* Add coverage in bitmap, epoch, and ringbuffer.
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
Co-authored-by: Alan Jowett <alan.jowett@microsoft.com>
* WIP: Developer nuget package
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add bpf2c utility
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Build nupkg from within VisualStudio
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Don't use relative path to externals
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update props file in nuget package
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix include and library paths
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix debug build
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Co-authored-by: saxena-anurag <43585259+saxena-anurag@users.noreply.github.com>
* Remove ebpf_verify_program API
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Remove old test
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Cleanup runners
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Cleanup old artifacts
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
Co-authored-by: Alan Jowett <alan.jowett@microsoft.com>
* Extend fuzzing to other map types
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Limit fuzzing process memory
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Co-authored-by: saxena-anurag <43585259+saxena-anurag@users.noreply.github.com>
* Update test scripts
* Make KM runner execute bpftool tests
* Make the run_tests.bat script also execute bpftool tests
* Make deploy-ebpf.ps1 -t copy all files needed for testing
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix test
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix merge error
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Co-authored-by: saxena-anurag <43585259+saxena-anurag@users.noreply.github.com>
* Add initial bpftool tests and another libbpf test
And fix various bugs hit by the tests.
This PR only adds a couple of initial tests.
A future PR will add many more tests.
bpftool_tests.exe is meant to be run on a machine with the drivers
installed. A future PR will add it to the KM test runner in CI/CD.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix release build
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix test
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix test
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Send stderr to bpf2c_tests log
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update expected bpf2c output for map.o
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix bpf2c map output
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Co-authored-by: Alan Jowett <alanjo@microsoft.com>
Co-authored-by: saxena-anurag <43585259+saxena-anurag@users.noreply.github.com>
* Encode all program info types
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Expand hard coded program types and helper functions
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Fix tail_call_map verification failure
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Fix tail_call_map verification failure
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Call ebpf_verifier prior to code gen
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Resovle failures after merge
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Revert rollback of catch2
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* Fix reply id/length on failure in KM
And make UM and KM more closely follow the same logic to catch this sort
of bug in the future. Before this, UM would succeed and KM would fail,
and there were only UM tests for this case.
Fixes#946
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix device_helper.hpp
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix reply length
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Cleanup
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* PR feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Co-authored-by: Alan Jowett <alanjo@microsoft.com>
* remove dependabot from the fork.
* Revert "remove dependabot from the fork."
This reverts commit c542c6cd44.
* add sock_ops program and attach types.
* PR Feedback.
ebpf_get_next_map was obsoleted by standard libbpf apis
(specifically bpf_map_get_next_id and bpf_map_get_fd_by_id)
and isn't called by anything including test code.
This increases our code coverage percentage.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Co-authored-by: Alan Jowett <alanjo@microsoft.com>
* remove dependabot from the fork.
* Revert "remove dependabot from the fork."
This reverts commit c542c6cd44.
* Program info and hook NPI providers for sock_addr.
* Program info and hook NPI providers for sock_addr.
* PR Feedback.
* PR Feedback 2.
* wfp callout for sock_addr hook.
* PR Feedback.
* fix build break.
* add mock layer to test native module load
* Apply suggestions from code review
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* make unit_test dependent on dll projects
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
Co-authored-by: Alan Jowett <alanjo@microsoft.com>
* initial_commit
* fix build
* fix build
* fix build break due to merge
* debug build
* api changes, other changes
* bpf2c change to enmit program type, other fixes
* hydrate UM ebpf_object, other fixes
* remove logic to disable programs
* fixes
* fix sal
* build break
* build break
* fix sal errors
* fixes
* fix bpf2c_tests failure
* unload driver when program ref count becomes 0, other minor fixes
* fixes
* tail_call fixes, add test cases, other fixes
* build break
* build break
* code cleanup
* fix bad merge
* code cleanup
* code cleanup
* cleanup
* Apply suggestions from code review
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* cr comments
* Apply suggestions from code review
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* cr comments
* Apply suggestions from code review
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* cr comments
* cr comments
* Apply suggestions from code review
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* address cr comments
* Apply suggestions from code review
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* add tracing in ebpfcore, other fixes
* tracing
* add section for each map in sample
* do not delete the native service
* fix bad merge
* remove code to delete service, other fixes
* cr comments
* bpf2c should read and populate all the maps in ELF file
* add test case for creating map-in-map from native driver
* Apply suggestions from code review
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* cr comments
* add tracing for api code changes
* rename epbf_native_t to ebpf_native_module_t
* fix bad merge
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* Add BPF_PROG_TYPE_CGROUP_SOCK_ADDR program type and CGROUP_INET4/6_CONNECT/RECV_ACCEPT attach types.
