__cgfsng_ops static bool cgfsng_devices_activate(struct cgroup_ops *ops, struct lxc_handler *handler)
{
#ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX
- __do_bpf_program_free struct bpf_program *devices = NULL;
+ __do_bpf_program_free struct bpf_program *prog = NULL;
int ret;
struct lxc_conf *conf;
struct hierarchy *unified;
struct lxc_list *it;
- struct bpf_program *devices_old;
+ struct bpf_program *prog_old;
if (!ops)
return ret_set_errno(false, ENOENT);
!unified->container_full_path || lxc_list_empty(&conf->devices))
return true;
- devices = bpf_program_new(BPF_PROG_TYPE_CGROUP_DEVICE);
- if (!devices)
+ prog = bpf_program_new(BPF_PROG_TYPE_CGROUP_DEVICE);
+ if (!prog)
return log_error_errno(false, ENOMEM, "Failed to create new bpf program");
- ret = bpf_program_init(devices);
+ ret = bpf_program_init(prog);
if (ret)
return log_error_errno(false, ENOMEM, "Failed to initialize bpf program");
lxc_list_for_each(it, &conf->devices) {
struct device_item *cur = it->elem;
- ret = bpf_program_append_device(devices, cur);
+ ret = bpf_program_append_device(prog, cur);
if (ret)
return log_error_errno(false, ENOMEM, "Failed to add new rule to bpf device program: type %c, major %d, minor %d, access %s, allow %d, global_rule %d",
cur->type,
cur->global_rule);
}
- ret = bpf_program_finalize(devices);
+ ret = bpf_program_finalize(prog);
if (ret)
return log_error_errno(false, ENOMEM, "Failed to finalize bpf program");
- ret = bpf_program_cgroup_attach(devices, BPF_CGROUP_DEVICE,
+ ret = bpf_program_cgroup_attach(prog, BPF_CGROUP_DEVICE,
unified->container_limit_path,
BPF_F_ALLOW_MULTI);
if (ret)
return log_error_errno(false, ENOMEM, "Failed to attach bpf program");
/* Replace old bpf program. */
- devices_old = move_ptr(ops->cgroup2_devices);
- ops->cgroup2_devices = move_ptr(devices);
- devices = move_ptr(devices_old);
+ prog_old = move_ptr(ops->cgroup2_devices);
+ ops->cgroup2_devices = move_ptr(prog);
+ prog = move_ptr(prog_old);
#endif
return true;
}
prog = zalloc(sizeof(struct bpf_program));
if (!prog)
- return NULL;
+ return ret_set_errno(NULL, ENOMEM);
prog->prog_type = prog_type;
prog->kernel_fd = -EBADF;
int bpf_program_init(struct bpf_program *prog)
{
const struct bpf_insn pre_insn[] = {
- /* load device type to r2 */
- BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, offsetof(struct bpf_cgroup_dev_ctx, access_type)),
- BPF_ALU32_IMM(BPF_AND, BPF_REG_2, 0xFFFF),
+ /* load device type to r2 */
+ BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, offsetof(struct bpf_cgroup_dev_ctx, access_type)),
+ BPF_ALU32_IMM(BPF_AND, BPF_REG_2, 0xFFFF),
- /* load access type to r3 */
- BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, offsetof(struct bpf_cgroup_dev_ctx, access_type)),
- BPF_ALU32_IMM(BPF_RSH, BPF_REG_3, 16),
+ /* load access type to r3 */
+ BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, offsetof(struct bpf_cgroup_dev_ctx, access_type)),
+ BPF_ALU32_IMM(BPF_RSH, BPF_REG_3, 16),
- /* load major number to r4 */
- BPF_LDX_MEM(BPF_W, BPF_REG_4, BPF_REG_1, offsetof(struct bpf_cgroup_dev_ctx, major)),
+ /* load major number to r4 */
+ BPF_LDX_MEM(BPF_W, BPF_REG_4, BPF_REG_1, offsetof(struct bpf_cgroup_dev_ctx, major)),
- /* load minor number to r5 */
- BPF_LDX_MEM(BPF_W, BPF_REG_5, BPF_REG_1, offsetof(struct bpf_cgroup_dev_ctx, minor)),
+ /* load minor number to r5 */
+ BPF_LDX_MEM(BPF_W, BPF_REG_5, BPF_REG_1, offsetof(struct bpf_cgroup_dev_ctx, minor)),
};
if (!prog)
if (!bpf_device_all_access(access_mask)) {
struct bpf_insn ins[] = {
- BPF_MOV32_REG(BPF_REG_1, BPF_REG_3),
- BPF_ALU32_IMM(BPF_AND, BPF_REG_1, access_mask),
