core: replace cgroup_bpf_supported() with dlopen_bpf_full()

After 3988e2489aaf30034e09918890f688780c154af7, the function is a simple
wrapper of bpf_dlopen() with logging. Let's introduce dlopen_bpf_full()
that takes log level, and replace cgroup_bpf_supported() with it.

diff --git a/src/core/bpf-restrict-fs.c b/src/core/bpf-restrict-fs.c
index 3f2ea2b9e6ce8597ee9b868bb842237ca73af0d0..4e163717399d4ed2cb54b5ff8aeb17e81c67e78e 100644 (file)
--- a/src/core/bpf-restrict-fs.c
+++ b/src/core/bpf-restrict-fs.c
@@ -27,7 +27,6 @@
 /* libbpf, clang and llc compile time dependencies are satisfied */
 #include "bpf-dlopen.h"
 #include "bpf-link.h"
-#include "bpf-util.h"
 #include "bpf/restrict_fs/restrict-fs-skel.h"
 
 #define CGROUP_HASH_SIZE_MAX 2048
@@ -102,7 +101,7 @@ bool bpf_restrict_fs_supported(bool initialize) {
         if (!initialize)
                 return false;
 
-        if (!cgroup_bpf_supported())
+        if (dlopen_bpf_full(LOG_WARNING) < 0)
                 return (supported = false);
 
         r = lsm_supported("bpf");

diff --git a/src/core/bpf-restrict-ifaces.c b/src/core/bpf-restrict-ifaces.c
index a162efbcdc9fd0b805e7bb28e763c1a09750e5b9..e5f9a3c53e44de1278174617e736de04b374e78c 100644 (file)
--- a/src/core/bpf-restrict-ifaces.c
+++ b/src/core/bpf-restrict-ifaces.c
@@ -10,7 +10,6 @@
 
 #include "bpf-dlopen.h"
 #include "bpf-link.h"
-#include "bpf-util.h"
 #include "bpf/restrict_ifaces/restrict-ifaces-skel.h"
 
 static struct restrict_ifaces_bpf *restrict_ifaces_bpf_free(struct restrict_ifaces_bpf *obj) {
@@ -81,7 +80,7 @@ int bpf_restrict_ifaces_supported(void) {
         if (supported >= 0)
                 return supported;
 
-        if (!cgroup_bpf_supported())
+        if (dlopen_bpf_full(LOG_WARNING) < 0)
                 return (supported = false);
 
         if (!compat_libbpf_probe_bpf_prog_type(BPF_PROG_TYPE_CGROUP_SKB, /*opts=*/NULL)) {

diff --git a/src/core/bpf-socket-bind.c b/src/core/bpf-socket-bind.c
index c751cde8ba5fdcd9a98f5c048ba0d1c12ecf3dab..374e684f04c787f6868c314f65dfa9d779ddef10 100644 (file)
--- a/src/core/bpf-socket-bind.c
+++ b/src/core/bpf-socket-bind.c
@@ -12,7 +12,6 @@
 /* libbpf, clang, llvm and bpftool compile time dependencies are satisfied */
 #include "bpf-dlopen.h"
 #include "bpf-link.h"
-#include "bpf-util.h"
 #include "bpf/socket_bind/socket-bind-api.bpf.h"
 #include "bpf/socket_bind/socket-bind-skel.h"
 
@@ -127,7 +126,7 @@ int bpf_socket_bind_supported(void) {
         _cleanup_(socket_bind_bpf_freep) struct socket_bind_bpf *obj = NULL;
         int r;
 
-        if (!cgroup_bpf_supported())
+        if (dlopen_bpf_full(LOG_WARNING) < 0)
                 return false;
 
         if (!compat_libbpf_probe_bpf_prog_type(BPF_PROG_TYPE_CGROUP_SOCK_ADDR, /*opts=*/NULL)) {

diff --git a/src/core/bpf-util.c b/src/core/bpf-util.c
deleted file mode 100644 (file)
index 2c07a40..0000000
--- a/src/core/bpf-util.c
+++ /dev/null
@@ -1,24 +0,0 @@
-/* SPDX-License-Identifier: LGPL-2.1-or-later */
-
-#include "bpf-dlopen.h"
-#include "bpf-util.h"
-#include "cgroup-util.h"
-#include "initrd-util.h"
-#include "log.h"
-
-bool cgroup_bpf_supported(void) {
-        static int supported = -1;
-        int r;
-
-        if (supported >= 0)
-                return supported;
-
-        r = dlopen_bpf();
-        if (r < 0) {
-                log_full_errno(in_initrd() ? LOG_DEBUG : LOG_INFO,
-                               r, "Failed to open libbpf, cgroup BPF features disabled: %m");
-                return (supported = false);
-        }
-
-        return (supported = true);
-}

diff --git a/src/core/bpf-util.h b/src/core/bpf-util.h
deleted file mode 100644 (file)
index a6c55cd..0000000
--- a/src/core/bpf-util.h
+++ /dev/null
@@ -1,5 +0,0 @@
-/* SPDX-License-Identifier: LGPL-2.1-or-later */
-
-#include <stdbool.h>
-
-bool cgroup_bpf_supported(void);

diff --git a/src/core/meson.build b/src/core/meson.build
index 7f40b026c18592b01d2f185d3a959b35f1b450fc..0a135171fce78684b7e42868a8a86fbd88588367 100644 (file)
--- a/src/core/meson.build
+++ b/src/core/meson.build
@@ -65,12 +65,6 @@ libcore_sources = files(
         'varlink.c',
 )
 