* PR Feedback #1.
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* Enable building with Address Sanitizer
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Grab clang binaries
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Fix read overrun in map_crud_operations_lpm_trie_32
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Fix potential read of uninitialized memory
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Really fix read overrun
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Fix second overrun
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Remove RPC client test for now
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Apply suggestions from code review
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
Add an additional flag per CPU EBPF_EPOCH_PER_CPU_STALE.
This flag is accessed by ebpf_epoch_exit and by the flush timer.
This flag is set to on by the flush timer if the free_list is not empty.
This flag is set to off by ebpf_epoch_exit (if set).
If the flush timer sees this flag on and the free_list is not empty, then it will schedule an _ebpf_epoch_stale_worker DPC on the CPU (this DPC calls ebpf_epoch_enter/ebpf_epoch_exit).
Resolves: #813
Signed-off-by: Alan Jowett alanjo@microsoft.com
* Add mutual auth for RPC client / server.
RPC client and server should authenticate each other, to ensure:
Only admin client makes a call to ebpfsvc.
Client is talking only to ebpfsvc.
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Initial printk numeric args support
Also add a verification failure test case if trying to print a pointer
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add varargs support to printk
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Validate printk format specifiers
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Verify that printk specifier count and arg count match
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update doxygen docs
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Co-authored-by: saxena-anurag <43585259+saxena-anurag@users.noreply.github.com>
* Initial version of bpf_printk support
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Convert printk.c sample to use bind hook instead of xdp hook
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add wprp file to deployment script
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Unify UM and KM platforms as much as possible for printk support
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix annotation
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Work around compiler warning
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix comment
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix keyword
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix test when -s is used
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add test to trigger division by zero handler
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Fix bugcheck in interpreter on division by zero
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Pickup latest ebpf-verifier to resolve this issue
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Strip paths from netsh output
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Pickup latest ebpf-verifier changes
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Switch to run CI/CD on Server 2019 + VS2019
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Pickup fix for https://github.com/vbpf/ebpf-verifier/issues/306
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Pickup fix for https://github.com/vbpf/ebpf-verifier/issues/306
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* Allow attaching an XDP program to a specific ifindex
* Update tests since droppacket.o changed
* Add ifindex use back to droppacket.c for testing purposes
* Verify xdp program to unlink is actually an XDP program
* Add comment re moving xdp fd replace logic to execution context
* Add libbpf test and add support for bpf_xdp_query_id
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add option EBPF_JIT_ALWAYS_ON to permit building EC with no interpreter
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Add documentation on using compile time options
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Set EBPF_JIT_ALWAYS_ON for release builds
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Tests should expect interpret to fail if EBPF_JIT_ALWAYS_ON is defined
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Rename EBPF_JIT_ALWAYS_ON to CONFIG_BPF_JIT_ALWAYS_ON
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Tests should expect interpret to fail if EBPF_JIT_ALWAYS_ON is defined
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Update docs/GettingStarted.md
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* Load returns EBPF_PROGRAM_LOAD_FAILED
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Split up load into individual test cases
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Program load fails with EBPF_PROGRAM_LOAD_FAILED
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Skip tests that depend on interpret mode when it's disabled
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* Support map fds with bpf_load_program
Fixes#714
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Address code review feedback
Also do some code cleanup
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Address feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix driver verifier failure due to not setting the flag to indicate pages are locked
