1 /*
2  * Copyright (C) 2017 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #pragma once
18 
19 #include <errno.h>
20 #include <linux/if_ether.h>
21 #include <linux/pfkeyv2.h>
22 #include <net/if.h>
23 #include <stdlib.h>
24 #include <string.h>
25 #include <sys/resource.h>
26 #include <sys/socket.h>
27 #include <sys/utsname.h>
28 
29 #include <log/log.h>
30 
31 #include "KernelUtils.h"
32 
33 namespace android {
34 namespace bpf {
35 
36 // See kernel's net/core/sock_diag.c __sock_gen_cookie()
37 // the implementation of which guarantees 0 will never be returned,
38 // primarily because 0 is used to mean not yet initialized,
39 // and socket cookies are only assigned on first fetch.
40 constexpr const uint64_t NONEXISTENT_COOKIE = 0;
41 
getSocketCookie(int sockFd)42 static inline uint64_t getSocketCookie(int sockFd) {
43     uint64_t sock_cookie;
44     socklen_t cookie_len = sizeof(sock_cookie);
45     if (getsockopt(sockFd, SOL_SOCKET, SO_COOKIE, &sock_cookie, &cookie_len)) {
46         // Failure is almost certainly either EBADF or ENOTSOCK
47         const int err = errno;
48         ALOGE("Failed to get socket cookie: %s\n", strerror(err));
49         errno = err;
50         return NONEXISTENT_COOKIE;
51     }
52     if (cookie_len != sizeof(sock_cookie)) {
53         // This probably cannot actually happen, but...
54         ALOGE("Failed to get socket cookie: len %d != 8\n", cookie_len);
55         errno = 523; // EBADCOOKIE: kernel internal, seems reasonable enough...
56         return NONEXISTENT_COOKIE;
57     }
58     return sock_cookie;
59 }
60 
synchronizeKernelRCU()61 static inline int synchronizeKernelRCU() {
62     // This is a temporary hack for network stats map swap on devices running
63     // 4.9 kernels. The kernel code of socket release on pf_key socket will
64     // explicitly call synchronize_rcu() which is exactly what we need.
65     //
66     // Linux 4.14/4.19/5.4/5.10/5.15/6.1 (and 6.3-rc5) still have this same behaviour.
67     // see net/key/af_key.c: pfkey_release() -> synchronize_rcu()
68     // https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/net/key/af_key.c?h=v6.3-rc5#n185
69     const int pfSocket = socket(AF_KEY, SOCK_RAW | SOCK_CLOEXEC, PF_KEY_V2);
70 
71     if (pfSocket < 0) {
72         const int err = errno;
73         ALOGE("create PF_KEY socket failed: %s", strerror(err));
74         return -err;
75     }
76 
77     // When closing socket, synchronize_rcu() gets called in sock_release().
78     if (close(pfSocket)) {
79         const int err = errno;
80         ALOGE("failed to close the PF_KEY socket: %s", strerror(err));
81         return -err;
82     }
83     return 0;
84 }
85 
setrlimitForTest()86 static inline int setrlimitForTest() {
87     // Set the memory rlimit for the test process if the default MEMLOCK rlimit is not enough.
88     struct rlimit limit = {
89             .rlim_cur = 1073741824,  // 1 GiB
90             .rlim_max = 1073741824,  // 1 GiB
91     };
92     const int res = setrlimit(RLIMIT_MEMLOCK, &limit);
93     if (res) ALOGE("Failed to set the default MEMLOCK rlimit: %s", strerror(errno));
94     return res;
95 }
96 
97 }  // namespace bpf
98 }  // namespace android
99