From: Julia Kartseva <hex@fb.com>
Date: Fri, 7 Jan 2022 23:02:57 +0000 (-0800)
Subject: bpf: check if lsm link ptr is libbpf error
X-Git-Tag: v251-rc1~556^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f409aa5c6363144c9711226319614f3b248d9828;p=thirdparty%2Fsystemd.git

bpf: check if lsm link ptr is libbpf error

BPF_RAW_TRACEPOINT_OPEN is expected to work only on x86 and x86_64,
since BPF trampoline is implemented only on these architectures.

Attach probing by bpf_program__attach_lsm already happens in
`bpf_lsm_supported`. The resulting pointer can store libbpf error and
that is the case for unsupported architectures.
Add libbpf error check to `bpf_lsm_supported` so execution does not
reach the point where unit startup fails.
---

diff --git a/src/core/bpf-lsm.c b/src/core/bpf-lsm.c
index e0333963c53..4ca082a0050 100644
--- a/src/core/bpf-lsm.c
+++ b/src/core/bpf-lsm.c
@@ -45,10 +45,11 @@ static bool bpf_can_link_lsm_program(struct bpf_program *prog) {
         assert(prog);
 
         link = sym_bpf_program__attach_lsm(prog);
-        if (!link)
-                return -ENOMEM;
 
-        return 1;
+        /* If bpf_program__attach_lsm fails the resulting value stores libbpf error code instead of memory
+         * pointer. That is the case when the helper is called on architectures where BPF trampoline (hence
+         * BPF_LSM_MAC attach type) is not supported. */
+        return sym_libbpf_get_error(link) == 0;
 }
 
 static int prepare_restrict_fs_bpf(struct restrict_fs_bpf **ret_obj) {