From: Christian Brauner Date: Thu, 18 Feb 2021 11:41:57 +0000 (+0100) Subject: cgroups: remove compile-time bpf support detection X-Git-Tag: lxc-5.0.0~278^2~11 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=928937b114adcde2fd72863a57db3a83c3134f73;p=thirdparty%2Flxc.git cgroups: remove compile-time bpf support detection Signed-off-by: Christian Brauner --- diff --git a/configure.ac b/configure.ac index 31176702e..c79d4af0d 100644 --- a/configure.ac +++ b/configure.ac @@ -385,10 +385,6 @@ AM_COND_IF([ENABLE_CAP], AC_CHECK_LIB(cap,cap_get_file, AC_DEFINE(LIBCAP_SUPPORTS_FILE_CAPABILITIES,1,[Have cap_get_file]),[],[]) AC_SUBST([CAP_LIBS], [-lcap])]) -AC_CHECK_HEADERS([linux/bpf.h], [ - AC_CHECK_TYPES([struct bpf_cgroup_dev_ctx], [], [], [[#include ]]) -], [], []) - # Configuration examples AC_ARG_ENABLE([examples], [AS_HELP_STRING([--enable-examples], [install examples [default=yes]])], diff --git a/src/lxc/api_extensions.h b/src/lxc/api_extensions.h index 826781272..a45b2ce2f 100644 --- a/src/lxc/api_extensions.h +++ b/src/lxc/api_extensions.h @@ -34,9 +34,7 @@ static char *api_extensions[] = { "network_gateway_device_route", "network_phys_macvlan_mtu", "network_veth_router", -#ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX "cgroup2_devices", -#endif "cgroup2", "pidfd", "cgroup_advanced_isolation", diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c index 3c33c964e..711a9d7f5 100644 --- a/src/lxc/cgroups/cgfsng.c +++ b/src/lxc/cgroups/cgfsng.c @@ -864,11 +864,9 @@ __cgfsng_ops static void cgfsng_payload_destroy(struct cgroup_ops *ops, return; } -#ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX ret = bpf_program_cgroup_detach(handler->cgroup_ops->cgroup2_devices); if (ret < 0) WARN("Failed to detach bpf program from cgroup"); -#endif if (!lxc_list_empty(&handler->conf->id_map)) { struct generic_userns_exec_data wrap = { @@ -3104,7 +3102,6 @@ static int bpf_device_cgroup_prepare(struct cgroup_ops *ops, struct lxc_conf *conf, const char *key, const char *val) { -#ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX struct device_item device_item = {}; int ret; @@ -3118,7 +3115,6 @@ static int bpf_device_cgroup_prepare(struct cgroup_ops *ops, ret = bpf_list_add_device(conf, &device_item); if (ret < 0) return -1; -#endif return 0; } @@ -3172,7 +3168,6 @@ __cgfsng_ops static bool cgfsng_setup_limits(struct cgroup_ops *ops, __cgfsng_ops static bool cgfsng_devices_activate(struct cgroup_ops *ops, struct lxc_handler *handler) { -#ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX __do_bpf_program_free struct bpf_program *prog = NULL; int ret; struct lxc_conf *conf; @@ -3252,7 +3247,6 @@ __cgfsng_ops static bool cgfsng_devices_activate(struct cgroup_ops *ops, struct prog_old = move_ptr(ops->cgroup2_devices); ops->cgroup2_devices = move_ptr(prog); prog = move_ptr(prog_old); -#endif return true; } diff --git a/src/lxc/cgroups/cgroup2_devices.c b/src/lxc/cgroups/cgroup2_devices.c index f2a155e41..c5afa0ad6 100644 --- a/src/lxc/cgroups/cgroup2_devices.c +++ b/src/lxc/cgroups/cgroup2_devices.c @@ -22,10 +22,6 @@ #include "macro.h" #include "memory_utils.h" -#ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX -#include -#include - lxc_log_define(cgroup2_devices, cgroup); #define BPF_LOG_BUF_SIZE (1 << 23) /* 8MB */ @@ -567,4 +563,3 @@ bool bpf_devices_cgroup_supported(void) return log_trace(true, "The bpf device cgroup is supported"); } -#endif diff --git a/src/lxc/cgroups/cgroup2_devices.h b/src/lxc/cgroups/cgroup2_devices.h index 18bd253e5..9140872ed 100644 --- a/src/lxc/cgroups/cgroup2_devices.h +++ b/src/lxc/cgroups/cgroup2_devices.h @@ -24,33 +24,15 @@ #include "memory_utils.h" #include "syscall_numbers.h" -#ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX -#include -#include -#endif - -#ifndef BPF_F_ALLOW_OVERRIDE -#define BPF_F_ALLOW_OVERRIDE (1U << 0) -#endif - -#ifndef BPF_F_ALLOW_MULTI -#define BPF_F_ALLOW_MULTI (1U << 1) -#endif - -#ifndef BPF_F_REPLACE -#define BPF_F_REPLACE (1U << 2) -#endif +#include "include/bpf.h" +#include "include/bpf_common.h" #ifndef HAVE_BPF - -union bpf_attr; - -static inline int missing_bpf(int cmd, union bpf_attr *attr, size_t size) +static inline int bpf_lxc(int cmd, union bpf_attr *attr, size_t size) { return syscall(__NR_bpf, cmd, attr, size); } - -#define bpf