| service bpfloader /system/bin/bpfloader |
| class main |
| capabilities CHOWN SYS_ADMIN |
| # |
| # Set RLIMIT_MEMLOCK to 1GiB for bpfloader |
| # |
| # Actually only 8MiB would be needed if bpfloader ran as its own uid. |
| # |
| # However, while the rlimit is per-thread, the accounting is system wide. |
| # So, for example, if the graphics stack has already allocated 10MiB of |
| # memlock data before bpfloader even gets a chance to run, it would fail |
| # if its memlock rlimit is only 8MiB - since there would be none left for it. |
| # |
| # bpfloader succeeding is critical to system health, since a failure will |
| # cause netd crashloop and thus system server crashloop... and the only |
| # recovery is a full kernel reboot. |
| # |
| # We've had issues where devices would sometimes (rarely) boot into |
| # a crashloop because bpfloader would occasionally lose a boot time |
| # race against the graphics stack's boot time locked memory allocation. |
| # |
| # Thus bpfloader's memlock has to be 8MB higher then the locked memory |
| # consumption of the root uid anywhere else in the system... |
| # But we don't know what that is for all possible devices... |
| # |
| # Ideally, we'd simply grant bpfloader the IPC_LOCK capability and it |
| # would simply ignore it's memlock rlimit... but it turns that this |
| # capability is not even checked by the kernel's bpf system call. |
| # |
| # As such we simply use 1GiB as a reasonable approximation of infinity. |
| # |
| rlimit memlock 1073741824 1073741824 |
| oneshot |
| |
| # Need to make sure this runs *before* the bpfloader. |
| on early-init |
| # Enable the eBPF JIT -- but do note that it is likely already force enabled |
| # by the kernel config option BPF_JIT_ALWAYS_ON |
| write /proc/sys/net/core/bpf_jit_enable 1 |
| # Enable JIT kallsyms export for privileged users only |
| write /proc/sys/net/core/bpf_jit_kallsyms 1 |