The current implementation of bpf_obj_get doesn't follow libbpf semantics,
because it always returns -1 on error, instead of returning the negative
error number.
This is especially noticeable when trying to open a non-existant object,
which should return -ENOENT.
See caa17bdcbf/src/bpf.c (L625-L626)
On Linux, -1 is a commonly used value for "invalid fd". As such it makes more
sense to return EBADF instead of EINVAL from object related API when a negative
fd is passed.
_get_handle_from_file_descriptor() returns ERROR_INVALID_HANDLE, which turns into
EBADF via the various compat layers. We can therefore simply remove the <= 0 check.
* bpf(): do not return errors via errno
The Linux ABI returns all syscall errors via the function return value,
not via errno.
Fixes https://github.com/microsoft/ebpf-for-windows/issues/3749
* Allow detecting if bpf() command is not implemented
Use SetLastError to indicate to callers that a bpf() command is not
implemented. This avoids polluting the bpf() return value with
platform specific error returns while still allowing detection of
this important case.
* Add forwards and backwards compatibility to bpf() emulation
On Linux, bpf() accepts a bpf_attr which is larger than what the
syscall expects, as long as the unknown fields are all 0. It also
accepts a bpf_attr which is smaller than what it expects, by assuming
that all missing fields are zero.
This allows forwards and backwards compatilibity between old and new
versions of both the Linux kernel and user space tooling.
Implement a similar scheme for the bpf() emulation.
* Return EPERM from bpf() if user is not privileged
On Linux, bpf() returns EPERM if the user doesn't have CAP_BPF. Return
the same error when the user isn't able to open the device handle.
* Add VS Clang to path
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Fix tests
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Reformat using clang 17.0.3
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Account for git_commit_id.h dependency
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Revert https://github.com/microsoft/ebpf-for-windows/pull/3756 from this branch
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Make LLVM path dependent on cl.exe path
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Use VCINSTALLDIR as root of LLVM path
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Update hash and set path to use environment variable
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
---------
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
Co-authored-by: Alan Jowett <alan.jowett@microsoft.com>
* Move C++ hashing lib from tests/libs/util/ to libs/shared/
This puts hash.cpp/hash.h in a more central location for use by other project files.
* Set empty program name to hash of instructions
ebpf_program_load_bytes now hashes the instructions and uses that for the name
instead of generating a random number.
Closes#3443
* fix signed/unsigned warning (and ensure windows helper id >= 0)
* add bcrypt.dll dependency for ebpfapi.dll
* WIP new test case for ebpf_program_load_bytes with nullptr program name
* WIP ebpf_program_load_bytes testing
* truncate SHA256 hash to 63 bytes to stay under BPF_OBJ_NAME_LEN
* remove bcrypt from release dependencies and suppress analyze warning
* PR feedback - fix comment and bpf2c include paths
---------
Co-authored-by: Michael Agun <danielagun@microsoft.com>
Co-authored-by: Alan Jowett <alanjo@microsoft.com>
* Implement libbpf autoload APIs
Fixes#3555
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
* Suppress spurious compiler warning
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
* Fix test failure
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
* Update tests
Files with no program sections succeed loading
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
* Address PR comment from Anurag
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
* PR feedback
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
* Fix test
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
* Prevent changing prog type of a native program
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
* PR feedback
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
* Remove unused program_type from native load ioctl
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
* Update default autoload value
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
* PR feedback
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
* Fix test
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
* Add check to unit_test to match api_test
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
* Fix api_test
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
---------
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
* Allow multiple programs per section
Temporarily use a fork of ebpf-verifier until
https://github.com/vbpf/ebpf-verifier/pull/642 is merged.
Per https://stackoverflow.com/questions/13147170/attribute-always-inline-failing
the __attribute__((always_inline)) doesn't do anything unless you also
have the "inline" keyword.
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
* Update verifier to latest
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
* Address comment from Alan
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
* Address API compat comment from Anurag
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
---------
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
* Add option to control the level of verbosity emitted by verifier.
