diff options
| author | Julia Kartseva <hex@fb.com> | 2022-01-08 00:02:57 +0100 |
|---|---|---|
| committer | Julia Kartseva <hex@fb.com> | 2022-01-10 06:45:50 +0100 |
| commit | f409aa5c6363144c9711226319614f3b248d9828 (patch) | |
| tree | ea6c941dcb9e60fd9efa09706cd4186e60dc64c6 /src/core | |
| parent | units: start systemd-resolved in basic.target (diff) | |
| download | systemd-f409aa5c6363144c9711226319614f3b248d9828.tar.xz systemd-f409aa5c6363144c9711226319614f3b248d9828.zip | |
bpf: check if lsm link ptr is libbpf error
BPF_RAW_TRACEPOINT_OPEN is expected to work only on x86 and x86_64,
since BPF trampoline is implemented only on these architectures.
Attach probing by bpf_program__attach_lsm already happens in
`bpf_lsm_supported`. The resulting pointer can store libbpf error and
that is the case for unsupported architectures.
Add libbpf error check to `bpf_lsm_supported` so execution does not
reach the point where unit startup fails.
Diffstat (limited to 'src/core')
| -rw-r--r-- | src/core/bpf-lsm.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/src/core/bpf-lsm.c b/src/core/bpf-lsm.c index e0333963c5..4ca082a005 100644 --- a/src/core/bpf-lsm.c +++ b/src/core/bpf-lsm.c @@ -45,10 +45,11 @@ static bool bpf_can_link_lsm_program(struct bpf_program *prog) { assert(prog); link = sym_bpf_program__attach_lsm(prog); - if (!link) - return -ENOMEM; - return 1; + /* If bpf_program__attach_lsm fails the resulting value stores libbpf error code instead of memory + * pointer. That is the case when the helper is called on architectures where BPF trampoline (hence + * BPF_LSM_MAC attach type) is not supported. */ + return sym_libbpf_get_error(link) == 0; } static int prepare_restrict_fs_bpf(struct restrict_fs_bpf **ret_obj) { |