tequilaOS/platform_system_bpf
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
1475 commits 1 branch 0 tags 1.8 MiB
Commit graph

1475 commits

This branch
This branch
All branches
Author SHA1 Message Date
Android Build Coastguard Worker
82eed90a20 Merge cherrypicks of [19048272] into tm-release. 
Change-Id: I5a85c6b087465b678bea7c2564383150b012e983
 2022-06-24 02:27:08 +00:00
Maciej Żenczykowski
490a53e6f7 bpfloader: add ability to disable btfloader 
BTF support was added to bpfloader during Android T dev cycle.

As it causes bpfloader boot time process to shell out to a new
btfloader subprocess for every bpf.o file with BTF debugging
information compiled in, I'm worried this might have unforeseen
consequences - things like crashes or boot time bpfloader cpu
regressions.

However, BTF is exceedingly useful for debugging,
and it would be a huge pity if we were forced to disable it
and keep it disabled in mainline tethering module just to support
Android T devices for the next 5+ years.

It would also be a pity if the bpf.o files in prebuilt mainline
tethering apex in dev branches (like tm-dev) did not include
BTF debug information simply due to compatibility with older
kernels or OSes, since this would require rebuilding the module
everytime BTF information could be of use.

One of the things functioning BTF enables is 'cat /sys/fs/bpf/map_*'
as root on a userdebug build.  Among other things this can be
used to verify that in kernel bpf map state matches that dumped
by the mainline module's pretty dump code.

Even if there's issues wrt. BTF in Android T (or on older kernels),
we can always fix them in Android U or later (for example build
btfloader into bpfloader to avoid exec overhead, etc...).

Bug: 218408035
Bug: 230585250
Bug: 235559605
Test: TreeHugger, cuttlefish devices boots, and:
  adb root && adb shell cat /sys/fs/bpf/map_time_in_state_cpu_last_pid_map
  continues to show information which is available due to BTF debug provided
  in /system/etc/bpf/time_in_state.o file (due to "btf: true" in Android.bp)
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I553e90e0414453f8f3aaca8cf05d5decc8b911a2
(cherry picked from commit 37b3d06333)
Merged-In: I553e90e0414453f8f3aaca8cf05d5decc8b911a2
 2022-06-24 02:27:00 +00:00
Android Build Coastguard Worker
4153bbe868 Snap for 8762204 from 98ec8cf05b to tm-release 
Change-Id: I1bf6b70f175d2692c2ec291b14852e6768c82277
 2022-06-23 23:28:14 +00:00
Android Build Coastguard Worker
6fa2d47076 Snap for 8756258 from a529b323af to tm-release 
Change-Id: I5cea18eaccaf9f688137bdb2c16d13aa9333a8e6
 2022-06-22 23:27:59 +00:00
Maciej Żenczykowski
98ec8cf05b Revert "disable bpfloader selinux_context support" 
This reverts commit 8e5e239dd0a7856e486a9e2d772ef3a9e38021eb.

No longer required now that selinux change has landed.

(while we're at it bump the bpfloader version to v0.19 just
 to make sure we can tell these apart in the future)

This is a cherrypick to tm-dev of reviewed/approved but unsubmitted:
  https://android-review.googlesource.com/c/platform/system/bpf/+/2132534

Ignore-AOSP-First: will be cherrypicked to aosp master

Bug: 218408035
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I0b3349ef908bbfd225b8b7f83b2a4a8870c1e409
 2022-06-22 14:51:58 -07:00
Android Build Coastguard Worker
3bfacfc1d4 Snap for 8750474 from 8482e88f9e to tm-release 
Change-Id: I6ed581118251b97d27d6bd68761de78f9d356eb5
 2022-06-21 23:28:22 +00:00
Maciej Żenczykowski
a529b323af disable bpfloader selinux_context support 
(it requires bpfloader to be granted rename priv by selinux)

