Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Connectivity / 60c159f233a147756c54bab22b19d9b457c1653c / . / netbpfload / NetBpfLoad.cpp
blob: 99a2ab4be1b632f4267d6090e34de123a72752c5 [file] [log] [blame]
Maciej Żenczykowski60c159f2023-10-02 14:54:48 -0700[diff] [blame^]1/*
2 * Copyright (C) 2017 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#ifndef LOG_TAG
18#define LOG_TAG "bpfloader"
19#endif
20
21#include <arpa/inet.h>
22#include <dirent.h>
23#include <elf.h>
24#include <error.h>
25#include <fcntl.h>
26#include <inttypes.h>
27#include <linux/bpf.h>
28#include <linux/unistd.h>
29#include <net/if.h>
30#include <stdint.h>
31#include <stdio.h>
32#include <stdlib.h>
33#include <string.h>
34#include <unistd.h>
35
36#include <sys/mman.h>
37#include <sys/socket.h>
38#include <sys/stat.h>
39#include <sys/types.h>
40
41#include <android-base/logging.h>
42#include <android-base/macros.h>
43#include <android-base/properties.h>
44#include <android-base/stringprintf.h>
45#include <android-base/strings.h>
46#include <android-base/unique_fd.h>
47#include <libbpf_android.h>
48#include <log/log.h>
49#include <netdutils/Misc.h>
50#include <netdutils/Slice.h>
51#include "BpfSyscallWrappers.h"
52#include "bpf/BpfUtils.h"
53
54using android::base::EndsWith;
55using android::bpf::domain;
56using std::string;
57
58bool exists(const char* const path) {
59 int v = access(path, F_OK);
60 if (!v) {
61 ALOGI("%s exists.", path);
62 return true;
63 }
64 if (errno == ENOENT) return false;
65 ALOGE("FATAL: access(%s, F_OK) -> %d [%d:%s]", path, v, errno, strerror(errno));
66 abort(); // can only hit this if permissions (likely selinux) are screwed up
67}
68
69constexpr unsigned long long kTetheringApexDomainBitmask =
70 domainToBitmask(domain::tethering) |
71 domainToBitmask(domain::net_private) |
72 domainToBitmask(domain::net_shared) |
73 domainToBitmask(domain::netd_readonly) |
74 domainToBitmask(domain::netd_shared);
75
76// Programs shipped inside the tethering apex should be limited to networking stuff,
77// as KPROBE, PERF_EVENT, TRACEPOINT are dangerous to use from mainline updatable code,
78// since they are less stable abi/api and may conflict with platform uses of bpf.
79constexpr bpf_prog_type kTetheringApexAllowedProgTypes[] = {
80 BPF_PROG_TYPE_CGROUP_SKB,
81 BPF_PROG_TYPE_CGROUP_SOCK,
82 BPF_PROG_TYPE_CGROUP_SOCKOPT,
83 BPF_PROG_TYPE_CGROUP_SOCK_ADDR,
84 BPF_PROG_TYPE_CGROUP_SYSCTL,
85 BPF_PROG_TYPE_LWT_IN,
86 BPF_PROG_TYPE_LWT_OUT,
87 BPF_PROG_TYPE_LWT_SEG6LOCAL,
88 BPF_PROG_TYPE_LWT_XMIT,
89 BPF_PROG_TYPE_SCHED_ACT,
90 BPF_PROG_TYPE_SCHED_CLS,
91 BPF_PROG_TYPE_SOCKET_FILTER,
92 BPF_PROG_TYPE_SOCK_OPS,
93 BPF_PROG_TYPE_XDP,
94};
95
96// Networking-related program types are limited to the Tethering Apex
97// to prevent things from breaking due to conflicts on mainline updates
98// (exception made for socket filters, ie. xt_bpf for potential use in iptables,
99// or for attaching to sockets directly)
100constexpr bpf_prog_type kPlatformAllowedProgTypes[] = {
101 BPF_PROG_TYPE_KPROBE,
102 BPF_PROG_TYPE_PERF_EVENT,
103 BPF_PROG_TYPE_SOCKET_FILTER,
104 BPF_PROG_TYPE_TRACEPOINT,
105 BPF_PROG_TYPE_UNSPEC, // Will be replaced with fuse bpf program type
