Age | Commit message (Collapse) | Author |
|
Bug: 190519702
Test: atest bpf_module_test, TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Original-Change: https://android-review.googlesource.com/1756850
Merged-In: I772c918d162440de6cc492b2faeafe03340fca11
Change-Id: I772c918d162440de6cc492b2faeafe03340fca11
|
|
This is also bpfloader v0.2.
Some newer map types (for example DEVMAP) are unusable
on older kernel versions.
Bug: 190519702
Test: atest, TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Original-Change: https://android-review.googlesource.com/1756575
Merged-In: I085cc723ff1c19d8acc8972a391f894e16dd1875
Change-Id: I085cc723ff1c19d8acc8972a391f894e16dd1875
|
|
As requested by Bernie on previous commit.
Bug: 190519702
Test: atest, TreeHugger - existing bpf programs load
examination of bpfloader logs
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Original-Change: https://android-review.googlesource.com/1754722
Merged-In: I4f5181f371d31dcf52768217ffd2b1b5b772103d
Change-Id: I4f5181f371d31dcf52768217ffd2b1b5b772103d
|
|
This is bpfLoader v0.1, previously we had no version number,
the version immediately preceding this commit we'll call v0.0.
Versions older than that are either pre-S and don't matter, since
loading mainline eBpf code was only added in S, or are from early
during the S development cycle (ie. pre-March 5th 2021 or earlier)
and simply no longer supported (no need to maintain compatibility).
Bug: 190519702
Test: atest, TreeHugger - existing bpf programs load
examination of bpfloader logs
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Original-Change: https://android-review.googlesource.com/1754794
Merged-In: I36fa5b917540be7ea3ecfddc5fe7834e9eb18d88
Change-Id: I36fa5b917540be7ea3ecfddc5fe7834e9eb18d88
|
|
Basically:
<4.14: DEVMAP -> ARRAY
<5.4: DEVMAP_HASH -> HASH
See added comments for explanation of why, but basically:
This allows our bpf program .o files to load maps on all kernel versions,
even if those map types are not supported by the kernel.
This avoids the need for code that conditionally creates maps based on
kernel version. Any program that actually attempts to use one of these
maps will fail to load, but programs are already loaded conditionally
based on kernel version so this is not a problem.
Test: atest, TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I1a1d73b68de3606423de078fddb224402621e154
|
|
This slightly improves error logging.
(also fd == 0 is not an error condition)
Test: atest, TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I135e7405c508951fba632c634bc4e2d2161fc940
|
|
Test: atest, TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I2f0035f2622ca2a8c10d29caff912f3f895f2607
|
|
Test: atest, TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I662714ee4faa6485d2ba7bbcbc8e34c76e37b091
|
|
This makes it harder for system and mainline bpf programs to
conflict with each other, thus enabling easier mainline module
updates.
Test: builds and boots, atest, TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ic1b69bb1ddc4a10bd4861dadbd6b97e2520c532d
|
|
Test: builds, atest, TreeHugger
Bug: 167500195
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ifcc6ff2b2293b7585f20108ad849408ed9af4538
|
|
(clang-analyzer-deadcode.DeadStores)
//system/bpf/libbpf_android:libbpf_android clang-tidy Loader.cpp
system/bpf/libbpf_android/Loader.cpp:133:5: warning: Value stored to 'entries' is never read [clang-analyzer-deadcode.DeadStores]
entries = shTable.size();
^
system/bpf/libbpf_android/Loader.cpp:133:5: note: Value stored to 'entries' is never read
Test: builds without warnings
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I548976b59d44a51e992c9520e730fc9dae82fce2
|
|
Tested via:
packages/modules/Connectivity/Tethering/Tethering/bpf_progs/offload.c:
+DEFINE_BPF_PROG_KVER("xdp/test", AID_ROOT, AID_ROOT,
+ xdp_test, KVER(5, 10, 0))
+(struct xdp_md *ctx) {
+ return XDP_PASS;
+}
vsoc_x86:/ # ip link show dev lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
vsoc_x86:/ # ip link set dev lo xdp pinned /sys/fs/bpf/prog_offload_xdp_test
vsoc_x86:/ # ip link show dev lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 xdpgeneric qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
prog/xdp id 3 tag 3b185187f1855c4c jited
vsoc_x86:/ # ip link set dev lo xdp off
vsoc_x86:/ # ip link show dev lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
Test: atest, TreeHugger
Bug: 167540099
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I7472d6d8120344abde9ea0f44c59a46f30da77f1
|
|
07-21 01:39:43.946 26835 26835 E LibBpfLoader: No progs section could be found in elf object
07-21 01:39:43.951 26835 26835 I bpfloader: Loaded object: /system/etc/bpf/clatd.o
07-21 01:39:43.955 26835 26835 I bpfloader: Loaded object: /system/etc/bpf/offload.o
07-21 01:39:43.958 26835 26835 I bpfloader: Loaded object: /system/etc/bpf/time_in_state.o
07-21 01:39:43.967 26835 26835 I bpfloader: Loaded object: /system/etc/bpf/netd.o
Test: build, atest
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ie8413509f76741a66a4b00f0131a58e7ebdbae3f
|
|
Logging every 5s isn't actually useful and it just gets the important stuff out
of log buffers.
