From: "Toke Høiland-Jørgensen" <toke@redhat.com>
To: Daniel Borkmann <daniel@iogearbox.net>,
Jesper Dangaard Brouer <brouer@redhat.com>
Cc: Alexei Starovoitov <ast@kernel.org>,
netdev@vger.kernel.org, bpf@vger.kernel.org
Subject: Re: [PATCH bpf-next] libbpf: Print hint about ulimit when getting permission denied error
Date: Mon, 16 Dec 2019 17:08:29 +0100 [thread overview]
Message-ID: <87y2vc8d8i.fsf@toke.dk> (raw)
In-Reply-To: <20191216155336.GA28925@linux.fritz.box>
Daniel Borkmann <daniel@iogearbox.net> writes:
> On Mon, Dec 16, 2019 at 02:52:30PM +0100, Jesper Dangaard Brouer wrote:
>> On Mon, 16 Dec 2019 13:40:31 +0100
>> Toke Høiland-Jørgensen <toke@redhat.com> wrote:
>>
>> > Probably the single most common error newcomers to XDP are stumped by is
>> > the 'permission denied' error they get when trying to load their program
>> > and 'ulimit -r' is set too low. For examples, see [0], [1].
>> >
>> > Since the error code is UAPI, we can't change that. Instead, this patch
>> > adds a few heuristics in libbpf and outputs an additional hint if they are
>> > met: If an EPERM is returned on map create or program load, and geteuid()
>> > shows we are root, and the current RLIMIT_MEMLOCK is not infinity, we
>> > output a hint about raising 'ulimit -r' as an additional log line.
>> >
>> > [0] https://marc.info/?l=xdp-newbies&m=157043612505624&w=2
>> > [1] https://github.com/xdp-project/xdp-tutorial/issues/86
>> >
>> > Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
>>
>> Acked-by: Jesper Dangaard Brouer <brouer@redhat.com>
>>
>> This is the top #1 issue users hit again-and-again, too bad we cannot
>> change the return code as it is UAPI now. Thanks for taking care of
>> this mitigation.
>
> It's an annoying error that comes up very often, agree, and tooling then
> sets it to a high value / inf anyway as next step if it has the rights
> to do so. Probably time to revisit the idea that if the user has the same
> rights as being able to set setrlimit() anyway, we should just not account
> for it ... incomplete hack:
It did always seem a bit odd to me that there was this limit that was
setable by the user it was supposed to limit (for XDP anyway). So I
would totally be in favour of fixing it in the kernel; but probably a
good idea to put the hint into libbpf anyway, for those with older
kernels...
-Toke
next prev parent reply other threads:[~2019-12-16 16:08 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-16 12:40 [PATCH bpf-next] libbpf: Print hint about ulimit when getting permission denied error Toke Høiland-Jørgensen
2019-12-16 13:52 ` Jesper Dangaard Brouer
2019-12-16 15:53 ` Daniel Borkmann
2019-12-16 16:00 ` Alexei Starovoitov
2019-12-16 16:11 ` Toke Høiland-Jørgensen
2019-12-16 16:08 ` Toke Høiland-Jørgensen [this message]
2019-12-16 16:51 ` Yonghong Song
2019-12-16 18:00 ` Toke Høiland-Jørgensen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87y2vc8d8i.fsf@toke.dk \
--to=toke@redhat.com \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=brouer@redhat.com \
--cc=daniel@iogearbox.net \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.