lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAEf4BzbQ_zN-3X0cxUrJ6nF1AbLmznzCFo2M2tPbSN=_Pe7mOQ@mail.gmail.com>
Date:   Mon, 26 Oct 2020 20:52:15 -0700
From:   Andrii Nakryiko <andrii.nakryiko@...il.com>
To:     Toke Høiland-Jørgensen <toke@...hat.com>
Cc:     Daniel Borkmann <daniel@...earbox.net>,
        Alexei Starovoitov <ast@...com>, bpf <bpf@...r.kernel.org>,
        Networking <netdev@...r.kernel.org>,
        Jesper Dangaard Brouer <brouer@...hat.com>
Subject: Re: [PATCH bpf] samples/bpf: Set rlimit for memlock to infinity in
 all samples

On Mon, Oct 26, 2020 at 5:10 PM Toke Høiland-Jørgensen <toke@...hat.com> wrote:
>
> The memlock rlimit is a notorious source of failure for BPF programs. Most
> of the samples just set it to infinity, but a few used a lower limit. The
> problem with unconditionally setting a lower limit is that this will also
> override the limit if the system-wide setting is *higher* than the limit
> being set, which can lead to failures on systems that lock a lot of memory,
> but set 'ulimit -l' to unlimited before running a sample.
>
> One fix for this is to only conditionally set the limit if the current
> limit is lower, but it is simpler to just unify all the samples and have
> them all set the limit to infinity.
>
> Signed-off-by: Toke Høiland-Jørgensen <toke@...hat.com>
> ---

Acked-by: Andrii Nakryiko <andrii@...nel.org>

>  samples/bpf/task_fd_query_user.c    | 2 +-
>  samples/bpf/tracex2_user.c          | 2 +-
>  samples/bpf/tracex3_user.c          | 2 +-
>  samples/bpf/xdp_redirect_cpu_user.c | 2 +-
>  samples/bpf/xdp_rxq_info_user.c     | 2 +-
>  5 files changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/samples/bpf/task_fd_query_user.c b/samples/bpf/task_fd_query_user.c
> index 4a74531dc403..b68bd2f8fdc9 100644
> --- a/samples/bpf/task_fd_query_user.c
> +++ b/samples/bpf/task_fd_query_user.c
> @@ -290,7 +290,7 @@ static int test_debug_fs_uprobe(char *binary_path, long offset, bool is_return)
>
>  int main(int argc, char **argv)
>  {
> -       struct rlimit r = {1024*1024, RLIM_INFINITY};
> +       struct rlimit r = {RLIM_INFINITY, RLIM_INFINITY};
>         extern char __executable_start;
>         char filename[256], buf[256];
>         __u64 uprobe_file_offset;
> diff --git a/samples/bpf/tracex2_user.c b/samples/bpf/tracex2_user.c
> index 3e36b3e4e3ef..3d6eab711d23 100644
> --- a/samples/bpf/tracex2_user.c
> +++ b/samples/bpf/tracex2_user.c
> @@ -116,7 +116,7 @@ static void int_exit(int sig)
>
>  int main(int ac, char **argv)
>  {
> -       struct rlimit r = {1024*1024, RLIM_INFINITY};
> +       struct rlimit r = {RLIM_INFINITY, RLIM_INFINITY};
>         long key, next_key, value;
>         struct bpf_link *links[2];
>         struct bpf_program *prog;
> diff --git a/samples/bpf/tracex3_user.c b/samples/bpf/tracex3_user.c
> index 70e987775c15..83e0fecbb01a 100644
> --- a/samples/bpf/tracex3_user.c
> +++ b/samples/bpf/tracex3_user.c
> @@ -107,7 +107,7 @@ static void print_hist(int fd)
>
>  int main(int ac, char **argv)
>  {
> -       struct rlimit r = {1024*1024, RLIM_INFINITY};
> +       struct rlimit r = {RLIM_INFINITY, RLIM_INFINITY};
>         struct bpf_link *links[2];
>         struct bpf_program *prog;
>         struct bpf_object *obj;
> diff --git a/samples/bpf/xdp_redirect_cpu_user.c b/samples/bpf/xdp_redirect_cpu_user.c
> index 6fb8dbde62c5..f78cb18319aa 100644
> --- a/samples/bpf/xdp_redirect_cpu_user.c
> +++ b/samples/bpf/xdp_redirect_cpu_user.c
> @@ -765,7 +765,7 @@ static int load_cpumap_prog(char *file_name, char *prog_name,
>
>  int main(int argc, char **argv)
>  {
> -       struct rlimit r = {10 * 1024 * 1024, RLIM_INFINITY};
> +       struct rlimit r = {RLIM_INFINITY, RLIM_INFINITY};
>         char *prog_name = "xdp_cpu_map5_lb_hash_ip_pairs";
>         char *mprog_filename = "xdp_redirect_kern.o";
>         char *redir_interface = NULL, *redir_map = NULL;
> diff --git a/samples/bpf/xdp_rxq_info_user.c b/samples/bpf/xdp_rxq_info_user.c
> index caa4e7ffcfc7..93fa1bc54f13 100644
> --- a/samples/bpf/xdp_rxq_info_user.c
> +++ b/samples/bpf/xdp_rxq_info_user.c
> @@ -450,7 +450,7 @@ static void stats_poll(int interval, int action, __u32 cfg_opt)
>  int main(int argc, char **argv)
>  {
>         __u32 cfg_options= NO_TOUCH ; /* Default: Don't touch packet memory */
> -       struct rlimit r = {10 * 1024 * 1024, RLIM_INFINITY};
> +       struct rlimit r = {RLIM_INFINITY, RLIM_INFINITY};
>         struct bpf_prog_load_attr prog_load_attr = {
>                 .prog_type      = BPF_PROG_TYPE_XDP,
>         };
> --
> 2.29.0
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