Test: adb logcat -s 'bpfloader:D' 'BpfUtils:D' 'LibBpfLoader:D'
...
06-17 01:02:34.205 433 433 E bpfloader: --- DO NOT EXPECT SYSTEM TO BOOT SUCCESSFULLY ---
06-17 01:02:38.103 335 335 W LibBpfLoader: Waited 5s for bpf.progs_loaded, still waiting...
06-17 01:02:48.104 335 335 W LibBpfLoader: Waited 10s for bpf.progs_loaded, still waiting...
06-17 01:03:08.104 335 335 W LibBpfLoader: Waited 20s for bpf.progs_loaded, still waiting...
06-17 01:04:12.226 335 335 W LibBpfLoader: Waited 60s for bpf.progs_loaded, still waiting...
06-17 01:04:17.628 1324 1324 W LibBpfLoader: Waited 5s for bpf.progs_loaded, still waiting...
06-17 01:04:27.629 1324 1324 W LibBpfLoader: Waited 10s for bpf.progs_loaded, still waiting...
06-17 01:04:47.629 1324 1324 W LibBpfLoader: Waited 20s for bpf.progs_loaded, still waiting...
06-17 01:05:50.163 1324 1324 W LibBpfLoader: Waited 60s for bpf.progs_loaded, still waiting...
06-17 01:05:55.551 1741 1741 W LibBpfLoader: Waited 5s for bpf.progs_loaded, still waiting...
Bug: 150040815
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I77b82bf44141df8ffab1d11d01a89c3927fbe827
|
|
This is useful for critical functions with fallbacks, but
may even be useful for non-critical functions, where a function
in the middle of the file may fail to load, but you still want
other (later) functions to be attempted.
Critical applies to the entire .c file (or to be more correct to
the entire resulting .o). Optional applies to a specific section
of that .o (ie. a specific individual function).
This new optional attribute is necessary to be able to declare
a .c/.o file critical even if *some* of the individual functions
might fail to load due to missing kernel patches.
(Note: we currently have no way to specify a map as optional)
Critical guarantees that all non-optional programs, and all maps,
have been created, pinned, chowned, and chmoded successfully
(or that they already existed).
For an example of use see:
system/netd/bpf_progs/offload.c
(while at it also add retrieveProgram() and mapRetrieve{RW,RO,WO}()
helpers to BpfUtils.h)
Test: builds, atest, see paired netd change for extra details
Bug: 150040815
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I50b292c061b05fc8f4b4b8574f128345c45c78db
|
|
failure.
Reasoning: critical load failures for netd bpf programs will just result
in unpredictable behaviour later on. For example netd/systemserver
crash loops.
Test: builds
Bug: 150040815
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Iefa01e60cd0a9a223e96411726a199bfb4857a5a
|
|
This does not yet do anything with this information besides logging it.
