lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Fri, 22 Dec 2017 01:24:01 +0100
From:   Daniel Borkmann <daniel@...earbox.net>
To:     Prashant Bhole <bhole_prashant_q7@....ntt.co.jp>,
        Alexei Starovoitov <ast@...nel.org>
Cc:     netdev@...r.kernel.org, bgregg@...flix.com
Subject: Re: [PATCH bpf-next] samples/bpf: adjust rlimit RLIMIT_MEMLOCK for
 sampleip

On 12/21/2017 10:49 AM, Prashant Bhole wrote:
> The default memlock rlimit is 64KB, which causes failure in
> creating a map
> 
> For example:
> test@...t# ./sampleip
> failed to create a map: 1 Operation not permitted
> ERROR: loading BPF program (errno 1):
> Try: ulimit -l unlimited
> 
> Signed-off-by: Prashant Bhole <bhole_prashant_q7@....ntt.co.jp>
> ---
>  samples/bpf/sampleip_user.c | 17 ++++++++++-------
>  1 file changed, 10 insertions(+), 7 deletions(-)
> 
> diff --git a/samples/bpf/sampleip_user.c b/samples/bpf/sampleip_user.c
> index 4ed690b907ff..f240a7db7c0a 100644
> --- a/samples/bpf/sampleip_user.c
> +++ b/samples/bpf/sampleip_user.c
> @@ -19,6 +19,7 @@
>  #include <linux/ptrace.h>
>  #include <linux/bpf.h>
>  #include <sys/ioctl.h>
> +#include <sys/resource.h>
>  #include "libbpf.h"
>  #include "bpf_load.h"
>  #include "perf-sys.h"
> @@ -132,8 +133,9 @@ static void int_exit(int sig)
>  
>  int main(int argc, char **argv)
>  {
> -	char filename[256];
>  	int *pmu_fd, opt, freq = DEFAULT_FREQ, secs = DEFAULT_SECS;
> +	struct rlimit r = {RLIM_INFINITY, RLIM_INFINITY};
> +	char filename[256];
>  
>  	/* process arguments */
>  	while ((opt = getopt(argc, argv, "F:h")) != -1) {
> @@ -154,6 +156,11 @@ int main(int argc, char **argv)
>  		return 1;
>  	}
>  
> +	if (setrlimit(RLIMIT_MEMLOCK, &r)) {
> +		perror("Failed to set memlock rlimit");
> +		return 1;
> +	}
> +
>  	/* initialize kernel symbol translation */
>  	if (load_kallsyms()) {
>  		fprintf(stderr, "ERROR: loading /proc/kallsyms\n");
> @@ -171,12 +178,8 @@ int main(int argc, char **argv)
>  	/* load BPF program */
>  	snprintf(filename, sizeof(filename), "%s_kern.o", argv[0]);
>  	if (load_bpf_file(filename)) {
> -		fprintf(stderr, "ERROR: loading BPF program (errno %d):\n",
> -			errno);
> -		if (strcmp(bpf_log_buf, "") == 0)
> -			fprintf(stderr, "Try: ulimit -l unlimited\n");

Given the author of that sample code clearly gave this as a hint to make
the decision up to the user to tweak ulimit, I don't think we should
then do it unconditionally in the sample program here. Therefore, I'm
not taking this, sorry.

> -		else
> -			fprintf(stderr, "%s", bpf_log_buf);
> +		fprintf(stderr, "ERROR: loading BPF program (errno %d): %s\n",
> +			errno, bpf_log_buf);
>  		return 1;
>  	}
>  	signal(SIGINT, int_exit);
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