1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-23 17:34:00 +03:00

Merge pull request #22050 from wat-ze-hex/bpf-lsm-check-for-link-error-2022-01-07

bpf: check if lsm link ptr is libbpf error
This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2022-01-10 21:38:56 +01:00 committed by GitHub
commit e07a80476b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 13 additions and 12 deletions

View File

@ -45,10 +45,11 @@ static bool bpf_can_link_lsm_program(struct bpf_program *prog) {
assert(prog); assert(prog);
link = sym_bpf_program__attach_lsm(prog); link = sym_bpf_program__attach_lsm(prog);
if (!link)
return -ENOMEM;
return 1; /* If bpf_program__attach_lsm fails the resulting value stores libbpf error code instead of memory
* pointer. That is the case when the helper is called on architectures where BPF trampoline (hence
* BPF_LSM_MAC attach type) is not supported. */
return sym_libbpf_get_error(link) == 0;
} }
static int prepare_restrict_fs_bpf(struct restrict_fs_bpf **ret_obj) { static int prepare_restrict_fs_bpf(struct restrict_fs_bpf **ret_obj) {
@ -166,9 +167,9 @@ int lsm_bpf_supported(void) {
if (r < 0) if (r < 0)
return supported = 0; return supported = 0;
r = bpf_can_link_lsm_program(obj->progs.restrict_filesystems); if (!bpf_can_link_lsm_program(obj->progs.restrict_filesystems)) {
if (r < 0) { log_warning_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
log_warning_errno(r, "Failed to link BPF program. Assuming BPF is not available: %m"); "Failed to link BPF program. Assuming BPF is not available");
return supported = 0; return supported = 0;
} }

View File

@ -32,12 +32,12 @@ int bpf_serialize_link(FILE *f, FDSet *fds, const char *key, struct bpf_link *li
} }
struct bpf_link *bpf_link_free(struct bpf_link *link) { struct bpf_link *bpf_link_free(struct bpf_link *link) {
/* If libbpf wasn't dlopen()ed, sym_bpf_link__destroy might be unresolved (NULL), so let's not try to
/* Avoid a useless dlopen() if link == NULL */ * call it if link is NULL. link might also be a non-null "error pointer", but such a value can only
if (!link) * originate from a call to libbpf, but that means that libbpf is available, and we can let
return NULL; * bpf_link__destroy() handle it. */
if (link)
(void) sym_bpf_link__destroy(link); (void) sym_bpf_link__destroy(link);
return NULL; return NULL;
} }