yanguangshaonian
/
aya
mirror of https://github.com/aya-rs/aya
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

aya: make ProgramInfo a proper enum

Browse Source 
This allows us to distinguish between LSM and LSM_CGROUP programs and do
the proper capability check in is_program_supported.
reviewable/pr1251/r59
Tamir Duberstein 5 days ago
parent 3d0b53111f
commit 2e5f5efbf1
No known key found for this signature in database
9 changed files with 183 additions and 136 deletions
Show Stats Download Patch File Download Diff File

162
aya/src/programs/info.rs
Unescape Escape View File

@ -40,10 +40,8 @@ impl ProgramInfo {
/// The type of program.
///
/// Introduced in kernel v4.13.
pub fn program_type(&self) -> Result<ProgramType, ProgramError> {
bpf_prog_type::try_from(self.0.type_)
.unwrap_or(bpf_prog_type::__MAX_BPF_PROG_TYPE)
.try_into()
pub fn program_type(&self) -> bpf_prog_type {
bpf_prog_type::try_from(self.0.type_).unwrap_or(bpf_prog_type::__MAX_BPF_PROG_TYPE)
}
/// The unique ID for this program.
@ -295,236 +293,242 @@ pub fn loaded_programs() -> impl Iterator<Item = Result<ProgramInfo, ProgramErro
.map(|result| result.map(ProgramInfo).map_err(Into::into))
}
/// The type of LSM program.
#[derive(Clone, Copy, Debug, PartialEq)]
pub enum LsmAttachType {
/// A MAC (Mandatory Access Control) LSM program.
Mac,
/// A cGroup LSM program.
Cgroup,
}
/// The type of eBPF program.
#[non_exhaustive]
#[doc(alias = "bpf_prog_type")]
#[derive(Copy, Clone, Debug, PartialEq)]
#[derive(Clone, Copy, Debug, PartialEq)]
pub enum ProgramType {
/// An unspecified program type.
Unspecified = bpf_prog_type::BPF_PROG_TYPE_UNSPEC as isize,
#[doc(alias = "BPF_PROG_TYPE_UNSPEC")]
Unspecified,
/// A Socket Filter program type. See [`SocketFilter`](super::socket_filter::SocketFilter)
/// for the program implementation.
///
/// Introduced in kernel v3.19.
#[doc(alias = "BPF_PROG_TYPE_SOCKET_FILTER")]
SocketFilter = bpf_prog_type::BPF_PROG_TYPE_SOCKET_FILTER as isize,
SocketFilter,
/// A Kernel Probe program type. See [`KProbe`](super::kprobe::KProbe) and
/// [`UProbe`](super::uprobe::UProbe) for the program implementations.
///
/// Introduced in kernel v4.1.
#[doc(alias = "BPF_PROG_TYPE_KPROBE")]
KProbe = bpf_prog_type::BPF_PROG_TYPE_KPROBE as isize,
KProbe,
/// A Traffic Control (TC) Classifier program type. See
/// [`SchedClassifier`](super::tc::SchedClassifier) for the program implementation.
///
/// Introduced in kernel v4.1.
#[doc(alias = "BPF_PROG_TYPE_SCHED_CLS")]
SchedClassifier = bpf_prog_type::BPF_PROG_TYPE_SCHED_CLS as isize,
SchedClassifier,
/// A Traffic Control (TC) Action program type.
///
/// Introduced in kernel v4.1.
#[doc(alias = "BPF_PROG_TYPE_SCHED_ACT")]
SchedAction = bpf_prog_type::BPF_PROG_TYPE_SCHED_ACT as isize,
SchedAction,
/// A Tracepoint program type. See [`TracePoint`](super::trace_point::TracePoint) for the
/// program implementation.
///
/// Introduced in kernel v4.7.
#[doc(alias = "BPF_PROG_TYPE_TRACEPOINT")]
TracePoint = bpf_prog_type::BPF_PROG_TYPE_TRACEPOINT as isize,
TracePoint,
/// An Express Data Path (XDP) program type. See [`Xdp`](super::xdp::Xdp) for the program
/// implementation.
///
/// Introduced in kernel v4.8.
#[doc(alias = "BPF_PROG_TYPE_XDP")]
Xdp = bpf_prog_type::BPF_PROG_TYPE_XDP as isize,
Xdp,
/// A Perf Event program type. See [`PerfEvent`](super::perf_event::PerfEvent) for the program
