|
|
7e752c |
From 19729e1302017ef33e139903b28f9a778b2a8748 Mon Sep 17 00:00:00 2001
|
|
|
7e752c |
From: Andrea Claudi <aclaudi@redhat.com>
|
|
|
7e752c |
Date: Thu, 13 Jun 2019 14:37:56 +0200
|
|
|
7e752c |
Subject: [PATCH] bpf: remove strict dependency on af_alg
|
|
|
7e752c |
|
|
|
7e752c |
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1716361
|
|
|
7e752c |
Upstream Status: iproute2.git commit 6e5094dbb7c06
|
|
|
7e752c |
|
|
|
7e752c |
commit 6e5094dbb7c0682a9ca6eb2a64ec51f0a8a33a22
|
|
|
7e752c |
Author: Daniel Borkmann <daniel@iogearbox.net>
|
|
|
7e752c |
Date: Wed Jul 18 01:31:20 2018 +0200
|
|
|
7e752c |
|
|
|
7e752c |
bpf: remove strict dependency on af_alg
|
|
|
7e752c |
|
|
|
7e752c |
Do not bail out when AF_ALG is not supported by the kernel and
|
|
|
7e752c |
only do so when a map is requested in object ns where we're
|
|
|
7e752c |
calculating the hash. Otherwise, the loader can operate just
|
|
|
7e752c |
fine, therefore lets not fail early when it's not needed.
|
|
|
7e752c |
|
|
|
7e752c |
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
|
7e752c |
Signed-off-by: David Ahern <dsahern@gmail.com>
|
|
|
7e752c |
---
|
|
|
7e752c |
lib/bpf.c | 74 +++++++++++++++++++++----------------------------------
|
|
|
7e752c |
1 file changed, 28 insertions(+), 46 deletions(-)
|
|
|
7e752c |
|
|
|
7e752c |
diff --git a/lib/bpf.c b/lib/bpf.c
|
|
|
7e752c |
index 9dc37c787d907..ead8b5a7219f0 100644
|
|
|
7e752c |
--- a/lib/bpf.c
|
|
|
7e752c |
+++ b/lib/bpf.c
|
|
|
7e752c |
@@ -1130,6 +1130,7 @@ struct bpf_elf_ctx {
|
|
|
7e752c |
GElf_Ehdr elf_hdr;
|
|
|
7e752c |
Elf_Data *sym_tab;
|
|
|
7e752c |
Elf_Data *str_tab;
|
|
|
7e752c |
+ char obj_uid[64];
|
|
|
7e752c |
int obj_fd;
|
|
|
7e752c |
int map_fds[ELF_MAX_MAPS];
|
|
|
7e752c |
struct bpf_elf_map maps[ELF_MAX_MAPS];
|
|
|
7e752c |
@@ -1143,6 +1144,7 @@ struct bpf_elf_ctx {
|
|
|
7e752c |
enum bpf_prog_type type;
|
|
|
7e752c |
__u32 ifindex;
|
|
|
7e752c |
bool verbose;
|
|
|
7e752c |
+ bool noafalg;
|
|
|
7e752c |
struct bpf_elf_st stat;
|
|
|
7e752c |
struct bpf_hash_entry *ht[256];
|
|
|
7e752c |
char *log;
|
|
|
7e752c |
@@ -1258,22 +1260,15 @@ static int bpf_obj_hash(const char *object, uint8_t *out, size_t len)
|
|
|
7e752c |
return -EINVAL;
|
|
|
7e752c |
|
|
|
7e752c |
cfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
|
|
|
7e752c |
- if (cfd < 0) {
|
|
|
7e752c |
- fprintf(stderr, "Cannot get AF_ALG socket: %s\n",
|
|
|
7e752c |
- strerror(errno));
