1 /* 2 * Copyright (C) 2020 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #pragma once 18 19 /* This file is separate because it's included both by eBPF programs (via include 20 * in bpf_helpers.h) and directly by the boot time bpfloader (Loader.cpp). 21 */ 22 23 #include <linux/bpf.h> 24 25 // Pull in AID_* constants from //system/core/libcutils/include/private/android_filesystem_config.h 26 #include <cutils/android_filesystem_config.h> 27 28 /****************************************************************************** 29 * * 30 * ! ! ! W A R N I N G ! ! ! * 31 * * 32 * CHANGES TO THESE STRUCTURE DEFINITIONS OUTSIDE OF AOSP/MASTER *WILL* BREAK * 33 * MAINLINE MODULE COMPATIBILITY * 34 * * 35 * AND THUS MAY RESULT IN YOUR DEVICE BRICKING AT SOME ARBITRARY POINT IN * 36 * THE FUTURE * 37 * * 38 * (and even in aosp/master you may only append new fields at the very end, * 39 * you may *never* delete fields, change their types, ordering, insert in * 40 * the middle, etc. If a mainline module using the old definition has * 41 * already shipped (which happens roughly monthly), then it's set in stone) * 42 * * 43 ******************************************************************************/ 44 45 // These are the values used if these fields are missing 46 #define DEFAULT_BPFLOADER_MIN_VER 0u // v0.0 (this is inclusive ie. >= v0.0) 47 #define DEFAULT_BPFLOADER_MAX_VER 0x10000u // v1.0 (this is exclusive ie. < v1.0) 48 #define DEFAULT_SIZEOF_BPF_MAP_DEF 32 // v0.0 struct: enum (uint sized) + 7 uint 49 #define DEFAULT_SIZEOF_BPF_PROG_DEF 20 // v0.0 struct: 4 uint + bool + 3 byte alignment pad 50 51 // By default, unless otherwise specified, allow the use of features only supported by v0.28, 52 // which first added working support for map uid != root 53 #define COMPILE_FOR_BPFLOADER_VERSION 28u 54 55 /* 56 * The bpf_{map,prog}_def structures are compiled for different architectures. 57 * Once by the BPF compiler for the BPF architecture, and once by a C++ 58 * compiler for the native Android architecture for the bpfloader. 59 * 60 * For things to work, their layout must be the same between the two. 61 * The BPF architecture is platform independent ('64-bit LSB bpf'). 62 * So this effectively means these structures must be the same layout 63 * on 5 architectures, all of them little endian: 64 * 64-bit BPF, x86_64, arm and 32-bit x86 and arm 65 * 66 * As such for any types we use inside of these structs we must make sure that 67 * the size and alignment are the same, so the same amount of padding is used. 68 * 69 * Currently we only use: bool, enum bpf_map_type and unsigned int. 70 * Additionally we use char for padding. 71 * 72 * !!! WARNING: HERE BE DRAGONS !!! 73 * 74 * Be particularly careful with 64-bit integers. 75 * You will need to manually override their alignment to 8 bytes. 76 * 77 * To quote some parts of https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69560 78 * 79 * Some types have weaker alignment requirements when they are structure members. 80 * 81 * unsigned long long on x86 is such a type. 82 * 83 * C distinguishes C11 _Alignof (the minimum alignment the type is guaranteed 84 * to have in all contexts, so 4, see min_align_of_type) from GNU C __alignof 85 * (the normal alignment of the type, so 8). 