| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CADdPHGsD4b5GNoLy3aPQndkA84P_m33o-G1kP7F7Xkhterw0Vw@mail.gmail.com> Date: Wed, 1 Apr 2020 08:57:24 +0200 From: Stefan Majer <stefan.majer@...il.com> To: netdev@...r.kernel.org Subject: PATCH: Error message if set memlock=infinite failed during bpf load Executing ip vrf exec <vrfname> command sometimes fails with: bpf: Failed to load program: Operation not permitted This error message might be misleading because the underlying reason can be that memlock limit is to small. It is already implemented to set memlock to infinite, but without error handling. With this patch at least a warning is printed out to inform the user what might be the root cause. Signed-off-by: Stefan Majer <stefan.majer@...il.com> diff --git a/lib/bpf.c b/lib/bpf.c index 10cf9bf4..210830d9 100644 --- a/lib/bpf.c +++ b/lib/bpf.c @@ -1416,8 +1416,8 @@ static void bpf_init_env(void) .rlim_max = RLIM_INFINITY, }; - /* Don't bother in case we fail! */ - setrlimit(RLIMIT_MEMLOCK, &limit); + if (!setrlimit(RLIMIT_MEMLOCK, &limit)) + fprintf(stderr, "Continue without setting ulimit memlock=infinity. Error:%s\n", strerror(errno)); if (!bpf_get_work_dir(BPF_PROG_TYPE_UNSPEC)) fprintf(stderr, "Continuing without mounted eBPF fs. Too old kernel?\n"); -- Stefan Majer
Powered by blists - more mailing lists