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Add initial infrastructure to trace function entry/exit in eBPF
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Offline feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Fix verifier false positive
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Rename win32 error code APIs for internal consistency
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update error mappings
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Replace unstable NTSTATUS code with a documented one
STATUS_FILE_NOT_SUPPORTED does not appear in MS-ERREF and support varies
by OS version so cannot be relied on. Replaced with
STATUS_INVALID_IMAGE_FORMAT.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Implement simple version of BPF_MAP_TYPE_STACK
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Update libs/execution_context/ebpf_maps.c
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* Update libs/execution_context/ebpf_maps.c
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* Fix rename of error code on merge
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* Add support for ebpf_ring_buffer_t construct to core platform
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Fix build break
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Eliminate undefined behavior around calculating remaining space
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Add performance test for LRU map
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Add additional test for BPF_MAP_TYPE_LRU_HASH
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* More bug fixes
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Fix build break
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* add auto-pinning option
* Apply suggestions from code review
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* Configure custom pin_root_path using bpf_object_open_opts
* use new api for map-in-map, remove pinning restriction for inner map, remove workaround for inner map id
* code cleanup
* cr comments
* Apply suggestions from code review
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* fix bad merge
Co-authored-by: Alan Jowett <alanjo@microsoft.com>
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* Add libbpf bpf_prog_bind_map() API
Fixes#379
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix SAL annotation
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix leak
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Address feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Make program lock protect the set of maps associated with the program
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Co-authored-by: Alan Jowett <alanjo@microsoft.com>
Co-authored-by: saxena-anurag <43585259+saxena-anurag@users.noreply.github.com>
* Add support for BPF_MAP_TYPE_QUEUE
* Expose bpf_map_lookup_and_delete_elem helper and API
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* Add libbpf bpf_create_map_in_map() API
* bpf_create_map() now fails for outer maps. You must use
bpf_create_map_in_map() instead.
* Fix bug where EBPF_INVALID_FD was incorrectly converted to
EBPF_INVALID_ARGUMENT by ioctl handling code (part of issue #595)
One symptom of this bug was that errno was being set to EINVAL
in a number of cases which should have been EBADF.
* Fix bug where a HASH_OF_MAPS (unlike ARRAY_OF_MAPS) wasn't enforcing
that an inner map value had to match the inner map template.
Refactored the code in ebpf_maps.c so the checking is in done in one
place called by both maps, to ensure consistency.
* Fix bug in HASH_OF_MAPS where if an update failed, it would leave
the old entry but incorrectly drop the reference it held. It now
preserves the reference since the entry is unchanged.
* Added test case for ARRAY_OF_MAPS created via libbpf. Previously
only HASH_OF_MAPS creation was tested for that path.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix bug caught by kernel test
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Addresses part of issue #595
A more comprehensive fix is left for a separate PR.
This PR fixes some bad error messages from bpftool.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix netsh "show maps" output
* Display correct inner map ID
* Display Map ID
* Display count of # paths pinned
* Correct "set program" help text
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix rebase
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Co-authored-by: Alan Jowett <alanjo@microsoft.com>
* Add libbpf bpf_create_map_xattr() API
Needed for bpftool and other apps
* Add bpf_create_map_xattr() which allows creating maps with extended
attributes such as name
* Remove unused ebpf_api_create_map()
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add option to pin all programs added and show links and maps
* "add programs" now supports the equivalent of bpftool's "prog loadall"
in addition to just "prog load"
* add "show links" netsh command
* expose "show maps" netsh command. It was partially implemented but
never exposed before.
* remove ebpf_map_query_definition() and test as being redundant with
bpf_obj_get_info_by_fd() (and in the future, a strongly typed one that
is map specific but different from the query map definition prototype)
* Fix bug where getting the next ID failed to check for index beyond
array size. And add test cases for it.
