]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/basic/bpf-program.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
basic: add log_level argument to timezone_is_valid
[thirdparty/systemd.git] / src / basic / bpf-program.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2 /***
3 This file is part of systemd.
4
5 Copyright 2016 Daniel Mack
6 ***/
7
8 #include <fcntl.h>
9 #include <sys/stat.h>
10 #include <sys/types.h>
11 #include <unistd.h>
12
13 #include "alloc-util.h"
14 #include "bpf-program.h"
15 #include "fd-util.h"
16 #include "log.h"
17 #include "missing.h"
18 #include "path-util.h"
19 #include "util.h"
20
21 int bpf_program_new(uint32_t prog_type, BPFProgram **ret) {
22 _cleanup_(bpf_program_unrefp) BPFProgram *p = NULL;
23
24 p = new0(BPFProgram, 1);
25 if (!p)
26 return log_oom();
27
28 p->n_ref = 1;
29 p->prog_type = prog_type;
30 p->kernel_fd = -1;
31
32 *ret = TAKE_PTR(p);
33
34 return 0;
35 }
36
37 BPFProgram *bpf_program_ref(BPFProgram *p) {
38 if (!p)
39 return NULL;
40
41 assert(p->n_ref > 0);
42 p->n_ref++;
43
44 return p;
45 }
46
47 BPFProgram *bpf_program_unref(BPFProgram *p) {
48 if (!p)
49 return NULL;
50
51 assert(p->n_ref > 0);
52 p->n_ref--;
53
54 if (p->n_ref > 0)
55 return NULL;
56
57 /* Unfortunately, the kernel currently doesn't implicitly detach BPF programs from their cgroups when the last
58 * fd to the BPF program is closed. This has nasty side-effects since this means that abnormally terminated
59 * programs that attached one of their BPF programs to a cgroup will leave this programs pinned for good with
60 * zero chance of recovery, until the cgroup is removed. This is particularly problematic if the cgroup in
61 * question is the root cgroup (or any other cgroup belonging to a service that cannot be restarted during
62 * operation, such as dbus), as the memory for the BPF program can only be reclaimed through a reboot. To
63 * counter this, we track closely to which cgroup a program was attached to and will detach it on our own
64 * whenever we close the BPF fd. */
65 (void) bpf_program_cgroup_detach(p);
66
67 safe_close(p->kernel_fd);
68 free(p->instructions);
69 free(p->attached_path);
70
71 return mfree(p);
72 }
73
74 int bpf_program_add_instructions(BPFProgram *p, const struct bpf_insn *instructions, size_t count) {
75
76 assert(p);
77
78 if (p->kernel_fd >= 0) /* don't allow modification after we uploaded things to the kernel */
79 return -EBUSY;
80
81 if (!GREEDY_REALLOC(p->instructions, p->allocated, p->n_instructions + count))
82 return -ENOMEM;
83
84 memcpy(p->instructions + p->n_instructions, instructions, sizeof(struct bpf_insn) * count);
85 p->n_instructions += count;
86
87 return 0;
88 }
89
90 int bpf_program_load_kernel(BPFProgram *p, char *log_buf, size_t log_size) {
91 union bpf_attr attr;
92
93 assert(p);
94
95 if (p->kernel_fd >= 0) { /* make this idempotent */
96 memzero(log_buf, log_size);
97 return 0;
98 }
99
100 attr = (union bpf_attr) {
101 .prog_type = p->prog_type,
102 .insns = PTR_TO_UINT64(p->instructions),
103 .insn_cnt = p->n_instructions,
104 .license = PTR_TO_UINT64("GPL"),
105 .log_buf = PTR_TO_UINT64(log_buf),
106 .log_level = !!log_buf,
107 .log_size = log_size,
108 };
109
110 p->kernel_fd = bpf(BPF_PROG_LOAD, &attr, sizeof(attr));
111 if (p->kernel_fd < 0)
112 return -errno;
113
114 return 0;
115 }
116
117 int bpf_program_cgroup_attach(BPFProgram *p, int type, const char *path, uint32_t flags) {
118 _cleanup_free_ char *copy = NULL;
119 _cleanup_close_ int fd = -1;
120 union bpf_attr attr;
121 int r;
122
123 assert(p);
124 assert(type >= 0);
125 assert(path);