Bug: 218408035
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ic27d0e5f3c6b78db39c6742fe9e1955f65d2b1f5
(cherry picked from commit a7a11bda00)
Merged-In: Ic27d0e5f3c6b78db39c6742fe9e1955f65d2b1f5
 2022-06-21 19:58:42 +00:00
Maciej Żenczykowski
5ed96f4a1a bpfloader: support 'shared' maps and per-map/program selinux context 
allow bpf .o files to specify desired selinux context

Bug: 218408035
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I9d7449e477c371053a34191a2a9a935ba927d4b3
(cherry picked from commit 4181713963)
Merged-In: I9d7449e477c371053a34191a2a9a935ba927d4b3
 2022-06-21 19:58:41 +00:00
Android Build Coastguard Worker
4c64329227 Snap for 8746455 from 14fdd0a4a9 to tm-release 
Change-Id: I56c5f559a51bf1dc4f27be95b7712df331c4a16b
 2022-06-20 23:28:02 +00:00
Maciej Żenczykowski
8482e88f9e bpfLoader: verify that reused maps are the right type & shape 
This is needed to make it safe to share maps across different .o's.

Bug: 218408035
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I9e8a5893ed4f91354f6544be587b10a97d179de6
(cherry picked from commit 12bb520707)
Merged-In: I9e8a5893ed4f91354f6544be587b10a97d179de6
 2022-06-20 17:46:48 +00:00
Maciej Żenczykowski
14fdd0a4a9 add support for 'netd_readonly' 
For use by:
- maps netd should have read but not write access to
  (needed due to netd being root with DAC_OVERRIDE,
   and thus not obeying standard unix permissions)
- programs that netd should have access to but
  not netutils_wrappers (which due to being able to
  run iptables, needs access to xt_bpf programs)

Bug: 218408035
Test: booted on cuttlefish
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I72b106692a25077ff54252fd93db81f46b52125d
(cherry picked from commit 32c0b8f46e)
Merged-In: I72b106692a25077ff54252fd93db81f46b52125d
 2022-06-20 16:32:18 +00:00
Maciej Żenczykowski
72c3298572 remove spurious newlines in ALOG lines 
eliminates empty lines visible in cuttlefish kernel.log

Bug: 218408035
Test: booted on cuttlefish
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I2d75f1702c02b72c298642beb62c5df1c2629367
(cherry picked from commit e626a95e2f)
Merged-In: I2d75f1702c02b72c298642beb62c5df1c2629367
 2022-06-20 16:27:40 +00:00
Maciej Żenczykowski
1d018c1655 bpfloader: add support for perf_event program type 
Based on
  https://android-review.googlesource.com/c/platform/system/bpf/+/2104448

Bug: 218408035
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I79a5b084b80a1c423d555d9b63b08f9cd00fa684
(cherry picked from commit e092e0bbfe)
Merged-In: I79a5b084b80a1c423d555d9b63b08f9cd00fa684
 2022-06-20 16:26:47 +00:00
Android Build Coastguard Worker
bd937359c8 Snap for 8637088 from af617ca0aa to tm-release 
Change-Id: I6b552e088c816ba32fce304879ef2fcc7ad79eaa
 2022-05-24 23:28:31 +00:00
Maciej Żenczykowski
af617ca0aa ease debugging - print pinned bpf prog & map ids 
combined with content of /proc/${pid}/fd/${fd}
and /proc/${pid}/fdinfo/${fd} this allows figuring
out which programs/maps a process continues to
have open

See:
  adbz logcat -d | egrep '(map|prog) .* id'
  adbz root
  adbz_bpf_progs_and_maps

Bug: 230880517
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I66c7fa12d079257486569105368bf1eea2d3ab0c
(cherry picked from commit 57412c2a27)
Merged-In: I66c7fa12d079257486569105368bf1eea2d3ab0c
 2022-05-24 09:25:58 +00:00
Android Build Coastguard Worker
6e63ba776f Snap for 8581162 from 4dfce18208 to tm-release 
Change-Id: Iba69be78732816f174c06d303ecb9c0056c01fbb
 2022-05-12 23:10:17 +00:00
Maciej Żenczykowski
4dfce18208 bpfloader: add support for netd_shared and net_private subdirs 
Bug: 218408035
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I613b84342fba7b425fb10af157fe0a6a731b71cb
(cherry picked from commit 7acf938127)
Merged-In: I613b84342fba7b425fb10af157fe0a6a731b71cb
 2022-05-12 10:46:10 +00:00
Android Build Coastguard Worker
1fa926967b Snap for 8494106 from da4f92c3be to tm-release 
Change-Id: I0a39089bc66615785dbc08d03d7585e357829fc2
 2022-04-23 23:10:07 +00:00
Maciej Żenczykowski
da4f92c3be move net_shared bpf programs into net_shared subdirectory 
This is needed due to the other half of this topic getting into tm-dev via automerger via sc-mainline-prod
Also this topic was always meant for T.

