From: Matteo Croce <teknoraver@meta.com>
Date: Fri, 11 Oct 2024 16:26:58 +0000 (+0200)
Subject: report bpf_current_task_under_cgroup() errors to userspace
X-Git-Tag: v257-rc1~250
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=75355f22db6889a0d7bf881c3b825a4818cd69e1;p=thirdparty%2Fsystemd.git

report bpf_current_task_under_cgroup() errors to userspace

bpf_current_task_under_cgroup() returns 1 if the task is under the
specified cgroup, 0 if not, negative if an error happens.

Differentiate the 1 and -1 cases, and report to userspace when we got
and error.
An error like this is mostly unlikely, the only common one is that the
userspace doesn't populate the map, and the call returns -EAGAIN.

Tested by mocking the return value of bpf_current_task_under_cgroup():
    Enumeration completed
    enp1s0f0np0: Configuring with /etc/systemd/network/20-test.network.
    Sysctl monitor BPF returned error: Link number out of range
    Sysctl monitor BPF returned error: No CSI structure available
    Sysctl monitor BPF returned error: Invalid exchange
    Sysctl monitor BPF returned error: Exchange full
    Sysctl monitor BPF returned error: Invalid request code
    Sysctl monitor BPF returned error: Unknown error 58
    Sysctl monitor BPF returned error: Device not a stream
    Sysctl monitor BPF returned error: Timer expired
    Sysctl monitor BPF returned error: Machine is not on the network
    Sysctl monitor BPF returned error: Object is remote
    Sysctl monitor BPF returned error: Advertise error
---

diff --git a/src/network/bpf/sysctl_monitor/sysctl-monitor.bpf.c b/src/network/bpf/sysctl_monitor/sysctl-monitor.bpf.c
index 38183605a28..07c9a8fd1be 100644
--- a/src/network/bpf/sysctl_monitor/sysctl-monitor.bpf.c
+++ b/src/network/bpf/sysctl_monitor/sysctl-monitor.bpf.c
@@ -65,10 +65,6 @@ SEC("cgroup/sysctl")
 int sysctl_monitor(struct bpf_sysctl *ctx) {
         int r;
 
-        /* Ignore events generated by us */
-        if (bpf_current_task_under_cgroup(&cgroup_map, 0))
-                return 1;
-
         /* Allow reads */
         if (!ctx->write)
                 return 1;
@@ -89,6 +85,14 @@ int sysctl_monitor(struct bpf_sysctl *ctx) {
         we.pid = bpf_get_current_pid_tgid() >> 32;
         we.cgroup_id = bpf_get_current_cgroup_id();
 
+        r = bpf_current_task_under_cgroup(&cgroup_map, 0);
+        if (r < 0) {
+                we.errorcode = r;
+                goto send_event;
+        }
+        if (r == 1)
+                return 1; /* Ignore events generated by us */
+
         /* Only monitor /proc/sys/net/ */
         r = bpf_sysctl_get_name(ctx, we.path, sizeof(we.path), 0);
         if (r < 0) {