LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

move BPF_CGROUP_INET*_BIND registration into BpfHandler

Browse Source 
(in preparation for moving it into netbpfload)

The programs themselves (in bpf_progs/block.c) required a 5.4+ kernel.

We relax this restriction to 4.19+ as we don't have any 5.4 device coverage
(while the pixel 4a 5G / 5 / 5a are all 4.19 devices).

I believe we could relax it further to 4.14+ but Pixel 4/4xl/4a that
would exercise those code paths are EOL and probably have poor to
non existent test coverage, and we cannot do anything for 4.9 T devices
anyway.

Note: on <4.19 kernels (ie. T devices running 4.9/4.14, U running 4.14)
this results in ConnectivityNativeService going from null to initialized
(as the bpf map will exist).

This doesn't hurt as the set/clear port interfaces are only ever
called by vendor code on devices where the kernel doesn't support
the older mechanism.  And even if you call them it will just set/clear
the bits in the bpf bitmap, they just won't actually affect anything.

We could flag the map itself as being 4.19+ as well, but I think
I prefer the no-op map to exist...

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I1085addd22f4f3b709e1875049633832c5dac836
This commit is contained in:
Maciej Żenczykowski
2023-10-04 21:35:41 +00:00
parent 10da6d4e61
commit 3cb494fd28
4 changed files with 24 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
netd/BpfHandler.cpp
View File

@@ -130,12 +130,21 @@ static Status initPrograms(const char* cg2_path) {
attachProgramToCgroup(CGROUP_SOCKET_PROG_PATH, cg_fd, BPF_CGROUP_INET_SOCK_CREATE));
}
// This should trivially pass, since we just attached up above,
// but BPF_PROG_QUERY is only implemented on 4.19+ kernels.
if (bpf::isAtLeastKernelVersion(4, 19, 0)) {
RETURN_IF_NOT_OK(attachProgramToCgroup(
"/sys/fs/bpf/netd_readonly/prog_block_bind4_block_port",
cg_fd, BPF_CGROUP_INET4_BIND));
RETURN_IF_NOT_OK(attachProgramToCgroup(
"/sys/fs/bpf/netd_readonly/prog_block_bind6_block_port",
cg_fd, BPF_CGROUP_INET6_BIND));
// This should trivially pass, since we just attached up above,
// but BPF_PROG_QUERY is only implemented on 4.19+ kernels.
if (bpf::queryProgram(cg_fd, BPF_CGROUP_INET_EGRESS) <= 0) abort();
if (bpf::queryProgram(cg_fd, BPF_CGROUP_INET_INGRESS) <= 0) abort();
if (bpf::queryProgram(cg_fd, BPF_CGROUP_INET_SOCK_CREATE) <= 0) abort();
if (bpf::queryProgram(cg_fd, BPF_CGROUP_INET4_BIND) <= 0) abort();
if (bpf::queryProgram(cg_fd, BPF_CGROUP_INET6_BIND) <= 0) abort();
}
return netdutils::status::ok;