Original change: https://android-review.googlesource.com/c/platform/system/bpf/+/2071267

Test: manual
Bug: 218408035
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Merged-In: Id5ef7f3b119743ef26b062068756c4e0f754e694
Change-Id: I6ffab207294946357f3a97685d3eacc75b724e89
 2022-04-23 14:23:07 +00:00
Android Build Coastguard Worker
a29187477a Snap for 8340624 from c8b85f9876 to tm-release 
Change-Id: Id11173e322000816dbc9ce777cdf7ab4eb4291ed
 2022-03-23 01:09:53 +00:00
Florian Mayer
c8b85f9876 Add bpf to hwasan-postsubmit am: d0af44d3d2 am: 335b58fdff am: 464167c1cf 
Original change: https://android-review.googlesource.com/c/platform/system/bpf/+/2032248

Change-Id: Iac1b58318cd3faa210713dd943f7b3eec789bde5
 2022-03-22 19:23:55 +00:00
Florian Mayer
464167c1cf Add bpf to hwasan-postsubmit am: d0af44d3d2 am: 335b58fdff 
Original change: https://android-review.googlesource.com/c/platform/system/bpf/+/2032248

Change-Id: Ia2ac1cf51c2ecb6a85d8be240f30799cbaa25820
 2022-03-22 19:08:48 +00:00
Florian Mayer
335b58fdff Add bpf to hwasan-postsubmit am: d0af44d3d2 
Original change: https://android-review.googlesource.com/c/platform/system/bpf/+/2032248

Change-Id: I4a7811536fb8713304753615d8ab4f6c2a5c4a74
 2022-03-22 18:45:47 +00:00
Florian Mayer
d0af44d3d2 Add bpf to hwasan-postsubmit 
Test: Run tests under HWASan.
Bug: 193568145
Change-Id: I14d7f8d5be1cc533bbd1f2e56c33e21e3769c8f6
 2022-03-18 14:17:27 -07:00
Android Build Coastguard Worker
bc9cfd8d5a Snap for 8303774 from 58950886d8 to tm-release 
Change-Id: I0e574ab5d96e2ec87170d795bad1f435176891df
 2022-03-16 01:09:52 +00:00
Stephane Lee
58950886d8 Add socket filter to allowed programs for vendor and remove tracepoint am: 16c9360b1f am: beadee38ea am: 38cb6fd47a 
Original change: https://android-review.googlesource.com/c/platform/system/bpf/+/2021482

Change-Id: Ia10314a654f5bef3505cd70b4a15be6a4cf3894b
 2022-03-15 07:01:45 +00:00
Stephane Lee
38cb6fd47a Add socket filter to allowed programs for vendor and remove tracepoint am: 16c9360b1f am: beadee38ea 
Original change: https://android-review.googlesource.com/c/platform/system/bpf/+/2021482

Change-Id: I54dac1430b4e30328f246e7b7e95e5b86d1460d5
 2022-03-15 06:26:51 +00:00
Stephane Lee
beadee38ea Add socket filter to allowed programs for vendor and remove tracepoint am: 16c9360b1f 
Original change: https://android-review.googlesource.com/c/platform/system/bpf/+/2021482

Change-Id: Ib9a7541492d766dce41204360f678d554330deae
 2022-03-15 06:01:33 +00:00
Stephane Lee
16c9360b1f Add socket filter to allowed programs for vendor and remove tracepoint 
This also fixes a permissions issue if a non-root user is set. The read
permissions should be set before the file is set as non-root to ensure
that the permissions can be set without error.

