Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Connectivity / c6dd7c716f38ee66336a7fc77d58b57080b2897d^1..c6dd7c716f38ee66336a7fc77d58b57080b2897d / .
commitc6dd7c716f38ee66336a7fc77d58b57080b2897d[log] [tgz]
authorMaciej Żenczykowski <maze@google.com>Fri Sep 29 23:55:44 2023 +0000
committerAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>Fri Sep 29 23:55:44 2023 +0000
tree5b9f81ef02f8a10989502b10b13587f985161053
parent2e1341ab1cb6e34eec8cf78281669a32de26747e [diff]
parenta51221f01141c2ae8130365b2ac4dc9de4c674c9 [diff]
Merge "disallow 32-bit *system* userspace on 6.2+" into main am: a51221f011

Original change: https://android-review.googlesource.com/c/platform/packages/modules/Connectivity/+/2768189

Change-Id: I3b3bc3e895a251f23bfeb292e20b98cbf9cbac89
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

diff --git a/netd/BpfHandler.cpp b/netd/BpfHandler.cpp
index fb6d5b8..a090a54 100644
--- a/netd/BpfHandler.cpp
+++ b/netd/BpfHandler.cpp

@@ -85,8 +85,24 @@
     // U bumps the kernel requirement up to 4.14
     if (modules::sdklevel::IsAtLeastU() && !bpf::isAtLeastKernelVersion(4, 14, 0)) abort();
 
-    // V bumps the kernel requirement up to 4.19
-    if (modules::sdklevel::IsAtLeastV() && !bpf::isAtLeastKernelVersion(4, 19, 0)) abort();
+    if (modules::sdklevel::IsAtLeastV()) {
+        // V bumps the kernel requirement up to 4.19
+        // see also: //system/netd/tests/kernel_test.cpp TestKernel419
+        if (!bpf::isAtLeastKernelVersion(4, 19, 0)) abort();
+
+        // Technically already required by U, but only enforce on V+
+        // see also: //system/netd/tests/kernel_test.cpp TestKernel64Bit
+        if (bpf::isKernel32Bit() && bpf::isAtLeastKernelVersion(5, 16, 0)) abort();
+    }
+
+    // Linux 6.1 is highest version supported by U, starting with V new kernels,
+    // ie. 6.2+ we are dropping various kernel/system userspace 32-on-64 hacks
+    // (for example "ANDROID: xfrm: remove in_compat_syscall() checks").
+    // Note: this check/enforcement only applies to *system* userspace code,
+    // it does not affect unprivileged apps, the 32-on-64 compatibility
+    // problems are AFAIK limited to various CAP_NET_ADMIN protected interfaces.
+    // see also: //system/bpf/bpfloader/BpfLoader.cpp main()
+    if (bpf::isUserspace32bit() && bpf::isAtLeastKernelVersion(6, 2, 0)) abort();
 
     // U mandates this mount point (though it should also be the case on T)
     if (modules::sdklevel::IsAtLeastU() && !!strcmp(cg2_path, "/sys/fs/cgroup")) abort();