Commit Graph

188 Commits (68bf8818ec5edd803a345ac47405a973e64da5dd)

Author SHA1 Message Date
Michal Rostecki ee15fbbbc5 bpf: Use `then_some` instead of `then(|| [...])`
This change fixes the `unnecessary_lazy_evaluations` clippy warning.

Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>
3 years ago
Michal Rostecki a3a96b8415 bpf: Change the result type of bpf_get_current_comm helper
Change it from `[i8; 16]` to `[u8; 18]`. `i8` arrays cannot be easily used in
Rust for converting to string (i.e. with `core::str::from_utf8_unchecked`)
and developers have to convert them themselves with unsafe code.

Using u8 arrays lets developers to just convert it with
`core::str::from_utf8_unchecked` without any limitations.

Example:

https://github.com/vadorovsky/aya-examples/blob/main/clone/clone-ebpf/src/main.rs

Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>
3 years ago
Alessandro Decina 6f301ac9ca
Merge pull request #284 from vadorovsky/str
bpf(helpers): Add *_str_bytes helpers
3 years ago
Dave Tucker 79101e748a test: Replace RTF with Rust
This commit replaces the existing RTF test runner with a simple rust
binary package called - integration-test.

integration-test depends on integration-ebpf, which contains test eBPF
code written in Rust and C. `cargo xtask build-integration-test-ebpf`
can be used to build this code and supress rust-analyzer warnings. It
does require `bpf-linker`, but that is highly likely to be available to
developers of Aya. It also requires a checkout of `libbpf` to extract
headers like bpf-helpers.h.

Since everything is compiled into a single binary, it can be run
be run locally using `cargo xtask integration-test` or remotely using
`./run.sh` which re-uses the bash script from the old test framework
to spawn a VM in which to run the tests.

Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
3 years ago
Johannes Edmeier 2d79f22b40 aya-bpf: use bpf_read_probe for reading pt_regs
Linux Kernels < 5.5 don't support bpf_probe_read_kernel. Therefore
bpf_probe_read must be used for compatibility reasons.
3 years ago
Michal Rostecki 78e58b8960 bpf(helpers): Add *_str_bytes helpers
This change adds two new helpers:

* bpf_probe_read_user_str_bytes
* bpf_probe_read_kernel_str_bytes

Those new helpers are returning a bytes slice (`&[u8]`) with a length
equal to the length of probed, null-terminated string. When using those
helpers, users don't have to manually check for length and create such
slices themselves. They also make converting to `str` way more
convenient, for example:

```rust
let my_str = unsafe {
    core::str::from_utf8_unchecked(
        bpf_probe_read_user_str_bytes(user_ptr, &mut buf)?
    )
};
```

This change also deprecates the old helpers, since their names are
confusing (they have nothing to do with Rust `str`) and using them
requires writing boilerplate code (for checking the length and making
eBPF verifier happy):

* bpf_probe_read_user_str
* bpf_probe_read_kernel_str

Tested on:

516b29af68

Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>
3 years ago
Alessandro Decina 150dc1b610
Merge pull request #326 from NoneTirex/fix-map-delete-return-value
Change condititon for some bpf helpers
3 years ago
tirex caa66cabac Add missing inline macro to xdp methods 3 years ago
tirex 741c35f555 Restore previous check for bpf_get_stackid 3 years ago
tirex 42c4d5c3af Temporary change return value condition to avoid problems with possibly (not aware) cast from int to long 3 years ago
tirex 5b1a3ed866 Fix return value for map removing/deleting 3 years ago
Dave Tucker 713cd4e858 docs: Add crabby logo
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
3 years ago
Alessandro Decina 7549eb979c
Merge pull request #315 from dave-tucker/sock
Add support for BPF_PROG_TYPE_CGROUP_SOCK
3 years ago
Dave Tucker 05c1586202 bpf: bpf_probe_read_kernel fields in pt_regs
As it turns out, the verifier gets upset if you try to read the values
directly without using bpf_probe_read.

Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
3 years ago
Tatsuyuki Ishi 5e24cf7a29
bpf: Remove unnecessary Sync bound on PerCpuArray<T> 3 years ago
Alessandro Decina 82cd3e695a ebpf: PerCpuArray: remove get_mut() and add get_ptr() and get_ptr_mut()
get_mut() wasn't sound as it allowed creating multiple mutable
references.
3 years ago
Alessandro Decina 1eb9ef5488
Merge pull request #290 from ishitatsuyuki/immut-self
bpf: Replace map types to use &self, remove HashMap::get_mut
3 years ago
Dave Tucker 6f51b616e1 bpf: Implement BPF_PROG_TYPE_CGROUP_SOCK
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
3 years ago
Dave Tucker 9d18a48c3c bpf: Add accessors to SockOpsContext
Allow getting family, remote/local v4/v6 addresses and the remote and
local ports.

Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
3 years ago
Dave Tucker c725e72796 bpf: re-reun build.rs if env changed
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
3 years ago
Dave Tucker e3c8c659a1 bpf: arm fix pt_regs handling
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
3 years ago
Tatsuyuki Ishi 41c6b56142 bpf: Replace map types to use &self, remove HashMap::get_mut
The bpf_map_defs are now wrapped with UnsafeCell, which also happens to
provide a cozy way to get a *mut pointer. An UnsafeCell isn't strictly
required as the struct fields are practically opaque to us, but using an
UnsafeCell follows the general best practices against miscompilation and
also prevents some obvious errors.

HashMap::get_mut was removed because the idea is completely unsound.
Previous users should wrap their data with UnsafeCell instead or use
atomics.

Closes: https://github.com/aya-rs/aya/issues/233
3 years ago
Dave Tucker 218d4842d6 bpf: Be consistent with arm target_arch
This is `arm` in bindings but `armv7` in args.
Let's use `arm`

Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
3 years ago
Dave Tucker 7f6da53c34 bpf: Fix pt_regs for aarch64 (again)
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
3 years ago
Dave Tucker 1d06b41e57 ci: Test all architectures
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
3 years ago
Dave Tucker 7e828df1c9 bpf: Fix aarch64 access to regs
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
3 years ago
Alessandro Decina 6b1f47323b
Merge pull request #293 from dave-tucker/getters-be-gone
Getters be gone
3 years ago
Alessandro Decina 16337001e4
Merge pull request #286 from nak3/add-BPF_MAP_TYPE_BLOOM_FILTER
Add support for BPF_MAP_TYPE_BLOOM_FILTER
3 years ago
Kenjiro Nakayama c5d5695a71 Add missing BPF_MAP_TYPE_STACK in BPF code
Currently BPF_MAP_TYPE_STACK is supported by user code (`aya/src/maps/stack.rs`),
but it does not support the BPF_MAP_TYPE_STACK BPF code.

This patch fixes it.
3 years ago
Dave Tucker 8672ff6c56 bpf: Remove generated getters
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
3 years ago
Dave Tucker 74704c3b28 bpf: Support BPF_PROG_TYPE_SK_LOOKUP
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
3 years ago
Kenjiro Nakayama c4262f793d Add support for BPF_MAP_TYPE_BLOOM_FILTER
This patch adds support for `BPF_MAP_TYPE_BLOOM_FILTER`.
3 years ago
Dave Tucker 4acd996cb8 bpf: Add PtRegs wrapper
This adds a portable wrapper around pt_regs and user_pt_regs.
It makes writing Raw Tracepoint or KProbe programs easier when the
arguments are one of these types while also ensuring code is portable
across architectures

Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
3 years ago
gianluigi a9c0fccb2e Add riscv64 bindings 3 years ago
dave-tucker 4767664d5d [codegen] Update libbpf to 47595c2f08aece55baaf21ed0b72f5c5abf2cb5eUpdate libbpf to 47595c2f08aece55baaf21ed0b72f5c5abf2cb5e
Files changed:\nM	aya/src/generated/linux_bindings_riscv64.rs
M	bpf/aya-bpf-bindings/src/riscv64/bindings.rs
M	bpf/aya-bpf-bindings/src/riscv64/getters.rs
M	bpf/aya-bpf-bindings/src/riscv64/helpers.rs
3 years ago
Dave Tucker edaa70b5ba riscv scaffolding for codegen
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
3 years ago
Dave Tucker 4a32e7d985 clippy: fix new lints on nightly
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
3 years ago
Michal Rostecki 3262f85925 bpf(doc): Hide docs of bindings
Before this change, documentation of helper functions (defined by us,
not bindings) were not visible, because `use gen::*` was overriding them
with helpers coming from aya-bpf-bindings, which have the same names and
no docs.

Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>
3 years ago
Amos Wenger a1e7b58d7c Don't use #[no_mangle] (clashes with `#[export_name]`)
This closes #270.

