diff options
author | Michael Weiß <michael.weiss@aisec.fraunhofer.de> | 2023-07-21 14:06:36 +0200 |
---|---|---|
committer | Alejandro Colomar <alx@kernel.org> | 2023-07-28 21:42:16 +0200 |
commit | ec32926e9b5aa37c4c40fc8c09497cf2a50560a7 (patch) | |
tree | 0b2c41e90fc6b511139df34d1764d31679488ee9 | |
parent | e0a36923ddcf1349b8c557ccf6c80fb59b831eff (diff) |
bpf.2: Added missing EAGAIN error case for BPF_PROG_LOAD
Since commit c3494801cd1785e2 ("bpf: check pending signals while
verifying programs"), bpf() may also fail with EAGAIN if the verifier
detects pending signals.
This was triggered in the cmld of GyroidOS when loading a cgroups device
program during container start. We had a look in the man page and were
confused that EAGAIN was not listed as possible error. Digging in the
kernel source revealed the EAGAIN in the verifier introduced by the
commit above. Further investigation showed that libbpf already wraps
that case, by a retry loop.
Since GyroidOS uses the system call directly and not libbpf, we missed
to handle this error correctly. Thus, this hint in the man page for the
bpf() system call should be helpful for others who implement on the
low-level interface, too.
Signed-off-by: Michael Weiß <michael.weiss@aisec.fraunhofer.de>
Cc: Alexei Starovoitov <ast@kernel.org>
[alx: wfix]
Signed-off-by: Alejandro Colomar <alx@kernel.org>
-rw-r--r-- | man2/bpf.2 | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/man2/bpf.2 b/man2/bpf.2 index d32435a1d..ea68e1293 100644 --- a/man2/bpf.2 +++ b/man2/bpf.2 @@ -991,6 +991,16 @@ and examine .I log_buf for the specific reason provided by the verifier. .TP +.B EAGAIN +For +.BR BPF_PROG_LOAD , +indicates that needed resources are blocked. +This happens when the verifier detects pending signals +while it is checking the validity of the bpf program. +In this case, just call +.BR bpf () +again with the same parameters. +.TP .B EBADF .I fd is not an open file descriptor. |