@@ -24,20 +24,23 @@ static struct socket_bind_bpf *socket_bind_bpf_free(struct socket_bind_bpf *obj)
2424DEFINE_TRIVIAL_CLEANUP_FUNC (struct socket_bind_bpf * , socket_bind_bpf_free );
2525
2626static int update_rules_map (
27- int map_fd , CGroupSocketBindItem * head ) {
27+ int map_fd ,
28+ CGroupSocketBindItem * head ) {
29+
2830 CGroupSocketBindItem * item ;
2931 uint32_t i = 0 ;
3032
3133 assert (map_fd >= 0 );
3234
3335 LIST_FOREACH (socket_bind_items , item , head ) {
34- const uint32_t key = i ++ ;
3536 struct socket_bind_rule val = {
3637 .address_family = (uint32_t ) item -> address_family ,
3738 .nr_ports = item -> nr_ports ,
3839 .port_min = item -> port_min ,
3940 };
4041
42+ uint32_t key = i ++ ;
43+
4144 if (sym_bpf_map_update_elem (map_fd , & key , & val , BPF_ANY ) != 0 )
4245 return - errno ;
4346 }
@@ -46,15 +49,19 @@ static int update_rules_map(
4649}
4750
4851static int prepare_socket_bind_bpf (
49- Unit * u , CGroupSocketBindItem * allow , CGroupSocketBindItem * deny , struct socket_bind_bpf * * ret_obj ) {
50- _cleanup_ (socket_bind_bpf_freep ) struct socket_bind_bpf * obj = 0 ;
51- uint32_t allow_count = 0 , deny_count = 0 ;
52+ Unit * u ,
53+ CGroupSocketBindItem * allow ,
54+ CGroupSocketBindItem * deny ,
55+ struct socket_bind_bpf * * ret_obj ) {
56+
57+ _cleanup_ (socket_bind_bpf_freep ) struct socket_bind_bpf * obj = NULL ;
58+ size_t allow_count = 0 , deny_count = 0 ;
5259 int allow_map_fd , deny_map_fd , r ;
5360 CGroupSocketBindItem * item ;
5461
5562 assert (ret_obj );
5663
57- LIST_FOREACH (socket_bind_items , item , allow )
64+ LIST_FOREACH (socket_bind_items , item , allow )
5865 allow_count ++ ;
5966
6067 LIST_FOREACH (socket_bind_items , item , deny )
@@ -109,33 +116,28 @@ static int prepare_socket_bind_bpf(
109116
110117int socket_bind_supported (void ) {
111118 _cleanup_ (socket_bind_bpf_freep ) struct socket_bind_bpf * obj = NULL ;
119+ int r ;
112120
113- int r = cg_unified_controller (SYSTEMD_CGROUP_CONTROLLER );
121+ r = cg_unified_controller (SYSTEMD_CGROUP_CONTROLLER );
114122 if (r < 0 )
115- return log_error_errno (r , "Can't determine whether the unified hierarchy is used: %m" );
116-
123+ return log_debug_errno (r , "Can't determine whether the unified hierarchy is used: %m" );
117124 if (r == 0 ) {
118- log_debug_errno (SYNTHETIC_ERRNO (EOPNOTSUPP ),
119- "Not running with unified cgroup hierarchy, BPF is not supported" );
120- return 0 ;
125+ log_debug ("Not running with unified cgroup hierarchy, BPF is not supported" );
126+ return false;
121127 }
122128
123- r = dlopen_bpf ();
124- if (r < 0 ) {
125- log_info_errno (r , "Could not load libbpf: %m" );
126- return 0 ;
127- }
129+ if (dlopen_bpf () < 0 )
130+ return false;
128131
129132 if (!sym_bpf_probe_prog_type (BPF_PROG_TYPE_CGROUP_SOCK_ADDR , /*ifindex=*/ 0 )) {
130- log_debug_errno (SYNTHETIC_ERRNO (EOPNOTSUPP ),
131- "BPF program type cgroup_sock_addr is not supported" );
132- return 0 ;
133+ log_debug ("BPF program type cgroup_sock_addr is not supported" );
134+ return false;
