ebpf-for-windows/libs/execution_context
Shankar Seal b2757bce8e
Fuzzing bug fixes (#3989)
* wip

* Merged PR 28837: Fix CICD

Fix CICD build failures.

* wip

* wip

* Revert "wip"

This reverts commit e7311fef62.

* sync

* sync

* sync

* feedback

* draft

* sync

* sync

* draft

* wip

* nit

* wip

* wip

* wip

* wip

* wip

* wip

* nit

* add AKS evn detection, add TBD check eBPF usage on uninstall

* wip

* Merged PR 30605: Bump bpf_conformance to 0.6.0 to unblock conformance testing

Bump bpf_conformance to 0.6.0 to unblock conformance testing

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

* Merged PR 30598: Add new onefuzz task to perform continual fuzzing of eBPF for Windows

Add new onefuzz task to perform continual fuzzing of eBPF for Windows

* Merged PR 30633: Add missing bug filing info for netebpfext

Add missing bug filing info for netebpfext

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

* Merged PR 30634: Add codecoverage for fuzzing pipeline

Add codecoverage for fuzzing pipeline

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

* wip

* Merged PR 30808: Apply correct fuzzer settings

Apply correct fuzzer settings

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

* Merged PR 30804: Fix division by zero in batch delete.

Fix division by zero in batch delete:
`input_count = key_length / map_definition->key_size;`

Related work items: #159139

* Merged PR 30814: Fix OneFuzzConfig.json to fuzz feature/security_fix and correctly assign bugs

Fix OneFuzzConfig.json to fuzz feature/security_fix and correctly assign bugs

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

* Merged PR 30825: Reformat IOCTL fuzzing seed to include reply length

Reformat IOCTL fuzzing seed to include reply length and regenerate corpus.

Issue:
The fuzzer was always setting an invalid reply length, even for "good" cases. This results in many paths being blocked because reply length != expected reply length in ebpf_core_invoke_protocol_handler.

By including the correct reply length in the seed, we permit the fuzzer to explore more code spaces.

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

* Merged PR 30880: Add ASAN_OPTIONS=allocator_may_return_null=1

Add ASAN_OPTIONS=allocator_may_return_null=1

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

* Merged PR 30890: Run all libfuzzers in OneFuzz on the feature/security_fix branch

Run all libfuzzers in OneFuzz on the feature/security_fix branch

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

* Merged PR 30897: _ebpf_program_load_byte_code should reject zero length eBPF programs

_ebpf_program_load_byte_code should reject zero length eBPF programs

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

* Merged PR 30922: Improve verifier coverage by permitting more program types to run.

Improve verifier coverage by permitting more program types to run.

Due to context create for sample program type, all calls to prog run for a sample program fail with minimal coverage.

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

* Merged PR 30905: Prevent fuzzer from triggering long running bpf_prog_test_run

The execution_context_fuzzer can get hung on executing a BPF program if it fuzzes the iteration count to a huge value, resulting in the test timing out after several minutes. This slows the rate of useful fuzzing.

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

* Fix buffer overflow in ebpf_program_get_info

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

* Workaround for verifier bug

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

* Fix division by zero in _ebpf_core_protocol_map_update_element_batch

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

* Merged PR 30956: Improve code coverage of execution context fuzzer

During creation of the various map types, creation of several map types was failing, preventing fuzzing of those maps.

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

* Merged PR 30819: Check LPM key length

Check LPM key length

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

Related work items: #159141

* Merged PR 30971: Remove PATs from onefuzz task.

As per guidance from the OneFuzz team, a PAT is no longer required, so switch to the new option.

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

* Merged PR 30991: Prevent ebpf_program_t from switching between JIT and interpreter

Prevent ebpf_program_t from switching between JIT and interpreter.

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

* Merged PR 30992: Improve execution context fuzzer - add link object and speed up fuzzing

Improve execution context fuzzer - add link object and speed up fuzzing

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

* Merged PR 30993: Make helper fuzzer more generic

1. Remove dependency on ebpf_program_t.
2. Bind directly to program info provider.
3. Move ebpf_core_initiate/terminate to global.

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

* Merged PR 31238: Fix assigned to in .onefuzz\OneFuzzConfig.json

Fix assigned to in .onefuzz\OneFuzzConfig.json

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

* Merged PR 31250: Merge main into feature/security_fix

* Merged PR 31358: Add HLK playlist link to the HLK documentation.

