diff mbox series

[bpf-next] bpftool: Clear errno after libcap's checks

Message ID 20220812153727.224500-2-quentin@isovalent.com (mailing list archive)
State Superseded
Delegated to: BPF
Headers show
Series [bpf-next] bpftool: Clear errno after libcap's checks | expand

Checks

Context Check Description
netdev/tree_selection success Clearly marked for bpf-next
netdev/fixes_present success Fixes tag not required for -next series
netdev/subject_prefix success Link
netdev/cover_letter success Single patches do not need cover letters
netdev/patch_count success Link
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 0 this patch: 0
netdev/cc_maintainers warning 2 maintainers not CCed: song@kernel.org martin.lau@linux.dev
netdev/build_clang success Errors and warnings before: 0 this patch: 0
netdev/module_param success Was 0 now: 0
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 0 this patch: 0
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 9 lines checked
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0
bpf/vmtest-bpf-next-VM_Test-1 success Logs for Kernel LATEST on ubuntu-latest with gcc
bpf/vmtest-bpf-next-VM_Test-3 success Logs for Kernel LATEST on z15 with gcc
bpf/vmtest-bpf-next-PR success PR summary
bpf/vmtest-bpf-next-VM_Test-2 success Logs for Kernel LATEST on ubuntu-latest with llvm-16

Commit Message

Quentin Monnet Aug. 12, 2022, 3:37 p.m. UTC 
When bpftool is linked against libcap, the library runs a "constructor"
function to compute the number of capabilities of the running kernel
[0], at the beginning of the execution of the program. As part of this,
it performs multiple calls to prctl(). Some of these may fail, and set
errno to a non-zero value:

    # strace -e prctl ./bpftool version
    prctl(PR_CAPBSET_READ, CAP_MAC_OVERRIDE) = 1
    prctl(PR_CAPBSET_READ, 0x30 /* CAP_??? */) = -1 EINVAL (Invalid argument)
    prctl(PR_CAPBSET_READ, CAP_CHECKPOINT_RESTORE) = 1
    prctl(PR_CAPBSET_READ, 0x2c /* CAP_??? */) = -1 EINVAL (Invalid argument)
    prctl(PR_CAPBSET_READ, 0x2a /* CAP_??? */) = -1 EINVAL (Invalid argument)
    prctl(PR_CAPBSET_READ, 0x29 /* CAP_??? */) = -1 EINVAL (Invalid argument)
    ** fprintf added at the top of main(): we have errno == 1
    ./bpftool v7.0.0
    using libbpf v1.0
    features: libbfd, libbpf_strict, skeletons
    +++ exited with 0 +++

Let's clean errno at the beginning of the main() function, to make sure
that these checks do not interfere with the batch mode, where we error
out if errno is set after a bpftool command.

[0] https://git.kernel.org/pub/scm/libs/libcap/libcap.git/tree/libcap/cap_alloc.c?h=v1.2.65#n20

Signed-off-by: Quentin Monnet <quentin@isovalent.com>
---
 tools/bpf/bpftool/main.c | 3 +++
 1 file changed, 3 insertions(+)

Comments

Daniel Borkmann Aug. 15, 2022, 3:33 p.m. UTC | #1 
On 8/12/22 5:37 PM, Quentin Monnet wrote:
> When bpftool is linked against libcap, the library runs a "constructor"
> function to compute the number of capabilities of the running kernel
> [0], at the beginning of the execution of the program. As part of this,
> it performs multiple calls to prctl(). Some of these may fail, and set
> errno to a non-zero value:
> 
>      # strace -e prctl ./bpftool version
>      prctl(PR_CAPBSET_READ, CAP_MAC_OVERRIDE) = 1
>      prctl(PR_CAPBSET_READ, 0x30 /* CAP_??? */) = -1 EINVAL (Invalid argument)
>      prctl(PR_CAPBSET_READ, CAP_CHECKPOINT_RESTORE) = 1
>      prctl(PR_CAPBSET_READ, 0x2c /* CAP_??? */) = -1 EINVAL (Invalid argument)
>      prctl(PR_CAPBSET_READ, 0x2a /* CAP_??? */) = -1 EINVAL (Invalid argument)
>      prctl(PR_CAPBSET_READ, 0x29 /* CAP_??? */) = -1 EINVAL (Invalid argument)
>      ** fprintf added at the top of main(): we have errno == 1
>      ./bpftool v7.0.0
>      using libbpf v1.0
>      features: libbfd, libbpf_strict, skeletons
>      +++ exited with 0 +++
> 
> Let's clean errno at the beginning of the main() function, to make sure
> that these checks do not interfere with the batch mode, where we error
> out if errno is set after a bpftool command.
> 
> [0] https://git.kernel.org/pub/scm/libs/libcap/libcap.git/tree/libcap/cap_alloc.c?h=v1.2.65#n20
> 
> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
> ---
>   tools/bpf/bpftool/main.c | 3 +++
>   1 file changed, 3 insertions(+)
> 
> diff --git a/tools/bpf/bpftool/main.c b/tools/bpf/bpftool/main.c
> index 451cefc2d0da..c0e2e4fedbe8 100644
> --- a/tools/bpf/bpftool/main.c
> +++ b/tools/bpf/bpftool/main.c
> @@ -435,6 +435,9 @@ int main(int argc, char **argv)
>   
>   	setlinebuf(stdout);
>   
> +	/* Libcap */