- BPF_JMP_REG(BPF_JNE, BPF_REG_1, BPF_REG_3, jump_nr--),
+ BPF_MOV32_REG(BPF_REG_1, BPF_REG_3),
+ BPF_ALU32_IMM(BPF_AND, BPF_REG_1, access_mask),
+ BPF_JMP_REG(BPF_JNE, BPF_REG_1, BPF_REG_3, jump_nr--),
};
ret = bpf_program_add_instructions(prog, ins, ARRAY_SIZE(ins));
if (device_type > 0) {
struct bpf_insn ins[] = {
- BPF_JMP_IMM(BPF_JNE, BPF_REG_2, device_type, jump_nr--),
+ BPF_JMP_IMM(BPF_JNE, BPF_REG_2, device_type, jump_nr--),
};
ret = bpf_program_add_instructions(prog, ins, ARRAY_SIZE(ins));
if (device->major >= 0) {
struct bpf_insn ins[] = {
- BPF_JMP_IMM(BPF_JNE, BPF_REG_4, device->major, jump_nr--),
+ BPF_JMP_IMM(BPF_JNE, BPF_REG_4, device->major, jump_nr--),
};
ret = bpf_program_add_instructions(prog, ins, ARRAY_SIZE(ins));
if (device->minor >= 0) {
struct bpf_insn ins[] = {
- BPF_JMP_IMM(BPF_JNE, BPF_REG_5, device->minor, jump_nr--),
+ BPF_JMP_IMM(BPF_JNE, BPF_REG_5, device->minor, jump_nr--),
};
ret = bpf_program_add_instructions(prog, ins, ARRAY_SIZE(ins));
static int bpf_program_load_kernel(struct bpf_program *prog, char *log_buf,
__u32 log_size, __u32 log_level)
{
- union bpf_attr attr;
+ union bpf_attr *attr;
if ((log_size != 0 && !log_buf) || (log_size == 0 && log_buf))
return ret_errno(EINVAL);
return 0;
}
- attr = (union bpf_attr){
+ attr = &(union bpf_attr){
.prog_type = prog->prog_type,
.insns = PTR_TO_UINT64(prog->instructions),
.insn_cnt = prog->n_instructions,
.log_size = log_size,
};
- prog->kernel_fd = bpf(BPF_PROG_LOAD, &attr, sizeof(attr));
+ prog->kernel_fd = bpf(BPF_PROG_LOAD, attr, sizeof(*attr));
if (prog->kernel_fd < 0)
return log_error_errno(-1, errno, "Failed to load bpf program: %s",
log_buf ?: "(null)");
{
__do_close int fd = -EBADF;
__do_free char *copy = NULL;
- union bpf_attr attr;
+ union bpf_attr *attr;
int ret;
if (!path || !prog)
if (fd < 0)
return log_error_errno(-1, errno, "Failed to open cgroup path %s", path);
- attr = (union bpf_attr){
- .attach_type = type,
- .target_fd = fd,
- .attach_bpf_fd = prog->kernel_fd,
- .attach_flags = flags,
+ attr = &(union bpf_attr){
+ .attach_type = type,
+ .target_fd = fd,
+ .attach_bpf_fd = prog->kernel_fd,
+ .attach_flags = flags,
};
- ret = bpf(BPF_PROG_ATTACH, &attr, sizeof(attr));
+ ret = bpf(BPF_PROG_ATTACH, attr, sizeof(*attr));
if (ret < 0)
return log_error_errno(-1, errno, "Failed to attach bpf program");
return log_error_errno(-1, errno, "Failed to open attach cgroup %s",
prog->attached_path);
} else {
- union bpf_attr attr;
+ union bpf_attr *attr;
- attr = (union bpf_attr){
- .attach_type = prog->attached_type,
- .target_fd = fd,
- .attach_bpf_fd = prog->kernel_fd,
+ attr = &(union bpf_attr){
+ .attach_type = prog->attached_type,
+ .target_fd = fd,
+ .attach_bpf_fd = prog->kernel_fd,
};
- ret = bpf(BPF_PROG_DETACH, &attr, sizeof(attr));
+ ret = bpf(BPF_PROG_DETACH, attr, sizeof(*attr));
if (ret < 0)
return log_error_errno(-1, errno, "Failed to detach bpf program from cgroup %s",
prog->attached_path);
{
__do_bpf_program_free struct bpf_program *prog = NULL;
const struct bpf_insn dummy[] = {
- BPF_MOV64_IMM(BPF_REG_0, 1),
- BPF_EXIT_INSN(),
+ BPF_MOV64_IMM(BPF_REG_0, 1),
+ BPF_EXIT_INSN(),
};
int ret;
if (!prog)
return log_trace(false, "Failed to allocate new bpf device cgroup program");
+ ret = bpf_program_init(prog);
+ if (ret)
+ return log_error_errno(false, ENOMEM, "Failed to initialize bpf program");
+
ret = bpf_program_add_instructions(prog, dummy, ARRAY_SIZE(dummy));
if (ret < 0)
return log_trace(false, "Failed to add new instructions to bpf device cgroup program");
projects / thirdparty / lxc.git / commitdiff