Add playlist link, whitespace optimizations.

* Merged PR 31516: Disable onefuzz on main

Disable onefuzz on main

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

* Merged PR 30823: Quick-guide: how to debug an eBPF program

This is a quick guide on how to use WinDbg to debug kernel code on a target machine.

* add checks for code_type

* Merged PR 31674: Update netebpfext bind context app_id truncation logic for safety

_net_ebpf_ext_resource_truncate_appid made some assumptions about the input data it received. In theory, improper data could be passed into ebpf, which could potentially cause a buffer overrun/crash. Additional checks were added to ensure safety of the truncation logic, even if improper input was passed.

Additional test cases were added to ensure the truncation logic was safe and validating improper input.

Related work items: #159406

* Merged PR 30986: Add LPM map unit tests, fix lookup and input checking bugs

## Description

This improves and adds ebpf map unit testing and fixes some bugs.

Changes:
- `_create_lpm_map`: fixes length calculation for key size bitmap
  - `max_prefix` should be the passed value, bitmap size gets `+1` to account for max length keys
- `_find_lpm_map_entry`: initialize search from search key bit length instead of maximum stored key length
  - reduces number of hashes to try during lookup (for short keys) and fixes bug of looking for map key longer than passed search key
  - adds `ebpf_bitmap_start_reverse_search_at` to initialize set bit search to a specific bit index
- `_create_array_map_with_map_struct_size`: argument check for value size/capacity combination that allocates >128GB
- `_next_lpm_map_key_and_value`/`_next_hash_map_key_and_value` - fix SAL annotation for `next_key` (should be `_Inout_`)
- Refactor lpm key handling to use new `ebpf_core_lpm_key_t` struct instead of pointer to prefix length
- Add, fix, and extend LPM map unit tests

## Testing

Extends the `map_crud_operations_lpm_trie_32` test case and adds a second `[negative]` tagged version which tests operations that shouldn't work (including some edge cases that were previously missed).

`map_create_invalid` test case added to try creating various maps with invalid parameters.

Extends and refactors `map_crud_operations_lpm_trie_128`

## Documentation

Comments in new unit testing functions, and more documentation added in LPM and bitmap code.

## Installation

N/A

Related work items: #159137, #159144, #159270, #159273

* Merged PR 31697: Add map type validation in debug mode

This PR adds map type validation in debug mode.

The map type was already checked on creation and is never user-writeable, so these checks are just against code bugs or outside code modifying the type field.

In ebpf_maps.c lookup into `ebpf_map_metadata_tables` is now factored out into calls to `ebpf_map_get_table()`, which validates the map type with a debug assert.

Related work items: #159405

* Merged PR 31809: Update VM extension script to invoke `export_program_info`

This PR contains changes to the VM extension scripts to invoke `export_program_info.exe`. The invocation is kept optional based on whether the file is present or not. This is for 2 reasons:

1. ebpf v0.11 released earlier to IMDS does not contain this exe. So in case of cleanup or rollback, it is possible that the exe is not available.
2. We should ideally change the store implementation to move from registry to file based. Keeping the new code optional allows to change store implementation without requiring the script to mandatorily updated at the same time.

* Merged PR 32086: Update ADO pipeline

This PR updates the clang version to be used in ADO pipeline. Since the clang version has been updated in GitHub, and correspnding tests have also been updated, CICD is now failing in ADO since then.

#### PR Summary
This pull request updates the ADO pipeline to use Visual Studio LLVM tools instead of installing LLVM via Chocolatey.
- `.pipelines/reusable-build.yml`: Replaced Chocolatey installation of LLVM with Visual Studio LLVM tools installation using PowerShell tasks.
- `.pipelines/reusable-build.yml`: Added MSVC LLVM Clang to PATH and logged the CLANG version.
- `.pipelines/reusable-build.yml`: Set `VSINSTALLDIR` environment variable.

* Merged PR 32085: VM extension script fixes

This PR contains 2 changes:
1. Fix the source path for upgrade flow. The script was incorrectly using a hardcoded path.
2. Suppress error messages from `Get-ItemProperty` when querying for registry path. This change is only cosmetic and has no functional impact.

----
#### AI description  (iteration 1)
#### PR Classification
Bug fix for VM extension scripts.

