From 7bf85dd20e986133324ef9d7232a2e70742d9d72 Mon Sep 17 00:00:00 2001 From: Petr Malat Date: Mon, 19 Jul 2021 12:28:45 +0200 Subject: [PATCH] bpf: bpf_devices_cgroup_supported() should check if bpf() is available bpf_devices_cgroup_supported() tries to load a simple BPF program to test if BPF works. This is problematic because the function used to load the program - bpf_program_load_kernel() - emits an error to the log if BPF is not enabled in the kernel although device controller is not requested in the configuration. Users could interpret that as a problem. Make bpf_devices_cgroup_supported() check if the BPF syscall is available before calling bpf_program_load_kernel(). We can do it by passing a NULL pointer instead of the syscall argument as the kernel returns either ENOSYS, when the syscall is not implemented or EFAULT, when it is implemented. Signed-off-by: Petr Malat --- src/lxc/cgroups/cgroup2_devices.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/lxc/cgroups/cgroup2_devices.c b/src/lxc/cgroups/cgroup2_devices.c index 678e27ed6..e4a526fd0 100644 --- a/src/lxc/cgroups/cgroup2_devices.c +++ b/src/lxc/cgroups/cgroup2_devices.c @@ -538,6 +538,10 @@ bool bpf_devices_cgroup_supported(void) return log_trace(false, "The bpf device cgroup requires real root"); + ret = bpf(BPF_PROG_LOAD, NULL, sizeof(union bpf_attr)); + if (ret < 0 && errno == ENOSYS) + return log_trace(false, "The bpf syscall is not available"); + prog = bpf_program_new(BPF_PROG_TYPE_CGROUP_DEVICE); if (!prog) return log_trace(false, "Failed to allocate new bpf device cgroup program"); -- 2.47.2