* Add map-in-map type checking
This PR enforces that all inner maps must be of the same type
as the inner map template used for verification. Other fields
might need to match too, and if so those will be updated in
a subsequent PR once it is confirmed which fields must match.
A few pieces of this PR related to map_id are prerequisites
for issue #396 which will add IDs for programs, maps, and links.
Finally, there are multiple definitions of bpf_map, since the
version used to write eBPF programs is different from what is
stored in memory (which uses map IDs) so to avoid confusion in
code and allow the compiler to do type checking to catch some
bugs, this splits ebpf_map_definition_t into two, one for
in_memory and one for in_file (meaning in an eBPF program).
This will also allow the future PR for issue 396 to be more
understandable, but also aids clarity in some parts of this PR.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update Getting Started to recommend current release version of Clang/LLVM
Clang-format behaves differently depending on the version of Clang installed.
Update getting started guide to recommend Clang / LLVM 10.0.0.
Update the development guide to indicate that Clang 10 or higher is required for consistent formatting.
Reformat all code using Clang 10.0.0
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Add tests for libbpf bpf_map_*_elem APIs
* Return correct error between EBPF_OBJECT_ALREADY_EXISTS (A program or
map is already pinned with the *same* path) vs
EBPF_ALREADY_PINNED (The program or map already pinned to a *different*
path).
* Update vs lookup elem were inconsistent in whether returning
EBPF_KEY_NOT_FOUND vs EBPF_INVALID_ARGUMENT when passing an array
index >= max_entries. Made them be consistent in using
EBPF_INVALID_ARGUMENT.
Fixes#376
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add map-in-map support
Replace UM ebpf_map_update/delete_element with libbpf-compliant
bpf_map_update/delete_elem
This adds the basic functionality needed for #375
Not in this PR, but in a subsequent PR:
* ensure that all inner maps match the one specified by inner_map_idx,
much like prog_types have to match in a prog_array.
* ensure that putting a prog_array in an array of maps adheres to the
prog_array contract that any associated progs have to match the
type of the calling program.
* read a map id not fd when UM reads the value (will be done together
with issue #396 since also affects prog_arrays)
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Switch to hash table from AVL.
Lock free in the presence of epoch allocator.
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
Since there is a name conflict between KM helpers and UM libbpf APIs,
the end-to-end tests need to _not_ include the KM helper prototypes,
so removed ebpf_helpers.h from ebpf.h and made samples include it
directly.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Prevent mismatched program types in PROG_ARRAY maps
* Each prog array map has a natural progtype, determined when
asociating it from a program, or when adding the first program
to it, if not associated with any program.
* Trying to add a program with mismatching type will fail
* Added libbpf bpf_create_map() API
* Fixed error returns from several libbpf APIs to be negative
* For efficiency, ebpf_program_get_properties now returns a
pointer rather than copying the data inside the execution
context, and is renamed to ebpf_program_get_parameters()
to match what its return type always was.
* Fixed a bug in map size calculation that resulted in a huge
amount of memory being allocated
* Updated return type of bpf_tail_call to the value meant
to signal stack unwind needed
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Test Extension Part 2
* rename test extension to sample extension and update Getting-started doc.
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* Add prog array map type and bpf_tail_call()
This also fixes a bug where bpf_object__find_program_by_name
could only find the first program because program->object
was always null.
Also fixes tests to correctly use a signed int for what hooks return,
instead of an unsigned int.
Not done in this PR, but will be in a separate PR:
* make tail call replace stack frame instead of simply calling into the callee
* limit number of tail calls to 32
* require the same program type for caller and callee
* test with load byte array instead of from a file
Addresses part of #344
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Address PR feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Address PR feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add missing file
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Disable warning due to C enum types used in C++
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* add UNLINK operation
* Some fixes:
1. Added attach_lock to synchronize multiple detach calls on same link object.
2. ebpf_extension_unload() should be called from ebpf_link_detach_program()
3. Changed return type of ebpf_program_get_properties to void.
* Update libs/execution_context/ebpf_program.c
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* Libbpf API compatibility
Libbpf is incorporated as a submodule just for the header file.
As discussed in issue #84, we cannot currently use the implementation
since it is very Linux and GCC specific.
This PR also fixes a bug where the user-mode API was calling
CloseHandle directly instead of Platform::CloseHandle which is needed
to make tests work with the mock platform.
Addresses #84
Some code will be cleaner once issue #81 is done
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Previously some places had "info" and some had "information".
