diff options
author | Luca Boccassi <bluca@debian.org> | 2021-01-10 15:36:31 +0000 |
---|---|---|
committer | Luca Boccassi <bluca@debian.org> | 2021-01-10 21:16:38 +0000 |
commit | 9ca600e2bfacc52a65c89f3485723b2c27394e55 (patch) | |
tree | d0f46c4d509aa0dd832887f6a07395d8894a9821 /src/core/bpf-firewall.c | |
parent | 90f989861e1f7fd4465a8dddd1721b54ecb3f273 (diff) | |
download | systemd-9ca600e2bfacc52a65c89f3485723b2c27394e55.tar.gz |
bpf: do not use structured initialization for bpf_attr
It looks like zero'ing the struct is not enough, and with some level
of optimizations there is still non-zero padding left over.
Switch to member-by-member initialization. Also convert all remaining
bpf_attr variables in other files.
Diffstat (limited to 'src/core/bpf-firewall.c')
-rw-r--r-- | src/core/bpf-firewall.c | 24 |
1 files changed, 13 insertions, 11 deletions
diff --git a/src/core/bpf-firewall.c b/src/core/bpf-firewall.c index 5952eaf2f7..0f588b6ca5 100644 --- a/src/core/bpf-firewall.c +++ b/src/core/bpf-firewall.c @@ -840,11 +840,14 @@ int bpf_firewall_supported(void) { * CONFIG_CGROUP_BPF is turned off, then the call will fail early with EINVAL. If it is turned on the * parameters are validated however, and that'll fail with EBADF then. */ - attr = (union bpf_attr) { - .attach_type = BPF_CGROUP_INET_EGRESS, - .target_fd = -1, - .attach_bpf_fd = -1, - }; + // FIXME: Clang doesn't 0-pad with structured initialization, causing + // the kernel to reject the bpf_attr as invalid. See: + // https://github.com/torvalds/linux/blob/v5.9/kernel/bpf/syscall.c#L65 + // Ideally it should behave like GCC, so that we can remove these workarounds. + zero(attr); + attr.attach_type = BPF_CGROUP_INET_EGRESS; + attr.target_fd = -1; + attr.attach_bpf_fd = -1; if (bpf(BPF_PROG_DETACH, &attr, sizeof(attr)) < 0) { if (errno != EBADF) { @@ -864,12 +867,11 @@ int bpf_firewall_supported(void) { * bpf() call and the BPF_F_ALLOW_MULTI flags value. Since the flags are checked early in the system call we'll * get EINVAL if it's not supported, and EBADF as before if it is available. */ - attr = (union bpf_attr) { - .attach_type = BPF_CGROUP_INET_EGRESS, - .target_fd = -1, - .attach_bpf_fd = -1, - .attach_flags = BPF_F_ALLOW_MULTI, - }; + zero(attr); + attr.attach_type = BPF_CGROUP_INET_EGRESS; + attr.target_fd = -1; + attr.attach_bpf_fd = -1; + attr.attach_flags = BPF_F_ALLOW_MULTI; if (bpf(BPF_PROG_ATTACH, &attr, sizeof(attr)) < 0) { if (errno == EBADF) { |