From: "Toke Høiland-Jørgensen" <toke@redhat.com>
To: Yonghong Song <yhs@fb.com>, Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>
Cc: "netdev\@vger.kernel.org" <netdev@vger.kernel.org>,
"bpf\@vger.kernel.org" <bpf@vger.kernel.org>,
Jesper Dangaard Brouer <brouer@redhat.com>
Subject: Re: [PATCH bpf-next] libbpf: Print hint about ulimit when getting permission denied error
Date: Mon, 16 Dec 2019 19:00:04 +0100 [thread overview]
Message-ID: <87mubs882j.fsf@toke.dk> (raw)
In-Reply-To: <2146814b-f70e-b401-3ed3-4d113ab47e34@fb.com>
Yonghong Song <yhs@fb.com> writes:
> On 12/16/19 4:40 AM, Toke Høiland-Jørgensen wrote:
>> Probably the single most common error newcomers to XDP are stumped by is
>> the 'permission denied' error they get when trying to load their program
>> and 'ulimit -r' is set too low. For examples, see [0], [1].
>>
>> Since the error code is UAPI, we can't change that. Instead, this patch
>> adds a few heuristics in libbpf and outputs an additional hint if they are
>> met: If an EPERM is returned on map create or program load, and geteuid()
>> shows we are root, and the current RLIMIT_MEMLOCK is not infinity, we
>> output a hint about raising 'ulimit -r' as an additional log line.
>>
>> [0] https://marc.info/?l=xdp-newbies&m=157043612505624&w=2
>> [1] https://github.com/xdp-project/xdp-tutorial/issues/86
>>
>> Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
>
> LGTM with one minor no-essential suggestion below.
>
> Acked-by: Yonghong Song <yhs@fb.com>
>
>> ---
>> tools/lib/bpf/libbpf.c | 21 +++++++++++++++++++++
>> 1 file changed, 21 insertions(+)
>>
>> diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
>> index a2cc7313763a..aec7995674d2 100644
>> --- a/tools/lib/bpf/libbpf.c
>> +++ b/tools/lib/bpf/libbpf.c
>> @@ -41,6 +41,7 @@
>> #include <sys/types.h>
>> #include <sys/vfs.h>
>> #include <sys/utsname.h>
>> +#include <sys/resource.h>
>> #include <tools/libc_compat.h>
>> #include <libelf.h>
>> #include <gelf.h>
>> @@ -100,6 +101,24 @@ void libbpf_print(enum libbpf_print_level level, const char *format, ...)
>> va_end(args);
>> }
>>
>> +static void pr_perm_msg(int err)
>> +{
>> + struct rlimit limit;
>> +
>> + if (err != -EPERM || geteuid() != 0)
>> + return;
>> +
>> + err = getrlimit(RLIMIT_MEMLOCK, &limit);
>> + if (err)
>> + return;
>> +
>> + if (limit.rlim_cur == RLIM_INFINITY)
>> + return;
>> +
>> + pr_warn("permission error while running as root; try raising 'ulimit -r'? current value: %lu\n",
>> + limit.rlim_cur);
>
> Here we print out in terms of bytes. Maybe in terms of kilo bytes or
> mega bytes is more user friendly, esp. we want them to set a different
> value?
Yeah, thought about that, but was too lazy to actually implement it :)
Can send a v2 with that added...
-Toke
prev parent reply other threads:[~2019-12-16 18:42 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-16 12:40 [PATCH bpf-next] libbpf: Print hint about ulimit when getting permission denied error Toke Høiland-Jørgensen
2019-12-16 13:52 ` Jesper Dangaard Brouer
2019-12-16 15:53 ` Daniel Borkmann
2019-12-16 16:00 ` Alexei Starovoitov
2019-12-16 16:11 ` Toke Høiland-Jørgensen
2019-12-16 16:08 ` Toke Høiland-Jørgensen
2019-12-16 16:51 ` Yonghong Song
2019-12-16 18:00 ` Toke Høiland-Jørgensen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87mubs882j.fsf@toke.dk \
--to=toke@redhat.com \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=brouer@redhat.com \
--cc=daniel@iogearbox.net \
--cc=netdev@vger.kernel.org \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.