106};
107
108// see b/162057235. For arbitrary program types, the concern is that due to the lack of
109// SELinux access controls over BPF program attachpoints, we have no way to control the
110// attachment of programs to shared resources (or to detect when a shared resource
111// has one BPF program replace another that is attached there)
112constexpr bpf_prog_type kVendorAllowedProgTypes[] = {
113 BPF_PROG_TYPE_SOCKET_FILTER,
114};
115
116
117const android::bpf::Location locations[] = {
118 // S+ Tethering mainline module (network_stack): tether offload
119 {
120 .dir = "/apex/com.android.tethering/etc/bpf/",
121 .prefix = "tethering/",
122 .allowedDomainBitmask = kTetheringApexDomainBitmask,
123 .allowedProgTypes = kTetheringApexAllowedProgTypes,
124 .allowedProgTypesLength = arraysize(kTetheringApexAllowedProgTypes),
125 },
126 // T+ Tethering mainline module (shared with netd & system server)
127 // netutils_wrapper (for iptables xt_bpf) has access to programs
128 {
129 .dir = "/apex/com.android.tethering/etc/bpf/netd_shared/",
130 .prefix = "netd_shared/",
131 .allowedDomainBitmask = kTetheringApexDomainBitmask,
132 .allowedProgTypes = kTetheringApexAllowedProgTypes,
133 .allowedProgTypesLength = arraysize(kTetheringApexAllowedProgTypes),
134 },
135 // T+ Tethering mainline module (shared with netd & system server)
136 // netutils_wrapper has no access, netd has read only access
137 {
138 .dir = "/apex/com.android.tethering/etc/bpf/netd_readonly/",
139 .prefix = "netd_readonly/",
140 .allowedDomainBitmask = kTetheringApexDomainBitmask,
141 .allowedProgTypes = kTetheringApexAllowedProgTypes,
142 .allowedProgTypesLength = arraysize(kTetheringApexAllowedProgTypes),
143 },
144 // T+ Tethering mainline module (shared with system server)
145 {
146 .dir = "/apex/com.android.tethering/etc/bpf/net_shared/",
147 .prefix = "net_shared/",
148 .allowedDomainBitmask = kTetheringApexDomainBitmask,
149 .allowedProgTypes = kTetheringApexAllowedProgTypes,
150 .allowedProgTypesLength = arraysize(kTetheringApexAllowedProgTypes),
151 },
152 // T+ Tethering mainline module (not shared, just network_stack)
153 {
154 .dir = "/apex/com.android.tethering/etc/bpf/net_private/",
155 .prefix = "net_private/",
156 .allowedDomainBitmask = kTetheringApexDomainBitmask,
157 .allowedProgTypes = kTetheringApexAllowedProgTypes,
158 .allowedProgTypesLength = arraysize(kTetheringApexAllowedProgTypes),
159 },
160 // Core operating system
161 {
162 .dir = "/system/etc/bpf/",
163 .prefix = "",
164 .allowedDomainBitmask = domainToBitmask(domain::platform),
165 .allowedProgTypes = kPlatformAllowedProgTypes,
166 .allowedProgTypesLength = arraysize(kPlatformAllowedProgTypes),
167 },
168 // Vendor operating system
169 {
170 .dir = "/vendor/etc/bpf/",
171 .prefix = "vendor/",
172 .allowedDomainBitmask = domainToBitmask(domain::vendor),
173 .allowedProgTypes = kVendorAllowedProgTypes,
174 .allowedProgTypesLength = arraysize(kVendorAllowedProgTypes),
175 },
176};
177
178int loadAllElfObjects(const android::bpf::Location& location) {
179 int retVal = 0;
180 DIR* dir;
181 struct dirent* ent;
182
183 if ((dir = opendir(location.dir)) != NULL) {