#### PR Summary
This pull request addresses several issues in the VM extension scripts, primarily focusing on error handling and parameter corrections.
- `/.internal/vm-extension/src/scripts/common.ps1`: Added `-ErrorAction SilentlyContinue` to `Get-ItemProperty` to handle missing registry keys gracefully.
- Corrected parameter usage in `Update-eBPF` and `InstallOrUpdate-eBPF` functions to ensure the correct source path is used during installation.
- Removed trailing whitespace in multiple functions for code cleanliness.

* Merged PR 30804: Fix division by zero in batch delete.

Fix division by zero in batch delete:
`input_count = key_length / map_definition->key_size;`

Related work items: #159139

* Merged PR 30814: Fix OneFuzzConfig.json to fuzz feature/security_fix and correctly assign bugs

Fix OneFuzzConfig.json to fuzz feature/security_fix and correctly assign bugs

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

* Merged PR 30825: Reformat IOCTL fuzzing seed to include reply length

Reformat IOCTL fuzzing seed to include reply length and regenerate corpus.

Issue:
The fuzzer was always setting an invalid reply length, even for "good" cases. This results in many paths being blocked because reply length != expected reply length in ebpf_core_invoke_protocol_handler.

By including the correct reply length in the seed, we permit the fuzzer to explore more code spaces.

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

* Merged PR 30890: Run all libfuzzers in OneFuzz on the feature/security_fix branch

Run all libfuzzers in OneFuzz on the feature/security_fix branch

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

* Merged PR 30897: _ebpf_program_load_byte_code should reject zero length eBPF programs

_ebpf_program_load_byte_code should reject zero length eBPF programs

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

* Merged PR 30922: Improve verifier coverage by permitting more program types to run.

Improve verifier coverage by permitting more program types to run.

Due to context create for sample program type, all calls to prog run for a sample program fail with minimal coverage.

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

* Merged PR 30905: Prevent fuzzer from triggering long running bpf_prog_test_run

The execution_context_fuzzer can get hung on executing a BPF program if it fuzzes the iteration count to a huge value, resulting in the test timing out after several minutes. This slows the rate of useful fuzzing.

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

* Fix division by zero in _ebpf_core_protocol_map_update_element_batch

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

* Fix buffer overflow in ebpf_program_get_info

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

* Workaround for verifier bug

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

* Merged PR 30956: Improve code coverage of execution context fuzzer

During creation of the various map types, creation of several map types was failing, preventing fuzzing of those maps.

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

* Merged PR 30819: Check LPM key length

Check LPM key length

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

Related work items: #159141

* Merged PR 30991: Prevent ebpf_program_t from switching between JIT and interpreter

Prevent ebpf_program_t from switching between JIT and interpreter.

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

* Merged PR 30992: Improve execution context fuzzer - add link object and speed up fuzzing

Improve execution context fuzzer - add link object and speed up fuzzing

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

* Merged PR 30993: Make helper fuzzer more generic

1. Remove dependency on ebpf_program_t.
2. Bind directly to program info provider.
3. Move ebpf_core_initiate/terminate to global.

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

* Merged PR 31250: Merge main into feature/security_fix

* Merged PR 31674: Update netebpfext bind context app_id truncation logic for safety

_net_ebpf_ext_resource_truncate_appid made some assumptions about the input data it received. In theory, improper data could be passed into ebpf, which could potentially cause a buffer overrun/crash. Additional checks were added to ensure safety of the truncation logic, even if improper input was passed.

Additional test cases were added to ensure the truncation logic was safe and validating improper input.

Related work items: #159406

* Merged PR 30986: Add LPM map unit tests, fix lookup and input checking bugs

## Description

This improves and adds ebpf map unit testing and fixes some bugs.

Changes:
- `_create_lpm_map`: fixes length calculation for key size bitmap
  - `max_prefix` should be the passed value, bitmap size gets `+1` to account for max length keys
- `_find_lpm_map_entry`: initialize search from search key bit length instead of maximum stored key length
  - reduces number of hashes to try during lookup (for short keys) and fixes bug of looking for map key longer than passed search key
  - adds `ebpf_bitmap_start_reverse_search_at` to initialize set bit search to a specific bit index
- `_create_array_map_with_map_struct_size`: argument check for value size/capacity combination that allocates >128GB
- `_next_lpm_map_key_and_value`/`_next_hash_map_key_and_value` - fix SAL annotation for `next_key` (should be `_Inout_`)
- Refactor lpm key handling to use new `ebpf_core_lpm_key_t` struct instead of pointer to prefix length
- Add, fix, and extend LPM map unit tests

## Testing

Extends the `map_crud_operations_lpm_trie_32` test case and adds a second `[negative]` tagged version which tests operations that shouldn't work (including some edge cases that were previously missed).