* Fix bug in ebpf_state.c where after enough tests ran it would start
returning EBPF_NO_MEMORY because _ebpf_state_next_index was never
reset.
Addresses #549
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Improve netsh show programs functionality
* Rename ebpf_get_next_pinned_program_name to ebpf_get_next_pinned_program_path for clarity
* Show link count and pinned path count
* Support "level=verbose" format
* Support filtering by attached and/or pinned
Fixes#188
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix bug where getting the next ID failed to check for index beyond array size.
* Fix bug in ebpf_state.c where after enough tests ran it would start
returning EBPF_NO_MEMORY because _ebpf_state_next_index was never reset.
The tests in PR #553 cover both of these bugs.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Co-authored-by: Alan Jowett <alanjo@microsoft.com>
* Add netsh capability to unpin programs
* The netsh "set program id=<id> pinned=" (with no value) will now unpin a
program from all paths
* The netsh "delete program <id>" will now unpin a program from all
paths before and releasing any reference held by netsh itself
* Make the "attached=<string>" argument to netsh set programs work
with a section name like string
* Add libbpf api bpf_obj_get()
* Add ebpf_get_next_pinned_program_name() API to enumerate pinned
programs
Fixes#190#373
This is required for #188 which will update the "show programs"
and also add an option to "add program" to pin all programs rather
than just the first one in a file, like bpftool has such an option.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update mock netsh behavior since PR 540 changed the underlying requirements
PreprocessCommand now correctly matches tags so you can specify a later
optional tag without having to specify earlier optional tags
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add libpf's libbpf_prog_type_by_name() API
And add an ebpf_get_program_type_by_name() that returns the GUIDs
instead of ints.
This also removes the hard-coding of GUIDs or ints from the netsh
helper.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update netsh commands to use more standard libbpf apis
* Add support for libbpf bpf_obj_pin() API
* Add support for libbpf bpf_object__next() API
* Rename BPF_{PROG,ATTACH}_TYPE_UNKNOWN to ...UNSPEC for libbpf compat
* Remove now-unused handle APIs ebpf_api_load_program and
ebpf_api_pin_object, which is part of issue #383
* netsh set/delete program now uses the ID to identify the program,
like bpftool does, so that it can work even if the program wasn't
loaded from an ELF file
Fixes#191
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add support for libbpf bpf_obj_get_info_by_fd API
This is the last libbpf api needed to enable the bpftool
flow to detach an already loaded program.
The count of maps is changed from size_t to uint32_t for
consistency with libbpf and because it's not actually a size
in the sizeof() sense, it's a count in the countof() sense.
Also fix bug where map_name was never being set in the kernel
Fixes#372
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Updated the map_in_map.c test to use HASH instead of ARRAY as the inner
map type, to make it possible to test key_size mismatch (since key_size
must be 4 for all ARRAY maps, it can't be tested with ARRAY).
Fixes#507
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add object IDs
Add support for the following libbpf APIs:
* bpf_{link,map,prog}_get_fd_by_id
* bpf_{link,map,prog}_get_next_id
Addresses the main part of #396.
A subsequent PR will handle the rest of 396 which includes:
* remove "extra_value" complexity from maps
The changes in api_common.hpp and libbpf_internal.h are from PR 482 and so will go
away in a rebase once that PR is merged.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Address PR feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Address PR feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Address PR feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add bpf_link_detach and bpf_link__fd APIs
Fixes#372
Addresses leftover TODO comments referencing issue 81.
Fixes bug where errno was not being set to correct errno values
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Libbpf has bpf_helpers.h which is mostly platform-agnostic, and
bpf_helper_defs.h which is platform-specific but is included
by bpf_helpers.h. Until libbpf is made more platform-agnostic
(issue #351), the workaround is to have a separate pair of files.
Our bpf_helpers.h and our own bpf_helper_defs.h, both of which
would ideally be merged into libbpf's in the future.
