Pickup latest ebpf-verifier to resolve #630 (#765)

* Pickup latest ebpf-verifier to resolve this issue Signed-off-by: Alan Jowett <alanjo@microsoft.com> * Strip paths from netsh output Signed-off-by: Alan Jowett <alanjo@microsoft.com> * Pickup latest ebpf-verifier changes Signed-off-by: Alan Jowett <alanjo@microsoft.com> * Switch to run CI/CD on Server 2019 + VS2019 Signed-off-by: Alan Jowett <alanjo@microsoft.com> * Pickup fix for https://github.com/vbpf/ebpf-verifier/issues/306 Signed-off-by: Alan Jowett <alanjo@microsoft.com> * Pickup fix for https://github.com/vbpf/ebpf-verifier/issues/306 Signed-off-by: Alan Jowett <alanjo@microsoft.com> * PR feedback Signed-off-by: Alan Jowett <alanjo@microsoft.com> Co-authored-by: Dave Thaler <dthaler@microsoft.com>
2022-02-25 17:17:23 -07:00 · 2022-02-25 17:17:23 -07:00 · 960e0a0a2a
--- a/external/ebpf-verifier
+++ b/external/ebpf-verifier
@ -1 +1 @@
-Subproject commit c05c66dc854974815a8ffcc06d17a371dae12d4c
+Subproject commit e7e701712d694fafa9356837c015e639197964bb
--- a/libs/api/crab_verifier_wrapper.hpp
+++ b/libs/api/crab_verifier_wrapper.hpp
@ -12,5 +12,7 @@
                                 // throw. Declare it 'noexcept'
 #pragma warning(disable : 26495) // Always initialize a member variable
 #undef FALSE
+#undef min
+#undef max
 #include "crab_verifier.hpp"
 #pragma warning(pop)
--- a/libs/api/windows_platform.cpp
+++ b/libs/api/windows_platform.cpp
@ -18,6 +18,7 @@ parse_maps_section_windows(
    std::vector<EbpfMapDescriptor>& verifier_map_descriptors,
    const char* data,
    size_t size,
+    int map_count,
    const struct ebpf_platform_t*,
    ebpf_verifier_options_t)
 {
@ -32,7 +33,7 @@ parse_maps_section_windows(
    const int ORIGINAL_FD_OFFSET = 1;

    auto mapdefs = std::vector<ebpf_map_definition_in_file_t>(
-        (ebpf_map_definition_in_file_t*)data, (ebpf_map_definition_in_file_t*)(data + size));
+        (ebpf_map_definition_in_file_t*)data, (ebpf_map_definition_in_file_t*)(data + size * map_count));
    for (int i = 0; i < mapdefs.size(); i++) {
        auto& s = mapdefs[i];
        uint32_t section_offset = (i * sizeof(ebpf_map_definition_in_file_t));
--- a/libs/api_common/ebpf_verifier_wrapper.hpp
+++ b/libs/api_common/ebpf_verifier_wrapper.hpp
@ -11,5 +11,7 @@
                                 // throw. Declare it 'noexcept'
 #pragma warning(disable : 26495) // Always initialize a member variable
 #undef FALSE
+#undef min
+#undef max
 #include "ebpf_verifier.hpp"
 #pragma warning(pop)
--- a/tests/end_to_end/netsh_test.cpp
+++ b/tests/end_to_end/netsh_test.cpp
@ -4,6 +4,8 @@
 #include <windows.h>
 #include <netsh.h> // Must be included after windows.h
 #include <string.h>
+#include <sstream>
+#include <regex>
 #include "bpf/bpf.h"
 #pragma warning(push)
 #pragma warning(disable : 4200)
@ -14,13 +16,29 @@
 #include "platform.h"
 #include "test_helper.hpp"

+std::string
+strip_paths(const std::string& orignal_string)
+{
+    std::stringstream input_stream(orignal_string);
+    std::stringstream output_stream;
+    std::string line;
+    while (std::getline(input_stream, line)) {
+        auto output = std::regex_replace(line, std::regex("\\\\"), "/");
+        output_stream << std::regex_replace(output, std::regex("^.*tests/sample"), "; ./tests/sample") << "\n";
+    }
+    return output_stream.str();
+}
+
 TEST_CASE("show disassembly bpf.o", "[netsh][disassembly]")
 {
    int result;
    std::string output = _run_netsh_command(handle_ebpf_show_disassembly, L"bpf.o", nullptr, nullptr, &result);
    REQUIRE(result == NO_ERROR);
+    output = strip_paths(output);
    REQUIRE(
-        output == "       0:	r0 = 42\n"
+        output == "; ./tests/sample/bpf.c:8\n"
+                  ";     return 42;\n"
+                  "       0:	r0 = 42\n"
                  "       1:	exit\n\n");
 }

@ -132,12 +150,17 @@ TEST_CASE("show verification droppacket_unsafe.o", "[netsh][verification]")
    std::string output =
        _run_netsh_command(handle_ebpf_show_verification, L"droppacket_unsafe.o", L"xdp", nullptr, &result);
    REQUIRE(result == ERROR_SUPPRESS_OUTPUT);
+    output = strip_paths(output);
    REQUIRE(
        output == "Verification failed\n"
                  "\n"
                  "Verification report:\n"
                  "\n"
+                  "; ./tests/sample/droppacket_unsafe.c:29\n"
+                  ";     if (ip_header->Protocol == IPPROTO_UDP) {\n"
                  "2: Upper bound must be at most packet_size (valid_access(r1.offset+9, width=1))\n"
+                  "; ./tests/sample/droppacket_unsafe.c:30\n"
+                  ";         if (ntohs(udp_header->length) <= sizeof(UDP_HEADER)) {\n"
                  "4: Upper bound must be at most packet_size (valid_access(r1.offset+24, width=2))\n"
                  "\n"
                  "2 errors\n"