`map_create_invalid` test case added to try creating various maps with invalid parameters.

Extends and refactors `map_crud_operations_lpm_trie_128`

## Documentation

Comments in new unit testing functions, and more documentation added in LPM and bitmap code.

## Installation

N/A

Related work items: #159137, #159144, #159270, #159273

* Merged PR 31697: Add map type validation in debug mode

This PR adds map type validation in debug mode.

The map type was already checked on creation and is never user-writeable, so these checks are just against code bugs or outside code modifying the type field.

In ebpf_maps.c lookup into `ebpf_map_metadata_tables` is now factored out into calls to `ebpf_map_get_table()`, which validates the map type with a debug assert.

Related work items: #159405

* add checks for code_type

* fix bad merge

* Override `bpf_get_current_pid_tgid` for sock_ops hook. (#3765)

* initial changes.

* sock_addr.

* fixes.

* Update include/ebpf_nethooks.h

Co-authored-by: Dave Thaler <dthaler1968@gmail.com>

---------

Co-authored-by: Dave Thaler <dthaler1968@gmail.com>

* Add ADO pipelines (#3741)

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
Co-authored-by: Alan Jowett <alan.jowett@microsoft.com>

* Bump external/ubpf from `19cd22c` to `762a98d` (#3783)

Bumps [external/ubpf](https://github.com/iovisor/ubpf) from `19cd22c` to `762a98d`.
- [Commits](19cd22c6fb...762a98dd1a)

---
updated-dependencies:
- dependency-name: external/ubpf
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump external/usersim from `46c6b4a` to `ca8f2de` (#3782)

Bumps [external/usersim](https://github.com/microsoft/usersim) from `46c6b4a` to `ca8f2de`.
- [Commits](46c6b4adf1...ca8f2defc6)

---
updated-dependencies:
- dependency-name: external/usersim
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump external/ebpf-verifier from `dc2d6ea` to `cd9344b` (#3784)

Bumps [external/ebpf-verifier](https://github.com/vbpf/ebpf-verifier) from `dc2d6ea` to `cd9344b`.
- [Release notes](https://github.com/vbpf/ebpf-verifier/releases)
- [Commits](dc2d6ea75a...cd9344bdbb)

---
updated-dependencies:
- dependency-name: external/ebpf-verifier
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump github/codeql-action from 3.26.2 to 3.26.5 in the actions group (#3790)

Bumps the actions group with 1 update: [github/codeql-action](https://github.com/github/codeql-action).


Updates `github/codeql-action` from 3.26.2 to 3.26.5
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](429e197704...2c779ab0d0)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Stamp all tools with version information. (#3792)

* Stamp all tools with version information.

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

* Add commit id to nuget package

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

* Move versioning to Directory.Build.props

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

* Set correct project type in sample.vcxproj

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

* Add version info to fuzz tests

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

* PR feedback

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

* Update tests/socket/resource.h

Co-authored-by: Dave Thaler <dthaler1968@gmail.com>

* Revert editor change

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

---------

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
Co-authored-by: Alan Jowett <alan.jowett@microsoft.com>
Co-authored-by: Dave Thaler <dthaler1968@gmail.com>

* First string functions for ebpf general helpers. (#3780)

* Initial progress on function implementations.

* Moved code.

* Updated kernel project.

* Working on parallel user and kernel mode versions.

* Work in Progress.

* Added tests, added a lot.

* Cleaned up test code some, still doesn't build.

* Re-enabled some tests.

* Got a working set of tests, now to figure out what to do with this in the interim.

* Removing as-yet-unimplemented functions for now.

* Fixed a name.

* Doxygen fixes. Also removed a function header that'll be needed another time.

* Got down to one source file, got a build working in user mode.

* Renamed string_opts to ebpf_strings

* Corrected build issues, removed other extraneous comments.

* Fixed the test selection name, and suppressed an analysis error in a Windows header.

