* Add support for building ARM64 native only eBPF for Windows.
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
---------
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
Co-authored-by: Alan Jowett <alan.jowett@microsoft.com>
Looking up an index which is larger than an array's length currently
results in EINVAL. This doesn't match what Linux does, which is to return
ENOENT.
Change the behaviour to return ENOENT instead.
The current implementation of bpf_obj_get doesn't follow libbpf semantics,
because it always returns -1 on error, instead of returning the negative
error number.
This is especially noticeable when trying to open a non-existant object,
which should return -ENOENT.
See caa17bdcbf/src/bpf.c (L625-L626)
* Initial commit
* Initial commit
* Added _DEBUG around tail call display
* Renamed key to data
* Removed _DEBUG
* Added SAL annotation, as per the comments
* Added SAL annotation, as per the comments
* Fix crash
* make data non-optional
* Added the check for .key_size != 0
* Removed additional tracing in EBPF_LOG_MESSAGE_BINARY macro
* Merged with main
* Trying 16KB of stack size
* Addressed PR comment
* Added macro with combined traces
* Increased stack size to 32K for DEBUG image
* Fix the string concatenation in macro
* Increase the stack size to 64, and added some logs to check the crashdumps during hangs
* Added retry when the dump file cannot be compressed because it is used by another process
* Expanded stack size for all netebpf wfp callouts
* Addressed PR comments
* Added _DEBUG back
* Increased stack size to 20K for DEBUG
* Add optimatization
* With 4K stack expansion size
* Final commit
On Linux, -1 is a commonly used value for "invalid fd". As such it makes more
sense to return EBADF instead of EINVAL from object related API when a negative
fd is passed.
_get_handle_from_file_descriptor() returns ERROR_INVALID_HANDLE, which turns into
EBADF via the various compat layers. We can therefore simply remove the <= 0 check.
* bpf(): do not return errors via errno
The Linux ABI returns all syscall errors via the function return value,
not via errno.
Fixes https://github.com/microsoft/ebpf-for-windows/issues/3749
* Allow detecting if bpf() command is not implemented
Use SetLastError to indicate to callers that a bpf() command is not
implemented. This avoids polluting the bpf() return value with
platform specific error returns while still allowing detection of
this important case.
* Add forwards and backwards compatibility to bpf() emulation
On Linux, bpf() accepts a bpf_attr which is larger than what the
syscall expects, as long as the unknown fields are all 0. It also
accepts a bpf_attr which is smaller than what it expects, by assuming
that all missing fields are zero.
This allows forwards and backwards compatilibity between old and new
versions of both the Linux kernel and user space tooling.
Implement a similar scheme for the bpf() emulation.
* Return EPERM from bpf() if user is not privileged
On Linux, bpf() returns EPERM if the user doesn't have CAP_BPF. Return
the same error when the user isn't able to open the device handle.
* Prevent double activation
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* PR feedback and more asserts
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Fix test failures
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
---------
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
Co-authored-by: Alan Jowett <alan.jowett@microsoft.com>
* Switch to crc32 if available for hashing function
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Only do crc32 when keys are directly accessible
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Minimize branches and extra ALU ops
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
---------
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
Co-authored-by: Alan Jowett <alan.jowett@microsoft.com>
* Initial progress on function implementations.
* Moved code.
* Updated kernel project.
* Working on parallel user and kernel mode versions.
* Work in Progress.
* Added tests, added a lot.
* Cleaned up test code some, still doesn't build.
* Re-enabled some tests.
* Got a working set of tests, now to figure out what to do with this in the interim.
* Removing as-yet-unimplemented functions for now.
* Fixed a name.
* Doxygen fixes. Also removed a function header that'll be needed another time.
* Got down to one source file, got a build working in user mode.
* Renamed string_opts to ebpf_strings
* Corrected build issues, removed other extraneous comments.
* Fixed the test selection name, and suppressed an analysis error in a Windows header.
---------
Co-authored-by: Ben Lewis (REDMOND) <Ben.Lewis@microsoft.com>
windows_error_to_ebpf_result was renamed to
win32_error_code_to_ebpf_result moved to ebpf_utilities.h
back in 2022 but this comment was missed.
