Merge branch 'dev/fix_ebpf_permissions' into 'main'

Fix device permission check when using cgroupv2 See merge request nvidia/container-toolkit/libnvidia-container!236
NVIDIA · Nov 18, 2023 · f30a9f4 · f30a9f4
2 parents 1eb5a30 + dcb0ac1
commit f30a9f4
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,7 @@
 # NVIDIA Container Toolkit Library and CLI Changelog
 
+* Fix device permission check when using cgroupv2 (fixes #227)
+
 ## 1.14.1
 * Use libelf.so on RPM-based systems due to removed mageia repositories hosting pmake and bmake.
 

diff --git a/src/nvcgo/internal/cgroup/ebpf.go b/src/nvcgo/internal/cgroup/ebpf.go
@@ -136,10 +136,10 @@ func (p *program) appendDevice(dev specs.LinuxDeviceCgroup, labelPrefix string)
 	}
 	if hasAccess {
 		p.insts = append(p.insts,
-			// if (R3 & bpfAccess == 0 /* use R2 as a temp var */) goto next
-			asm.Mov.Reg32(asm.R2, asm.R3),
-			asm.And.Imm32(asm.R2, bpfAccess),
-			asm.JEq.Imm(asm.R2, 0, nextBlockSym),
+			// if (R3 & bpfAccess != R3 /* use R6 as a temp var */) goto next
+			asm.Mov.Reg32(asm.R6, asm.R3),
+			asm.And.Imm32(asm.R6, bpfAccess),
+			asm.JNE.Reg(asm.R6, asm.R3, nextBlockSym),
 		)
 	}
 	if hasMajor {