/// implementation.
///
/// Introduced in kernel v4.9.
#[doc(alias = "BPF_PROG_TYPE_PERF_EVENT")]
PerfEvent = bpf_prog_type::BPF_PROG_TYPE_PERF_EVENT as isize,
PerfEvent,
/// A cGroup Socket Buffer program type. See [`CgroupSkb`](super::cgroup_skb::CgroupSkb) for
/// the program implementation.
///
/// Introduced in kernel v4.10.
#[doc(alias = "BPF_PROG_TYPE_CGROUP_SKB")]
CgroupSkb = bpf_prog_type::BPF_PROG_TYPE_CGROUP_SKB as isize,
CgroupSkb,
/// A cGroup Socket program type. See [`CgroupSock`](super::cgroup_sock::CgroupSock) for the
/// program implementation.
///
/// Introduced in kernel v4.10.
#[doc(alias = "BPF_PROG_TYPE_CGROUP_SOCK")]
CgroupSock = bpf_prog_type::BPF_PROG_TYPE_CGROUP_SOCK as isize,
CgroupSock,
/// A Lightweight Tunnel (LWT) Input program type.
///
/// Introduced in kernel v4.10.
#[doc(alias = "BPF_PROG_TYPE_LWT_IN")]
LwtInput = bpf_prog_type::BPF_PROG_TYPE_LWT_IN as isize,
LwtInput,
/// A Lightweight Tunnel (LWT) Output program type.
///
/// Introduced in kernel v4.10.
#[doc(alias = "BPF_PROG_TYPE_LWT_OUT")]
LwtOutput = bpf_prog_type::BPF_PROG_TYPE_LWT_OUT as isize,
LwtOutput,
/// A Lightweight Tunnel (LWT) Transmit program type.
///
/// Introduced in kernel v4.10.
#[doc(alias = "BPF_PROG_TYPE_LWT_XMIT")]
LwtXmit = bpf_prog_type::BPF_PROG_TYPE_LWT_XMIT as isize,
LwtXmit,
/// A Socket Operation program type. See [`SockOps`](super::sock_ops::SockOps) for the program
/// implementation.
///
/// Introduced in kernel v4.13.
#[doc(alias = "BPF_PROG_TYPE_SOCK_OPS")]
SockOps = bpf_prog_type::BPF_PROG_TYPE_SOCK_OPS as isize,
SockOps,
/// A Socket-to-Socket Buffer program type. See [`SkSkb`](super::sk_skb::SkSkb) for the program
/// implementation.
///
/// Introduced in kernel v4.14.
#[doc(alias = "BPF_PROG_TYPE_SK_SKB")]
SkSkb = bpf_prog_type::BPF_PROG_TYPE_SK_SKB as isize,
SkSkb,
/// A cGroup Device program type. See [`CgroupDevice`](super::cgroup_device::CgroupDevice)
/// for the program implementation.
///
/// Introduced in kernel v4.15.
#[doc(alias = "BPF_PROG_TYPE_CGROUP_DEVICE")]
CgroupDevice = bpf_prog_type::BPF_PROG_TYPE_CGROUP_DEVICE as isize,
CgroupDevice,
/// A Socket Message program type. See [`SkMsg`](super::sk_msg::SkMsg) for the program
/// implementation.
///
/// Introduced in kernel v4.17.
#[doc(alias = "BPF_PROG_TYPE_SK_MSG")]
SkMsg = bpf_prog_type::BPF_PROG_TYPE_SK_MSG as isize,
SkMsg,
/// A Raw Tracepoint program type. See [`RawTracePoint`](super::raw_trace_point::RawTracePoint)
/// for the program implementation.
///
/// Introduced in kernel v4.17.
#[doc(alias = "BPF_PROG_TYPE_RAW_TRACEPOINT")]
RawTracePoint = bpf_prog_type::BPF_PROG_TYPE_RAW_TRACEPOINT as isize,
RawTracePoint,
/// A cGroup Socket Address program type. See
/// [`CgroupSockAddr`](super::cgroup_sock_addr::CgroupSockAddr) for the program implementation.
///
/// Introduced in kernel v4.17.
#[doc(alias = "BPF_PROG_TYPE_CGROUP_SOCK_ADDR")]
CgroupSockAddr = bpf_prog_type::BPF_PROG_TYPE_CGROUP_SOCK_ADDR as isize,
CgroupSockAddr,
/// A Lightweight Tunnel (LWT) Seg6local program type.
///
/// Introduced in kernel v4.18.
#[doc(alias = "BPF_PROG_TYPE_LWT_SEG6LOCAL")]
LwtSeg6local = bpf_prog_type::BPF_PROG_TYPE_LWT_SEG6LOCAL as isize,
LwtSeg6local,
/// A Linux Infrared Remote Control (LIRC) Mode2 program type. See
/// [`LircMode2`](super::lirc_mode2::LircMode2) for the program implementation.
///
/// Introduced in kernel v4.18.
