Commit graph

45 commits

Author SHA1 Message Date
Connor O'Brien
2861e3d0f4 Include android_filesystem_config.h in mock_bpf_helpers.h
With the addition of special handling for SDK sandbox uids, the UID
definitions provided by this header are needed in order to compile the
mock time_in_state program for testing.

Bug: 219080829
Test: m bpf-time-in-state-tests
Signed-off-by: Connor O'Brien <connoro@google.com>
Change-Id: I92464cf76fb49bcf7490794ed5b7c07d865a7e14
2022-03-08 17:30:53 -08:00
Ken Chen
d568947cd7 [NETD-BPF#22] Move a few headers to frameworks/libs/net
BPF headers used by both platform and mainline modules should be in
frameworks/libs/net.

Bug: 202086915
Test: build and boot
Test: cd packages/modules/Connectivity/netd; atest
Change-Id: Id9ac888d5519b2a8663232610d36386cabfe4e94
2021-12-23 09:50:01 +08:00
Maciej Żenczykowski
41661a10e3 add mainline module support for targetting only newer bpfloader versions
This will allow shipping .o's targetting only T and not S devices.

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I651b4442625df9011ff7c5ad283943caae579565
2021-11-18 05:47:24 +00:00
Maciej Żenczykowski
3adb1d5569 rename SEC() to SECTION()
The only purpose of this is to break cut-and-paste of examples
that use SEC() causing people to think things through, look
at Android bpf program examples and use a better macro.

In particular programs with SEC("license") / SEC("maps") need to be
changed to use LICENSE("license") and the map helpers or the map
section is wrong and cannot be correctly parsed by the bpfloader.

Generated via:
  git grep 'SEC\(' | cut -d: -f1-2 | while read i; do mcedit $i; done
and manually editting found locations

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Idb333967e054e096fe74f910a5f8aaf1d6c5dc81
2021-11-18 05:45:21 +00:00
Dmitri Plotnikov
bb05a5c138 Add support for testing of eBPF programs
Bug: 171262763
Test: this is just a header file
Change-Id: Id25846f91d2da698717a9cc0d8d9091022dd7233
2021-07-15 17:06:15 -07:00
Maciej Żenczykowski
36c53ba91e bpf - struct bpf_map_def - add min/max kernel version.
This is also bpfloader v0.2.
Some newer map types (for example DEVMAP) are unusable
on older kernel versions.

Bug: 190519702
Test: atest, TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I085cc723ff1c19d8acc8972a391f894e16dd1875
2021-07-05 18:02:16 -07:00
Maciej Żenczykowski
df91d2b5b2 bpf - add a bunch of static asserts on size/alignment of struct field types
It really turns out that till now we've just been lucky to not have
ever used a 64-bit type.

See also discussion on:
  https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69560
(and other places on the internet)

Bug: 190519702
Test: atest, TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ibe74a6f97bdbba490a7848060d07dc3efcee0e68
2021-07-05 16:56:22 -07:00
Maciej Żenczykowski
0bf9219e07 bpf - move to v0.1 .o struct formatting
We cannot submit this as long as we want current mainline releases
bpf .o objects to be loaded by images with bpfloader v0.0.

Bug: 190519702
Test: atest, TreeHugger - existing bpf programs load
  examination of bpfloader logs
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I157458a4f798e455fb563fad569e20bfde5248fd
2021-07-02 01:17:13 -07:00
Maciej Żenczykowski
a21256dcf1 bpfloader - minor fixups asked for by reviewer
As requested by Bernie on previous commit.

Bug: 190519702
Test: atest, TreeHugger - existing bpf programs load
  examination of bpfloader logs
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I4f5181f371d31dcf52768217ffd2b1b5b772103d
2021-07-02 01:17:13 -07:00
Maciej Żenczykowski
9217eee3df bpf loader improvements for better long term compatibility with mainline
This is bpfLoader v0.1, previously we had no version number,
the version immediately preceding this commit we'll call v0.0.

