diff options
author | Maciej Żenczykowski <maze@google.com> | 2022-12-12 00:15:53 +0000 |
---|---|---|
committer | Maciej Żenczykowski <maze@google.com> | 2022-12-12 00:22:27 +0000 |
commit | 052cda1973d89c54f0da4cb6db3116a61243d00b (patch) | |
tree | 775dfb7527b345d07ad6da7f912453f25e18973c | |
parent | b909fed62affbc89ce5d98065d3144de319c102a (diff) | |
download | bpf-052cda1973d89c54f0da4cb6db3116a61243d00b.tar.gz |
bpfloader - add writeProcSysFile failure mode comment
as discovered on some sunfish 4.14 kernels
Note that CONFIG_BPF_JIT=y is required for 4.14-r,
but sunfish was 4.14-q and thus missed VINTF enforcement of this
(it was enabled for b1c1[blueline/crosshatch]/bonito & floral[flame/coral]).
Bug: 262115216
Test: N/A, comment only
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: If6ee9f7f9e449526602fd0e5cffd49f132e681a2
-rw-r--r-- | bpfloader/BpfLoader.cpp | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/bpfloader/BpfLoader.cpp b/bpfloader/BpfLoader.cpp index 313b097..1ad5a7d 100644 --- a/bpfloader/BpfLoader.cpp +++ b/bpfloader/BpfLoader.cpp @@ -264,9 +264,13 @@ int main(int argc, char** argv) { // Enable the eBPF JIT -- but do note that on 64-bit kernels it is likely // already force enabled by the kernel config option BPF_JIT_ALWAYS_ON + // (Note: this (open) will fail with ENOENT 'No such file or directory' if + // kernel does not have CONFIG_BPF_JIT=y) if (writeProcSysFile("/proc/sys/net/core/bpf_jit_enable", "1\n")) return 1; // Enable JIT kallsyms export for privileged users only + // (Note: this (open) will fail with ENOENT 'No such file or directory' if + // kernel does not have CONFIG_HAVE_EBPF_JIT=y) if (writeProcSysFile("/proc/sys/net/core/bpf_jit_kallsyms", "1\n")) return 1; // This is ugly... but this allows InProcessTethering which runs as system_server, |