Bump the BPF loader version.

Bug: 203462310
Test: Ensure that vendor skfilter bpf programs can load
Change-Id: Ib6b9a64d8652ff464c9d4d734bb8ae351673b6ce
 2022-03-11 00:43:06 +00:00
Android Build Coastguard Worker
cadfe9e5cd Snap for 8283941 from dd591043d8 to tm-release 
Change-Id: I7e00e1defb9f846d04f8af046bb0ea2b4b39f194
 2022-03-10 02:09:49 +00:00
Connor O'Brien
dd591043d8 Include android_filesystem_config.h in mock_bpf_helpers.h am: 2861e3d0f4 am: 13f402ffc3 am: 4fdfdfa5bb 
Original change: https://android-review.googlesource.com/c/platform/system/bpf/+/2017147

Change-Id: Ibc79148660595caa3a8db78d6ba9c7a0c8d576cd
 2022-03-09 21:40:06 +00:00
Connor O'Brien
4fdfdfa5bb Include android_filesystem_config.h in mock_bpf_helpers.h am: 2861e3d0f4 am: 13f402ffc3 
Original change: https://android-review.googlesource.com/c/platform/system/bpf/+/2017147

Change-Id: I548d51cfb2de1d7d95a4801ea24c6802dafd9f59
 2022-03-09 21:18:07 +00:00
Connor O'Brien
13f402ffc3 Include android_filesystem_config.h in mock_bpf_helpers.h am: 2861e3d0f4 
Original change: https://android-review.googlesource.com/c/platform/system/bpf/+/2017147

Change-Id: I3bc70db4ee73339c8bb97dfe06fc2ba479b90a83
 2022-03-09 20:54:36 +00:00
Connor O'Brien
2861e3d0f4 Include android_filesystem_config.h in mock_bpf_helpers.h 
With the addition of special handling for SDK sandbox uids, the UID
definitions provided by this header are needed in order to compile the
mock time_in_state program for testing.

Bug: 219080829
Test: m bpf-time-in-state-tests
Signed-off-by: Connor O'Brien <connoro@google.com>
Change-Id: I92464cf76fb49bcf7490794ed5b7c07d865a7e14
 2022-03-08 17:30:53 -08:00
Android Build Coastguard Worker
446666fabd Snap for 8176975 from 19b9c1959d to tm-release 
Change-Id: I332675bcfa20a3a749ccb76901ca2f62d2e7a18d
 2022-02-12 04:10:31 +00:00
Xin Li
19b9c1959d [automerger skipped] Empty merge of sc-v2-dev-plus-aosp-without-vendor@8084891 am: 5088e7e36e -s ours am: 844b4c6610 -s ours 
am skip reason: Merged-In Id9ac888d5519b2a8663232610d36386cabfe4e94 with SHA-1 d568947cd7 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bpf/+/16843989

Change-Id: I4e71dc91a8df4941e5f20cb2eb54bd62832c6473
 2022-02-11 15:58:59 +00:00
Xin Li
844b4c6610 [automerger skipped] Empty merge of sc-v2-dev-plus-aosp-without-vendor@8084891 am: 5088e7e36e -s ours 
am skip reason: Merged-In Id9ac888d5519b2a8663232610d36386cabfe4e94 with SHA-1 d568947cd7 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bpf/+/16843989

Change-Id: Ia19db15147b0ffe70c9ab7c1f8557f825bd3761d
 2022-02-11 15:41:55 +00:00
Xin Li
5088e7e36e Empty merge of sc-v2-dev-plus-aosp-without-vendor@8084891 
Bug: 214455710
Merged-In: Id9ac888d5519b2a8663232610d36386cabfe4e94
Change-Id: I16dd4452290d8b28bbf525c3d4906ba1b2bfeb9e
 2022-02-11 06:17:33 +00:00
Android Build Coastguard Worker
5a31bd5278 Snap for 8167364 from 91281f587b to tm-release 
Change-Id: I933d94d96a71c61ef3ff9d0c6e50c730d89b4dfc
 2022-02-10 02:11:12 +00:00
Steven Moreland
91281f587b bpfloader: also load from /vendor/etc/bpf/ am: 0f10f3fd9f am: 0b24f88c03 am: 86d7263417 am: bd5ce00628 
Original change: https://android-review.googlesource.com/c/platform/system/bpf/+/1188704

