]> git.ipfire.org Git - thirdparty/kernel/stable.git/commit
projects / thirdparty / kernel / stable.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: fc386ba) | patch
Revert "bpftool: Use libbpf 1.0 API mode instead of RLIMIT_MEMLOCK"
authorQuentin Monnet <quentin@isovalent.com>
Fri, 10 Jun 2022 11:26:47 +0000 (12:26 +0100)
committerDaniel Borkmann <daniel@iogearbox.net>
Tue, 14 Jun 2022 20:18:06 +0000 (22:18 +0200)
commit6b4384ff108874cf336fe2fb1633313c2c7620bf
tree8a61fe1fc670563a4429fc935721eeeeaa812ff7tree | snapshot
parentfc386ba7211d514f2c20285cb6b9b502618634e0commit | diff
Revert "bpftool: Use libbpf 1.0 API mode instead of RLIMIT_MEMLOCK"

This reverts commit a777e18f1bcd32528ff5dfd10a6629b655b05eb8.

In commit a777e18f1bcd ("bpftool: Use libbpf 1.0 API mode instead of
RLIMIT_MEMLOCK"), we removed the rlimit bump in bpftool, because the
kernel has switched to memcg-based memory accounting. Thanks to the
LIBBPF_STRICT_AUTO_RLIMIT_MEMLOCK, we attempted to keep compatibility
with other systems and ask libbpf to raise the limit for us if
necessary.

How do we know if memcg-based accounting is supported? There is a probe
in libbpf to check this. But this probe currently relies on the
availability of a given BPF helper, bpf_ktime_get_coarse_ns(), which
landed in the same kernel version as the memory accounting change. This
works in the generic case, but it may fail, for example, if the helper
function has been backported to an older kernel. This has been observed
for Google Cloud's Container-Optimized OS (COS), where the helper is
available but rlimit is still in use. The probe succeeds, the rlimit is
not raised, and probing features with bpftool, for example, fails.

A patch was submitted [0] to update this probe in libbpf, based on what
the cilium/ebpf Go library does [1]. It would lower the soft rlimit to
0, attempt to load a BPF object, and reset the rlimit. But it may induce
some hard-to-debug flakiness if another process starts, or the current
application is killed, while the rlimit is reduced, and the approach was
discarded.

As a workaround to ensure that the rlimit bump does not depend on the
availability of a given helper, we restore the unconditional rlimit bump
in bpftool for now.

  [0] https://lore.kernel.org/bpf/20220609143614.97837-1-quentin@isovalent.com/
  [1] https://github.com/cilium/ebpf/blob/v0.9.0/rlimit/rlimit.go#L39

Signed-off-by: Quentin Monnet <quentin@isovalent.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Cc: Yafang Shao <laoar.shao@gmail.com>
Cc: Stanislav Fomichev <sdf@google.com>
Link: https://lore.kernel.org/bpf/20220610112648.29695-2-quentin@isovalent.com
tools/bpf/bpftool/common.c diff | blob | blame | history
tools/bpf/bpftool/feature.c diff | blob | blame | history
tools/bpf/bpftool/main.c diff | blob | blame | history
tools/bpf/bpftool/main.h diff | blob | blame | history
tools/bpf/bpftool/map.c diff | blob | blame | history
tools/bpf/bpftool/pids.c diff | blob | blame | history
tools/bpf/bpftool/prog.c diff | blob | blame | history
tools/bpf/bpftool/struct_ops.c diff | blob | blame | history
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git