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
* Add VS Clang to path
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Fix tests
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Reformat using clang 17.0.3
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Account for git_commit_id.h dependency
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Revert https://github.com/microsoft/ebpf-for-windows/pull/3756 from this branch
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Make LLVM path dependent on cl.exe path
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Use VCINSTALLDIR as root of LLVM path
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Update hash and set path to use environment variable
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
---------
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
Co-authored-by: Alan Jowett <alan.jowett@microsoft.com>
* Move C++ hashing lib from tests/libs/util/ to libs/shared/
This puts hash.cpp/hash.h in a more central location for use by other project files.
* Set empty program name to hash of instructions
ebpf_program_load_bytes now hashes the instructions and uses that for the name
instead of generating a random number.
Closes#3443
* fix signed/unsigned warning (and ensure windows helper id >= 0)
* add bcrypt.dll dependency for ebpfapi.dll
* WIP new test case for ebpf_program_load_bytes with nullptr program name
* WIP ebpf_program_load_bytes testing
* truncate SHA256 hash to 63 bytes to stay under BPF_OBJ_NAME_LEN
* remove bcrypt from release dependencies and suppress analyze warning
* PR feedback - fix comment and bpf2c include paths
---------
Co-authored-by: Michael Agun <danielagun@microsoft.com>
Co-authored-by: Alan Jowett <alanjo@microsoft.com>
* Speedup ebpf_handle_table_terminate by avoiding acquire/release of lock
Signed-off-by: Alan Jowett (from Dev Box) <alanjo@microsoft.com>
* Add workaround for native module handle cleanup delay
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
---------
Signed-off-by: Alan Jowett (from Dev Box) <alanjo@microsoft.com>
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
Co-authored-by: Alan Jowett <alan.jowett@microsoft.com>
* Implement libbpf autoload APIs
Fixes#3555
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
* Suppress spurious compiler warning
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
* Fix test failure
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
* Update tests
Files with no program sections succeed loading
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
* Address PR comment from Anurag
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
* PR feedback
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
* Fix test
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
* Prevent changing prog type of a native program
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
* PR feedback
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
* Remove unused program_type from native load ioctl
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
* Update default autoload value
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
* PR feedback
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
* Fix test
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
* Add check to unit_test to match api_test
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
* Fix api_test
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
---------
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
* Allow multiple programs per section
Temporarily use a fork of ebpf-verifier until
https://github.com/vbpf/ebpf-verifier/pull/642 is merged.
Per https://stackoverflow.com/questions/13147170/attribute-always-inline-failing
the __attribute__((always_inline)) doesn't do anything unless you also
have the "inline" keyword.
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
* Update verifier to latest
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
* Address comment from Alan
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
* Address API compat comment from Anurag
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
---------
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
* change ebpf_extension_header_t to ebpf_version_header_t
* revert to ebpf_version_header_t
* revert to ebpf_version_header_t
* update header
* update doc
* update doc
* use total_size to get the actual struct size
* Apply suggestions from code review
Co-authored-by: Dave Thaler <dthaler1968@gmail.com>
---------
Co-authored-by: Dave Thaler <dthaler1968@gmail.com>
* Add option to control the level of verbosity emitted by verifier.
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Re-order enums to make normal < informational < verbose
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Apply suggestions from code review
Co-authored-by: Dave Thaler <dthaler1968@gmail.com>
* PR feedback
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Workaround for verifier failure #643
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Revert change in ebpf-service verification path
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
---------
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
Co-authored-by: Alan Jowett <alan.jowett@microsoft.com>
Co-authored-by: Dave Thaler <dthaler1968@gmail.com>
* Phase 1 of removing the rundown protection for invoke
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Fix SAL annotation error
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Phase 1 of removing the rundown protection for invoke
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Fix SAL annotation error
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Ensure that _ebpf_program_free always run outside of an epoch to prevent deadlocks
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Revert unrelated change
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* PR feedback and leak fix
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
---------
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
Co-authored-by: Alan Jowett <alan.jowett@microsoft.com>
* Update copyright to be eBPF for Windows contributors
Fixes#3507
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
* Undo gratuitous formatting changes in expected files
---------
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>