Versions older than that are either pre-S and don't matter, since
loading mainline eBpf code was only added in S, or are from early
during the S development cycle (ie. pre-March 5th 2021 or earlier)
and simply no longer supported (no need to maintain compatibility).

Bug: 190519702
Test: atest, TreeHugger - existing bpf programs load
  examination of bpfloader logs
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I36fa5b917540be7ea3ecfddc5fe7834e9eb18d88
2021-07-02 03:36:49 +00:00
Maciej Żenczykowski
fd59a4a0a6 bpf_map_def.h - fix no longer correct comment
This is due to changing how many bits are assigned to individual fragments,
which was done to support kernel version 4.9.256.

Test: atest, TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I7f556352beab009cd114e2241f3d7fe6d878a458
2021-03-04 15:47:40 +00:00
Maciej Żenczykowski
30af4b5487 KVER macro - support 4.9.256+ kernel
Instead of doing 16/8/8 bits for major/minor/subver macro,
switch to 8/8/16 bits, since this gives plenty of space:
  - major versions are bumped every few years, so 256 last forever
  - minor versions are bumped every few months (~5-6 per year),
    so 256 lasts for decades, additionally Linus Torvalds doesn't
    like big numbers, and eventually bumps the major instead
  - sub versions are the problematic ones, because they're bumped
    on every LTS security release, however even at one release per day,
    16 bits lasts for 180 years

Note: before this change 4.9.256 was treated as equivalent to 4.10.0.

Luckily all our tests were only ever (by chance) against the LTS release
bases (ie. 4.9.0, 4.14.0, 4.19.0, 5.4.0) and thus we wouldn't have hit
an actually failure until 4.9.(5*256) === 4.14.0 which would have caused
the bpfloader to attempt to load bpf code requiring 4.14 on a 4.9 kernel,
and resulted in failure of device to successfully boot.

Test: atest, TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I0535ce081967af092f3342c0abfd05a1e5028eb6
2021-02-11 16:05:21 -08:00
Bob Badour
dcbf8ca070 [LSC] Add LOCAL_LICENSE_KINDS to system/bpf
Added SPDX-license-identifier-Apache-2.0 to:
  Android.bp
  bpfloader/Android.bp
  libbpf_android/Android.bp
  progs/Android.bp

Bug: 68860345
Bug: 151177513
Bug: 151953481

Test: m all

Exempt-From-Owner-Approval: janitorial work
Change-Id: Ia881b61da1755797085916aab5325375c82ed76e
2021-02-05 01:28:19 -08:00
Maciej Żenczykowski
6b28299441 bpf_helpers - add declaration for bpf_ktime_get_boot_ns()
Test: atest, TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I87f344c779d89cebe9a0d09dc466966ca7fda1a6
2021-01-24 21:01:53 -08:00
Maciej Żenczykowski
b8163155e3 slightly more type safety for bpf_map_{lookup,update,delete}_elem_unsafe
Test: builds
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I808400e624fa96ed72d9a3b1b153b0ce5a84d6f8
2021-01-20 00:06:55 +00:00
Rafal Slawik
2e2e54f8fe Measure total time in state
This measure is not affected by uid removals and is monotonic. That
makes it a good fit for CPU telemetry in statsd.

Bug: 174245730
Test: manually compare total with uid breakdown
Change-Id: I0f04f2ff09d77a4c7d9fe1e2b492f983b61987f6
2021-01-05 18:51:36 +00:00
Dmitri Plotnikov
4f50ca45bc Allow multiple processes' threads tracked at the same time
Bug: 169279846
Test: atest bpf-time-in-state-tests
Change-Id: Ia2aa4dc3d87610651195c5f50d58fc37a9a84a2a
2020-11-23 15:57:02 -08:00
Dmitri Plotnikov
7c31522a0c Use eBPF-based time-in-state monitoring for groups of threads
Bug: 169279846

Test: N/A - this is just a header file
Change-Id: I4beeb127fbd654e3c0a8f70f4f5088c5d7388ece
2020-11-19 10:46:28 -08:00
Maciej Żenczykowski
aa295c8355 implement support for functions which may optionally fail to load
This is useful for critical functions with fallbacks, but
may even be useful for non-critical functions, where a function
in the middle of the file may fail to load, but you still want
other (later) functions to be attempted.