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Re-order enums to make normal < informational < verbose
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Apply suggestions from code review
Co-authored-by: Dave Thaler <dthaler1968@gmail.com>
* PR feedback
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Workaround for verifier failure #643
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Revert change in ebpf-service verification path
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
---------
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
Co-authored-by: Alan Jowett <alan.jowett@microsoft.com>
Co-authored-by: Dave Thaler <dthaler1968@gmail.com>
* Update copyright to be eBPF for Windows contributors
Fixes#3507
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
* Undo gratuitous formatting changes in expected files
---------
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
* Attempt to run the fuzzed BPF program
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
---------
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
Co-authored-by: Alan Jowett <alan.jowett@microsoft.com>
* Switch synchronous thread to thread_local storage
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Add dedicated calls to cleanup device handles on thread attach/detach
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Add dedicate test to stress device handling
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
---------
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
Co-authored-by: Alan Jowett <alan.jowett@microsoft.com>
* Eliminate calls with FILE_FLAG_OVERLAPPED set, but no overlapped
Signed-off-by: Alan Jowett (from Dev Box) <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett (from Dev Box) <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett (from Dev Box) <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
---------
Signed-off-by: Alan Jowett (from Dev Box) <alanjo@microsoft.com>
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
Co-authored-by: Alan Jowett <alan.jowett@microsoft.com>
* Wrap all noexcept calls in try/except to catch out of memory
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
---------
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
Co-authored-by: Alan Jowett <alan.jowett@microsoft.com>
* build ebpfcore under usersim
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Work around analysis warnings
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix installer project
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Temporarily use ubpf branch with memory fix
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* WIP
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* WIP
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Create project for files shared between ebpfapi and the ebpf runtime
Move existing files from libs/platform either to:
* libs/shared, if meant to be common between user-mode and ebpf runtime
* libs/runtime, if meant to be used by the ebpf runtime only (whether in
user or kernel mode)
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Move ebpf_tracelog.c to shared
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Create shared_user and shared_kernel projects
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* WIP
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* WIP
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Remove usersim from ebpfsvc
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update to cxplat branch of usersim
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Use cxplat_utf8_string
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Cleanup
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix build errors
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix ebpf_allocate_with_tag
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fixes
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Bug fixes
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix use of ebpf_reallocate to not pass a null pointer
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix printf tests
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix memory leaks
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Temporary change to help debug double-free in test
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update to latest usersim
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix analysis warnings
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update to latest usersim
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update usersim to latest
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Change native module to use latest usersim
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update nuget package
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Only call cxplat_cleanup if cxplat_initialize succeeds
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Revert setup_build.vcxproj change
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update usersim to latest
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
---------
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
Co-authored-by: Alan Jowett <alan.jowett@microsoft.com>
* Sort programs to match bpf2c
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Fix sort order
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Sort by section, then program name
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Fix code analysis failure
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
---------
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
Co-authored-by: Alan Jowett <alan.jowett@microsoft.com>
Other projects can now consume ebpf-for-windows in binary form,
using either nuget or MSI install. We no longer need to build
ebpf-for-windows both ways, so removing the cmake build to free
up build resources and reduce the development cost of maintaining
both msbuild and cmake builds.
Fixes#2743
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update to use latest usersim
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* build ebpfcore under usersim
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update usersim to latest
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix compilation
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Work around analysis warnings
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix installer project
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix memory issues in libbpf implementation
Found my latest usersim code
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update usersim to latest
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix mismatched calloc/free function in ubpf_user.c
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix mismatched alloc/free in verifier_fuzzer
The verifier_fuzzer used ebpf_allocate() but then called free()
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Temporarily use ubpf branch with memory fix
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix memory issues in ebpfsvc
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* PR feedback from Anurag
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
---------
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add map_in_map_legacy.c
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Make bpf2c maps parser match verifier's maps parser
The verifier will parse "maps/*" sections, and is able to deal with
maps sections with various record sizes. This PR updates bpf2c to
use the same algorithm. In the future it would be good to refactor
the verifier so the same code can be used.
Fixes#900
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Make tests pass
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* PR feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Rename map_in_map_* samples
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix BTF ID resolution
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* PR feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Cleanup
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Bug fixes
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add doc fix
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update verifier
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Updates for libbtf
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Use libbtf
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix sanitize build by using updated libbtf
Temporarily point to fork until https://github.com/vbpf/ebpf-verifier/pull/515
is merged, so we can verify the fix in CI/CD.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update ebpf-verifier
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* PR feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
---------
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Use usersim repo
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Remove DISPATCH test code from _preprocess_load_native_module
Per Anurag: the code was added earlier to execute the 2 paths in
native module, and it is not needed anmore IIRC, as the "DISPATCH"
code has been removed now from the native module
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Bug fixes
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Unify some APIs
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix warnings and clean up code
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* updated
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
---------
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Remove JIT and interpreter code from NativeOnly builds
Fixes#2030Fixes#2488
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Try conditional project references
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Various test fixes
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Native-only fixes to deploy-ebpf.ps1
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Native-only support for setup-ebpf.ps1
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Native-only support for api_test.exe
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add connect_redirect_tests to deploy-ebpf.ps1
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* PR feedback from Anurag
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
---------
Signed-off-by: Dave Thaler <dthaler@microsoft.com>