Remove strict constraint on kernel version for backported BPF (#45018) (

#45942) * Remove strict constraint on kernel version for backported BPF * Close cgroup in case of fail to init bpf
gravitational · Aug 28, 2024 · 4c8c188 · 4c8c188
1 parent 15e6c68
commit 4c8c188
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 17 deletions.
diff --git a/lib/bpf/bpf.go b/lib/bpf/bpf.go
@@ -118,7 +118,7 @@ type Service struct {
 }
 
 // New creates a BPF service.
-func New(config *servicecfg.BPFConfig) (BPF, error) {
+func New(config *servicecfg.BPFConfig) (bpf BPF, err error) {
 	if err := config.CheckAndSetDefaults(); err != nil {
 		return nil, trace.Wrap(err)
 	}
@@ -130,20 +130,6 @@ func New(config *servicecfg.BPFConfig) (BPF, error) {
 		return &NOP{}, nil
 	}
 
-	// Check if the host can run BPF programs.
-	if err := IsHostCompatible(); err != nil {
-		return nil, trace.Wrap(err)
-	}
-
-	// Create a cgroup controller to add/remote cgroups.
-	cgroup, err := controlgroup.New(&controlgroup.Config{
-		MountPath: config.CgroupPath,
-		RootPath:  config.RootPath,
-	})
-	if err != nil {
-		return nil, trace.Wrap(err)
-	}
-
 	closeContext, closeFunc := context.WithCancel(context.Background())
 
 	s := &Service{
@@ -153,9 +139,23 @@ func New(config *servicecfg.BPFConfig) (BPF, error) {
 
 		closeContext: closeContext,
 		closeFunc:    closeFunc,
+	}
 
-		cgroup: cgroup,
+	// Create a cgroup controller to add/remote cgroups.
+	s.cgroup, err = controlgroup.New(&controlgroup.Config{
+		MountPath: config.CgroupPath,
+		RootPath:  config.RootPath,
+	})
+	if err != nil {
+		return nil, trace.Wrap(err)
 	}
+	defer func() {
+		if err != nil {
+			if err := s.cgroup.Close(true); err != nil {
+				log.WithError(err).Warn("Failed to close cgroup")
+			}
+		}
+	}()
 
 	// Create args cache used by the exec BPF program.
 	s.argsCache, err = ttlmap.New(ArgsCacheSize)

diff --git a/lib/service/service.go b/lib/service/service.go
@@ -2841,7 +2841,11 @@ func (process *TeleportProcess) initSSH() error {
 		// return a NOP struct that can be used to discard BPF data.
 		ebpf, err := bpf.New(cfg.SSH.BPF)
 		if err != nil {
-			return trace.Wrap(err)
+			// Check kernel version if the host can run BPF programs.
+			return trace.NewAggregate(
+				trace.Wrap(bpf.IsHostCompatible()),
+				trace.Wrap(err),
+			)
 		}
 		defer func() { warnOnErr(process.ExitContext(), ebpf.Close(restartingOnGracefulShutdown), logger) }()