so that it can change the uid/gid of pinned bpf progs and maps
Test: build, atest
Bug: 149434314
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Id23f9caaddf620d4e99d970523f0a9768826e0d7
bpf_jit_enable = 1 is mostly a no-op since on most future
devices it will be force enabled by BPF_JIT_ALWAYS_ON
It is required for Pixel 3 & co Linux 4.9 based devices, which
can only do JIT for some ebpf programs (and thus can't enable
BPF_JIT_ALWAYS_ON without some netd programs refusing to load)
We also set bpf_jit_kallsyms = 1 because it makes debugging
failures easier, but it is incompatible with bpf_jit_harden != 0.
We don't bother setting bpf_jit_harden because we both want
bpf_jit_kallsyms to work, and because the only entity allowed
to load ebpf programs is the bpfloader and it only loads trusted
(verified file system signed) prebuilt bpf programs.
Test: built and booted, verified settings
Bug: 140377409
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I9b401ee7b01a2042da87ff48d548b11e0cf78efa
(instead of explicit memlock limit)
This reduces chance for memory allocation failures.
Any bpfloader failure is a critical boot time failure
(since without eBPF initializing properly netd will crash and
device will enter crash loop).
Test: builds, atest
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I5ed0118d63c53100e7431324914bf22e9870abfe
The rlimit was recently set to 8MB for bpfloader in
Change Id Ib97d1d304f4ea9a6215afed76e1c1e28f1415221
This could be causing intermittent failures to create maps, let us
increase it to 64MB for bpfloader.
Bug: 134558982
Change-Id: Iabb2e6c7d9ea3843ae28f2c465756e5aacdf1904
Signed-off-by: Joel Fernandes <joelaf@google.com>
Currently the bpfloader does not try to load programs if
bpf.progs_loaded is set. However there is no harm in trying to reload
programs because the loader is designed to reuse previously created maps
and programs if they were created. On the other hand, not trying to load
if property is set is harmful since the property prevents retries. So
prevent this from happening.
Bug: 134558982
Change-Id: I61dfb8827ca37c9a1ff4e0912ca96f06a36c37d6
Signed-off-by: Joel Fernandes <joelaf@google.com>
The bpfloader should not try to load bpf objects on unsupported devices
since devices with 4.4 kernel can have bpf maps but not bpf pogram
support. Creating bpf maps on those devices would mislead the framework
code to use an unsupported code path and crash system server.
Bug: 130687855
Test: cuttlefish boot test for 4.4 kernel.
Change-Id: I43ffc01e1099ee3effaa6ba30aa78080d5bec72f
Since bpfloader is only used to create the bpf maps and load bpf
programs on android devices. It is okay to set the MEMLOCK rlimit of
bpfloader to the proper size needed by bpf maps regardless of the global
device values. It helps partner to adopt the bpf feature without
changing the device configuration.
Bug: 119279144
Bug: 129246448
Test: remove device specific rlimit and build and verify bpf maps
created.
Change-Id: Ib97d1d304f4ea9a6215afed76e1c1e28f1415221
This was necessary when the netd BPF program lived in system/bpf,
but it's no longer necessary.
Test: m
Bug: 65674744
Change-Id: I1fcf7e41276341b1258adf9d3795e81b6139f84f
The data collected by this program currently has no consumers, so
there's no need to load it or include it in the bpfloader build yet.
Test: make bpfloader
Change-Id: I206d94e3da34dc3b81bdbfdd4a00b05cfb624f48
Signed-off-by: Connor O'Brien <connoro@google.com>
bpfloader now has CAP_SYS_ADMIN, which allows it to load programs like
time_in_state.o that use eBPF's tracepoint support.
Test: make bpfloader
Test: ls /sys/fs/bpf/ shows time_in_state progs and maps are created
Bug: 112334572
Bug: 78498733
Change-Id: Iedff50381c9ee2b3bdfc6c01b2e2ccaeaf0917d5
Signed-off-by: Connor O'Brien <connoro@google.com>
The property bpf.progs_loaded will be used by services expecting BPF
programs to be loaded and wait before they are loaded.
Bug: 112334572
Change-Id: I19daa0caa84e2659e8790f0dd551d95ab824e13b
Signed-off-by: Joel Fernandes <joelaf@google.com>
With this, bpfloader does not need to be started by netd and will load
at boot time.
Bug: 112334572
Change-Id: Iad777ed0a5bb5995dbf2fc176a220292a4c5e41f
Signed-off-by: Joel Fernandes <joelaf@google.com>
Change the netd bpf program to the new format. Adding map definition and
necessary helper functions to the kernel program code. Move the netd bpf
programs out of bpfloader to a new directory.
Test: dumpsys netd trafficcontroller
Bug: 112334572
Change-Id: I9287285d188e966193532b1522b5d3e67e32e930
* Wrote a relocatable ELF loader from scratch. The loader library loads
all objects in /system/etc/bpf/, parses and fixes up eBPF instructions
based on relocation information, creates maps and programs and pins
them. A single API call without arguments is made which results in this
operation. The API has all the information it needs from the filesystem
and the ELF objects, so there is no configuration stored in the code
calling the loader API essentially making it zero conf. Initially this
will be used by time_in_state statistics collection using tracepoints.
In the future, netd's eBPF C code should be rewritten to use this
infrastructure and the old ELF loader can be gotten rid off. This is the
first step.
* Link libbpf with libbpf_android which will come from the external/ bcc
project. This will be used for tracepoint and perf eBPF support. In the
future it can be used for other things as kernel eBPF support advances.
This patch will be merged only after bcc is cloned into external/ to
prevent build breakage.
Bug: 112334572
Change-Id: Ic0fd9504e18031132d40bb627c5e44058d59c9f8
Signed-off-by: Joel Fernandes <joelaf@google.com>
system/bpf/bpfloader/BpfLoader.cpp:79:23: error: comparison of integers of different signs: 'int' and 'std::__1::vector<android::bpf::BpfMapInfo, std::__1::allocator<android::bpf::BpfMapInfo> >::size_type' (aka 'unsigned long') [-Werror,-Wsign-compare]
for (int i = 0; i < mapPatterns.size(); i++) {
~ ^ ~~~~~~~~~~~~~~~~~~`
Test: m checkbuild
Change-Id: If2891bfc7655aea34499975763f72e0a25b32289
Apply the git clang format on the bpf project to make sure the existing
code compliance with the standard.
Test: project compiles and bpfMapTest pass.
Bug: 112334572
Change-Id: I4774aa2a197be2c671f6fb307c1fc9b71edfeeec
Rename the bpf support library in android to libbpf_android to make
it compatible with external bcc project. Fix the Android.bp file to
prevent build break.
Bug: 112334572
Test: No build breakage.
Change-Id: I24ae8aaf8ca8afdded5e46d21f0deec68d6030da
Add the necessary Android.bp file and fix the compile error for the new
bpf project.
Fix the run time restart false alarm in bpf loader.
Bug: 112334572
Test: device boot and dumpsys netd show eBPF object okay, runtime
restart netd and no bpfloader error showed in logcat.
Change-Id: Iae193bda45e50b7d22479086d6403e3c4fb185c4
Copied the files from system/netd into system/bpf. No modification is
made to the files.
Test: this doesn't build since the Android.bp file is missing
Bug: 112334572
Change-Id: Ia090a429dd416e07c46766784fb3dd2037201525
