From: Christian Brauner Date: Thu, 18 Feb 2021 15:21:04 +0000 (+0100) Subject: bpf: make bpf_program_cgroup_attach() static X-Git-Tag: lxc-5.0.0~278^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=25903ba9c0b10728a9bf2c0e7d7a9e68c84d39a8;p=thirdparty%2Flxc.git bpf: make bpf_program_cgroup_attach() static Signed-off-by: Christian Brauner --- diff --git a/src/lxc/cgroups/cgroup2_devices.c b/src/lxc/cgroups/cgroup2_devices.c index 37fd4c688..99d67f692 100644 --- a/src/lxc/cgroups/cgroup2_devices.c +++ b/src/lxc/cgroups/cgroup2_devices.c @@ -355,23 +355,22 @@ static int bpf_program_load_kernel(struct bpf_program *prog) return 0; } -int bpf_program_cgroup_attach(struct bpf_program *prog, int type, int fd_cgroup, - int replace_bpf_fd, __u32 flags) +static int bpf_program_cgroup_attach(struct bpf_program *prog, int type, + int fd_cgroup, __u32 flags) { __do_close int fd_attach = -EBADF; int ret; union bpf_attr *attr; + if (prog->fd_cgroup >= 0 || prog->kernel_fd >= 0) + return ret_errno(EBUSY); + if (fd_cgroup < 0) return ret_errno(EBADF); if (flags & ~(BPF_F_ALLOW_OVERRIDE | BPF_F_ALLOW_MULTI | BPF_F_REPLACE)) return syserrno_set(-EINVAL, "Invalid flags for bpf program"); - if (((flags & BPF_F_REPLACE) && replace_bpf_fd < 0) || - (replace_bpf_fd >= 0 && !(flags & BPF_F_REPLACE))) - return syserrno_set(-EINVAL, "Requested to replace bpf program with invalid parameters"); - /* * Don't allow the bpf program to be overwritten for now. If we ever * allow this we need to verify that the attach_flags of the current @@ -380,18 +379,6 @@ int bpf_program_cgroup_attach(struct bpf_program *prog, int type, int fd_cgroup, if (flags & BPF_F_ALLOW_OVERRIDE) INFO("Allowing to override bpf program"); - if (prog->fd_cgroup >= 0) { - if (prog->attached_type != type) - return syserrno_set(-EBUSY, "Wrong type for bpf program"); - - /* - * For BPF_F_ALLOW_OVERRIDE the flags of the new and old - * program must match. - */ - if ((flags & BPF_F_ALLOW_OVERRIDE) && (prog->attached_flags != flags)) - return syserrno_set(-EBUSY, "Wrong flags for bpf program"); - } - /* Leave the caller's fd alone. */ fd_attach = dup_cloexec(fd_cgroup); if (fd_attach < 0) @@ -408,19 +395,15 @@ int bpf_program_cgroup_attach(struct bpf_program *prog, int type, int fd_cgroup, .attach_flags = flags, }; - if (flags & BPF_F_REPLACE) - attr->replace_bpf_fd = replace_bpf_fd; - ret = bpf(BPF_PROG_ATTACH, attr, sizeof(*attr)); if (ret < 0) return syserrno(-errno, "Failed to attach bpf program"); - swap(prog->fd_cgroup, fd_attach); - prog->attached_type = type; - prog->attached_flags = flags; + prog->fd_cgroup = move_fd(fd_attach); + prog->attached_type = type; + prog->attached_flags = flags; - TRACE("Attached bpf program to cgroup %d%s", prog->fd_cgroup, - (flags & BPF_F_REPLACE) ? " and replaced old bpf program" : ""); + TRACE("Attached bpf program to cgroup %d", prog->fd_cgroup); return 0; } @@ -614,7 +597,7 @@ bool bpf_cgroup_devices_attach(struct cgroup_ops *ops, struct lxc_list *devices) return syserrno(false, "Failed to create bpf program"); ret = bpf_program_cgroup_attach(prog, BPF_CGROUP_DEVICE, - ops->unified->cgfd_limit, -EBADF, + ops->unified->cgfd_limit, BPF_F_ALLOW_MULTI); if (ret) return syserrno(false, "Failed to attach bpf program"); diff --git a/src/lxc/cgroups/cgroup2_devices.h b/src/lxc/cgroups/cgroup2_devices.h index 8c7231a72..89dc0260c 100644 --- a/src/lxc/cgroups/cgroup2_devices.h +++ b/src/lxc/cgroups/cgroup2_devices.h @@ -87,10 +87,6 @@ __hidden extern struct bpf_program *bpf_program_new(__u32 prog_type); __hidden extern int bpf_program_init(struct bpf_program *prog); __hidden extern int bpf_program_append_device(struct bpf_program *prog, struct device_item *device); __hidden extern int bpf_program_finalize(struct bpf_program *prog); -__hidden extern int bpf_program_cgroup_attach(struct bpf_program *prog, - int type, int fd_cgroup, - __owns int replace_bpf_fd, - __u32 flags); __hidden extern int bpf_program_cgroup_detach(struct bpf_program *prog); __hidden extern void bpf_program_free(struct bpf_program *prog); __hidden extern void bpf_device_program_free(struct cgroup_ops *ops);