missing_bpf +#define bpf bpf_lxc #endif /* HAVE_BPF */ struct bpf_program { @@ -59,9 +41,7 @@ struct bpf_program { __u32 prog_type; size_t n_instructions; -#ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX struct bpf_insn *instructions; -#endif /* HAVE_STRUCT_BPF_CGROUP_DEV_CTX */ int fd_cgroup; int attached_type; @@ -77,7 +57,6 @@ static inline bool bpf_device_block_all(const struct bpf_program *prog) static inline bool bpf_device_add(const struct bpf_program *prog, struct device_item *device) { -#ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX if (device->global_rule > LXC_BPF_DEVICE_CGROUP_LOCAL_RULE) return false; @@ -88,14 +67,12 @@ static inline bool bpf_device_add(const struct bpf_program *prog, /* We're allowing all devices so skip individual allow rules. */ if (!bpf_device_block_all(prog) && device->allow) return false; -#endif return true; } static inline void bpf_device_set_type(struct bpf_program *prog, struct lxc_list *devices) { -#ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX struct lxc_list *it; lxc_list_for_each (it, devices) { @@ -104,10 +81,8 @@ static inline void bpf_device_set_type(struct bpf_program *prog, if (cur->global_rule > LXC_BPF_DEVICE_CGROUP_LOCAL_RULE) prog->device_list_type = cur->global_rule; } -#endif } -#ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX __hidden extern struct bpf_program *bpf_program_new(__u32 prog_type); __hidden extern int bpf_program_init(struct bpf_program *prog); __hidden extern int bpf_program_append_device(struct bpf_program *prog, struct device_item *device); @@ -123,62 +98,6 @@ __hidden extern bool bpf_devices_cgroup_supported(void); __hidden extern int bpf_list_add_device(struct lxc_conf *conf, struct device_item *device); -#else /* !HAVE_STRUCT_BPF_CGROUP_DEV_CTX */ - -static inline struct bpf_program *bpf_program_new(__u32 prog_type) -{ - return ret_set_errno(NULL, ENOSYS); -} - -static inline int bpf_program_init(struct bpf_program *prog) -{ - return ret_errno(ENOSYS); -} - -static inline int bpf_program_append_device(struct bpf_program *prog, char type, - int major, int minor, - const char *access, int allow) -{ - return ret_errno(ENOSYS); -} - -static inline int bpf_program_finalize(struct bpf_program *prog) -{ - return ret_errno(ENOSYS); -} - -static inline int bpf_program_cgroup_attach(struct bpf_program *prog, int type, - int fd_cgroup, int replace_bpf_fd, - __u32 flags) -{ - return ret_errno(ENOSYS); -} - -static inline int bpf_program_cgroup_detach(struct bpf_program *prog) -{ - return ret_errno(ENOSYS); -} - -static inline void bpf_program_free(struct bpf_program *prog) -{ -} - -static inline void bpf_device_program_free(struct cgroup_ops *ops) -{ -} - -static inline bool bpf_devices_cgroup_supported(void) -{ - return ret_set_errno(false, ENOSYS); -} - -static inline int bpf_list_add_device(struct lxc_conf *conf, - struct device_item *device) -{ - return ret_errno(ENOSYS); -} -#endif /* !HAVE_STRUCT_BPF_CGROUP_DEV_CTX */ - define_cleanup_function(struct bpf_program *, bpf_program_free); #define __do_bpf_program_free call_cleaner(bpf_program_free) diff --git a/src/lxc/commands.c b/src/lxc/commands.c index 0c7d6f1fd..6a64b061f 100644 --- a/src/lxc/commands.c +++ b/src/lxc/commands.c @@ -1168,7 +1168,6 @@ static int lxc_cmd_add_state_client_callback(__owns int fd, struct lxc_cmd_req * int lxc_cmd_add_bpf_device_cgroup(const char *name, const char *lxcpath, struct device_item *device) { -#ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX int stopped = 0; struct lxc_cmd_rr cmd = { .req = { @@ -1188,16 +1187,12 @@ int lxc_cmd_add_bpf_device_cgroup(const char *name, const char *lxcpath, return log_error_errno(-1, errno, "Failed to add new bpf device cgroup rule"); return 0; -#else - return ret_set_errno(-1, ENOSYS); -#endif } static int lxc_cmd_add_bpf_device_cgroup_callback(int fd, struct lxc_cmd_req *req, struct lxc_handler *handler, struct lxc_epoll_descr *descr) { -#ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX __do_bpf_program_free struct bpf_program *devices = NULL; struct lxc_cmd_rsp rsp = {0}; struct lxc_conf *conf = handler->conf; @@ -1298,9 +1293,6 @@ respond: return LXC_CMD_REAP_CLIENT_FD; return 0; -#else - return ret_set_errno(-1, ENOSYS); -#endif } int lxc_cmd_console_log(const char *name, const char *lxcpath,