diff options
| author | alexlzhu <alexlzhu@fb.com> | 2021-08-18 16:01:05 -0700 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2021-10-12 12:48:23 +0200 |
| commit | 76dc17254f7c78eae2dec2b9b1cfb60657a7b6e7 (patch) | |
| tree | eaf61330174b3b5b5647cd11ec6951f5d1609220 /src/core/bpf-devices.c | |
| parent | d92681a65e7334297727c3048a3489c32e795e4b (diff) | |
| download | systemd-76dc17254f7c78eae2dec2b9b1cfb60657a7b6e7.tar.gz | |
core: remove refcount for bpf program
Currently ref count of bpf-program is kept in user space. However, the
kernel already implements its own ref count. Thus the ref count we keep for
bpf-program is redundant.
This PR removes ref count for bpf program as part of a task to simplify
bpf-program and remove redundancies, which will make the switch to
code-compiled BPF programs easier.
Part of #19270
Diffstat (limited to 'src/core/bpf-devices.c')
| -rw-r--r-- | src/core/bpf-devices.c | 25 |
1 files changed, 13 insertions, 12 deletions
diff --git a/src/core/bpf-devices.c b/src/core/bpf-devices.c index 4daa7f76b0..4d86e8665f 100644 --- a/src/core/bpf-devices.c +++ b/src/core/bpf-devices.c @@ -184,7 +184,7 @@ int bpf_devices_cgroup_init( offsetof(struct bpf_cgroup_dev_ctx, minor)), }; - _cleanup_(bpf_program_unrefp) BPFProgram *prog = NULL; + _cleanup_(bpf_program_freep) BPFProgram *prog = NULL; int r; assert(ret); @@ -208,7 +208,7 @@ int bpf_devices_cgroup_init( } int bpf_devices_apply_policy( - BPFProgram *prog, + BPFProgram **prog, CGroupDevicePolicy policy, bool allow_list, const char *cgroup_path, @@ -219,7 +219,8 @@ int bpf_devices_apply_policy( /* This will assign *prog_installed if everything goes well. */ - if (!prog) + assert(prog); + if (!*prog) goto finish; const bool deny_everything = policy == CGROUP_DEVICE_POLICY_STRICT && !allow_list; @@ -237,20 +238,20 @@ int bpf_devices_apply_policy( }; if (!deny_everything) { - r = bpf_program_add_instructions(prog, post_insn, ELEMENTSOF(post_insn)); + r = bpf_program_add_instructions(*prog, post_insn, ELEMENTSOF(post_insn)); if (r < 0) return log_error_errno(r, "Extending device control BPF program failed: %m"); /* Fixup PASS_JUMP_OFF jump offsets. */ - for (size_t off = 0; off < prog->n_instructions; off++) { - struct bpf_insn *ins = &prog->instructions[off]; + for (size_t off = 0; off < (*prog)->n_instructions; off++) { + struct bpf_insn *ins = &((*prog)->instructions[off]); if (ins->code == (BPF_JMP | BPF_JA) && ins->off == PASS_JUMP_OFF) - ins->off = prog->n_instructions - off - 1; + ins->off = (*prog)->n_instructions - off - 1; } } - r = bpf_program_add_instructions(prog, exit_insn, ELEMENTSOF(exit_insn)); + r = bpf_program_add_instructions(*prog, exit_insn, ELEMENTSOF(exit_insn)); if (r < 0) return log_error_errno(r, "Extending device control BPF program failed: %m"); @@ -258,7 +259,7 @@ int bpf_devices_apply_policy( if (r < 0) return log_error_errno(r, "Failed to determine cgroup path: %m"); - r = bpf_program_cgroup_attach(prog, BPF_CGROUP_DEVICE, controller_path, BPF_F_ALLOW_MULTI); + r = bpf_program_cgroup_attach(*prog, BPF_CGROUP_DEVICE, controller_path, BPF_F_ALLOW_MULTI); if (r < 0) return log_error_errno(r, "Attaching device control BPF program to cgroup %s failed: %m", empty_to_root(cgroup_path)); @@ -266,8 +267,8 @@ int bpf_devices_apply_policy( finish: /* Unref the old BPF program (which will implicitly detach it) right before attaching the new program. */ if (prog_installed) { - bpf_program_unref(*prog_installed); - *prog_installed = bpf_program_ref(prog); + bpf_program_free(*prog_installed); + *prog_installed = TAKE_PTR(*prog); } return 0; } @@ -278,7 +279,7 @@ int bpf_devices_supported(void) { BPF_EXIT_INSN() }; - _cleanup_(bpf_program_unrefp) BPFProgram *program = NULL; + _cleanup_(bpf_program_freep) BPFProgram *program = NULL; static int supported = -1; int r; |