#[doc(alias = "BPF_PROG_TYPE_LIRC_MODE2")]
LircMode2 = bpf_prog_type::BPF_PROG_TYPE_LIRC_MODE2 as isize,
LircMode2,
/// A Socket Reuseport program type.
///
/// Introduced in kernel v4.19.
#[doc(alias = "BPF_PROG_TYPE_SK_REUSEPORT")]
SkReuseport = bpf_prog_type::BPF_PROG_TYPE_SK_REUSEPORT as isize,
SkReuseport,
/// A Flow Dissector program type.
///
/// Introduced in kernel v4.20.
#[doc(alias = "BPF_PROG_TYPE_FLOW_DISSECTOR")]
FlowDissector = bpf_prog_type::BPF_PROG_TYPE_FLOW_DISSECTOR as isize,
FlowDissector,
/// A cGroup Sysctl program type. See [`CgroupSysctl`](super::cgroup_sysctl::CgroupSysctl) for
/// the program implementation.
///
/// Introduced in kernel v5.2.
#[doc(alias = "BPF_PROG_TYPE_CGROUP_SYSCTL")]
CgroupSysctl = bpf_prog_type::BPF_PROG_TYPE_CGROUP_SYSCTL as isize,
CgroupSysctl,
/// A Writable Raw Tracepoint program type.
///
/// Introduced in kernel v5.2.
#[doc(alias = "BPF_PROG_TYPE_RAW_TRACEPOINT_WRITABLE")]
RawTracePointWritable = bpf_prog_type::BPF_PROG_TYPE_RAW_TRACEPOINT_WRITABLE as isize,
RawTracePointWritable,
/// A cGroup Socket Option program type. See [`CgroupSockopt`](super::cgroup_sockopt::CgroupSockopt)
/// for the program implementation.
///
/// Introduced in kernel v5.3.
#[doc(alias = "BPF_PROG_TYPE_CGROUP_SOCKOPT")]
CgroupSockopt = bpf_prog_type::BPF_PROG_TYPE_CGROUP_SOCKOPT as isize,
CgroupSockopt,
/// A Tracing program type. See [`FEntry`](super::fentry::FEntry), [`FExit`](super::fexit::FExit),
/// and [`BtfTracePoint`](super::tp_btf::BtfTracePoint) for the program implementations.
///
/// Introduced in kernel v5.5.
#[doc(alias = "BPF_PROG_TYPE_TRACING")]
Tracing = bpf_prog_type::BPF_PROG_TYPE_TRACING as isize,
Tracing,
/// A Struct Ops program type.
///
/// Introduced in kernel v5.6.
#[doc(alias = "BPF_PROG_TYPE_STRUCT_OPS")]
StructOps = bpf_prog_type::BPF_PROG_TYPE_STRUCT_OPS as isize,
StructOps,
/// A Extension program type. See [`Extension`](super::extension::Extension) for the program
/// implementation.
///
/// Introduced in kernel v5.6.
#[doc(alias = "BPF_PROG_TYPE_EXT")]
Extension = bpf_prog_type::BPF_PROG_TYPE_EXT as isize,
Extension,
/// A Linux Security Module (LSM) program type. See [`Lsm`](super::lsm::Lsm) for the program
/// implementation.
///
/// Introduced in kernel v5.7.
#[doc(alias = "BPF_PROG_TYPE_LSM")]
Lsm = bpf_prog_type::BPF_PROG_TYPE_LSM as isize,
Lsm(LsmAttachType),
/// A Socket Lookup program type. See [`SkLookup`](super::sk_lookup::SkLookup) for the program
/// implementation.
///
/// Introduced in kernel v5.9.
#[doc(alias = "BPF_PROG_TYPE_SK_LOOKUP")]
SkLookup = bpf_prog_type::BPF_PROG_TYPE_SK_LOOKUP as isize,
SkLookup,
/// A Syscall program type.
///
/// Introduced in kernel v5.14.
#[doc(alias = "BPF_PROG_TYPE_SYSCALL")]
Syscall = bpf_prog_type::BPF_PROG_TYPE_SYSCALL as isize,
Syscall,
/// A Netfilter program type.
///
/// Introduced in kernel v6.4.
#[doc(alias = "BPF_PROG_TYPE_NETFILTER")]
Netfilter = bpf_prog_type::BPF_PROG_TYPE_NETFILTER as isize,
Netfilter,
}
impl TryFrom<bpf_prog_type> for ProgramType {
type Error = ProgramError;
fn try_from(prog_type: bpf_prog_type) -> Result<Self, Self::Error> {
use bpf_prog_type::*;
Ok(match prog_type {
BPF_PROG_TYPE_UNSPEC => Self::Unspecified,
BPF_PROG_TYPE_SOCKET_FILTER => Self::SocketFilter,
BPF_PROG_TYPE_KPROBE => Self::KProbe,
BPF_PROG_TYPE_SCHED_CLS => Self::SchedClassifier,
BPF_PROG_TYPE_SCHED_ACT => Self::SchedAction,
