Merge "bpfloader - allow writeProcSysFile failure on misconfigured kernels"

1 files changed, 7 insertions, 3 deletions

diff --git a/bpfloader/BpfLoader.cpp b/bpfloader/BpfLoader.cpp
index 34c88bd..a7748a2 100644
--- a/bpfloader/BpfLoader.cpp
+++ b/bpfloader/BpfLoader.cpp
@@ -264,15 +264,19 @@ int main(int argc, char** argv) {
         android::bpf::isAtLeastKernelVersion(5, 13, 0)) return 1;
 
     // Enable the eBPF JIT -- but do note that on 64-bit kernels it is likely
-    // already force enabled by the kernel config option BPF_JIT_ALWAYS_ON
+    // already force enabled by the kernel config option BPF_JIT_ALWAYS_ON.
     // (Note: this (open) will fail with ENOENT 'No such file or directory' if
     //  kernel does not have CONFIG_BPF_JIT=y)
-    if (writeProcSysFile("/proc/sys/net/core/bpf_jit_enable", "1\n")) return 1;
+    // BPF_JIT is required by R VINTF (which means 4.14/4.19/5.4 kernels),
+    // but 4.14/4.19 were released with P & Q, and only 5.4 is new in R+.
+    if (writeProcSysFile("/proc/sys/net/core/bpf_jit_enable", "1\n") &&
+        android::bpf::isAtLeastKernelVersion(5, 4, 0)) return 1;
 
     // Enable JIT kallsyms export for privileged users only
     // (Note: this (open) will fail with ENOENT 'No such file or directory' if
     //  kernel does not have CONFIG_HAVE_EBPF_JIT=y)
-    if (writeProcSysFile("/proc/sys/net/core/bpf_jit_kallsyms", "1\n")) return 1;
+    if (writeProcSysFile("/proc/sys/net/core/bpf_jit_kallsyms", "1\n") &&
+        android::bpf::isAtLeastKernelVersion(5, 4, 0)) return 1;
 
     // This is ugly... but this allows InProcessTethering which runs as system_server,
     // instead of as network_stack to access /sys/fs/bpf/tethering, which would otherwise