mirror of
https://github.com/systemd/systemd-stable.git
synced 2024-12-23 17:34:00 +03:00
Merge pull request #22050 from wat-ze-hex/bpf-lsm-check-for-link-error-2022-01-07
bpf: check if lsm link ptr is libbpf error
This commit is contained in:
commit
e07a80476b
@ -45,10 +45,11 @@ static bool bpf_can_link_lsm_program(struct bpf_program *prog) {
|
|||||||
assert(prog);
|
assert(prog);
|
||||||
|
|
||||||
link = sym_bpf_program__attach_lsm(prog);
|
link = sym_bpf_program__attach_lsm(prog);
|
||||||
if (!link)
|
|
||||||
return -ENOMEM;
|
|
||||||
|
|
||||||
return 1;
|
/* If bpf_program__attach_lsm fails the resulting value stores libbpf error code instead of memory
|
||||||
|
* pointer. That is the case when the helper is called on architectures where BPF trampoline (hence
|
||||||
|
* BPF_LSM_MAC attach type) is not supported. */
|
||||||
|
return sym_libbpf_get_error(link) == 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int prepare_restrict_fs_bpf(struct restrict_fs_bpf **ret_obj) {
|
static int prepare_restrict_fs_bpf(struct restrict_fs_bpf **ret_obj) {
|
||||||
@ -166,9 +167,9 @@ int lsm_bpf_supported(void) {
|
|||||||
if (r < 0)
|
if (r < 0)
|
||||||
return supported = 0;
|
return supported = 0;
|
||||||
|
|
||||||
r = bpf_can_link_lsm_program(obj->progs.restrict_filesystems);
|
if (!bpf_can_link_lsm_program(obj->progs.restrict_filesystems)) {
|
||||||
if (r < 0) {
|
log_warning_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
|
||||||
log_warning_errno(r, "Failed to link BPF program. Assuming BPF is not available: %m");
|
"Failed to link BPF program. Assuming BPF is not available");
|
||||||
return supported = 0;
|
return supported = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -32,12 +32,12 @@ int bpf_serialize_link(FILE *f, FDSet *fds, const char *key, struct bpf_link *li
|
|||||||
}
|
}
|
||||||
|
|
||||||
struct bpf_link *bpf_link_free(struct bpf_link *link) {
|
struct bpf_link *bpf_link_free(struct bpf_link *link) {
|
||||||
|
/* If libbpf wasn't dlopen()ed, sym_bpf_link__destroy might be unresolved (NULL), so let's not try to
|
||||||
/* Avoid a useless dlopen() if link == NULL */
|
* call it if link is NULL. link might also be a non-null "error pointer", but such a value can only
|
||||||
if (!link)
|
* originate from a call to libbpf, but that means that libbpf is available, and we can let
|
||||||
return NULL;
|
* bpf_link__destroy() handle it. */
|
||||||
|
if (link)
|
||||||
(void) sym_bpf_link__destroy(link);
|
(void) sym_bpf_link__destroy(link);
|
||||||
|
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user