BPF_PROG_TYPE_TRACEPOINT => Self::TracePoint,
BPF_PROG_TYPE_XDP => Self::Xdp,
BPF_PROG_TYPE_PERF_EVENT => Self::PerfEvent,
BPF_PROG_TYPE_CGROUP_SKB => Self::CgroupSkb,
BPF_PROG_TYPE_CGROUP_SOCK => Self::CgroupSock,
BPF_PROG_TYPE_LWT_IN => Self::LwtInput,
BPF_PROG_TYPE_LWT_OUT => Self::LwtOutput,
BPF_PROG_TYPE_LWT_XMIT => Self::LwtXmit,
BPF_PROG_TYPE_SOCK_OPS => Self::SockOps,
BPF_PROG_TYPE_SK_SKB => Self::SkSkb,
BPF_PROG_TYPE_CGROUP_DEVICE => Self::CgroupDevice,
BPF_PROG_TYPE_SK_MSG => Self::SkMsg,
BPF_PROG_TYPE_RAW_TRACEPOINT => Self::RawTracePoint,
BPF_PROG_TYPE_CGROUP_SOCK_ADDR => Self::CgroupSockAddr,
BPF_PROG_TYPE_LWT_SEG6LOCAL => Self::LwtSeg6local,
BPF_PROG_TYPE_LIRC_MODE2 => Self::LircMode2,
BPF_PROG_TYPE_SK_REUSEPORT => Self::SkReuseport,
BPF_PROG_TYPE_FLOW_DISSECTOR => Self::FlowDissector,
BPF_PROG_TYPE_CGROUP_SYSCTL => Self::CgroupSysctl,
BPF_PROG_TYPE_RAW_TRACEPOINT_WRITABLE => Self::RawTracePointWritable,
BPF_PROG_TYPE_CGROUP_SOCKOPT => Self::CgroupSockopt,
BPF_PROG_TYPE_TRACING => Self::Tracing,
BPF_PROG_TYPE_STRUCT_OPS => Self::StructOps,
BPF_PROG_TYPE_EXT => Self::Extension,
BPF_PROG_TYPE_LSM => Self::Lsm,
BPF_PROG_TYPE_SK_LOOKUP => Self::SkLookup,
BPF_PROG_TYPE_SYSCALL => Self::Syscall,
BPF_PROG_TYPE_NETFILTER => Self::Netfilter,
__MAX_BPF_PROG_TYPE => return Err(ProgramError::UnexpectedProgramType),
})
impl From<ProgramType> for bpf_prog_type {
fn from(value: ProgramType) -> Self {
match value {
ProgramType::Unspecified => Self::BPF_PROG_TYPE_UNSPEC,
ProgramType::SocketFilter => Self::BPF_PROG_TYPE_SOCKET_FILTER,
ProgramType::KProbe => Self::BPF_PROG_TYPE_KPROBE,
ProgramType::SchedClassifier => Self::BPF_PROG_TYPE_SCHED_CLS,
ProgramType::SchedAction => Self::BPF_PROG_TYPE_SCHED_ACT,
ProgramType::TracePoint => Self::BPF_PROG_TYPE_TRACEPOINT,
ProgramType::Xdp => Self::BPF_PROG_TYPE_XDP,
ProgramType::PerfEvent => Self::BPF_PROG_TYPE_PERF_EVENT,
ProgramType::CgroupSkb => Self::BPF_PROG_TYPE_CGROUP_SKB,
ProgramType::CgroupSock => Self::BPF_PROG_TYPE_CGROUP_SOCK,
ProgramType::LwtInput => Self::BPF_PROG_TYPE_LWT_IN,
ProgramType::LwtOutput => Self::BPF_PROG_TYPE_LWT_OUT,
ProgramType::LwtXmit => Self::BPF_PROG_TYPE_LWT_XMIT,
ProgramType::SockOps => Self::BPF_PROG_TYPE_SOCK_OPS,
ProgramType::SkSkb => Self::BPF_PROG_TYPE_SK_SKB,
ProgramType::CgroupDevice => Self::BPF_PROG_TYPE_CGROUP_DEVICE,
ProgramType::SkMsg => Self::BPF_PROG_TYPE_SK_MSG,
ProgramType::RawTracePoint => Self::BPF_PROG_TYPE_RAW_TRACEPOINT,
ProgramType::CgroupSockAddr => Self::BPF_PROG_TYPE_CGROUP_SOCK_ADDR,
ProgramType::LwtSeg6local => Self::BPF_PROG_TYPE_LWT_SEG6LOCAL,
ProgramType::LircMode2 => Self::BPF_PROG_TYPE_LIRC_MODE2,
ProgramType::SkReuseport => Self::BPF_PROG_TYPE_SK_REUSEPORT,
ProgramType::FlowDissector => Self::BPF_PROG_TYPE_FLOW_DISSECTOR,
ProgramType::CgroupSysctl => Self::BPF_PROG_TYPE_CGROUP_SYSCTL,
ProgramType::RawTracePointWritable => Self::BPF_PROG_TYPE_RAW_TRACEPOINT_WRITABLE,
ProgramType::CgroupSockopt => Self::BPF_PROG_TYPE_CGROUP_SOCKOPT,
ProgramType::Tracing => Self::BPF_PROG_TYPE_TRACING,
ProgramType::StructOps => Self::BPF_PROG_TYPE_STRUCT_OPS,
ProgramType::Extension => Self::BPF_PROG_TYPE_EXT,
ProgramType::Lsm(_) => Self::BPF_PROG_TYPE_LSM,
ProgramType::SkLookup => Self::BPF_PROG_TYPE_SK_LOOKUP,
ProgramType::Syscall => Self::BPF_PROG_TYPE_SYSCALL,
ProgramType::Netfilter => Self::BPF_PROG_TYPE_NETFILTER,
}
}
}