Good catch! The comment is a bit too terse, could you improve it, so that it's
clear from reading code (w/o digging through git log) why we need to reset errno
in this location? Thx

> +	errno = 0;
> +
>   	last_do_help = do_help;
>   	pretty_output = false;
>   	json_output = false;
>
Quentin Monnet Aug. 15, 2022, 3:47 p.m. UTC | #2 
On 15/08/2022 16:33, Daniel Borkmann wrote:
> On 8/12/22 5:37 PM, Quentin Monnet wrote:
>> When bpftool is linked against libcap, the library runs a "constructor"
>> function to compute the number of capabilities of the running kernel
>> [0], at the beginning of the execution of the program. As part of this,
>> it performs multiple calls to prctl(). Some of these may fail, and set
>> errno to a non-zero value:
>>
>>      # strace -e prctl ./bpftool version
>>      prctl(PR_CAPBSET_READ, CAP_MAC_OVERRIDE) = 1
>>      prctl(PR_CAPBSET_READ, 0x30 /* CAP_??? */) = -1 EINVAL (Invalid
>> argument)
>>      prctl(PR_CAPBSET_READ, CAP_CHECKPOINT_RESTORE) = 1
>>      prctl(PR_CAPBSET_READ, 0x2c /* CAP_??? */) = -1 EINVAL (Invalid
>> argument)
>>      prctl(PR_CAPBSET_READ, 0x2a /* CAP_??? */) = -1 EINVAL (Invalid
>> argument)
>>      prctl(PR_CAPBSET_READ, 0x29 /* CAP_??? */) = -1 EINVAL (Invalid
>> argument)
>>      ** fprintf added at the top of main(): we have errno == 1
>>      ./bpftool v7.0.0
>>      using libbpf v1.0
>>      features: libbfd, libbpf_strict, skeletons
>>      +++ exited with 0 +++
>>
>> Let's clean errno at the beginning of the main() function, to make sure
>> that these checks do not interfere with the batch mode, where we error
>> out if errno is set after a bpftool command.
>>
>> [0]
>> https://git.kernel.org/pub/scm/libs/libcap/libcap.git/tree/libcap/cap_alloc.c?h=v1.2.65#n20
>>
>> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
>> ---
>>   tools/bpf/bpftool/main.c | 3 +++
>>   1 file changed, 3 insertions(+)
>>
>> diff --git a/tools/bpf/bpftool/main.c b/tools/bpf/bpftool/main.c
>> index 451cefc2d0da..c0e2e4fedbe8 100644
>> --- a/tools/bpf/bpftool/main.c
>> +++ b/tools/bpf/bpftool/main.c
>> @@ -435,6 +435,9 @@ int main(int argc, char **argv)
>>         setlinebuf(stdout);
>>   +    /* Libcap */
> 
> Good catch! The comment is a bit too terse, could you improve it, so
> that it's
> clear from reading code (w/o digging through git log) why we need to
> reset errno
> in this location? Thx

Right, I'll work on the comment and repost, thank you for the review
Quentin
diff mbox series

Patch

diff --git a/tools/bpf/bpftool/main.c b/tools/bpf/bpftool/main.c
index 451cefc2d0da..c0e2e4fedbe8 100644
--- a/tools/bpf/bpftool/main.c
+++ b/tools/bpf/bpftool/main.c
@@ -435,6 +435,9 @@  int main(int argc, char **argv)
 
 	setlinebuf(stdout);
 
+	/* Libcap */
+	errno = 0;
+
 	last_do_help = do_help;
 	pretty_output = false;
 	json_output = false;