aya: Set attach mode flag to 0 in bpf_link_create

2 weeks ago · 99be52a041
parent a22ec3792a
commit 99be52a041
8 changed files with 106 additions and 60 deletions
--- a/aya/src/programs/cgroup_device.rs
+++ b/aya/src/programs/cgroup_device.rs
@ -1,5 +1,6 @@
 //! Cgroup device programs.

+use log::warn;
 use std::os::fd::AsFd;

 use aya_obj::generated::{
@ -67,6 +68,10 @@ impl CgroupDevice {
    /// Attaches the program to the given cgroup.
    ///
    /// The returned value can be used to detach, see [CgroupDevice::detach]
+    ///
+    /// # Warning
+    ///
+    /// attach modes other than CgroupAttachMode::default() may not be passed on to kernel BPF APIs
    pub fn attach<T: AsFd>(
        &mut self,
        cgroup: T,
@ -77,11 +82,17 @@ impl CgroupDevice {
        let cgroup_fd = cgroup.as_fd();

        if KernelVersion::at_least(5, 7, 0) {
+            if mode != CgroupAttachMode::default() {
+                warn!(
+                    "CgroupAttachMode {:?} will not be passed on to bpf_link_create",
+                    mode
+                );
+            }
            let link_fd = bpf_link_create(
                prog_fd,
                LinkTarget::Fd(cgroup_fd),
                BPF_CGROUP_DEVICE,
-                mode.into(),
+                0,
                None,
            )
            .map_err(|io_error| SyscallError {
--- a/aya/src/programs/cgroup_skb.rs
+++ b/aya/src/programs/cgroup_skb.rs
@ -1,11 +1,11 @@
 //! Cgroup skb programs.

-use std::{hash::Hash, os::fd::AsFd, path::Path};
-
 use aya_obj::generated::{
    bpf_attach_type::{BPF_CGROUP_INET_EGRESS, BPF_CGROUP_INET_INGRESS},
    bpf_prog_type::BPF_PROG_TYPE_CGROUP_SKB,
 };
+use log::warn;
+use std::{hash::Hash, os::fd::AsFd, path::Path};

 use crate::{
    VerifierLogLevel,
@ -86,6 +86,10 @@ impl CgroupSkb {
    /// Attaches the program to the given cgroup.
    ///
    /// The returned value can be used to detach, see [CgroupSkb::detach].
+    ///
+    /// # Warning
+    ///
+    /// attach modes other than CgroupAttachMode::default() may not be passed on to kernel BPF APIs
    pub fn attach<T: AsFd>(
        &mut self,
        cgroup: T,
@ -101,17 +105,17 @@ impl CgroupSkb {
            CgroupSkbAttachType::Egress => BPF_CGROUP_INET_EGRESS,
        };
        if KernelVersion::at_least(5, 7, 0) {
-            let link_fd = bpf_link_create(
-                prog_fd,
-                LinkTarget::Fd(cgroup_fd),
-                attach_type,
-                mode.into(),
-                None,
-            )
-            .map_err(|io_error| SyscallError {
-                call: "bpf_link_create",
-                io_error,
-            })?;
+            if mode != CgroupAttachMode::default() {
+                warn!(
+                    "CgroupAttachMode {:?} will not be passed on to bpf_link_create",
+                    mode
+                );
+            }
+            let link_fd = bpf_link_create(prog_fd, LinkTarget::Fd(cgroup_fd), attach_type, 0, None)
+                .map_err(|io_error| SyscallError {
+                    call: "bpf_link_create",
+                    io_error,
+                })?;
            self.data
                .links
                .insert(CgroupSkbLink::new(CgroupSkbLinkInner::Fd(FdLink::new(
--- a/aya/src/programs/cgroup_sock.rs
+++ b/aya/src/programs/cgroup_sock.rs
@ -1,5 +1,6 @@
 //! Cgroup socket programs.