6
aya/src/programs/lsm.rs
Unescape Escape View File

@ -6,8 +6,8 @@ use aya_obj::{
};
use crate::programs::{
FdLink, FdLinkId, ProgramData, ProgramError, ProgramType, define_link_wrapper, load_program,
utils::attach_raw_tracepoint,
FdLink, FdLinkId, LsmAttachType, ProgramData, ProgramError, ProgramType, define_link_wrapper,
load_program, utils::attach_raw_tracepoint,
};
/// A program that attaches to Linux LSM hooks. Used to implement security policy and
@ -55,7 +55,7 @@ pub struct Lsm {
impl Lsm {
/// The type of the program according to the kernel.
pub const PROGRAM_TYPE: ProgramType = ProgramType::Lsm;
pub const PROGRAM_TYPE: ProgramType = ProgramType::Lsm(LsmAttachType::Mac);
/// Loads the program inside the kernel.
///

8
aya/src/programs/mod.rs
Unescape Escape View File

@ -88,7 +88,7 @@ use aya_obj::{
programs::XdpAttachType,
};
use info::impl_info;
pub use info::{ProgramInfo, ProgramType, loaded_programs};
pub use info::{LsmAttachType, ProgramInfo, ProgramType, loaded_programs};
use libc::ENOSPC;
use tc::SchedClassifierLink;
use thiserror::Error;
@ -349,8 +349,8 @@ impl Program {
Self::LircMode2(_) => ProgramType::LircMode2,
Self::PerfEvent(_) => ProgramType::PerfEvent,
Self::RawTracePoint(_) => ProgramType::RawTracePoint,
Self::Lsm(_) => ProgramType::Lsm,
Self::LsmCgroup(_) => ProgramType::Lsm,
Self::Lsm(_) => ProgramType::Lsm(LsmAttachType::Mac),
Self::LsmCgroup(_) => ProgramType::Lsm(LsmAttachType::Cgroup),
// The following program types are a subset of `TRACING` programs:
//
// - `BPF_TRACE_RAW_TP` (`BtfTracePoint`)
@ -1042,7 +1042,7 @@ macro_rules! impl_from_prog_info {
name: Cow<'static, str>,
$($var: $var_ty,)?
) -> Result<Self, ProgramError> {
if info.program_type()? != Self::PROGRAM_TYPE {
if info.program_type() != Self::PROGRAM_TYPE.into() {
return Err(ProgramError::UnexpectedProgramType {});
}
let ProgramInfo(bpf_progam_info) = info;

8
aya/src/sys/bpf.rs
Unescape Escape View File

@ -32,7 +32,7 @@ use log::warn;
use crate::{
Btf, Pod, VerifierLogLevel,
maps::{MapData, PerCpuValues},
programs::{ProgramType, links::LinkRef},
programs::{LsmAttachType, ProgramType, links::LinkRef},
sys::{Syscall, SyscallError, syscall},
util::KernelVersion,
};
@ -820,7 +820,10 @@ where
ProgramType::CgroupSysctl => Some(bpf_attach_type::BPF_CGROUP_SYSCTL),
ProgramType::CgroupSockopt => Some(bpf_attach_type::BPF_CGROUP_GETSOCKOPT),
ProgramType::Tracing => Some(bpf_attach_type::BPF_TRACE_FENTRY),
ProgramType::Lsm => Some(bpf_attach_type::BPF_LSM_MAC),
ProgramType::Lsm(lsm_attach_type) => match lsm_attach_type {
LsmAttachType::Mac => Some(bpf_attach_type::BPF_LSM_MAC),
LsmAttachType::Cgroup => Some(bpf_attach_type::BPF_LSM_CGROUP),
},
ProgramType::SkLookup => Some(bpf_attach_type::BPF_SK_LOOKUP),
ProgramType::Netfilter => Some(bpf_attach_type::BPF_NETFILTER),
// Program types below v4.17, or do not accept `expected_attach_type`, should leave the
@ -863,6 +866,7 @@ where
_ => {}
}
let program_type: bpf_prog_type = program_type.into();
u.prog_type = program_type as u32;
if let Some(expected_attach_type) = expected_attach_type {
u.expected_attach_type = expected_attach_type as u32;