Test: builds
$ adb logcat -s -d LibBpfLoader:D | egrep Loading
06-14 22:52:48.657 430 430 D LibBpfLoader: Loading critical for netd ELF object /system/etc/bpf/offload.o with license Apache 2.0
06-14 22:52:48.682 430 430 D LibBpfLoader: Loading optional ELF object /system/etc/bpf/time_in_state.o with license GPL
06-14 22:52:48.729 430 430 D LibBpfLoader: Loading critical for netd ELF object /system/etc/bpf/clatd.o with license Apache 2.0
06-14 22:52:48.767 430 430 D LibBpfLoader: Loading critical for netd ELF object /system/etc/bpf/netd.o with license Apache 2.0
06-14 22:53:26.052 2605 2605 D LibBpfLoader: Loading optional ELF object /data/local/tmp/32/kern.o with license Apache 2.0
06-14 22:54:26.070 2605 2605 D LibBpfLoader: Loading optional ELF object /data/local/tmp/32/kern.o with license Apache 2.0
Bug: 150040815
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ie07549528800d6d7c5ff7f12b859702113d7194e
|
|
... which also means waitForProgsLoaded() has to be a no-op on pre-bpf devices.
This is more consistent: it's weird to have bpf.progs_loaded set on a 4.4 device.
Test: builds, atest
Bug: 150040815
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Iddabcf56c187ea518dd2e4d8db451b2f6902aa8e
|
|
performance-inefficient-string-concatenation warning
Fixes:
system/bpf/libbpf_android/Loader.cpp:562:73: warning: string concatenation results in allocation of unnecessary temporary strings; consider using 'operator+=' or 'string::append()' instead [performance-inefficient-string-concatenation]
string progPinLoc = string(BPF_FS_PATH) + "prog_" + fname + "_" + name;
^
Test: builds
Bug: 153035880
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: If56405273b4904e632a4b3a465b79eecae4c1446
|
|
Fixes:
system/bpf/libbpf_android/Loader.cpp:557:49: warning: 'find_last_of' called with a string literal consisting of a single character; consider using the more effective overload accepting a character [performance-faster-string-find]
name = name.substr(0, name.find_last_of("$"));
^~~
'$'
Test: builds
Bug: 153035880
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Iea62a59380c155796a7fa2ac4ca3352f9236ba98
|
|
bpf program section names must be unique to prevent programs from
appending to each other, so instead the bpf loader will strip
everything past the final $ symbol when actually pinning
the program into the filesystem.
While at it add a little bit more logging.
Example on aosp cuttlefish 5.4.30 virtual device:
D LibBpfLoader: bpf_prog_load lib call for /system/etc/bpf/offload.o (schedcls_ingress_tether_ether) returned fd: 8 (no error)
D LibBpfLoader: cs[1].name:schedcls_ingress_tether_rawip$stub min_kver:0 .max_kver:40e00 (kvers:5041e)
D LibBpfLoader: cs[2].name:schedcls_ingress_tether_rawip$4_14 min_kver:40e00 .max_kver:ffffffff (kvers:5041e)
D LibBpfLoader: bpf_prog_load lib call for /system/etc/bpf/offload.o (schedcls_ingress_tether_rawip$4_14) returned fd: 9 (no error)
I bpfloader: Attempted load object: /system/etc/bpf/offload.o, ret: Success
$ adb shell ls -l /sys/fs/bpf | egrep offload
-rw-rw---- 1 root network_stack 0 2020-04-22 01:27 map_offload_tether_ingress_map
-rw-rw---- 1 root network_stack 0 2020-04-22 01:27 map_offload_tether_stats_map
-r--r----- 1 root root 0 2020-04-22 01:27 prog_offload_schedcls_ingress_tether_ether
-r--r----- 1 root root 0 2020-04-22 01:27 prog_offload_schedcls_ingress_tether_rawip
Test: builds, atest, proper program loaded on 5.4.30 aosp cuttlefish
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Id3fcb8e2a6b0087f704e77726e9961efc6145739
|
|
Some ebpf code cannot be loaded on too old kernels.
Sometimes we want a different - more advanced - version of an ebpf program
to be loaded on a newer kernel.
Test: build, atest
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I9e93e7246951916e6d60544575337a7a19c82886
|
|
Unlike maps, BPF programs currently have no natural place to declare
metadata like their desired owner & group. Add a bpf_prog_def struct
to allow setting these, located in a new "progs" section, and update
bpfloader to chown pinned programs appropriately based on this
information.
Add a #DEFINE_BPF_PROG macro to simplify adding this data for
programs. The struct name is the name of the corresponding function
with "_def" appended, which bpfloader uses to correlate a bpf_map_def
with the correct program.
