such as dbus), as the memory for the BPF program can only be reclaimed through a reboot. To
63 * counter this, we track closely to which cgroup a program was attached to and will detach it on our own
64 * whenever we close the BPF fd. */
65 (void) bpf_program_cgroup_detach(p
);
67 safe_close(p
->kernel_fd
);
68 free(p
->instructions
);
69 free(p
->attached_path
);
74 int bpf_program_add_instructions(BPFProgram
*p
, const struct bpf_insn
*instructions
, size_t count
) {
78 if (p
->kernel_fd
>= 0) /* don't allow modification after we uploaded things to the kernel */
81 if (!GREEDY_REALLOC(p
->instructions
, p
->allocated
, p
->n_instructions
+ count
))
84 memcpy(p
->instructions
+ p
->n_instructions
, instructions
, sizeof(struct bpf_insn
) * count
);
85 p
->n_instructions
+= count
;
90 int bpf_program_load_kernel(BPFProgram
*p
, char *log_buf
, size_t log_size
) {
95 if (p
->kernel_fd
>= 0) { /* make this idempotent */
96 memzero(log_buf
, log_size
);
100 attr
= (union bpf_attr
) {
101 .prog_type
= p
->prog_type
,
102 .insns
= PTR_TO_UINT64(p
->instructions
),
103 .insn_cnt
= p
->n_instructions
,
104 .license
= PTR_TO_UINT64("GPL"),
105 .log_buf
= PTR_TO_UINT64(log_buf
),
106 .log_level
= !!log_buf
,
107 .log_size
= log_size
,
110 p
->kernel_fd
= bpf(BPF_PROG_LOAD
, &attr
, sizeof(attr
));
111 if (p
->kernel_fd
< 0)
117 int bpf_program_cgroup_attach(BPFProgram
*p
, int type
, const char *path
, uint32_t flags
) {
118 _cleanup_free_
char *copy
= NULL
;
119 _cleanup_close_
int fd
= -1;
127 if (!IN_SET(flags
, 0, BPF_F_ALLOW_OVERRIDE
, BPF_F_ALLOW_MULTI
))
130 /* We need to track which cgroup the program is attached to, and we can only track one attachment, hence let's
131 * refuse this early. */
132 if (p
->attached_path
) {
133 if (!path_equal(p
->attached_path
, path
))
135 if (p
->attached_type
!= type
)
137 if (p
->attached_flags
!= flags
)
140 /* Here's a shortcut: if we previously attached this program already, then we don't have to do so
141 * again. Well, with one exception: if we are in BPF_F_ALLOW_OVERRIDE mode then someone else might have
142 * replaced our program since the last time, hence let's reattach it again, just to be safe. In flags
143 * == 0 mode this is not an issue since nobody else can replace our program in that case, and in flags
144 * == BPF_F_ALLOW_MULTI mode any other's program would be installed in addition to ours hence ours
145 * would remain in effect. */
146 if (flags
!= BPF_F_ALLOW_OVERRIDE
)
150 /* Ensure we have a kernel object for this. */
151 r
= bpf_program_load_kernel(p
, NULL
, 0);
159 fd
= open(path
, O_DIRECTORY
|O_RDONLY
|O_CLOEXEC
);
163 attr
= (union bpf_attr
) {
166 .attach_bpf_fd
= p
->kernel_fd
,
167 .attach_flags
= flags
,
170 if (bpf(BPF_PROG_ATTACH
, &attr
, sizeof(attr
)) < 0)
173 free_and_replace(p
->attached_path
, copy
);
174 p
->attached_type
= type
;
175 p
->attached_flags
= flags
;
180 int bpf_program_cgroup_detach(BPFProgram
*p
) {
181 _cleanup_close_
int fd
= -1;
185 if (!p
->attached_path
)
188 fd
= open(p
->attached_path
, O_DIRECTORY
|O_RDONLY
|O_CLOEXEC
);
193 /* If the cgroup does not exist anymore, then we don't have to explicitly detach, it got detached
194 * implicitly by the removal, hence don't complain */
199 attr
= (union bpf_attr
) {
200 .attach_type
= p
->attached_type
,
202 .attach_bpf_fd
= p
->kernel_fd
,
205 if (bpf(BPF_PROG_DETACH
, &attr
, sizeof(attr
)) < 0)
209 p
->attached_path
= mfree(p
->attached_path
);
214 int bpf_map_new(enum bpf_map_type type
, size_t key_size
, size_t value_size
, size_t max_entries
, uint32_t flags
) {
215 union bpf_attr attr
= {
217 .key_size
= key_size
,
218 .value_size
= value_size
,
219 .max_entries
= max_entries
,
224 fd
= bpf(BPF_MAP_CREATE
, &attr
, sizeof(attr
));
231 int bpf_map_update_element(int fd
, const void *key
, void *value
) {
233 union bpf_attr attr
= {
235 .key
= PTR_TO_UINT64(key
),
236 .value
= PTR_TO_UINT64(value
),
239 if (bpf(BPF_MAP_UPDATE_ELEM
, &attr
, sizeof(attr
)) < 0)
245 int bpf_map_lookup_element(int fd
, const void *key
, void *value
) {
247 union bpf_attr attr
= {
249 .key
= PTR_TO_UINT64(key
),
250 .value
= PTR_TO_UINT64(value
),
253 if (bpf(BPF_MAP_LOOKUP_ELEM
, &attr
, sizeof(attr
)) < 0)