+use log::warn;
 use std::{hash::Hash, os::fd::AsFd, path::Path};

 use aya_obj::generated::bpf_prog_type::BPF_PROG_TYPE_CGROUP_SOCK;
@ -70,6 +71,10 @@ impl CgroupSock {
    /// Attaches the program to the given cgroup.
    ///
    /// The returned value can be used to detach, see [CgroupSock::detach].
+    ///
+    /// # Warning
+    ///
+    /// attach modes other than CgroupAttachMode::default() may not be passed on to kernel BPF APIs
    pub fn attach<T: AsFd>(
        &mut self,
        cgroup: T,
@ -80,17 +85,17 @@ impl CgroupSock {
        let cgroup_fd = cgroup.as_fd();
        let attach_type = self.data.expected_attach_type.unwrap();
        if KernelVersion::at_least(5, 7, 0) {
-            let link_fd = bpf_link_create(
-                prog_fd,
-                LinkTarget::Fd(cgroup_fd),
-                attach_type,
-                mode.into(),
-                None,
-            )
-            .map_err(|io_error| SyscallError {
-                call: "bpf_link_create",
-                io_error,
-            })?;
+            if mode != CgroupAttachMode::default() {
+                warn!(
+                    "CgroupAttachMode {:?} will not be passed on to bpf_link_create",
+                    mode
+                );
+            }
+            let link_fd = bpf_link_create(prog_fd, LinkTarget::Fd(cgroup_fd), attach_type, 0, None)
+                .map_err(|io_error| SyscallError {
+                    call: "bpf_link_create",
+                    io_error,
+                })?;
            self.data
                .links
                .insert(CgroupSockLink::new(CgroupSockLinkInner::Fd(FdLink::new(
--- a/aya/src/programs/cgroup_sock_addr.rs
+++ b/aya/src/programs/cgroup_sock_addr.rs
@ -1,5 +1,6 @@
 //! Cgroup socket address programs.

+use log::warn;
 use std::{hash::Hash, os::fd::AsFd, path::Path};

 use aya_obj::generated::bpf_prog_type::BPF_PROG_TYPE_CGROUP_SOCK_ADDR;
@ -71,6 +72,10 @@ impl CgroupSockAddr {
    /// Attaches the program to the given cgroup.
    ///
    /// The returned value can be used to detach, see [CgroupSockAddr::detach].
+    ///
+    /// # Warning
+    ///
+    /// attach modes other than CgroupAttachMode::default() may not be passed on to kernel BPF APIs
    pub fn attach<T: AsFd>(
        &mut self,
        cgroup: T,
@ -81,17 +86,17 @@ impl CgroupSockAddr {
        let cgroup_fd = cgroup.as_fd();
        let attach_type = self.data.expected_attach_type.unwrap();
        if KernelVersion::at_least(5, 7, 0) {
-            let link_fd = bpf_link_create(
-                prog_fd,
-                LinkTarget::Fd(cgroup_fd),
-                attach_type,
-                mode.into(),
-                None,
-            )
-            .map_err(|io_error| SyscallError {
-                call: "bpf_link_create",
-                io_error,
-            })?;
+            if mode != CgroupAttachMode::default() {
+                warn!(
+                    "CgroupAttachMode {:?} will not be passed on to bpf_link_create",
+                    mode
+                );
+            }
+            let link_fd = bpf_link_create(prog_fd, LinkTarget::Fd(cgroup_fd), attach_type, 0, None)
+                .map_err(|io_error| SyscallError {
+                    call: "bpf_link_create",
+                    io_error,
+                })?;
            self.data
                .links
                .insert(CgroupSockAddrLink::new(CgroupSockAddrLinkInner::Fd(
--- a/aya/src/programs/cgroup_sockopt.rs
+++ b/aya/src/programs/cgroup_sockopt.rs
@ -1,5 +1,6 @@
 //! Cgroup socket option programs.

+use log::warn;
 use std::{hash::Hash, os::fd::AsFd, path::Path};