6
aya/src/sys/feature_probe.rs
Unescape Escape View File

@ -64,7 +64,7 @@ pub fn is_program_supported(program_type: ProgramType) -> Result<bool, ProgramEr
// [0] https://elixir.bootlin.com/linux/v5.5/source/kernel/bpf/verifier.c#L9535
let mut verifier_log = matches!(
program_type,
ProgramType::Tracing | ProgramType::Extension | ProgramType::Lsm
ProgramType::Tracing | ProgramType::Extension | ProgramType::Lsm(_)
)
.then_some([0_u8; 256]);
@ -83,7 +83,7 @@ pub fn is_program_supported(program_type: ProgramType) -> Result<bool, ProgramEr
// `bpf_lsm_bpf` symbol from:
// - https://elixir.bootlin.com/linux/v5.7/source/include/linux/lsm_hook_defs.h#L364
// - or https://elixir.bootlin.com/linux/v5.11/source/kernel/bpf/bpf_lsm.c#L135 on later versions
ProgramType::Lsm => Some("bpf_lsm_bpf"),
ProgramType::Lsm(_) => Some("bpf_lsm_bpf"),
_ => None,
}
.map(|func_name| {
@ -159,7 +159,7 @@ pub fn is_program_supported(program_type: ProgramType) -> Result<bool, ProgramEr
// explicitly.
//
// h/t to https://www.exein.io/blog/exploring-bpf-lsm-support-on-aarch64-with-ftrace.
if program_type != ProgramType::Lsm {
if !matches!(program_type, ProgramType::Lsm(_)) {
Ok(true)
} else {
match bpf_raw_tracepoint_open(None, prog_fd.as_fd()) {

6
test/integration-test/src/tests/feature_probe.rs
Unescape Escape View File

@ -3,7 +3,7 @@
use aya::{
Btf,
maps::MapType,
programs::ProgramType,
programs::{LsmAttachType, ProgramType},
sys::{is_map_supported, is_program_supported},
util::KernelVersion,
};
@ -127,7 +127,7 @@ fn probe_supported_programs() {
})
.is_ok();
assert_eq!(
is_supported!(ProgramType::Lsm),
is_supported!(ProgramType::Lsm(LsmAttachType::Mac)),
lsm_enabled,
"current={current}"
);
@ -136,7 +136,7 @@ fn probe_supported_programs() {
}
} else {
assert!(
!is_supported!(ProgramType::Lsm),
!is_supported!(ProgramType::Lsm(LsmAttachType::Mac)),
"{current} < {kern_version}"
);
}

5
test/integration-test/src/tests/info.rs
Unescape Escape View File

@ -15,6 +15,7 @@ use aya::{
sys::{is_map_supported, is_program_supported},
util::KernelVersion,
};
use aya_obj::generated::bpf_prog_type;
use libc::EINVAL;
use crate::utils::{kernel_assert, kernel_assert_eq};
@ -89,8 +90,8 @@ fn test_program_info() {
// Test `bpf_prog_info` fields.
kernel_assert_eq!(
ProgramType::SocketFilter,
test_prog.program_type().unwrap_or(ProgramType::Unspecified),
bpf_prog_type::BPF_PROG_TYPE_SOCKET_FILTER,
test_prog.program_type(),
KernelVersion::new(4, 13, 0),
);
kernel_assert!(test_prog.id() > 0, KernelVersion::new(4, 13, 0));

6
test/integration-test/src/tests/lsm.rs
Unescape Escape View File

@ -1,7 +1,7 @@
use assert_matches::assert_matches;
use aya::{
Btf, Ebpf,
programs::{Lsm, LsmCgroup, ProgramError, ProgramType},
programs::{Lsm, LsmAttachType, LsmCgroup, ProgramError, ProgramType},
sys::{SyscallError, is_program_supported},
};
@ -33,7 +33,7 @@ fn lsm() {
let link_id = {
let result = prog.attach();
if !is_program_supported(ProgramType::Lsm).unwrap() {
if !is_program_supported(ProgramType::Lsm(LsmAttachType::Mac)).unwrap() {
assert_matches!(result, Err(ProgramError::SyscallError(SyscallError { call, io_error })) => {
assert_eq!(call, "bpf_raw_tracepoint_open");
assert_eq!(io_error.raw_os_error(), Some(524));
@ -68,7 +68,7 @@ fn lsm_cgroup() {
let link_id = {
let result = prog.attach(cgroup.fd());
if !is_program_supported(ProgramType::Lsm).unwrap() {
if !is_program_supported(ProgramType::Lsm(LsmAttachType::Cgroup)).unwrap() {
assert_matches!(result, Err(ProgramError::SyscallError(SyscallError { call, io_error })) => {
assert_eq!(call, "bpf_link_create");
assert_eq!(io_error.raw_os_error(), Some(524));