Critical applies to the entire .c file (or to be more correct to
the entire resulting .o).  Optional applies to a specific section
of that .o (ie. a specific individual function).

This new optional attribute is necessary to be able to declare
a .c/.o file critical even if *some* of the individual functions
might fail to load due to missing kernel patches.

(Note: we currently have no way to specify a map as optional)

Critical guarantees that all non-optional programs, and all maps,
have been created, pinned, chowned, and chmoded successfully
(or that they already existed).

For an example of use see:
  system/netd/bpf_progs/offload.c

(while at it also add retrieveProgram() and mapRetrieve{RW,RO,WO}()
 helpers to BpfUtils.h)

Test: builds, atest, see paired netd change for extra details
Bug: 150040815
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I50b292c061b05fc8f4b4b8574f128345c45c78db
2020-06-17 10:44:19 +00:00
Maciej Żenczykowski
4ba8c1c1ac allow tagging a bpf .o as critical
This does not yet do anything with this information besides logging it.

Test: builds
  $ adb logcat -s -d LibBpfLoader:D | egrep Loading
  06-14 22:52:48.657   430   430 D LibBpfLoader: Loading critical for netd ELF object /system/etc/bpf/offload.o with license Apache 2.0
  06-14 22:52:48.682   430   430 D LibBpfLoader: Loading optional ELF object /system/etc/bpf/time_in_state.o with license GPL
  06-14 22:52:48.729   430   430 D LibBpfLoader: Loading critical for netd ELF object /system/etc/bpf/clatd.o with license Apache 2.0
  06-14 22:52:48.767   430   430 D LibBpfLoader: Loading critical for netd ELF object /system/etc/bpf/netd.o with license Apache 2.0
  06-14 22:53:26.052  2605  2605 D LibBpfLoader: Loading optional ELF object /data/local/tmp/32/kern.o with license Apache 2.0
  06-14 22:54:26.070  2605  2605 D LibBpfLoader: Loading optional ELF object /data/local/tmp/32/kern.o with license Apache 2.0
Bug: 150040815
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ie07549528800d6d7c5ff7f12b859702113d7194e
2020-06-15 06:34:51 +00:00
Tom Cherry
c6ada47bc7 Merge "Remove EXCLUDE_FS_CONFIG_STRUCTURES" 2020-04-03 14:36:58 +00:00
Maciej Żenczykowski
410ebe0c75 add LICENSE() macro
Test: builds
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I46db3e87e87b8237f4bbf53aa345826826ddb46d
2020-03-19 19:39:07 -07:00
Tom Cherry
b2891eed16 Remove EXCLUDE_FS_CONFIG_STRUCTURES
This is no longer needed

Bug: 149785767
Test: build
Change-Id: Ic4c8f23dc5b9dbebfeee0820d007fd46919834b4
2020-03-04 13:42:06 -08:00
Maciej Żenczykowski
07375e26a3 add support for marking ebpf programs as being only for some kernel versions
Some ebpf code cannot be loaded on too old kernels.

Sometimes we want a different - more advanced - version of an ebpf program
to be loaded on a newer kernel.

