* Add support for notifying on provider change
* Build trampoline functions for relocation of provider helper functions
Resolves: #135Resolves: #133
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
This PR is the result of running "./scripts/format-code.ps1"
There are no manual changes in this PR
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
* EbpfApi should first load the program, then create ebpf_program_t and then finally verify
Resolves: #127
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Update src/ebpf/libs/execution_context/ebpf_program.c
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* Fix build break
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
Verify handles are from correct driver
Resolves: #116
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
ebpf_program_t should take a reference on ebpf_map_t object that it uses.
Resolves: #112
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* Pickup changes from upstream ubpf
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Add ebpf_handle_kernel.c to interface with Windows object manager to manage lifetimes.
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Fix pool corruption and memory leak
Resolves: #107
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* Add support for invoking NMR to register client and providers.
Load global helper functions as extensions.
Create user-mode mocks to test extension loading.
Resolves: #80
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Create ebpf_program_t as first class object
Refactor old code in ebpf_core.c into new ebpf_program.c
Switch code in ebpf_core.c to call new code in ebpf_program.c
Resolves: #61
Signed-off-by: Alan Jowett alanjo@microsoft.com
An ebpf_hook_instance represents the connection between an ebpf program and a attach point.
Signed-off-by: Alan Jowett alanjo@microsoft.com
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* Switch ebpf_epoch to use WDM standard linked list functions.
Store free entries in incresing epoch to speed cleanup.
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Can't rely on initial 0 epoch to determine that a CPU isn't actively running eBPF programs.
Resolves: #51 (#52)
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Document how to run kernel driver on Windows.
Resolves: 28
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* Add epoch logic to handle run down of map entries.
Integrate with execution context to invoke epoch_enter/epoch_exit on entry/exit of execution context.
Resolve: #24
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
Pick up change to ebpf-verifier that potentially shaves a couple of minutes off the time needed for a CI pass
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>