112
xtask/public-api/aya.txt
Unescape Escape View File

@ -7904,6 +7904,45 @@ impl<T> core::borrow::BorrowMut<T> for aya::programs::kprobe::KProbeError where
pub fn aya::programs::kprobe::KProbeError::borrow_mut(&mut self) -> &mut T
impl<T> core::convert::From<T> for aya::programs::kprobe::KProbeError
pub fn aya::programs::kprobe::KProbeError::from(t: T) -> T
pub enum aya::programs::LsmAttachType
pub aya::programs::LsmAttachType::Cgroup
pub aya::programs::LsmAttachType::Mac
impl core::clone::Clone for aya::programs::LsmAttachType
pub fn aya::programs::LsmAttachType::clone(&self) -> aya::programs::LsmAttachType
impl core::cmp::PartialEq for aya::programs::LsmAttachType
pub fn aya::programs::LsmAttachType::eq(&self, other: &aya::programs::LsmAttachType) -> bool
impl core::fmt::Debug for aya::programs::LsmAttachType
pub fn aya::programs::LsmAttachType::fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result
impl core::marker::Copy for aya::programs::LsmAttachType
impl core::marker::StructuralPartialEq for aya::programs::LsmAttachType
impl core::marker::Freeze for aya::programs::LsmAttachType
impl core::marker::Send for aya::programs::LsmAttachType
impl core::marker::Sync for aya::programs::LsmAttachType
impl core::marker::Unpin for aya::programs::LsmAttachType
impl core::panic::unwind_safe::RefUnwindSafe for aya::programs::LsmAttachType
impl core::panic::unwind_safe::UnwindSafe for aya::programs::LsmAttachType
impl<T, U> core::convert::Into<U> for aya::programs::LsmAttachType where U: core::convert::From<T>
pub fn aya::programs::LsmAttachType::into(self) -> U
impl<T, U> core::convert::TryFrom<U> for aya::programs::LsmAttachType where U: core::convert::Into<T>
pub type aya::programs::LsmAttachType::Error = core::convert::Infallible
pub fn aya::programs::LsmAttachType::try_from(value: U) -> core::result::Result<T, <T as core::convert::TryFrom<U>>::Error>
impl<T, U> core::convert::TryInto<U> for aya::programs::LsmAttachType where U: core::convert::TryFrom<T>
pub type aya::programs::LsmAttachType::Error = <U as core::convert::TryFrom<T>>::Error
pub fn aya::programs::LsmAttachType::try_into(self) -> core::result::Result<U, <U as core::convert::TryFrom<T>>::Error>
impl<T> alloc::borrow::ToOwned for aya::programs::LsmAttachType where T: core::clone::Clone
pub type aya::programs::LsmAttachType::Owned = T
pub fn aya::programs::LsmAttachType::clone_into(&self, target: &mut T)
pub fn aya::programs::LsmAttachType::to_owned(&self) -> T
impl<T> core::any::Any for aya::programs::LsmAttachType where T: 'static + ?core::marker::Sized
pub fn aya::programs::LsmAttachType::type_id(&self) -> core::any::TypeId
impl<T> core::borrow::Borrow<T> for aya::programs::LsmAttachType where T: ?core::marker::Sized
pub fn aya::programs::LsmAttachType::borrow(&self) -> &T
impl<T> core::borrow::BorrowMut<T> for aya::programs::LsmAttachType where T: ?core::marker::Sized
pub fn aya::programs::LsmAttachType::borrow_mut(&mut self) -> &mut T
impl<T> core::clone::CloneToUninit for aya::programs::LsmAttachType where T: core::clone::Clone
pub unsafe fn aya::programs::LsmAttachType::clone_to_uninit(&self, dest: *mut u8)
impl<T> core::convert::From<T> for aya::programs::LsmAttachType
pub fn aya::programs::LsmAttachType::from(t: T) -> T
pub enum aya::programs::PerfEventScope
pub aya::programs::PerfEventScope::AllProcessesOneCpu
pub aya::programs::PerfEventScope::AllProcessesOneCpu::cpu: u32
@ -8286,46 +8325,45 @@ pub fn aya::programs::ProgramError::borrow_mut(&mut self) -> &mut T
impl<T> core::convert::From<T> for aya::programs::ProgramError
pub fn aya::programs::ProgramError::from(t: T) -> T
#[non_exhaustive] pub enum aya::programs::ProgramType
pub aya::programs::ProgramType::CgroupDevice = 15
pub aya::programs::ProgramType::CgroupSkb = 8
pub aya::programs::ProgramType::CgroupSock = 9
pub aya::programs::ProgramType::CgroupSockAddr = 18
pub aya::programs::ProgramType::CgroupSockopt = 25
pub aya::programs::ProgramType::CgroupSysctl = 23
pub aya::programs::ProgramType::Extension = 28
pub aya::programs::ProgramType::FlowDissector = 22
pub aya::programs::ProgramType::KProbe = 2
pub aya::programs::ProgramType::LircMode2 = 20
pub aya::programs::ProgramType::Lsm = 29
pub aya::programs::ProgramType::LwtInput = 10
pub aya::programs::ProgramType::LwtOutput = 11