---------

Co-authored-by: Ben Lewis (REDMOND) <Ben.Lewis@microsoft.com>

* Bump external/ubpf from `762a98d` to `f1ecb7a` (#3797)

Bumps [external/ubpf](https://github.com/iovisor/ubpf) from `762a98d` to `f1ecb7a`.
- [Commits](762a98dd1a...f1ecb7a245)

---
updated-dependencies:
- dependency-name: external/ubpf
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump external/usersim from `ca8f2de` to `bded12c` (#3796)

Bumps [external/usersim](https://github.com/microsoft/usersim) from `ca8f2de` to `bded12c`.
- [Commits](ca8f2defc6...bded12ceee)

---
updated-dependencies:
- dependency-name: external/usersim
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Added ntosext extensions in the GettingStarted.md document. (#3785)

* Added ntosext extension in the doc

* Addressed PR comment

* Update docs/GettingStarted.md

Co-authored-by: Dave Thaler <dthaler1968@gmail.com>

---------

Co-authored-by: Dave Thaler <dthaler1968@gmail.com>

* relocate installer license to avoid "multiple licenses" text on GitHub (#3802)

* Inline _ebpf_adjust_value_pointer to reduce cost of ebpf_map_find_entry (#3804)

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
Co-authored-by: Alan Jowett <alan.jowett@microsoft.com>

* Bump external/ebpf-verifier from `cd9344b` to `559482c` (#3807)

Bumps [external/ebpf-verifier](https://github.com/vbpf/ebpf-verifier) from `cd9344b` to `559482c`.
- [Release notes](https://github.com/vbpf/ebpf-verifier/releases)
- [Commits](cd9344bdbb...559482ccaf)

---
updated-dependencies:
- dependency-name: external/ebpf-verifier
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump the actions group with 2 updates (#3806)

Bumps the actions group with 2 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact) and [github/codeql-action](https://github.com/github/codeql-action).


Updates `actions/upload-artifact` from 4.3.6 to 4.4.0
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](834a144ee9...50769540e7)

Updates `github/codeql-action` from 3.26.5 to 3.26.6
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](2c779ab0d0...4dd16135b6)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Switch to crc32 if available for hashing function (#3803)

* Switch to crc32 if available for hashing function

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

* Only do crc32 when keys are directly accessible

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

* Minimize branches and extra ALU ops

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

---------

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
Co-authored-by: Alan Jowett <alan.jowett@microsoft.com>

* Multi-attach support for SOCK_ADDR programs (#3751)

* initial commit

* second commit

* third commit

* update lock logic

* fix analysis errors

* backup

* Add tests

* fix

* fix

* fix

* code refactor

* update test

* Revert "update test"

This reverts commit 6770269907.

* Revert "code refactor"

This reverts commit fae36a7d0e.

* Revert "Revert "code refactor""

This reverts commit 3b8e762d33.

* Revert "Revert "update test""

This reverts commit 11610f06ce.

* fix capability in xdp

* add tests, remove filter weight

* invoke wildcard programs, update tests

* fix wildcard invocation logic

* fix wildcard invocation logic, remove sleep from concurrency tests

* move invocation out of the lock, fix tests

* code cleanup, update test

* code cleanup

* remove trace

* cleanup

* update wildcard invocation logic

* code cleanup

* code cleanup

* code cleanup, CR comments

* cr comments, code cleanup

* Update netebpfext/net_ebpf_ext_hook_provider.h

Co-authored-by: Dave Thaler <dthaler1968@gmail.com>

* cr comments

* add tests

* cr comments

* code cleanup

* tracing changes

* fix sal

* code cleanup

* code cleanup

* Update netebpfext/net_ebpf_ext.h

Co-authored-by: Dave Thaler <dthaler1968@gmail.com>

---------

Co-authored-by: Dave Thaler <dthaler1968@gmail.com>

fix.

* Updated onebranch.vcxproj

* Updated post-build.ps1

* Stack expansion in netebpfext (#3817)

* expand stack

* update usersim submodule

* fix analysis build

* cr comments

* fix analysis failure

* cr comments

* Update netebpfext/net_ebpf_ext_hook_provider.h

Co-authored-by: Dave Thaler <dthaler1968@gmail.com>

---------

Co-authored-by: Dave Thaler <dthaler1968@gmail.com>

* Bump external/usersim from `bded12c` to `a1ba035` (#3818)

Bumps [external/usersim](https://github.com/microsoft/usersim) from `bded12c` to `a1ba035`.
- [Commits](bded12ceee...a1ba0355fb)

---
updated-dependencies:
- dependency-name: external/usersim
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* change expanded stack size to 16KB.