Platform-specific defines are in ebpf_struct.h, though that
name may need to change later on. Linux uses "linux/bpf.h"
(e.g., as used in the https://docs.cilium.io/en/v1.8/bpf/ and
https://developers.redhat.com/blog/2021/04/01/get-started-with-xdp
articles) or "vmlinux.h" (e.g., as used in the
https://ruderich.org/simon/notes/xdp-minimal-example article),
and these filenames are hard coded in eBPF programs. In the future,
we should probably settle on a cross-platform name and use include
paths to distinguish them, as opposed to requiring ifdefs in eBPF
programs. However, all of that is part of issue 351 and not this
issue.
Also removed obsolete/unused "repro.c" from tests/samples
Fixes#426
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Co-authored-by: Alan Jowett <alanjo@microsoft.com>
* Set ProcDump64 as Just-In-Time debugger and set to capture dumps.
Fail test if dumps are generated.
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Fix epoch bugs and add performance tests
* Align ebpf_epoch_cpu_entry_t to CPU cache size to avoid false sharing
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* Add map-in-map type checking
This PR enforces that all inner maps must be of the same type
as the inner map template used for verification. Other fields
might need to match too, and if so those will be updated in
a subsequent PR once it is confirmed which fields must match.
A few pieces of this PR related to map_id are prerequisites
for issue #396 which will add IDs for programs, maps, and links.
Finally, there are multiple definitions of bpf_map, since the
version used to write eBPF programs is different from what is
stored in memory (which uses map IDs) so to avoid confusion in
code and allow the compiler to do type checking to catch some
bugs, this splits ebpf_map_definition_t into two, one for
in_memory and one for in_file (meaning in an eBPF program).
This will also allow the future PR for issue 396 to be more
understandable, but also aids clarity in some parts of this PR.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update Getting Started to recommend current release version of Clang/LLVM
Clang-format behaves differently depending on the version of Clang installed.
Update getting started guide to recommend Clang / LLVM 10.0.0.
Update the development guide to indicate that Clang 10 or higher is required for consistent formatting.
Reformat all code using Clang 10.0.0
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Add tests for libbpf bpf_map_*_elem APIs
* Return correct error between EBPF_OBJECT_ALREADY_EXISTS (A program or
map is already pinned with the *same* path) vs
EBPF_ALREADY_PINNED (The program or map already pinned to a *different*
path).
* Update vs lookup elem were inconsistent in whether returning
EBPF_KEY_NOT_FOUND vs EBPF_INVALID_ARGUMENT when passing an array
index >= max_entries. Made them be consistent in using
EBPF_INVALID_ARGUMENT.
Fixes#376
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add map-in-map support
Replace UM ebpf_map_update/delete_element with libbpf-compliant
bpf_map_update/delete_elem
This adds the basic functionality needed for #375
Not in this PR, but in a subsequent PR:
* ensure that all inner maps match the one specified by inner_map_idx,
much like prog_types have to match in a prog_array.
* ensure that putting a prog_array in an array of maps adheres to the
prog_array contract that any associated progs have to match the
type of the calling program.
* read a map id not fd when UM reads the value (will be done together
with issue #396 since also affects prog_arrays)
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Switch to hash table from AVL.
Lock free in the presence of epoch allocator.
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
Since there is a name conflict between KM helpers and UM libbpf APIs,
the end-to-end tests need to _not_ include the KM helper prototypes,
so removed ebpf_helpers.h from ebpf.h and made samples include it
directly.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Prevent mismatched program types in PROG_ARRAY maps
* Each prog array map has a natural progtype, determined when
asociating it from a program, or when adding the first program
to it, if not associated with any program.
* Trying to add a program with mismatching type will fail
* Added libbpf bpf_create_map() API
* Fixed error returns from several libbpf APIs to be negative
* For efficiency, ebpf_program_get_properties now returns a
pointer rather than copying the data inside the execution
context, and is renamed to ebpf_program_get_parameters()
to match what its return type always was.