133135 }
134136
135137 r = prepare_socket_bind_bpf (/*unit=*/ NULL , /*allow_rules=*/ NULL , /*deny_rules=*/ NULL , & obj );
136138 if (r < 0 ) {
137139 log_debug_errno (r , "BPF based socket_bind is not supported: %m" );
138- return 0 ;
140+ return false ;
139141 }
140142
141143 return can_link_bpf_program (obj -> progs .sd_bind4 );
@@ -167,6 +169,8 @@ static int socket_bind_install_impl(Unit *u) {
167169 CGroupContext * cc ;
168170 int r ;
169171
172+ assert (u );
173+
170174 cc = unit_get_cgroup_context (u );
171175 if (!cc )
172176 return 0 ;
@@ -184,20 +188,19 @@ static int socket_bind_install_impl(Unit *u) {
184188
185189 cgroup_fd = open (cgroup_path , O_RDONLY | O_CLOEXEC , 0 );
186190 if (cgroup_fd < 0 )
187- return log_unit_error_errno (
188- u , errno , "Failed to open cgroup=%s for reading" , cgroup_path );
191+ return log_unit_error_errno (u , errno , "Failed to open cgroup=%s for reading: %m" , cgroup_path );
189192
190193 ipv4 = sym_bpf_program__attach_cgroup (obj -> progs .sd_bind4 , cgroup_fd );
191194 r = sym_libbpf_get_error (ipv4 );
192195 if (r != 0 )
193- return log_unit_error_errno (u , r , "Failed to link '%s' cgroup-bpf program" ,
194- sym_bpf_program__name (obj -> progs .sd_bind4 ));
196+ return log_unit_error_errno (u , r , "Failed to link '%s' cgroup-bpf program: %m " ,
197+ sym_bpf_program__name (obj -> progs .sd_bind4 ));
195198
196199 ipv6 = sym_bpf_program__attach_cgroup (obj -> progs .sd_bind6 , cgroup_fd );
197200 r = sym_libbpf_get_error (ipv6 );
198201 if (r != 0 )
199- return log_unit_error_errno (u , r , "Failed to link '%s' cgroup-bpf program" ,
200- sym_bpf_program__name (obj -> progs .sd_bind6 ));
202+ return log_unit_error_errno (u , r , "Failed to link '%s' cgroup-bpf program: %m " ,
203+ sym_bpf_program__name (obj -> progs .sd_bind6 ));
201204
202205 u -> ipv4_socket_bind_link = TAKE_PTR (ipv4 );
203206 u -> ipv6_socket_bind_link = TAKE_PTR (ipv6 );
@@ -206,12 +209,15 @@ static int socket_bind_install_impl(Unit *u) {
206209}
207210
208211int socket_bind_install (Unit * u ) {
209- int r = socket_bind_install_impl (u );
212+ int r ;
213+
214+ assert (u );
215+
216+ r = socket_bind_install_impl (u );
210217 if (r == - ENOMEM )
211218 return r ;
212219
213220 fdset_close (u -> initial_socket_bind_link_fds );
214-
215221 return r ;
216222}
217223
@@ -229,16 +235,15 @@ int serialize_socket_bind(Unit *u, FILE *f, FDSet *fds) {
229235
230236#else /* ! BPF_FRAMEWORK */
231237int socket_bind_supported (void ) {
232- return 0 ;
238+ return false ;
233239}
234240
235241int socket_bind_add_initial_link_fd (Unit * u , int fd ) {
236242 return 0 ;
237243}
238244
239245int socket_bind_install (Unit * u ) {
240- log_unit_debug (u , "Failed to install socket bind: BPF framework is not supported" );
241- return 0 ;
246+ return log_unit_debug_errno (u , SYNTHETIC_ERRNO (EOPNOTSUPP ), "Failed to install socket bind: BPF framework is not supported" );
242247}
243248
244249int serialize_socket_bind (Unit * u , FILE * f , FDSet * fds ) {
0 commit comments