diff options
author | Treehugger Robot <treehugger-gerrit@google.com> | 2022-12-14 09:36:57 +0000 |
---|---|---|
committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2022-12-14 09:36:57 +0000 |
commit | 4a7ca6f2b1735c9df17bba1c7b0709274dcbe6f7 (patch) | |
tree | b1ce385471ba72008b7a5c7045ad9213c0ff5cb2 | |
parent | 98ac2b9ffd858540f57be26c36e640ea80efcb1a (diff) | |
parent | 8aa34a756c4f8af1d52e62c3e25d1f104b6f348b (diff) | |
download | bpf-4a7ca6f2b1735c9df17bba1c7b0709274dcbe6f7.tar.gz |
Merge "bpfloader - allow writeProcSysFile failure on misconfigured kernels"
-rw-r--r-- | bpfloader/BpfLoader.cpp | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/bpfloader/BpfLoader.cpp b/bpfloader/BpfLoader.cpp index 34c88bd..a7748a2 100644 --- a/bpfloader/BpfLoader.cpp +++ b/bpfloader/BpfLoader.cpp @@ -264,15 +264,19 @@ int main(int argc, char** argv) { android::bpf::isAtLeastKernelVersion(5, 13, 0)) return 1; // Enable the eBPF JIT -- but do note that on 64-bit kernels it is likely - // already force enabled by the kernel config option BPF_JIT_ALWAYS_ON + // already force enabled by the kernel config option BPF_JIT_ALWAYS_ON. // (Note: this (open) will fail with ENOENT 'No such file or directory' if // kernel does not have CONFIG_BPF_JIT=y) - if (writeProcSysFile("/proc/sys/net/core/bpf_jit_enable", "1\n")) return 1; + // BPF_JIT is required by R VINTF (which means 4.14/4.19/5.4 kernels), + // but 4.14/4.19 were released with P & Q, and only 5.4 is new in R+. + if (writeProcSysFile("/proc/sys/net/core/bpf_jit_enable", "1\n") && + android::bpf::isAtLeastKernelVersion(5, 4, 0)) return 1; // Enable JIT kallsyms export for privileged users only // (Note: this (open) will fail with ENOENT 'No such file or directory' if // kernel does not have CONFIG_HAVE_EBPF_JIT=y) - if (writeProcSysFile("/proc/sys/net/core/bpf_jit_kallsyms", "1\n")) return 1; + if (writeProcSysFile("/proc/sys/net/core/bpf_jit_kallsyms", "1\n") && + android::bpf::isAtLeastKernelVersion(5, 4, 0)) return 1; // This is ugly... but this allows InProcessTethering which runs as system_server, // instead of as network_stack to access /sys/fs/bpf/tethering, which would otherwise |