Both appear in dictionaries, so guidance to avoid abbreviations does not apply.
Fixes#314
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Switch from _Pre_maybenull_ to _In_opt_
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Fix C6011
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Fix C6011 in PreprocessCommand
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Fix a couple bugs that the tests uncovered
Remove duplicate "error: error:" prefix in messages on verification
Fixes#240
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
Co-authored-by: Alan Jowett <alanjo@microsoft.com>
* Make a couple of `_In_` arguments be const
* Add `_opt_` to a number of arguments that can be NULL
* Add SAL annotation to a few more APIs that were missing it
* Remove annotations like
`_Pre_readable_byte_size_(hash_table->key_size)` since they just give
code analysis warnings such as:
```
c:\git\dthaler\ebpf-for-windows\libs\platform\ebpf_platform.h(445):
warning C28230: The type of '_Param_(1)' has no member 'key_size'.
c:\git\dthaler\ebpf-for-windows\libs\platform\ebpf_platform.h(445):
warning C28285: For function 'ebpf_hash_table_delete' '_Param_(2)'
syntax error in
'SAL_readableTo(byteCount(__formal(0,hash_table)->key_size))' near
'key_size))'.
```
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
Remove duplicate types:
* ebpf_helper_return_type_t
* ebpf_helper_argument_type_t
* ebpf_context_descriptor_t
https://github.com/vbpf/ebpf-verifier/pull/238 already made the
necessary changes in the PREVAIL project, which got rid of the
issue with VOID and so the 'undef VOID' workarounds are removed
in the present PR.
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
* Create an install script rather than having to manually do lots
of steps
* Make Debug build use vcruntime as static libs to avoid adding
another prerequisite on a machine before installing eBPF. This
isn't required for Release builds as vcruntime release DLLs
are part of Windows, unlike vcruntime debug DLLs
Fixes#248
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
* First pass of adding SAL annotations
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Finish annotating platform
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Cleanup annotation to get lock tracking work correctly
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback and fix static analysis issues
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Fix build break from merge
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Simplify names of some ebpf_result codes
* Remove _ERROR_ for consistency
* Combine EBPF_INVALID_HANDLE and EBPF_INVALID_OBJECT
* Rename EBPF_ERROR_NOT_FOUND to EBPF_KEY_NOT_FOUND for consistency with the associated description.
* Change code that returned EBPF_ERROR_NOT_FOUND for a case other than a
key, to use a different appropriate result, so the description stays correct.
Fixes#212
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
* Synchonize client detach and hook invocation
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Check for detached program before invoking
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Remove allocations from executable memory pool
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Add direction to doxygen
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Clarify use of 4096 as page size
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Pinning a program requires a name to pin to
* The load program API doesn't correctly deal with an empty section name
(it does use the first section but then tells the execution context
that the section name is empty instead of the chosen one), so for now
require the section name in any "add program" command
* Allow netsh to hold references on multiple programs
* Fix handle leak in "show programs"
* Implement ability to pin a program, but unpinning requires
a way to look up what a program was pinned to, and no such
API exists currently.
* Implement filtering "show programs" output by filename and section
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
Co-authored-by: Alan Jowett <alanjo@microsoft.com>
* Add LLVM for code generation proposal
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Revert "Add LLVM for code generation proposal"
This reverts commit cd896afd94.
* Free program object on epoch end
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Fix log function
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Workaround for VS2019 update 16.10.0
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Use correct API to map pages to system va
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback & verifier bug fixes
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Add LLVM for code generation proposal
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Revert "Add LLVM for code generation proposal"
This reverts commit cd896afd94.
* Add support for running work-item on epoch end
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Since the program type changed from int to GUID the display has been
broken (it displays a useless pointer value). This fix makes it display
the string name of the type.
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
The IDL was generating MIDL2279 because it used const on an [out] param,
which is warned against since RPC marshaling copies the result into new
memory. See https://marc.info/?l=ms-dcom&m=103440617317922 for some
discussion.
Other changes should hopefully be obvious.
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
* Eliminate need for _unwind_helper
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Fix build break
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* Update driver to return ebpf_program_data_t to verifier
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Fix typo in comment
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* Create unit test for execution context
* Split out platform unit tests
* Call UT as part of CI/CD pipeline
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* First draft of code to serialize EBPF program info
* Add code to encode program information from extension
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Add support for notifying on provider change
* Build trampoline functions for relocation of provider helper functions
Resolves: #135Resolves: #133
Signed-off-by: Alan Jowett <alanjo@microsoft.com>