|
|
|
7e752c |
+ if (cfd < 0)
|
|
|
7e752c |
return cfd;
|
|
|
7e752c |
- }
|
|
|
7e752c |
|
|
|
7e752c |
ret = bind(cfd, (struct sockaddr *)&alg, sizeof(alg));
|
|
|
7e752c |
- if (ret < 0) {
|
|
|
7e752c |
- fprintf(stderr, "Error binding socket: %s\n", strerror(errno));
|
|
|
7e752c |
+ if (ret < 0)
|
|
|
7e752c |
goto out_cfd;
|
|
|
7e752c |
- }
|
|
|
7e752c |
|
|
|
7e752c |
ofd = accept(cfd, NULL, 0);
|
|
|
7e752c |
if (ofd < 0) {
|
|
|
7e752c |
- fprintf(stderr, "Error accepting socket: %s\n",
|
|
|
7e752c |
- strerror(errno));
|
|
|
7e752c |
ret = ofd;
|
|
|
7e752c |
goto out_cfd;
|
|
|
7e752c |
}
|
|
|
7e752c |
@@ -1318,29 +1313,7 @@ out_cfd:
|
|
|
7e752c |
return ret;
|
|
|
7e752c |
}
|
|
|
7e752c |
|
|
|
7e752c |
-static const char *bpf_get_obj_uid(const char *pathname)
|
|
|
7e752c |
-{
|
|
|
7e752c |
- static bool bpf_uid_cached;
|
|
|
7e752c |
- static char bpf_uid[64];
|
|
|
7e752c |
- uint8_t tmp[20];
|
|
|
7e752c |
- int ret;
|
|
|
7e752c |
-
|
|
|
7e752c |
- if (bpf_uid_cached)
|
|
|
7e752c |
- goto done;
|
|
|
7e752c |
-
|
|
|
7e752c |
- ret = bpf_obj_hash(pathname, tmp, sizeof(tmp));
|
|
|
7e752c |
- if (ret) {
|
|
|
7e752c |
- fprintf(stderr, "Object hashing failed!\n");
|
|
|
7e752c |
- return NULL;
|
|
|
7e752c |
- }
|
|
|
7e752c |
-
|
|
|
7e752c |
- hexstring_n2a(tmp, sizeof(tmp), bpf_uid, sizeof(bpf_uid));
|
|
|
7e752c |
- bpf_uid_cached = true;
|
|
|
7e752c |
-done:
|
|
|
7e752c |
- return bpf_uid;
|
|
|
7e752c |
-}
|
|
|
7e752c |
-
|
|
|
7e752c |
-static int bpf_init_env(const char *pathname)
|
|
|
7e752c |
+static void bpf_init_env(void)
|
|
|
7e752c |
{
|
|
|
7e752c |
struct rlimit limit = {
|
|
|
7e752c |
.rlim_cur = RLIM_INFINITY,
|
|
|
7e752c |
@@ -1350,15 +1323,8 @@ static int bpf_init_env(const char *pathname)
|
|
|
7e752c |
/* Don't bother in case we fail! */
|
|
|
7e752c |
setrlimit(RLIMIT_MEMLOCK, &limit);
|
|
|
7e752c |
|
|
|
7e752c |
- if (!bpf_get_work_dir(BPF_PROG_TYPE_UNSPEC)) {
|
|
|
7e752c |
+ if (!bpf_get_work_dir(BPF_PROG_TYPE_UNSPEC))
|
|
|
7e752c |
fprintf(stderr, "Continuing without mounted eBPF fs. Too old kernel?\n");
|
|
|
7e752c |
- return 0;
|
|
|
7e752c |
- }
|
|
|
7e752c |
-
|
|
|
7e752c |
- if (!bpf_get_obj_uid(pathname))
|
|
|
7e752c |
- return -1;
|
|
|
7e752c |
-
|
|
|
7e752c |
- return 0;
|
|
|
7e752c |
}
|
|
|
7e752c |
|
|
|
7e752c |
static const char *bpf_custom_pinning(const struct bpf_elf_ctx *ctx,
|
|
|
7e752c |