Also have bpfloader set mode to 0440 for all programs, since only read
access should ever be needed
Bug: 149434314
Test: load a program that uses DEFINE_BPF_PROG and check that owner &
group are set as expected
Change-Id: I914c355f114368fe53de2c7f272d877463cba461
Signed-off-by: Connor O'Brien <connoro@google.com>
|
|
Test: build, atest, adb shell ls -lZ /sys/fs/bpf
Bug: 149434314
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ie4001fbe16b4bc84fc8ec7138ae4928cd86f5ce7
|
|
(we don't want to truncate this output, since it can be very useful
for debugging failures)
Test: builds, more useful ebpf load failure logs
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I817853f33b7f59296a041fb0d26ca3ae502b29da
|
|
Test: build, atest
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Iafd6016f4f24cc8fa263939c67e1a096aa91b125
|
|
|
|
Creating a function for this rather than having people copy/paste a loop
there.
It's very intentional that there is no timeout here. If bpfloader is
down, there is a serious problem, and we shouldn't let code move forward
in a state where it may not have been tested.
Bug: 140330870
Test: boot & use bpf/netd
Change-Id: I358d1fcf77ad5406e294dd57307bc411e2c8ad6a
|
|
Currently, if a bpf program object has no map section, this error is
propagated, and the program will fail to load. However, it is desirable
to have programs without any map.
Bug: 140330870
Test: load program w/ bpf w/o maps section
Change-Id: Ia53c699212a8cb962e3c2db562921880fef0cce0
|
|
errno is left unchanged on successful calls to this function, so it is
confusing to log it in the success path.
Fixes: 146171927
Test: looking at logs
Change-Id: Ia424dd865bd518d8c533e99fb1a64b02bc92e759
|
|
Using unique_fd to ensure we release bpf prog fds when they are no
longer needed.
Change-Id: I9d5c2673c7e1bdf05052771e06ac78cec21957ec
Merged-In: I9d5c2673c7e1bdf05052771e06ac78cec21957ec
Signed-off-by: Connor O'Brien <connoro@google.com>
(cherry picked from commit 206dd3381e20b663648620db051c170afccccfea)
|
|
The return of bpf_prog_load() library call is insufficient, we also need
errno to know what the bpf(2) syscall did.
Bug: 143236645
Change-Id: Id2c543fdb63b1e077278a8b1ede03a21afad74dc
Signed-off-by: Joel Fernandes (Google) <joel@joelfernandes.org>
|
|
Changed finds that use a string with a single character ("X"), to 'X'.
Remove using statements from header file.
Add a couple of missing includes.
Changed a couple of functions that take a string to const string& to
avoid extra copies.
Test: No warnings when compiled, unit tests pass.
Change-Id: I218ee0e6b6c7fb1c79d1337c1ce3d6f1e318a3cd
|
|
Add support for cgroup socket filter program loading in bpfloader,
and create a uid permission map to store the uids that have INTERNET
permission.
Bug: 111560570
Bug: 111560739
Test: dumpsys netd trafficcontroller
Change-Id: I658f533d302cb594d7b36d4a3a2a70e394874c33
|
|
which maps to BPF_PROG_TYPE_SCHED_CLS
Bug: 65674744
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I7ca5912756c575e2c0667b9dae2d24471845e028
|
|
* Wrote a relocatable ELF loader from scratch. The loader library loads
all objects in /system/etc/bpf/, parses and fixes up eBPF instructions
based on relocation information, creates maps and programs and pins
them. A single API call without arguments is made which results in this
operation. The API has all the information it needs from the filesystem
and the ELF objects, so there is no configuration stored in the code
calling the loader API essentially making it zero conf. Initially this
will be used by time_in_state statistics collection using tracepoints.
In the future, netd's eBPF C code should be rewritten to use this
infrastructure and the old ELF loader can be gotten rid off. This is the
first step.
* Link libbpf with libbpf_android which will come from the external/ bcc
project. This will be used for tracepoint and perf eBPF support. In the
future it can be used for other things as kernel eBPF support advances.
This patch will be merged only after bcc is cloned into external/ to
prevent build breakage.
Bug: 112334572
Change-Id: Ic0fd9504e18031132d40bb627c5e44058d59c9f8
Signed-off-by: Joel Fernandes <joelaf@google.com>
|