86 * 87 * alignof / _Alignof == minimum alignment required by target ABI 88 * __alignof / __alignof__ == preferred alignment 89 * 90 * When in a struct, apparently the minimum alignment is used. 91 */ 92 93 _Static_assert(sizeof(bool) == 1, "sizeof bool != 1"); 94 _Static_assert(__alignof__(bool) == 1, "__alignof__ bool != 1"); 95 _Static_assert(_Alignof(bool) == 1, "_Alignof bool != 1"); 96 97 _Static_assert(sizeof(char) == 1, "sizeof char != 1"); 98 _Static_assert(__alignof__(char) == 1, "__alignof__ char != 1"); 99 _Static_assert(_Alignof(char) == 1, "_Alignof char != 1"); 100 101 // This basically verifies that an enum is 'just' a 32-bit int 102 _Static_assert(sizeof(enum bpf_map_type) == 4, "sizeof enum bpf_map_type != 4"); 103 _Static_assert(__alignof__(enum bpf_map_type) == 4, "__alignof__ enum bpf_map_type != 4"); 104 _Static_assert(_Alignof(enum bpf_map_type) == 4, "_Alignof enum bpf_map_type != 4"); 105 106 // Linux kernel requires sizeof(int) == 4, sizeof(void*) == sizeof(long), sizeof(long long) == 8 107 _Static_assert(sizeof(unsigned int) == 4, "sizeof unsigned int != 4"); 108 _Static_assert(__alignof__(unsigned int) == 4, "__alignof__ unsigned int != 4"); 109 _Static_assert(_Alignof(unsigned int) == 4, "_Alignof unsigned int != 4"); 110 111 // We don't currently use any 64-bit types in these structs, so this is purely to document issue. 112 // Here sizeof & __alignof__ are consistent, but _Alignof is not: compile for 'aosp_cf_x86_phone' 113 _Static_assert(sizeof(unsigned long long) == 8, "sizeof unsigned long long != 8"); 114 _Static_assert(__alignof__(unsigned long long) == 8, "__alignof__ unsigned long long != 8"); 115 // BPF wants 8, but 32-bit x86 wants 4 116 //_Static_assert(_Alignof(unsigned long long) == 8, "_Alignof unsigned long long != 8"); 117 118 // Length of strings (incl. selinux_context and pin_subdir) 119 // in the bpf_map_def and bpf_prog_def structs. 120 // 121 // WARNING: YOU CANNOT *EVER* CHANGE THESE 122 // as this would affect the structure size in backwards incompatible ways 123 // and break mainline module loading on older Android T devices 124 #define BPF_SELINUX_CONTEXT_CHAR_ARRAY_SIZE 32 125 #define BPF_PIN_SUBDIR_CHAR_ARRAY_SIZE 32 126 127 /* 128 * Map structure to be used by Android eBPF C programs. The Android eBPF loader 129 * uses this structure from eBPF object to create maps at boot time. 130 * 131 * The eBPF C program should define structure in the maps section using 132 * SECTION("maps") otherwise it will be ignored by the eBPF loader. 133 * 134 * For example: 135 * const struct bpf_map_def SECTION("maps") mymap { .type=... , .key_size=... } 136 * 137 * See 'bpf_helpers.h' for helpful macros for eBPF program use. 138 */ 139 struct bpf_map_def { 140 enum bpf_map_type type; 141 unsigned int key_size; 142 unsigned int value_size; 143 unsigned int max_entries; 144 unsigned int map_flags; 145 146 // The following are not supported by the Android bpfloader: 147 // unsigned int inner_map_idx; 148 // unsigned int numa_node; 149 150 unsigned int zero; // uid_t, for compat with old (buggy) bpfloader must be AID_ROOT == 0 151 unsigned int gid; // gid_t 152 unsigned int mode; // mode_t 153 154 // The following fields were added in version 0.1 155 unsigned int bpfloader_min_ver; // if missing, defaults to 0, ie. v0.0 156 unsigned int bpfloader_max_ver; // if missing, defaults to 0x10000, ie. v1.0 157 158 // The following fields were added in version 0.2 (S) 159 // kernelVersion() must be >= min_kver and < max_kver 160 unsigned int min_kver; 161 unsigned int max_kver; 162 163 // The following fields were added in version 0.18 (T) 164 // 165 // These are fixed length strings, padded with null bytes 166 // 167 // Warning: supported values depend on .o location 168 // (additionally a newer Android OS and/or bpfloader may support more values) 169 // 170 // overrides default selinux context (which is based on pin subdir) 171 char selinux_context[BPF_SELINUX_CONTEXT_CHAR_ARRAY_SIZE]; 172 // 173 // overrides default prefix (which is based on .o location) 174 char pin_subdir[BPF_PIN_SUBDIR_CHAR_ARRAY_SIZE]; 175 176 bool shared; // use empty string as 'file' component of pin path - allows cross .o map sharing 177 178 // The following 3 ignore_on_* fields were added in version 0.32 (U). These are ignored in 179 // older bpfloader versions, and zero in programs compiled before 0.32. 