184 while ((ent = readdir(dir)) != NULL) {
185 string s = ent->d_name;
186 if (!EndsWith(s, ".o")) continue;
187
188 string progPath(location.dir);
189 progPath += s;
190
191 bool critical;
192 int ret = android::bpf::loadProg(progPath.c_str(), &critical, location);
193 if (ret) {
194 if (critical) retVal = ret;
195 ALOGE("Failed to load object: %s, ret: %s", progPath.c_str(), std::strerror(-ret));
196 } else {
197 ALOGI("Loaded object: %s", progPath.c_str());
198 }
199 }
200 closedir(dir);
201 }
202 return retVal;
203}
204
205int createSysFsBpfSubDir(const char* const prefix) {
206 if (*prefix) {
207 mode_t prevUmask = umask(0);
208
209 string s = "/sys/fs/bpf/";
210 s += prefix;
211
212 errno = 0;
213 int ret = mkdir(s.c_str(), S_ISVTX | S_IRWXU | S_IRWXG | S_IRWXO);
214 if (ret && errno != EEXIST) {
215 const int err = errno;
216 ALOGE("Failed to create directory: %s, ret: %s", s.c_str(), std::strerror(err));
217 return -err;
218 }
219
220 umask(prevUmask);
221 }
222 return 0;
223}
224
225// Technically 'value' doesn't need to be newline terminated, but it's best
226// to include a newline to match 'echo "value" > /proc/sys/...foo' behaviour,
227// which is usually how kernel devs test the actual sysctl interfaces.
228int writeProcSysFile(const char *filename, const char *value) {
229 android::base::unique_fd fd(open(filename, O_WRONLY | O_CLOEXEC));
230 if (fd < 0) {
231 const int err = errno;
232 ALOGE("open('%s', O_WRONLY | O_CLOEXEC) -> %s", filename, strerror(err));
233 return -err;
234 }
235 int len = strlen(value);
236 int v = write(fd, value, len);
237 if (v < 0) {
238 const int err = errno;
239 ALOGE("write('%s', '%s', %d) -> %s", filename, value, len, strerror(err));
240 return -err;
241 }
242 if (v != len) {
243 // In practice, due to us only using this for /proc/sys/... files, this can't happen.
244 ALOGE("write('%s', '%s', %d) -> short write [%d]", filename, value, len, v);
245 return -EINVAL;
246 }
247 return 0;
248}
249
250int main(int argc, char** argv) {
251 (void)argc;
252 android::base::InitLogging(argv, &android::base::KernelLogger);
253
254 if (!android::bpf::isAtLeastKernelVersion(4, 19, 0)) {
255 ALOGE("Android U QPR2 requires kernel 4.19.");
256 return 1;
257 }
258
259 if (android::bpf::isUserspace32bit() && android::bpf::isAtLeastKernelVersion(6, 2, 0)) {
260 /* Android 14/U should only launch on 64-bit kernels
261 * T launches on 5.10/5.15
262 * U launches on 5.15/6.1
263 * So >=5.16 implies isKernel64Bit()
264 *
265 * We thus added a test to V VTS which requires 5.16+ devices to use 64-bit kernels.
266 *
267 * Starting with Android V, which is the first to support a post 6.1 Linux Kernel,
268 * we also require 64-bit userspace.
269 *
270 * There are various known issues with 32-bit userspace talking to various
271 * kernel interfaces (especially CAP_NET_ADMIN ones) on a 64-bit kernel.
272 * Some of these have userspace or kernel workarounds/hacks.
273 * Some of them don't...
274 * We're going to be removing the hacks.
275 *
276 * Additionally the 32-bit kernel jit support is poor,
277 * and 32-bit userspace on 64-bit kernel bpf ringbuffer compatibility is broken.