* Fixed a bug in map size calculation that resulted in a huge
amount of memory being allocated
* Updated return type of bpf_tail_call to the value meant
to signal stack unwind needed
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Test Extension Part 2
* rename test extension to sample extension and update Getting-started doc.
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* Add prog array map type and bpf_tail_call()
This also fixes a bug where bpf_object__find_program_by_name
could only find the first program because program->object
was always null.
Also fixes tests to correctly use a signed int for what hooks return,
instead of an unsigned int.
Not done in this PR, but will be in a separate PR:
* make tail call replace stack frame instead of simply calling into the callee
* limit number of tail calls to 32
* require the same program type for caller and callee
* test with load byte array instead of from a file
Addresses part of #344
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Address PR feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Address PR feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add missing file
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Disable warning due to C enum types used in C++
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* add UNLINK operation
* Some fixes:
1. Added attach_lock to synchronize multiple detach calls on same link object.
2. ebpf_extension_unload() should be called from ebpf_link_detach_program()
3. Changed return type of ebpf_program_get_properties to void.
* Update libs/execution_context/ebpf_program.c
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* Libbpf API compatibility
Libbpf is incorporated as a submodule just for the header file.
As discussed in issue #84, we cannot currently use the implementation
since it is very Linux and GCC specific.
This PR also fixes a bug where the user-mode API was calling
CloseHandle directly instead of Platform::CloseHandle which is needed
to make tests work with the mock platform.
Addresses #84
Some code will be cleaner once issue #81 is done
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Previously some places had "info" and some had "information".
Both appear in dictionaries, so guidance to avoid abbreviations does not apply.
Fixes#314
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Switch from _Pre_maybenull_ to _In_opt_
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Fix C6011
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Fix C6011 in PreprocessCommand
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Fix a couple bugs that the tests uncovered
Remove duplicate "error: error:" prefix in messages on verification
Fixes#240
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
Co-authored-by: Alan Jowett <alanjo@microsoft.com>
* Make a couple of `_In_` arguments be const
* Add `_opt_` to a number of arguments that can be NULL
* Add SAL annotation to a few more APIs that were missing it
* Remove annotations like
`_Pre_readable_byte_size_(hash_table->key_size)` since they just give
code analysis warnings such as:
```
c:\git\dthaler\ebpf-for-windows\libs\platform\ebpf_platform.h(445):
warning C28230: The type of '_Param_(1)' has no member 'key_size'.
c:\git\dthaler\ebpf-for-windows\libs\platform\ebpf_platform.h(445):
warning C28285: For function 'ebpf_hash_table_delete' '_Param_(2)'
syntax error in
'SAL_readableTo(byteCount(__formal(0,hash_table)->key_size))' near
'key_size))'.
```
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
Remove duplicate types:
* ebpf_helper_return_type_t
* ebpf_helper_argument_type_t
* ebpf_context_descriptor_t
https://github.com/vbpf/ebpf-verifier/pull/238 already made the
necessary changes in the PREVAIL project, which got rid of the
issue with VOID and so the 'undef VOID' workarounds are removed
in the present PR.
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
* Create an install script rather than having to manually do lots
of steps
* Make Debug build use vcruntime as static libs to avoid adding
another prerequisite on a machine before installing eBPF. This
isn't required for Release builds as vcruntime release DLLs
are part of Windows, unlike vcruntime debug DLLs
Fixes#248
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
* First pass of adding SAL annotations
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Finish annotating platform
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Cleanup annotation to get lock tracking work correctly
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback and fix static analysis issues
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Fix build break from merge
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Simplify names of some ebpf_result codes
* Remove _ERROR_ for consistency
* Combine EBPF_INVALID_HANDLE and EBPF_INVALID_OBJECT
* Rename EBPF_ERROR_NOT_FOUND to EBPF_KEY_NOT_FOUND for consistency with the associated description.
* Change code that returned EBPF_ERROR_NOT_FOUND for a case other than a
key, to use a different appropriate result, so the description stays correct.
Fixes#212
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
* Synchonize client detach and hook invocation
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Check for detached program before invoking
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>