126
127 if (!IN_SET(flags, 0, BPF_F_ALLOW_OVERRIDE, BPF_F_ALLOW_MULTI))
128 return -EINVAL;
129
130 /* We need to track which cgroup the program is attached to, and we can only track one attachment, hence let's
131 * refuse this early. */
132 if (p->attached_path) {
133 if (!path_equal(p->attached_path, path))
134 return -EBUSY;
135 if (p->attached_type != type)
136 return -EBUSY;
137 if (p->attached_flags != flags)
138 return -EBUSY;
139
140 /* Here's a shortcut: if we previously attached this program already, then we don't have to do so
141 * again. Well, with one exception: if we are in BPF_F_ALLOW_OVERRIDE mode then someone else might have
142 * replaced our program since the last time, hence let's reattach it again, just to be safe. In flags
143 * == 0 mode this is not an issue since nobody else can replace our program in that case, and in flags
144 * == BPF_F_ALLOW_MULTI mode any other's program would be installed in addition to ours hence ours
145 * would remain in effect. */
146 if (flags != BPF_F_ALLOW_OVERRIDE)
147 return 0;
148 }
149
150 /* Ensure we have a kernel object for this. */
151 r = bpf_program_load_kernel(p, NULL, 0);
152 if (r < 0)
153 return r;
154
155 copy = strdup(path);
156 if (!copy)
157 return -ENOMEM;
158
159 fd = open(path, O_DIRECTORY|O_RDONLY|O_CLOEXEC);
160 if (fd < 0)
161 return -errno;
162
163 attr = (union bpf_attr) {
164 .attach_type = type,
165 .target_fd = fd,
166 .attach_bpf_fd = p->kernel_fd,
167 .attach_flags = flags,
168 };
169
170 if (bpf(BPF_PROG_ATTACH, &attr, sizeof(attr)) < 0)
171 return -errno;
172
173 free_and_replace(p->attached_path, copy);
174 p->attached_type = type;
175 p->attached_flags = flags;
176
177 return 0;
178 }
179
180 int bpf_program_cgroup_detach(BPFProgram *p) {
181 _cleanup_close_ int fd = -1;
182
183 assert(p);
184
185 if (!p->attached_path)
186 return -EUNATCH;
187
188 fd = open(p->attached_path, O_DIRECTORY|O_RDONLY|O_CLOEXEC);
189 if (fd < 0) {
190 if (errno != ENOENT)
191 return -errno;
192
193 /* If the cgroup does not exist anymore, then we don't have to explicitly detach, it got detached
194 * implicitly by the removal, hence don't complain */
195
196 } else {
197 union bpf_attr attr;
198
199 attr = (union bpf_attr) {
200 .attach_type = p->attached_type,
201 .target_fd = fd,
202 .attach_bpf_fd = p->kernel_fd,
203 };
204
205 if (bpf(BPF_PROG_DETACH, &attr, sizeof(attr)) < 0)
206 return -errno;
207 }
208
209 p->attached_path = mfree(p->attached_path);
210
211 return 0;
212 }
213
214 int bpf_map_new(enum bpf_map_type type, size_t key_size, size_t value_size, size_t max_entries, uint32_t flags) {
215 union bpf_attr attr = {
216 .map_type = type,
217 .key_size = key_size,
218 .value_size = value_size,
219 .max_entries = max_entries,
220 .map_flags = flags,
221 };
222 int fd;
223
224 fd = bpf(BPF_MAP_CREATE, &attr, sizeof(attr));
225 if (fd < 0)
226 return -errno;
227
228 return fd;
229 }
230
231 int bpf_map_update_element(int fd, const void *key, void *value) {
232
233 union bpf_attr attr = {
234 .map_fd = fd,
235 .key = PTR_TO_UINT64(key),
236 .value = PTR_TO_UINT64(value),
237 };
238
239 if (bpf(BPF_MAP_UPDATE_ELEM, &attr, sizeof(attr)) < 0)
240 return -errno;
241
242 return 0;
243 }
244
245 int bpf_map_lookup_element(int fd, const void *key, void *value) {
246
247 union bpf_attr attr = {
248 .map_fd = fd,
249 .key = PTR_TO_UINT64(key),
250 .value = PTR_TO_UINT64(value),
251 };
252
253 if (bpf(BPF_MAP_LOOKUP_ELEM, &attr, sizeof(attr)) < 0)
254 return -errno;
255
256 return 0;
257 }
Unnamed repository; edit this file 'description' to name the repository.