pub aya::programs::ProgramType::LwtSeg6local = 19
pub aya::programs::ProgramType::LwtXmit = 12
pub aya::programs::ProgramType::Netfilter = 32
pub aya::programs::ProgramType::PerfEvent = 7
pub aya::programs::ProgramType::RawTracePoint = 17
pub aya::programs::ProgramType::RawTracePointWritable = 24
pub aya::programs::ProgramType::SchedAction = 4
pub aya::programs::ProgramType::SchedClassifier = 3
pub aya::programs::ProgramType::SkLookup = 30
pub aya::programs::ProgramType::SkMsg = 16
pub aya::programs::ProgramType::SkReuseport = 21
pub aya::programs::ProgramType::SkSkb = 14
pub aya::programs::ProgramType::SockOps = 13
pub aya::programs::ProgramType::SocketFilter = 1
pub aya::programs::ProgramType::StructOps = 27
pub aya::programs::ProgramType::Syscall = 31
pub aya::programs::ProgramType::TracePoint = 5
pub aya::programs::ProgramType::Tracing = 26
pub aya::programs::ProgramType::Unspecified = 0
pub aya::programs::ProgramType::Xdp = 6
pub aya::programs::ProgramType::CgroupDevice
pub aya::programs::ProgramType::CgroupSkb
pub aya::programs::ProgramType::CgroupSock
pub aya::programs::ProgramType::CgroupSockAddr
pub aya::programs::ProgramType::CgroupSockopt
pub aya::programs::ProgramType::CgroupSysctl
pub aya::programs::ProgramType::Extension
pub aya::programs::ProgramType::FlowDissector
pub aya::programs::ProgramType::KProbe
pub aya::programs::ProgramType::LircMode2
pub aya::programs::ProgramType::Lsm(aya::programs::LsmAttachType)
pub aya::programs::ProgramType::LwtInput
pub aya::programs::ProgramType::LwtOutput
pub aya::programs::ProgramType::LwtSeg6local
pub aya::programs::ProgramType::LwtXmit
pub aya::programs::ProgramType::Netfilter
pub aya::programs::ProgramType::PerfEvent
pub aya::programs::ProgramType::RawTracePoint
pub aya::programs::ProgramType::RawTracePointWritable
pub aya::programs::ProgramType::SchedAction
pub aya::programs::ProgramType::SchedClassifier
pub aya::programs::ProgramType::SkLookup
pub aya::programs::ProgramType::SkMsg
pub aya::programs::ProgramType::SkReuseport
pub aya::programs::ProgramType::SkSkb
pub aya::programs::ProgramType::SockOps
pub aya::programs::ProgramType::SocketFilter
pub aya::programs::ProgramType::StructOps
pub aya::programs::ProgramType::Syscall
pub aya::programs::ProgramType::TracePoint
pub aya::programs::ProgramType::Tracing
pub aya::programs::ProgramType::Unspecified
pub aya::programs::ProgramType::Xdp
impl core::clone::Clone for aya::programs::ProgramType
pub fn aya::programs::ProgramType::clone(&self) -> aya::programs::ProgramType
impl core::cmp::PartialEq for aya::programs::ProgramType
pub fn aya::programs::ProgramType::eq(&self, other: &aya::programs::ProgramType) -> bool
impl core::convert::TryFrom<aya_obj::generated::linux_bindings_x86_64::bpf_prog_type> for aya::programs::ProgramType
pub type aya::programs::ProgramType::Error = aya::programs::ProgramError
pub fn aya::programs::ProgramType::try_from(prog_type: aya_obj::generated::linux_bindings_x86_64::bpf_prog_type) -> core::result::Result<Self, Self::Error>
impl core::convert::From<aya::programs::ProgramType> for aya_obj::generated::linux_bindings_x86_64::bpf_prog_type
pub fn aya_obj::generated::linux_bindings_x86_64::bpf_prog_type::from(value: aya::programs::ProgramType) -> Self
impl core::fmt::Debug for aya::programs::ProgramType
pub fn aya::programs::ProgramType::fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result
impl core::marker::Copy for aya::programs::ProgramType
@ -9661,7 +9699,7 @@ pub fn aya::programs::ProgramInfo::map_ids(&self) -> core::result::Result<core::
pub fn aya::programs::ProgramInfo::memory_locked(&self) -> core::result::Result<u32, aya::programs::ProgramError>
pub fn aya::programs::ProgramInfo::name(&self) -> &[u8]
pub fn aya::programs::ProgramInfo::name_as_str(&self) -> core::option::Option<&str>
pub fn aya::programs::ProgramInfo::program_type(&self) -> core::result::Result<aya::programs::ProgramType, aya::programs::ProgramError>
pub fn aya::programs::ProgramInfo::program_type(&self) -> aya_obj::generated::linux_bindings_x86_64::bpf_prog_type
pub fn aya::programs::ProgramInfo::run_count(&self) -> u64
pub fn aya::programs::ProgramInfo::run_time(&self) -> core::time::Duration
pub fn aya::programs::ProgramInfo::size_jitted(&self) -> u32

Write Preview
Loading…
Cancel
Save