 use aya_obj::generated::bpf_prog_type::BPF_PROG_TYPE_CGROUP_SOCKOPT;
@ -68,6 +69,10 @@ impl CgroupSockopt {
    /// Attaches the program to the given cgroup.
    ///
    /// The returned value can be used to detach, see [CgroupSockopt::detach].
+    ///
+    /// # Warning
+    ///
+    /// attach modes other than CgroupAttachMode::default() may not be passed on to kernel BPF APIs
    pub fn attach<T: AsFd>(
        &mut self,
        cgroup: T,
@ -78,17 +83,17 @@ impl CgroupSockopt {
        let cgroup_fd = cgroup.as_fd();
        let attach_type = self.data.expected_attach_type.unwrap();
        if KernelVersion::at_least(5, 7, 0) {
-            let link_fd = bpf_link_create(
-                prog_fd,
-                LinkTarget::Fd(cgroup_fd),
-                attach_type,
-                mode.into(),
-                None,
-            )
-            .map_err(|io_error| SyscallError {
-                call: "bpf_link_create",
-                io_error,
-            })?;
+            if mode != CgroupAttachMode::default() {
+                warn!(
+                    "CgroupAttachMode {:?} will not be passed on to bpf_link_create",
+                    mode
+                );
+            }
+            let link_fd = bpf_link_create(prog_fd, LinkTarget::Fd(cgroup_fd), attach_type, 0, None)
+                .map_err(|io_error| SyscallError {
+                    call: "bpf_link_create",
+                    io_error,
+                })?;
            self.data
                .links
                .insert(CgroupSockoptLink::new(CgroupSockoptLinkInner::Fd(
--- a/aya/src/programs/cgroup_sysctl.rs
+++ b/aya/src/programs/cgroup_sysctl.rs
@ -1,5 +1,6 @@
 //! Cgroup sysctl programs.

+use log::warn;
 use std::{hash::Hash, os::fd::AsFd};

 use aya_obj::generated::{
@ -66,6 +67,10 @@ impl CgroupSysctl {
    /// Attaches the program to the given cgroup.
    ///
    /// The returned value can be used to detach, see [CgroupSysctl::detach].
+    ///
+    /// # Warning
+    ///
+    /// attach modes other than CgroupAttachMode::default() may not be passed on to kernel BPF APIs
    pub fn attach<T: AsFd>(
        &mut self,
        cgroup: T,
@ -76,11 +81,17 @@ impl CgroupSysctl {
        let cgroup_fd = cgroup.as_fd();

        if KernelVersion::at_least(5, 7, 0) {
+            if mode != CgroupAttachMode::default() {
+                warn!(
+                    "CgroupAttachMode {:?} will not be passed on to bpf_link_create",
+                    mode
+                );
+            }
            let link_fd = bpf_link_create(
                prog_fd,
                LinkTarget::Fd(cgroup_fd),
                BPF_CGROUP_SYSCTL,
-                mode.into(),
+                0,
                None,
            )
            .map_err(|io_error| SyscallError {
--- a/aya/src/programs/links.rs
+++ b/aya/src/programs/links.rs
@ -38,7 +38,7 @@ pub trait Link: std::fmt::Debug + Eq + std::hash::Hash + 'static {
 }

 /// Program attachment mode.
-#[derive(Clone, Copy, Debug, Default)]
+#[derive(Clone, Copy, Debug, Default, PartialEq)]
 pub enum CgroupAttachMode {
    /// Allows only one BPF program in the cgroup subtree.
    #[default]
--- a/aya/src/programs/sock_ops.rs
+++ b/aya/src/programs/sock_ops.rs
@ -1,4 +1,5 @@
 //! Socket option programs.
+use log::warn;
 use std::os::fd::AsFd;

 use aya_obj::generated::{
@ -65,6 +66,10 @@ impl SockOps {
    /// Attaches the program to the given cgroup.
    ///
    /// The returned value can be used to detach, see [SockOps::detach].
+    ///
+    /// # Warning
+    ///
+    /// attach modes other than CgroupAttachMode::default() may not be passed on to kernel BPF APIs
    pub fn attach<T: AsFd>(
        &mut self,
        cgroup: T,
@ -75,17 +80,17 @@ impl SockOps {
        let cgroup_fd = cgroup.as_fd();
        let attach_type = BPF_CGROUP_SOCK_OPS;
        if KernelVersion::at_least(5, 7, 0) {
-            let link_fd = bpf_link_create(
-                prog_fd,
-                LinkTarget::Fd(cgroup_fd),
-                attach_type,
-                mode.into(),
-                None,
-            )
-            .map_err(|io_error| SyscallError {
-                call: "bpf_link_create",
-                io_error,
-            })?;
+            if mode != CgroupAttachMode::default() {
+                warn!(
+                    "CgroupAttachMode {:?} will not be passed on to bpf_link_create",
+                    mode
+                );
+            }
+            let link_fd = bpf_link_create(prog_fd, LinkTarget::Fd(cgroup_fd), attach_type, 0, None)
+                .map_err(|io_error| SyscallError {
+                    call: "bpf_link_create",
+                    io_error,
+                })?;
            self.data
                .links
                .insert(SockOpsLink::new(SockOpsLinkInner::Fd(FdLink::new(link_fd))))