278 */
279 ALOGE("64-bit userspace required on 6.2+ kernels.");
280 return 1;
281 }
282
283 // Ensure we can determine the Android build type.
284 if (!android::bpf::isEng() && !android::bpf::isUser() && !android::bpf::isUserdebug()) {
285 ALOGE("Failed to determine the build type: got %s, want 'eng', 'user', or 'userdebug'",
286 android::bpf::getBuildType().c_str());
287 return 1;
288 }
289
290 // Linux 5.16-rc1 changed the default to 2 (disabled but changeable), but we need 0 (enabled)
291 // (this writeFile is known to fail on at least 4.19, but always defaults to 0 on pre-5.13,
292 // on 5.13+ it depends on CONFIG_BPF_UNPRIV_DEFAULT_OFF)
293 if (writeProcSysFile("/proc/sys/kernel/unprivileged_bpf_disabled", "0\n") &&
294 android::bpf::isAtLeastKernelVersion(5, 13, 0)) return 1;
295
296 // Enable the eBPF JIT -- but do note that on 64-bit kernels it is likely
297 // already force enabled by the kernel config option BPF_JIT_ALWAYS_ON.
298 // (Note: this (open) will fail with ENOENT 'No such file or directory' if
299 // kernel does not have CONFIG_BPF_JIT=y)
300 // BPF_JIT is required by R VINTF (which means 4.14/4.19/5.4 kernels),
301 // but 4.14/4.19 were released with P & Q, and only 5.4 is new in R+.
302 if (writeProcSysFile("/proc/sys/net/core/bpf_jit_enable", "1\n")) return 1;
303
304 // Enable JIT kallsyms export for privileged users only
305 // (Note: this (open) will fail with ENOENT 'No such file or directory' if
306 // kernel does not have CONFIG_HAVE_EBPF_JIT=y)
307 if (writeProcSysFile("/proc/sys/net/core/bpf_jit_kallsyms", "1\n")) return 1;
308
309 // Create all the pin subdirectories
310 // (this must be done first to allow selinux_context and pin_subdir functionality,
311 // which could otherwise fail with ENOENT during object pinning or renaming,
312 // due to ordering issues)
313 for (const auto& location : locations) {
314 if (createSysFsBpfSubDir(location.prefix)) return 1;
315 }
316
317 // Note: there's no actual src dir for fs_bpf_loader .o's,
318 // so it is not listed in 'locations[].prefix'.
319 // This is because this is primarily meant for triggering genfscon rules,
320 // and as such this will likely always be the case.
321 // Thus we need to manually create the /sys/fs/bpf/loader subdirectory.
322 if (createSysFsBpfSubDir("loader")) return 1;
323
324 // Load all ELF objects, create programs and maps, and pin them
325 for (const auto& location : locations) {
326 if (loadAllElfObjects(location) != 0) {
327 ALOGE("=== CRITICAL FAILURE LOADING BPF PROGRAMS FROM %s ===", location.dir);
328 ALOGE("If this triggers reliably, you're probably missing kernel options or patches.");
329 ALOGE("If this triggers randomly, you might be hitting some memory allocation "
330 "problems or startup script race.");
331 ALOGE("--- DO NOT EXPECT SYSTEM TO BOOT SUCCESSFULLY ---");
332 sleep(20);
333 return 2;
334 }
335 }
336
337 int key = 1;
338 int value = 123;
339 android::base::unique_fd map(
340 android::bpf::createMap(BPF_MAP_TYPE_ARRAY, sizeof(key), sizeof(value), 2, 0));
341 if (android::bpf::writeToMapEntry(map, &key, &value, BPF_ANY)) {
342 ALOGE("Critical kernel bug - failure to write into index 1 of 2 element bpf map array.");
343 return 1;
344 }
345
346 if (android::base::SetProperty("bpf.progs_loaded", "1") == false) {
347 ALOGE("Failed to set bpf.progs_loaded property");
348 return 1;
349 }
350
351 return 0;
352}