system/systemd
system/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd synced 2024-10-04 15:21:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #33074 from keszybz/bpf-fd-handling

Browse source 
Small cleanups in bpf code
This commit is contained in:
Yu Watanabe 2024-06-12 18:44:30 +09:00 committed by GitHub
parent a07c903a38 613b698eb4
commit 707890d4ff
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 8 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
src/basic/fd-util.c
View file

@ -212,9 +212,6 @@ int fd_cloexec_many(const int fds[], size_t n_fds, bool cloexec) {
continue;
RET_GATHER(r, fd_cloexec(*fd, cloexec));
if (r >= 0)
r = 1; /* report if we did anything */
}
return r;
@ -756,8 +753,7 @@ int rearrange_stdio(int original_input_fd, int original_output_fd, int original_
}
/* Let's assemble fd[] with the fds to install in place of stdin/stdout/stderr */
for (int i = 0; i < 3; i++) {
for (int i = 0; i < 3; i++)
if (fd[i] < 0)
fd[i] = null_fd; /* A negative parameter means: connect this one to /dev/null */
else if (fd[i] != i && fd[i] < 3) {
@ -770,20 +766,16 @@ int rearrange_stdio(int original_input_fd, int original_output_fd, int original_
fd[i] = copy_fd[i];
}
}
/* At this point we now have the fds to use in fd[], and they are all above the stdio range, so that
* we have freedom to move them around. If the fds already were at the right places then the specific
* fds are -EBADF. Let's now move them to the right places. This is the point of no return. */
for (int i = 0; i < 3; i++) {
for (int i = 0; i < 3; i++)
if (fd[i] == i) {
/* fd is already in place, but let's make sure O_CLOEXEC is off */
r = fd_cloexec(i, false);
if (r < 0)
goto finish;
} else {
assert(fd[i] > 2);
@ -792,7 +784,6 @@ int rearrange_stdio(int original_input_fd, int original_output_fd, int original_
goto finish;
}
}
}
r = 0;

13
src/core/bpf-firewall.c
View file

@ -421,14 +421,13 @@ static int bpf_firewall_prepare_access_maps(
_cleanup_close_ int ipv4_map_fd = -EBADF, ipv6_map_fd = -EBADF;
size_t n_ipv4 = 0, n_ipv6 = 0;
Unit *p;
int r;
assert(ret_ipv4_map_fd);
assert(ret_ipv6_map_fd);
assert(ret_has_any);
for (p = u; p; p = UNIT_GET_SLICE(p)) {
for (Unit *p = u; p; p = UNIT_GET_SLICE(p)) {
CGroupContext *cc;
Set *prefixes;
bool *reduced;
@ -459,7 +458,7 @@ static int bpf_firewall_prepare_access_maps(
}
if (n_ipv4 > 0) {
char *name = strjoina("4_", u->id);
const char *name = strjoina("4_", u->id);
ipv4_map_fd = bpf_map_new(
name,
BPF_MAP_TYPE_LPM_TRIE,
@ -472,7 +471,7 @@ static int bpf_firewall_prepare_access_maps(
}
if (n_ipv6 > 0) {
char *name = strjoina("6_", u->id);
const char *name = strjoina("6_", u->id);
ipv6_map_fd = bpf_map_new(
name,
BPF_MAP_TYPE_LPM_TRIE,
@ -484,7 +483,7 @@ static int bpf_firewall_prepare_access_maps(
return ipv6_map_fd;
}
for (p = u; p; p = UNIT_GET_SLICE(p)) {
for (Unit *p = u; p; p = UNIT_GET_SLICE(p)) {
CGroupContext *cc;
cc = unit_get_cgroup_context(p);
@ -511,7 +510,7 @@ static int bpf_firewall_prepare_accounting_maps(Unit *u, bool enabled, CGroupRun
if (enabled) {
if (crt->ip_accounting_ingress_map_fd < 0) {
char *name = strjoina("I_", u->id);
const char *name = strjoina("I_", u->id);
r = bpf_map_new(name, BPF_MAP_TYPE_ARRAY, sizeof(int), sizeof(uint64_t), 2, 0);
if (r < 0)
return r;
@ -520,7 +519,7 @@ static int bpf_firewall_prepare_accounting_maps(Unit *u, bool enabled, CGroupRun
}
if (crt->ip_accounting_egress_map_fd < 0) {
char *name = strjoina("E_", u->id);
const char *name = strjoina("E_", u->id);
r = bpf_map_new(name, BPF_MAP_TYPE_ARRAY, sizeof(int), sizeof(uint64_t), 2, 0);
if (r < 0)
return r;