180 bool ignore_on_eng:1; 181 bool ignore_on_user:1; 182 bool ignore_on_userdebug:1; 183 // The following 5 ignore_on_* fields were added in version 0.38 (U). These are ignored in 184 // older bpfloader versions, and zero in programs compiled before 0.38. 185 // These are tests on the kernel architecture, ie. they ignore userspace bit-ness. 186 bool ignore_on_arm32:1; 187 bool ignore_on_aarch64:1; 188 bool ignore_on_x86_32:1; 189 bool ignore_on_x86_64:1; 190 bool ignore_on_riscv64:1; 191 192 char pad0[2]; // manually pad up to 4 byte alignment, may be used for extensions in the future 193 194 unsigned int uid; // uid_t 195 }; 196 197 _Static_assert(sizeof(((struct bpf_map_def *)0)->selinux_context) == 32, "must be 32 bytes"); 198 _Static_assert(sizeof(((struct bpf_map_def *)0)->pin_subdir) == 32, "must be 32 bytes"); 199 200 // This needs to be updated whenever the above structure definition is expanded. 201 _Static_assert(sizeof(struct bpf_map_def) == 120, "sizeof struct bpf_map_def != 120"); 202 _Static_assert(__alignof__(struct bpf_map_def) == 4, "__alignof__ struct bpf_map_def != 4"); 203 _Static_assert(_Alignof(struct bpf_map_def) == 4, "_Alignof struct bpf_map_def != 4"); 204 205 struct bpf_prog_def { 206 unsigned int uid; 207 unsigned int gid; 208 209 // kernelVersion() must be >= min_kver and < max_kver 210 unsigned int min_kver; 211 unsigned int max_kver; 212 213 bool optional; // program section (ie. function) may fail to load, continue onto next func. 214 215 // The following 3 ignore_on_* fields were added in version 0.33 (U). These are ignored in 216 // older bpfloader versions, and zero in programs compiled before 0.33. 217 bool ignore_on_eng:1; 218 bool ignore_on_user:1; 219 bool ignore_on_userdebug:1; 220 // The following 5 ignore_on_* fields were added in version 0.38 (U). These are ignored in 221 // older bpfloader versions, and zero in programs compiled before 0.38. 222 // These are tests on the kernel architecture, ie. they ignore userspace bit-ness. 223 bool ignore_on_arm32:1; 224 bool ignore_on_aarch64:1; 225 bool ignore_on_x86_32:1; 226 bool ignore_on_x86_64:1; 227 bool ignore_on_riscv64:1; 228 229 char pad0[2]; // manually pad up to 4 byte alignment, may be used for extensions in the future 230 231 // The following fields were added in version 0.1 232 unsigned int bpfloader_min_ver; // if missing, defaults to 0, ie. v0.0 233 unsigned int bpfloader_max_ver; // if missing, defaults to 0x10000, ie. v1.0 234 235 // The following fields were added in version 0.18, see description up above in bpf_map_def 236 char selinux_context[BPF_SELINUX_CONTEXT_CHAR_ARRAY_SIZE]; 237 char pin_subdir[BPF_PIN_SUBDIR_CHAR_ARRAY_SIZE]; 238 }; 239 240 _Static_assert(sizeof(((struct bpf_prog_def *)0)->selinux_context) == 32, "must be 32 bytes"); 241 _Static_assert(sizeof(((struct bpf_prog_def *)0)->pin_subdir) == 32, "must be 32 bytes"); 242 243 // This needs to be updated whenever the above structure definition is expanded. 244 _Static_assert(sizeof(struct bpf_prog_def) == 92, "sizeof struct bpf_prog_def != 92"); 245 _Static_assert(__alignof__(struct bpf_prog_def) == 4, "__alignof__ struct bpf_prog_def != 4"); 246 _Static_assert(_Alignof(struct bpf_prog_def) == 4, "_Alignof struct bpf_prog_def != 4"); 247