diff options
| author | android-build-team Robot <android-build-team-robot@google.com> | 2020-06-25 01:06:38 +0000 |
|---|---|---|
| committer | android-build-team Robot <android-build-team-robot@google.com> | 2020-06-25 01:06:38 +0000 |
| commit | 4cedf7d752f56a575188c0bf350dfe32a9ad9dc5 (patch) | |
| tree | d69000a3f845dd9ef34e9c57599ce5476192e993 | |
| parent | f147c397307c37e2a9ffb681b494d555c10d6079 (diff) | |
| parent | 372cc578d3ab9223014eb62ef407e81df26868ba (diff) | |
| download | bpf-android11-d1-s7-release.tar.gz | |
Snap for 6626136 from 372cc578d3ab9223014eb62ef407e81df26868ba to rvc-d1-releaseandroid-11.0.0_r9android-11.0.0_r8android-11.0.0_r7android-11.0.0_r15android-11.0.0_r14android-11.0.0_r13android-11.0.0_r12android-11.0.0_r11android-11.0.0_r10android11-d1-s7-releaseandroid11-d1-s6-releaseandroid11-d1-s5-releaseandroid11-d1-s1-releaseandroid11-d1-release
Change-Id: I7a1fe6c965f699feac292dee10dac5ef4e0af801
| -rw-r--r-- | bpfloader/bpfloader.rc | 39 |
1 files changed, 30 insertions, 9 deletions
diff --git a/bpfloader/bpfloader.rc b/bpfloader/bpfloader.rc index 836ec63..04d9b81 100644 --- a/bpfloader/bpfloader.rc +++ b/bpfloader/bpfloader.rc @@ -1,5 +1,31 @@ +# zygote-start is what officially starts netd (see //system/core/rootdir/init.rc) +# However, on some hardware it's started from post-fs-data as well, which is just +# a tad earlier. There's no benefit to that though, since on 4.9+ P+ devices netd +# will just block until bpfloader finishes and sets the bpf.progs_loaded property. +# +# It is important that we start bpfloader after: +# - /sys/fs/bpf is already mounted, +# - apex (incl. rollback) is initialized (so that in the future we can load bpf +# programs shipped as part of apex mainline modules) +# - system properties have been set, this is because isBpfSupported() calls +# getUncachedBpfSupportLevel() which depends on +# ro.kernel.ebpf.supported, ro.product.first_api_level & ro.build.version.sdk +# - logd is ready for us to log stuff +# +# At the same time we want to be as early as possible to reduce races and thus +# failures (before memory is fragmented, and cpu is busy running tons of other +# stuff) and we absolutely want to be before netd and the system boot slot is +# considered to have booted successfully. +# +on load_bpf_programs + # Enable the eBPF JIT -- but do note that on 64-bit kernels it is likely + # already force enabled by the kernel config option BPF_JIT_ALWAYS_ON + write /proc/sys/net/core/bpf_jit_enable 1 + # Enable JIT kallsyms export for privileged users only + write /proc/sys/net/core/bpf_jit_kallsyms 1 + start bpfloader + service bpfloader /system/bin/bpfloader - class main capabilities CHOWN SYS_ADMIN # # Set RLIMIT_MEMLOCK to 1GiB for bpfloader @@ -31,11 +57,6 @@ service bpfloader /system/bin/bpfloader # rlimit memlock 1073741824 1073741824 oneshot - -# Need to make sure this runs *before* the bpfloader. -on early-init - # Enable the eBPF JIT -- but do note that it is likely already force enabled - # by the kernel config option BPF_JIT_ALWAYS_ON - write /proc/sys/net/core/bpf_jit_enable 1 - # Enable JIT kallsyms export for privileged users only - write /proc/sys/net/core/bpf_jit_kallsyms 1 + reboot_on_failure reboot,bpfloader-failed + # we're not really updatable, but want to be able to load bpf programs shipped in apexes + updatable |