Test: build, atest
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I9e93e7246951916e6d60544575337a7a19c82886
2020-02-19 15:46:23 -08:00
Maciej Żenczykowski
56bf76bbab Pull AID_* constants from shared location.
Test: build, atest
Bug: 149434314
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Iadfc7fbbfcb561e7cfafaa5806939c9f69f43d59
2020-02-18 15:21:35 -08:00
Maciej Żenczykowski
62a4dddbba add DEFINE_BPF_MAP_GWO macro for group write-only maps
Test: build, atest
Bug: 138317993
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I0b2bed9eb94e0aeaca79b5476c6e91484c7e1847
2020-02-18 14:30:39 -08:00
Connor O'Brien
3278a1634b bpfloader: add option to set owner & group for pinned programs
Unlike maps, BPF programs currently have no natural place to declare
metadata like their desired owner & group. Add a bpf_prog_def struct
to allow setting these, located in a new "progs" section, and update
bpfloader to chown pinned programs appropriately based on this
information.
Add a #DEFINE_BPF_PROG macro to simplify adding this data for
programs. The struct name is the name of the corresponding function
with "_def" appended, which bpfloader uses to correlate a bpf_map_def
with the correct program.
Also have bpfloader set mode to 0440 for all programs, since only read
access should ever be needed

Bug: 149434314
Test: load a program that uses DEFINE_BPF_PROG and check that owner &
group are set as expected
Change-Id: I914c355f114368fe53de2c7f272d877463cba461
Signed-off-by: Connor O'Brien <connoro@google.com>
2020-02-14 23:28:44 +00:00
Maciej Żenczykowski
83f2977da8 add bpf_map_def support for setting uid/gid/mode
Test: build, atest, adb shell ls -lZ /sys/fs/bpf
Bug: 149434314
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ie4001fbe16b4bc84fc8ec7138ae4928cd86f5ce7
2020-02-14 23:28:26 +00:00
Maciej Żenczykowski
6f87896bdf bpfloader - add AID_* constants to bpf_map_def.h
Test: build, atest
Bug: 149434314
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I607f304a7e7bd76b8ce33489f9e239596f4d7398
2020-02-14 23:27:45 +00:00
Maciej Żenczykowski
730a3860c2 refactor bpf_map_def into a single header file
Test: build, atest
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Iafd6016f4f24cc8fa263939c67e1a096aa91b125
2020-01-29 08:41:26 +00:00
Maciej Żenczykowski
0bfbf665b9 bpf_helpers - add more const annotations
Keys and values passed in to lookup/update/delete are not modified.

Test: builds
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I222615af7695f41bfb59c872c7368829631c08a9
2020-01-24 18:53:10 -08:00
Connor O'Brien
85087ae737 bpf: move time in state struct definitions into a single shared header
Key and value formats for time in state related BPF maps currently
have to be kept in sync between the BPF prog and
libtimeinstate. Add a new bpf_timeinstate.h header file in a directory
that already gets added to the include path for BPF progs, and add
this file to a cc_library_headers module so it can be used from
libtimeinstate as well.

Test: build libtimeinstate and time_in_state.o
Bug: 138317993
Change-Id: Ic56b2b64746f2211f3c802e074339750f26303c0
Merged-In: Ic56b2b64746f2211f3c802e074339750f26303c0
Signed-off-by: Connor O'Brien <connoro@google.com>
(cherry picked from commit badb20f528)
2019-11-13 21:58:27 -08:00
Maciej Żenczykowski
2ff3b5c0f4 move networking bpf helpers to system/netd
Test: build, atest
Bug: 141532657
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: If7b13a80d3db07da7c540dc7661e92ea8e0ad8c8
2019-10-31 01:04:49 -07:00
Maciej Żenczykowski
c1d2e029f4 bpf_helpers.h - change unsafe_bpf_map_* to bpf_map_*_unsafe
Test: treehugger will, plus no other references found by:
  repo grep 'unsafe_bpf_map_(lookup|update|delete)_elem'
Bug: 132703771
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I59b8fe8f5a00fd005f466f8f2177a2e01cff58aa
2019-05-14 14:48:58 -07:00
Maciej Żenczykowski
28296961f6 Reapply "Provide a macro to define a map along with type safe accessors"
This reverts commit 4f3298db93.