Change-Id: I50221848660430f2cb56af462645ec6346161de0
 2022-02-09 18:33:39 +00:00
Steven Moreland
bd5ce00628 bpfloader: also load from /vendor/etc/bpf/ am: 0f10f3fd9f am: 0b24f88c03 am: 86d7263417 
Original change: https://android-review.googlesource.com/c/platform/system/bpf/+/1188704

Change-Id: I70e01383878ae6e917fbfd867879fcfa1d846ec0
 2022-02-09 18:15:21 +00:00
Steven Moreland
86d7263417 bpfloader: also load from /vendor/etc/bpf/ am: 0f10f3fd9f am: 0b24f88c03 
Original change: https://android-review.googlesource.com/c/platform/system/bpf/+/1188704

Change-Id: I281e99b13703c7a4382a6eee41e7401693f66864
 2022-02-09 18:04:05 +00:00
Steven Moreland
0b24f88c03 bpfloader: also load from /vendor/etc/bpf/ am: 0f10f3fd9f 
Original change: https://android-review.googlesource.com/c/platform/system/bpf/+/1188704

Change-Id: I5e99df4cdc54e29ec5c396319132d809819e3a86
 2022-02-09 17:45:41 +00:00
Android Build Coastguard Worker
8ff87375ab Snap for 8160141 from f29ad00c4f to tm-release 
Change-Id: Ied739d634e6da1c67aecf42c18ee80a46908c6bf
 2022-02-09 02:10:22 +00:00
Steven Moreland
0f10f3fd9f bpfloader: also load from /vendor/etc/bpf/ 
Allow vendors to use bpf programs, but limit to tracepoints
for now (other types of programs, for instance skfilter, aren't
safe to expose, because the kernel gives us limited ways to
control which resources can have BPF programs attached, and
some shared resources only support a single BPF program at an
attach point).

Bug: 140330870
Bug: 162057235
Test: install bpf program to /vendor/etc/bpf/ and use it.
Test: atest libbpf_load_test
Change-Id: I6c876fe52739c38db73689ffd784167e7d35d58a
 2022-02-09 00:59:37 +00:00
Maciej Żenczykowski
8a4bb10403 Merge "remove libbpf_android_headers target" am: 7429fcb842 am: 327faf118f am: a8ec017889 am: 6a46857405 
Original change: https://android-review.googlesource.com/c/platform/system/bpf/+/1976929

Change-Id: I362fdb04544e4fee5ad0615f7eb5c43678cebdeb
 2022-02-08 21:41:01 +00:00
Maciej Żenczykowski
6a46857405 Merge "remove libbpf_android_headers target" am: 7429fcb842 am: 327faf118f am: a8ec017889 
Original change: https://android-review.googlesource.com/c/platform/system/bpf/+/1976929

Change-Id: I0e4f3e0f94838fd911b1c850ed3c912c30e2fd40
 2022-02-08 21:28:37 +00:00
Maciej Żenczykowski
a8ec017889 Merge "remove libbpf_android_headers target" am: 7429fcb842 am: 327faf118f 
Original change: https://android-review.googlesource.com/c/platform/system/bpf/+/1976929

Change-Id: Ie7b46c4a59871b8d4abb02dbea59f216e755b037
 2022-02-08 21:12:28 +00:00
Maciej Żenczykowski
327faf118f Merge "remove libbpf_android_headers target" am: 7429fcb842 
Original change: https://android-review.googlesource.com/c/platform/system/bpf/+/1976929

Change-Id: I71748826874f6e715c80193d3830a337a60e034f
 2022-02-08 21:01:31 +00:00
Maciej Żenczykowski
7429fcb842 Merge "remove libbpf_android_headers target" 2022-02-08 20:40:14 +00:00