* Merged PR 11480212: Update store APIs to also update HKLM (#3660) (#3853)

Update store APIs to also update HKLM (#3660) (#3853)

Cherry-picked from commit `462b8e3c`.

----
#### AI description  (iteration 1)
#### PR Classification
API change to update store APIs to also update HKLM.

#### PR Summary
This pull request updates the store APIs to handle both HKCU and HKLM registry keys, ensuring that operations are attempted on both keys and errors are suppressed if access to HKLM is denied.
- `ebpf_store_helper.c`: Added functions to update and delete program and section information for both HKCU and HKLM.
- `store_helper_internal.cpp`: Modified functions to handle both HKCU and HKLM registry keys.
- `Product.wxs`: Updated installer scripts to clear and set up eBPF store for both HKCU and HKLM.
- `ebpf_store_helper.h` and `ebpf_registry_helper.cpp`: Introduced separate variables for HKCU and HKLM root keys.

* Merged PR 11486801: Update version to 0.19.1

update version to 0.19.1

* remove .internal

* Miscellaneous fixes.

* PR Feedback.

---------

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Gianni Trevisiol <gtrevi@users.noreply.github.com>
Co-authored-by: Anurag Saxena <anusa@microsoft.com>
Co-authored-by: Microsoft.VisualStudio.Services.TFS <Microsoft.VisualStudio.Services.TFS@microsoft.com>
Co-authored-by: Gianni Trevisiol <gtrevi@microsoft.com>
Co-authored-by: Alan Jowett <alanjo@microsoft.com>
Co-authored-by: Alan Jowett <Alan Jowett@microsoft.com>
Co-authored-by: Igor Klemenski <igklemen@microsoft.com>
Co-authored-by: Shankar Seal <Shankar Seal@microsoft.com>
Co-authored-by: Alan Jowett <alan.jowett@microsoft.com>
Co-authored-by: Matt Ige <maige@microsoft.com>
Co-authored-by: Michael Agun <danielagun@microsoft.com>
Co-authored-by: Dave Thaler <dthaler1968@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Ben Lewis <1884340+ben-zen@users.noreply.github.com>
Co-authored-by: Ben Lewis (REDMOND) <Ben.Lewis@microsoft.com>
Co-authored-by: Sharmi <shpalan@microsoft.com>
Co-authored-by: Michael Friesen <3517159+mtfriesen@users.noreply.github.com>
Co-authored-by: Anurag Saxena <43585259+saxena-anurag@users.noreply.github.com>
2024-11-19 18:28:39 +00:00
..
kernel Build using WDK Nuget for more consistent builds (#4024) 2024-11-19 16:02:06 +00:00
unit Fuzzing bug fixes (#3989) 2024-11-19 18:28:39 +00:00
user Fuzzing bug fixes (#3989) 2024-11-19 18:28:39 +00:00
ebpf_core.c Fuzzing bug fixes (#3989) 2024-11-19 18:28:39 +00:00
ebpf_core.h Fuzzing bug fixes (#3989) 2024-11-19 18:28:39 +00:00
ebpf_general_helpers.c First string functions for ebpf general helpers. (#3780) 2024-08-27 20:55:55 +00:00
ebpf_link.c _ebpf_link_instance_invoke_with_context_header should call correct batch_end api (#3709) 2024-07-17 18:58:54 +00:00
ebpf_link.h Update copyright to be eBPF for Windows contributors (#3508) 2024-05-04 19:55:56 +00:00
ebpf_maps.c Fuzzing bug fixes (#3989) 2024-11-19 18:28:39 +00:00
ebpf_maps.h Add hint to LTCG that code should be inlined (#3658) 2024-06-21 17:40:58 +00:00
ebpf_native.c Implement `implicit_context` for helper functions. (#3656) 2024-07-19 17:12:08 +00:00
ebpf_native.h Update copyright to be eBPF for Windows contributors (#3508) 2024-05-04 19:55:56 +00:00
ebpf_program.c Fuzzing bug fixes (#3989) 2024-11-19 18:28:39 +00:00
ebpf_program.h Fuzzing bug fixes (#3989) 2024-11-19 18:28:39 +00:00
ebpf_protocol.h Fuzzing bug fixes (#3989) 2024-11-19 18:28:39 +00:00
ebpf_strings.c First string functions for ebpf general helpers. (#3780) 2024-08-27 20:55:55 +00:00
ebpf_strings.h First string functions for ebpf general helpers. (#3780) 2024-08-27 20:55:55 +00:00