Change-Id: Ibf410a56ec69ccc2c14591edcc8b9ede2a410bb4
2019-04-20 11:02:33 +00:00
Maciej Żenczykowski
4f3298db93 Revert "Provide a macro to define a map along with type safe accessors"
This reverts commit 6564b8eac4.
2019-04-19 21:46:04 -07:00
Maciej Żenczykowski
6564b8eac4 Provide a macro to define a map along with type safe accessors
Test: atest libbpf_android_test libnetdbpf_test netd_integration_test netd_unit_test netdutils_test resolv_integration_test resolv_unit_test
Bug: 130746652
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ib7a351ff876891a2296e32deebd0308ff9c7fcc8
2019-04-19 11:14:24 -07:00
Joel Fernandes
1b8962af4c Add support for the bpf_probe_read_str bpf function
This is needed for the iorapd project (i/o readahead).

Change-Id: If6a3de682296bbce0fc808a0eced6bd778106292
Signed-off-by: Joel Fernandes <joelaf@google.com>
2019-04-17 15:37:18 +00:00
Maciej Żenczykowski
e1153fd1da bpf_helpers.h - define more kernel provided functions
Test: builds
Bug: 65674744
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I88dcaf5edf61b780666f346e963a7417c04c97ec
2019-04-02 04:04:02 -07:00
Chenbo Feng
47e92158ca Move netd specific program back to netd
For the eBPF programs that only related to networking, move them back
to netd so for the future changes in networking eBPF area, there is not
need to make changes in both netd project and bpf project.

Bug: 112334572
Test: mmma -j32 system/bpf
Change-Id: Icd0efd165c60c055a00fe88705a0c8070c0d22f5
2019-02-26 15:41:00 -08:00
Joel Fernandes (Google)
14ba88881f netd: Use common BPF helper for C program
The BPF helper is moved into system/bpf/include/ and is available
to all BPF programs in the include search path. Make use of it.

Only minor refactor, no functional change.

Bug: 122665156
Change-Id: Ib5b495aff83874d39abe3640fb369b2ff92b3239
Signed-off-by: Joel Fernandes <joelaf@google.com>
2019-02-12 17:20:20 -05:00
Chenbo Feng
ef6d45e7cf Add bpf program to control socket creation
For new kernel that support cgroup socket filter, use bpf programs to
control the creation of inet socket.

Bug: 111560570
Bug: 111560739
Test: dumpsys netd trafficcontroller
Change-Id: I94efcdccfcd17f08c731caa700ea5797f2f56e7d
2019-01-29 18:58:03 -08:00
Chenbo Feng
5aee2f14a5 Add cgroup socket bpf kernel program support
Add support for cgroup socket filter program loading in bpfloader,
and create a uid permission map to store the uids that have INTERNET
permission.

Bug: 111560570
Bug: 111560739
Test: dumpsys netd trafficcontroller

Change-Id: I658f533d302cb594d7b36d4a3a2a70e394874c33
2019-01-28 15:21:59 -08:00
Chenbo Feng
9cd8f14ed0 Do not take cumulative network stats anymore
Use two maps to record the details of network stats and swap and clean
up after system server pulls the stats. The kernel program checks the
bpf map currently enabled before updating the stats and updates on the
corresponding map. Remove the TAG_STATS_MAP since we don't need to worry
about uid stats overflow problem. All the stats can be stored in the
same map until system server scrapes the stats and clean it up.

Bug: 79171384
Test: dumpsys netd trafficcontroller
      CtsUsageStatsTestCases

Change-Id: Ic79e382f51bf21eee78c4cac5a8a97edaf3654cd
2019-01-22 18:40:10 -08:00
Chenbo Feng
c1dd7648b1 New bpfloader netd kernel program
Change the netd bpf program to the new format. Adding map definition and
necessary helper functions to the kernel program code. Move the netd bpf
programs out of bpfloader to a new directory.

Test: dumpsys netd trafficcontroller
Bug: 112334572
Change-Id: I9287285d188e966193532b1522b5d3e67e32e930
2019-01-07 20:17:42 -05:00