Merge pull request iovisor#298 from iovisor/bblanco_dev

Automatically bump memlock ulimit
nanshuaibo · Nov 30, 2015 · 8a04fb3 · 8a04fb3
2 parents ee8e543 + 4b4bd27
commit 8a04fb3
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 3 deletions.
diff --git a/src/cc/libbpf.c b/src/cc/libbpf.c
@@ -30,6 +30,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <sys/ioctl.h>
+#include <sys/resource.h>
 #include <unistd.h>
 
 #include "libbpf.h"
@@ -67,7 +68,19 @@ int bpf_create_map(enum bpf_map_type map_type, int key_size, int value_size, int
  attr.value_size = value_size;
  attr.max_entries = max_entries;
 
- return syscall(__NR_bpf, BPF_MAP_CREATE, &attr, sizeof(attr));
+ int ret = syscall(__NR_bpf, BPF_MAP_CREATE, &attr, sizeof(attr));
+ if (ret < 0 && errno == EPERM) {
+ // see note below about the rationale for this retry
+
+ struct rlimit rl = {};
+ if (getrlimit(RLIMIT_MEMLOCK, &rl) == 0) {
+ rl.rlim_max = RLIM_INFINITY;
+ rl.rlim_cur = rl.rlim_max;
+ if (setrlimit(RLIMIT_MEMLOCK, &rl) == 0)
+ ret = syscall(__NR_bpf, BPF_MAP_CREATE, &attr, sizeof(attr));
+ }
+ }
+ return ret;
 }
 
 int bpf_update_elem(int fd, void *key, void *value, unsigned long long flags)
@@ -138,6 +151,24 @@ int bpf_prog_load(enum bpf_prog_type prog_type,
  log_buf[0] = 0;
 
  int ret = syscall(__NR_bpf, BPF_PROG_LOAD, &attr, sizeof(attr));
+ if (ret < 0 && errno == EPERM) {
+ // When EPERM is returned, two reasons are possible:
+ // 1. user has no permissions for bpf()
+ // 2. user has insufficent rlimit for locked memory
+ // Unfortunately, there is no api to inspect the current usage of locked
+ // mem for the user, so an accurate calculation of how much memory to lock
+ // for this new program is difficult to calculate. As a hack, bump the limit
+ // to unlimited. If program load fails again, return the error.
+
+ struct rlimit rl = {};
+ if (getrlimit(RLIMIT_MEMLOCK, &rl) == 0) {
+ rl.rlim_max = RLIM_INFINITY;
+ rl.rlim_cur = rl.rlim_max;
+ if (setrlimit(RLIMIT_MEMLOCK, &rl) == 0)
+ ret = syscall(__NR_bpf, BPF_PROG_LOAD, &attr, sizeof(attr));
+ }
+ }
+
  if (ret < 0 && !log_buf) {
  // caller did not specify log_buf but failure should be printed,
  // so call recursively and print the result to stderr

diff --git a/tests/wrapper.sh.in b/tests/wrapper.sh.in
@@ -32,11 +32,11 @@ function ns_run() {
  sudo ip netns exec $ns ethtool -K eth0 tx off
  sudo ip addr add dev $ns.out 172.16.1.1/24
  sudo ip link set $ns.out up
- sudo bash -c "ulimit -l 10240; PYTHONPATH=$PYTHONPATH LD_LIBRARY_PATH=$LD_LIBRARY_PATH ip netns exec $ns $cmd $1 $2"
+ sudo bash -c "PYTHONPATH=$PYTHONPATH LD_LIBRARY_PATH=$LD_LIBRARY_PATH ip netns exec $ns $cmd $1 $2"
  return $?
 }
 function sudo_run() {
- sudo bash -c "ulimit -l 10240; PYTHONPATH=$PYTHONPATH LD_LIBRARY_PATH=$LD_LIBRARY_PATH $cmd $1 $2"
+ sudo bash -c "PYTHONPATH=$PYTHONPATH LD_LIBRARY_PATH=$LD_LIBRARY_PATH $cmd $1 $2"
  return $?
 }
 function simple_run() {