```
error: field `0` is never read
--> bpf/aya-bpf/src/helpers.rs:737:22
|
737 | pub struct PrintkArg(u64);
| --------- ^^^
| |
| field in this struct
|
= note: `PrintkArg` has a derived impl for the trait `Clone`, but this is intentionally ignored during dead code analysis
= note: `-D dead-code` implied by `-D warnings`
= help: to override `-D warnings` add `#[allow(dead_code)]`
help: consider changing the field to be of unit type to suppress this warning while preserving the field numbering, or remove the field
|
737 | pub struct PrintkArg(());
| ~~
```
See https://github.com/rust-lang/rust/issues/119659.
This implements the userspace binding for RingBuf.
Instead of streaming the samples as heap buffers, the process_ring
function takes a callback to which we pass the event's byte region,
roughly following [libbpf]'s API design. This avoids a copy and allows
marking the consumer pointer in a timely manner.
[libbpf]: https://github.com/libbpf/libbpf/blob/master/src/ringbuf.c
Additionally, integration tests are added to demonstrate the usage
of the new APIs and to ensure that they work end-to-end.
Co-authored-by: William Findlay <william@williamfindlay.com>
Co-authored-by: Tatsuyuki Ishi <ishitatsuyuki@gmail.com>
The implementation changed since the original commit was written, and
some mistakes went in:
- missing bpf_redirect_map wrapper
- extra bpf_map_lookup_elem on maps for which it is forbidden
This feature is equivalent to async_tokio || async_std; removing it
avoids warnings emitted during `cargo hack check --feature-powerset`
where async is selected without either of the other features.
Use cargo hack to ensure clippy runs on the powerset of features.
Replace all `assert!(matches!(..))` with `assert_matches!(..)`.
Remove the now-unused build-integration-test xtask command whose logic
doesn't match that of the build-and-run command.
This change does a few things:
- it fixes a bug in the wrappers, where we were expecting the kernel to
return len=1 for b"\0" where it instead returns 0 and doesn't write
out the NULL terminator
- it makes the helpers more robust by hardcoding bound checks in
assembly so that LLVM optimizations can't transform the checks in a
way that the verifier can't understand.
- it adds integration tests
This patch introduces `pt_regs` handling in aya-bpf/args.rs
for the riscv64 architecture. The current CI is disabled
for riscv64 because this implementation is missing.
Such an assignment in two parts (first deref in `unsafe`, then field
access outside of `unsafe`) is bogus: the deref "returned" by the
`unsafe` block actually creates a copy of the `__sk_buff` struct because
it implements `Copy`. The mark value is written to the `mark` field of
the copy, and not the real `__sk_buff`.
Change it to do it all in the `unsafe` block.
The same is done for the `.len()` getter to avoid copying the whole
`__sk_buff` struct for a 32 bit field. Although such a copy should be
optimized out by the compiler, it's better to help it do so.
Kernel 4.15 added a new eBPF program that can
be used with cgroup v2 to control & observe device
access (e.g. read, write, mknod) - `BPF_PROG_TYPE_CGROUP_DEVICE`.
We add the ability to create these programs with the `cgroup_device`
proc macro which creates the `cgroup/dev` link section. Device
details are available to the eBPF program in `DeviceContext`.
The userspace representation is provided with the `CgroupDevice`
structure.
Fixes: #212
Signed-off-by: Milan <milan@mdaverde.com>
This change separates the previous `SkBuffContext` into three structs:
* `SkBuff` which is a wrapper around `__sk_buff` which contains all
possible methods operating on it.
* `SkBuffContext` which is a program context for programs which
**cannot** access `__sk_buff` directly and instead can only use
`load_bytes`.
* `TcContext` which is a classifier context which can access `__sk_buff`
directly, hence exposes `data` and `data_end`.
Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>
The pull_data method is used to ensure that all the required bytes
are available in the linear portion of the skb.
Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
This commit moves the aya-log projects from the subtree and adds them to
the main cargo workspace. It also brings the BPF crates into the
workspace and moves the macro crates up a level since they aren't BPF
code.
Miri was disabled for aya-bpf as the previous config wasn't actually
checking anything.
CI, clippy, fmt and release configurations have all been adjusted
appropriately.
CI was not properly running for other supported arches which was also
ixed here.
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
The `bpf_printk!` macro is a helper providing a convenient way to invoke the
`bpf_trace_printk` and `bpf_trace_vprintk` BPF helpers. It is implemented as
a macro because it requires variadic arguments.
Change it from `[i8; 16]` to `[u8; 18]`. `i8` arrays cannot be easily used in
Rust for converting to string (i.e. with `core::str::from_utf8_unchecked`)
and developers have to convert them themselves with unsafe code.
Using u8 arrays lets developers to just convert it with
`core::str::from_utf8_unchecked` without any limitations.
Example:
https://github.com/vadorovsky/aya-examples/blob/main/clone/clone-ebpf/src/main.rs
Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>
This change adds two new helpers:
* bpf_probe_read_user_str_bytes
* bpf_probe_read_kernel_str_bytes
Those new helpers are returning a bytes slice (`&[u8]`) with a length
equal to the length of probed, null-terminated string. When using those
helpers, users don't have to manually check for length and create such
slices themselves. They also make converting to `str` way more
convenient, for example:
```rust
let my_str = unsafe {
core::str::from_utf8_unchecked(
bpf_probe_read_user_str_bytes(user_ptr, &mut buf)?
)
};
```
This change also deprecates the old helpers, since their names are
confusing (they have nothing to do with Rust `str`) and using them
requires writing boilerplate code (for checking the length and making
eBPF verifier happy):
* bpf_probe_read_user_str
* bpf_probe_read_kernel_str
Tested on:
516b29af68
Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>