This is useful for critical functions with fallbacks, but
may even be useful for non-critical functions, where a function
in the middle of the file may fail to load, but you still want
other (later) functions to be attempted.
Critical applies to the entire .c file (or to be more correct to
the entire resulting .o). Optional applies to a specific section
of that .o (ie. a specific individual function).
This new optional attribute is necessary to be able to declare
a .c/.o file critical even if *some* of the individual functions
might fail to load due to missing kernel patches.
(Note: we currently have no way to specify a map as optional)
Critical guarantees that all non-optional programs, and all maps,
have been created, pinned, chowned, and chmoded successfully
(or that they already existed).
For an example of use see:
system/netd/bpf_progs/offload.c
(while at it also add retrieveProgram() and mapRetrieve{RW,RO,WO}()
helpers to BpfUtils.h)
Test: builds, atest, see paired netd change for extra details
Bug: 150040815
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I50b292c061b05fc8f4b4b8574f128345c45c78db
Reasoning: critical load failures for netd bpf programs will just result
in unpredictable behaviour later on. For example netd/systemserver
crash loops.
Test: builds
Bug: 150040815
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Iefa01e60cd0a9a223e96411726a199bfb4857a5a
... which also means waitForProgsLoaded() has to be a no-op on pre-bpf devices.
This is more consistent: it's weird to have bpf.progs_loaded set on a 4.4 device.
Test: builds, atest
Bug: 150040815
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Iddabcf56c187ea518dd2e4d8db451b2f6902aa8e
Repositories containing third-party code need a METADATA and a
license_type. Repositories containing only first-party code no longer
need a MODULE_LICENSE_* file.
Bug: 68860345
Bug: 69058154
Bug: 151953481
Test: no code changes
Change-Id: I9abe7458b9bcbcce3217eaff3033116e3f0aeb44
Fixes:
system/bpf/libbpf_android/include/bpf/BpfMap.h:132:10: warning: operator=() does not handle self-assignment properly [cert-oop54-cpp]
void operator=(const BpfMap<Key, Value>& other) {
^
Matches the self-assignment check from
https://clang.llvm.org/extra/clang-tidy/checks/bugprone-unhandled-self-assignment.html
This isn't needed here, since the code was already correct, but
it does prevent a pointless newfd = dup(fd); close(fd); sequence.
Test: builds
Bug: 153035880
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ia57f95d4ab180783c97db7e6f8d929f822c8958d
Fixes:
system/bpf/libbpf_android/Loader.cpp:557:49: warning: 'find_last_of' called with a string literal consisting of a single character; consider using the more effective overload accepting a character [performance-faster-string-find]
name = name.substr(0, name.find_last_of("$"));
^~~
'$'
Test: builds
Bug: 153035880
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Iea62a59380c155796a7fa2ac4ca3352f9236ba98
bpf program section names must be unique to prevent programs from
appending to each other, so instead the bpf loader will strip
everything past the final $ symbol when actually pinning
the program into the filesystem.
While at it add a little bit more logging.
Example on aosp cuttlefish 5.4.30 virtual device:
D LibBpfLoader: bpf_prog_load lib call for /system/etc/bpf/offload.o (schedcls_ingress_tether_ether) returned fd: 8 (no error)
D LibBpfLoader: cs[1].name:schedcls_ingress_tether_rawip$stub min_kver:0 .max_kver:40e00 (kvers:5041e)
D LibBpfLoader: cs[2].name:schedcls_ingress_tether_rawip$4_14 min_kver:40e00 .max_kver:ffffffff (kvers:5041e)
D LibBpfLoader: bpf_prog_load lib call for /system/etc/bpf/offload.o (schedcls_ingress_tether_rawip$4_14) returned fd: 9 (no error)
I bpfloader: Attempted load object: /system/etc/bpf/offload.o, ret: Success
$ adb shell ls -l /sys/fs/bpf | egrep offload
-rw-rw---- 1 root network_stack 0 2020-04-22 01:27 map_offload_tether_ingress_map
-rw-rw---- 1 root network_stack 0 2020-04-22 01:27 map_offload_tether_stats_map
-r--r----- 1 root root 0 2020-04-22 01:27 prog_offload_schedcls_ingress_tether_ether
-r--r----- 1 root root 0 2020-04-22 01:27 prog_offload_schedcls_ingress_tether_rawip
Test: builds, atest, proper program loaded on 5.4.30 aosp cuttlefish
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Id3fcb8e2a6b0087f704e77726e9961efc6145739
This allows a launched on Android O device but now running
a 4.9-P+ kernel to declare itself as ebpf capable.
This will eliminate a whole class of waivers.
Test: atest
Bug: 151753987
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I4c860991abc252919283d6c17a5ff70915d14dd7
Devices launching with Android 'X' must have one of the following kernels:
O: 3.18 4.4 4.9
P: 4.4 4.9 4.14
Q: 4.9 4.14 4.19
R: 4.14 4.19 5.4
You can see this by looking at:
https://android.googlesource.com/kernel/configs/+/refs/heads/master
where the main directory is currently R (api level 30) and the subdirs for:
O (26), O-MR1 (27), P (28), and Q (29)
As such running a 'Y' kernel is proof of being at least Android 'X':
4.9 is O+
4.14 is P+
4.19 is Q+
5.4 is R+
And we know Android P VINTF has always required eBPF support from its
kernels. As such we can reorder the checks, to check kernel prior
to checking first_api_level.
This is *theoretically* a no-op.
But of course in practice it will actually fix a number of issues:
- Devices which launched on O with a 4.9 kernel but have been upgraded
to a 4.14-Q kernel and thus now support ebpf and don't support xt_qtaguid,
this will hopefully eliminate the need for test waivers...
- Devices during turn up where they're on a 4.19 kernel, targetting R,
and yet somehow still erroneously reporting a first_api_level of 26 (O),
this will hopefully eliminate some crash bugs.
Test: atest
Bug: 151753987
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I7eaca016d0f77e5f320b499ac428987e23a6d184