@@ -1394,7 +1360,7 @@ static void bpf_make_pathname(char *pathname, size_t len, const char *name,
|
|
|
7e752c |
case PIN_OBJECT_NS:
|
|
|
7e752c |
snprintf(pathname, len, "%s/%s/%s",
|
|
|
7e752c |
bpf_get_work_dir(ctx->type),
|
|
|
7e752c |
- bpf_get_obj_uid(NULL), name);
|
|
|
7e752c |
+ ctx->obj_uid, name);
|
|
|
7e752c |
break;
|
|
|
7e752c |
case PIN_GLOBAL_NS:
|
|
|
7e752c |
snprintf(pathname, len, "%s/%s/%s",
|
|
|
7e752c |
@@ -1427,7 +1393,7 @@ static int bpf_make_obj_path(const struct bpf_elf_ctx *ctx)
|
|
|
7e752c |
int ret;
|
|
|
7e752c |
|
|
|
7e752c |
snprintf(tmp, sizeof(tmp), "%s/%s", bpf_get_work_dir(ctx->type),
|
|
|
7e752c |
- bpf_get_obj_uid(NULL));
|
|
|
7e752c |
+ ctx->obj_uid);
|
|
|
7e752c |
|
|
|
7e752c |
ret = mkdir(tmp, S_IRWXU);
|
|
|
7e752c |
if (ret && errno != EEXIST) {
|
|
|
7e752c |
@@ -1696,6 +1662,12 @@ static int bpf_maps_attach_all(struct bpf_elf_ctx *ctx)
|
|
|
7e752c |
const char *map_name;
|
|
|
7e752c |
|
|
|
7e752c |
for (i = 0; i < ctx->map_num; i++) {
|
|
|
7e752c |
+ if (ctx->maps[i].pinning == PIN_OBJECT_NS &&
|
|
|
7e752c |
+ ctx->noafalg) {
|
|
|
7e752c |
+ fprintf(stderr, "Missing kernel AF_ALG support for PIN_OBJECT_NS!\n");
|
|
|
7e752c |
+ return -ENOTSUP;
|
|
|
7e752c |
+ }
|
|
|
7e752c |
+
|
|
|
7e752c |
map_name = bpf_map_fetch_name(ctx, i);
|
|
|
7e752c |
if (!map_name)
|
|
|
7e752c |
return -EIO;
|
|
|
7e752c |
@@ -2451,14 +2423,24 @@ static int bpf_elf_ctx_init(struct bpf_elf_ctx *ctx, const char *pathname,
|
|
|
7e752c |
enum bpf_prog_type type, __u32 ifindex,
|
|
|
7e752c |
bool verbose)
|
|
|
7e752c |
{
|
|
|
7e752c |
- int ret = -EINVAL;
|
|
|
7e752c |
+ uint8_t tmp[20];
|
|
|
7e752c |
+ int ret;
|
|
|
7e752c |
|
|
|
7e752c |
- if (elf_version(EV_CURRENT) == EV_NONE ||
|
|
|
7e752c |
- bpf_init_env(pathname))
|
|
|
7e752c |
- return ret;
|
|
|
7e752c |
+ if (elf_version(EV_CURRENT) == EV_NONE)
|
|
|
7e752c |
+ return -EINVAL;
|
|
|
7e752c |
+
|
|
|
7e752c |
+ bpf_init_env();
|
|
|
7e752c |
|
|
|
7e752c |
memset(ctx, 0, sizeof(*ctx));
|
|
|
7e752c |
bpf_get_cfg(ctx);
|
|
|
7e752c |
+
|
|
|
7e752c |
+ ret = bpf_obj_hash(pathname, tmp, sizeof(tmp));
|
|
|
7e752c |
+ if (ret)
|
|
|
7e752c |
+ ctx->noafalg = true;
|
|
|
7e752c |
+ else
|
|
|
7e752c |
+ hexstring_n2a(tmp, sizeof(tmp), ctx->obj_uid,
|
|
|
7e752c |
+ sizeof(ctx->obj_uid));
|
|
|
7e752c |
+
|
|
|
7e752c |
ctx->verbose = verbose;
|
|
|
7e752c |
ctx->type = type;
|
|
|
7e752c |
ctx->ifindex = ifindex;
|
|
|
7e752c |
--
|
|
|
7e752c |
2.20.1
|
|
|
7e752c |
|