-if conf.get('BPF_FRAMEWORK') == 1
-        libcore_sources += files(
-                'bpf-util.c',
-        )
-endif
-
 subdir('bpf/socket_bind')
 subdir('bpf/restrict_fs')
 subdir('bpf/restrict_ifaces')

diff --git a/src/shared/bpf-dlopen.c b/src/shared/bpf-dlopen.c
index c5abd2ef3b4d75e84890e49e7cecee21ac122b68..debde5c734db37f08f71d1bbc58faebc6ec24ea8 100644 (file)
--- a/src/shared/bpf-dlopen.c
+++ b/src/shared/bpf-dlopen.c
@@ -72,10 +72,14 @@ static int bpf_print_func(enum libbpf_print_level level, const char *fmt, va_lis
         return log_internalv(LOG_DEBUG, errno, NULL, 0, NULL, fmt, ap);
 }
 
-int dlopen_bpf(void) {
+int dlopen_bpf_full(int log_level) {
+        static int cached = 0;
         void *dl;
         int r;
 
+        if (cached != 0)
+                return cached;
+
         ELF_NOTE_DLOPEN("bpf",
                         "Support firewalling and sandboxing with BPF",
                         ELF_NOTE_DLOPEN_PRIORITY_SUGGESTED,
@@ -91,8 +95,9 @@ int dlopen_bpf(void) {
                  * list for both files, and when we assume 1.0+ is present we can remove this dlopen */
                 dl = dlopen("libbpf.so.0", RTLD_NOW|RTLD_NODELETE);
                 if (!dl)
-                        return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
-                                               "neither libbpf.so.1 nor libbpf.so.0 are installed: %s", dlerror());
+                        return cached = log_full_errno(log_level, SYNTHETIC_ERRNO(EOPNOTSUPP),
+                                                       "Neither libbpf.so.1 nor libbpf.so.0 are installed, cgroup BPF features disabled: %s",
+                                                       dlerror());
 
                 log_debug("Loaded 'libbpf.so.0' via dlopen()");
 
@@ -129,7 +134,7 @@ int dlopen_bpf(void) {
                 );
         }
         if (r < 0)
-                return r;
+                return cached = log_full_errno(log_level, r, "Failed to load libbpf symbols, cgroup BPF features disabled: %m");
 
         r = dlsym_many_or_warn(
                         dl, LOG_DEBUG,
@@ -171,14 +176,14 @@ int dlopen_bpf(void) {
                         DLSYM_ARG(ring_buffer__new),
                         DLSYM_ARG(ring_buffer__poll));
         if (r < 0)
-                return r;
+                return cached = log_full_errno(log_level, r, "Failed to load libbpf symbols, cgroup BPF features disabled: %m");
 
         /* We set the print helper unconditionally. Otherwise libbpf will emit not useful log messages. */
         (void) sym_libbpf_set_print(bpf_print_func);
 
         REENABLE_WARNING;
 
-        return r;
+        return cached = true;
 }
 
 int bpf_get_error_translated(const void *ptr) {
@@ -200,8 +205,8 @@ int bpf_get_error_translated(const void *ptr) {
 
 #else
 
-int dlopen_bpf(void) {
-        return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
-                               "libbpf support is not compiled in.");
+int dlopen_bpf_full(int log_level) {
+        return log_once_errno(log_level, SYNTHETIC_ERRNO(EOPNOTSUPP),
+                              "libbpf support is not compiled in, cgroup BPF features disabled.");
 }
 #endif

diff --git a/src/shared/bpf-dlopen.h b/src/shared/bpf-dlopen.h
index 04cba7c3b1a3b1823d6fb2559de28635acc8d34a..bb78312363f2f0ed0207773a35a467a8401be429 100644 (file)
--- a/src/shared/bpf-dlopen.h
+++ b/src/shared/bpf-dlopen.h
@@ -1,6 +1,9 @@
 /* SPDX-License-Identifier: LGPL-2.1-or-later */
 #pragma once
 
+#include <stdbool.h>
+#include <syslog.h>
+
 #if HAVE_LIBBPF
 
 #include <bpf/bpf.h>
@@ -48,4 +51,7 @@ int bpf_get_error_translated(const void *ptr);
 
 #endif
 
-int dlopen_bpf(void);
+int dlopen_bpf_full(int log_level);
+static inline int dlopen_bpf(void) {
+        return dlopen_bpf_full(LOG_DEBUG);
+}