With this, the symbol name is correct in the intermediate LLVM bitcode
object file (`.rcgu.o`) and in the final BPF program.
3 years ago
Kenjiro Nakayama e68d734c68
Add support for BPF_PROG_TYPE_CGROUP_SOCKOPT (#268) 3 years ago
alessandrod 7f7c78ad6b [codegen] Update libbpf to 86eb09863c1c0177e99c2c703092042d3cdba910Update libbpf to 86eb09863c1c0177e99c2c703092042d3cdba910
Files changed:\nM	aya/src/generated/linux_bindings_aarch64.rs
M	aya/src/generated/linux_bindings_armv7.rs
M	aya/src/generated/linux_bindings_x86_64.rs
M	bpf/aya-bpf-bindings/src/aarch64/bindings.rs
M	bpf/aya-bpf-bindings/src/aarch64/getters.rs
M	bpf/aya-bpf-bindings/src/aarch64/helpers.rs
M	bpf/aya-bpf-bindings/src/armv7/bindings.rs
M	bpf/aya-bpf-bindings/src/armv7/getters.rs
M	bpf/aya-bpf-bindings/src/armv7/helpers.rs
M	bpf/aya-bpf-bindings/src/x86_64/bindings.rs
M	bpf/aya-bpf-bindings/src/x86_64/getters.rs
M	bpf/aya-bpf-bindings/src/x86_64/helpers.rs
3 years ago
Dave Tucker 2bac924464 bpf: Add support for BPF_PROG_TYPE_CGROUP_SOCK_ADDR
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
3 years ago
Kenjiro Nakayama f721021a0a
Add support for BPF_PROG_TYPE_CGROUP_SYSCTL (#256)
* Add support for BPF_PROG_TYPE_CGROUP_SYSCTL

This patch adds support for `BPF_PROG_TYPE_CGROUP_SYSCTL`.

* Parse unnamed macro

* Fix docs
3 years ago
tirex f1f7185dab Set skb_buff visbility to pub 4 years ago
dave-tucker d6ca3e1ae7 [codegen] Update libbpf to 3a4e26307d0f9b227e3ebd28b443a1a715e4e17dUpdate libbpf to 3a4e26307d0f9b227e3ebd28b443a1a715e4e17d
Files changed:\nM	aya/src/generated/linux_bindings_aarch64.rs
M	aya/src/generated/linux_bindings_armv7.rs
M	aya/src/generated/linux_bindings_x86_64.rs
M	bpf/aya-bpf-bindings/src/aarch64/bindings.rs
M	bpf/aya-bpf-bindings/src/aarch64/getters.rs
M	bpf/aya-bpf-bindings/src/aarch64/helpers.rs
M	bpf/aya-bpf-bindings/src/armv7/bindings.rs
M	bpf/aya-bpf-bindings/src/armv7/getters.rs
M	bpf/aya-bpf-bindings/src/armv7/helpers.rs
M	bpf/aya-bpf-bindings/src/x86_64/bindings.rs
M	bpf/aya-bpf-bindings/src/x86_64/getters.rs
M	bpf/aya-bpf-bindings/src/x86_64/helpers.rs
4 years ago
Dave Tucker f12c0269d0 bpf: Maps live in maps section
This forces all maps to the maps section so we remain compatible with
libbpf. This requires #181 to avoid breaking userspace.

Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
4 years ago
Kenjiro Nakayama 80913c04f3 Fix minor typo 4 years ago
Alessandro Decina 29d539751a ebpf: add fallback memcpy
Add simplest possible memcpy that the verifier should never trip on
4 years ago
Alessandro Decina f75d968657
Merge pull request #239 from nak3/pub-ops
aya-bpf: expose bpf_sock_ops of SockOpsContext
4 years ago
Kenjiro Nakayama 360560ec4e aya-bpf: expose sk_msg_md of SkMsgContext
This patch expose sk_msg_md of SkMsgContext.
4 years ago
Kenjiro Nakayama 6bc5a4d82d aya-bpf: expose bpf_sock_ops of SockOpsContext
This patch expose bpf_sock_ops of `SockOpsContext`.
4 years ago
Alessandro Decina 5390fb1ee1
Merge pull request #187 from vadorovsky/sk-buff-socket-uid
bpf: sk_buff: Add get_socket_uid method to SkBuffContext
4 years ago
Michal Rostecki 34d74fcd3b bpf: sk_buff: Add get_socket_uid method to SkBuffContext
This change exposes the BPF helper bpf_socket_get_uid as a public method
of SkBuffContext, which allows to get the owner UID of the socket
associated to the sk_buff stored in the context.

Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>
4 years ago
Alessandro Decina ecd6a6e96b bpf: hash_map: add get_mut() method 4 years ago
Nimrod Shneor d0b6daa091 Add LPMTrie Map to aya-bpf for BPF programs 4 years ago
Alessandro Decina 923cd9b767
Merge pull request #142 from vadorovsky/args-mut-ptr
aya-bpf: Add bpf_probe_write_user helper
4 years ago
Michal Rostecki 1df3b17d29 aya-bpf: Add bpf_probe_write_user helper
This helper allows to write to mutable pointers in the userspace, which
come from userspace functions that uprobes attach to.

Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
4 years ago
Alessandro Decina 5836b3f1b8
Merge pull request #149 from willfindlay/program_array
bpf/maps: implement ProgramArray
4 years ago
William Findlay b28ae97053
bpf/macros: fix tests
Doctests were broken due to depencencies on a generated vmlinux, incorrect function
signatures, and a missing unsafe keyword.
4 years ago
William Findlay df26fd94a7
bpf/program_array: use never type, add unsafe flag, and document safety 4 years ago
William Findlay ff14493751
bpf/maps: implement ProgramArray
This PR implements the ProgramArray map type in aya-bpf. Includes a convenient tail_call
method that wraps the bpf_tail_call helper.
4 years ago
Michal Rostecki 54377b6140 aya-bpf: Allow to convert probe arguments to mutable pointers
Before this change, arguments fetched with `arg` from `ProbeContext`
could be only fetched as const pointers. This change allows to get mut
pointers as well.

Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
4 years ago
Michal Rostecki 5d8afc58f4 aya-bpf-macros: Fix LSM macro documentation
It was causing `cargo doc` inside bpf/ to fail.

Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
4 years ago
dave-tucker 05d4bc39ea Update libbpf to 19656636a9b9a2de1f71fa3135709295c16701cc 4 years ago
Michal Rostecki 7e2fcd1d6d Support for fentry and fexit programs
fentry and fexit programs are similar to kprobe and kretprobe, but they
are newer and they have practically zero overhead to call before or
after kernel function. Also, fexit programs are focused on access to
arguments rather than the return value.

Those kind of programs were introduced in the following patchset:

https://lwn.net/Articles/804112/

Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
4 years ago
dave-tucker 17d43cd6f8 Update libbpf to 93e89b34740c509406e948c78a404dd2fba67b8b 4 years ago
Thia Wyrod b655cf973f
aya-bpf: remove unnecessary unsafe markers on map functions.
Map lookup and deletion can yield stale keys and values by virtue of
sharing a data structure with userspace programs and other BPF programs
which can modify it. However, all accesses remain perfectly safe and will
not cause memory corruption or data races.
4 years ago
Alessandro Decina 8043451973 bpf: re-export Lru hash maps from aya_bpf::maps 4 years ago
Alessandro Decina c0f695c4b6 bpf: Add LruHashMap and LruPerCpuHashMap 4 years ago
Thia Wyrod d280b856bd
aya-bpf: expose xdp_md of XdpContext and add metadata functions. 4 years ago
Alessandro Decina df393690d3
Merge pull request #114 from deverton/wrap-bpf_get_current_uid_gid
Add wrapper and docs for for bpf_get_current_uid_gid
4 years ago
Dan Everton fa23052e34
Add wrapper and docs for for bpf_get_current_uid_gid 4 years ago
Dave Tucker eadba79deb bpf: Add tests for cgroup_skb macro
This checks that the expand function produces the expected link_section
given certain input

Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
4 years ago
Dave Tucker fa037a88e2 bpf: Fix cgroup_skb macro
This commit ensures that if no attach type is provided, that we use the
cgroup/skb section. If an attach type is provided we use the
cgroup_skb/$attach_type section.

Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
4 years ago
Alessandro Decina 170e98e71e bpf: fix doc tests 4 years ago
Alessandro Decina 31f96450d4 bpf: add bpf_probe_read_buf, bpf_probe_read_user_buf and bpf_probe_read_kernel_buf 4 years ago
Dave Tucker 8a6fe4a640 bpf: Rename SkSkbContext to SkBuffContext
This is necessary since the context is used in many other program types
and not just in SK_SKB programs.

Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
4 years ago
Dave Tucker a4bb29a3cc bpf: Add macro for socket_filter programs
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
4 years ago
Alessandro Decina 5ea450f0ec
Merge pull request #102 from dave-tucker/skskb
bpf: Add macros for sk_skb programs
4 years ago
Dave Tucker 2a8ba55b7e bpf: Implement redirect for skbs on sockmap/sockhash
This implements redirect_skb and renames redirect to redirect_msg

Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
4 years ago
Dave Tucker 0c7e9b94ea bpf: Add macros for sk_skb programs
This commit adds the stream_parser and stream_verdict macros for use in
bpf programs

Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
4 years ago
William Findlay 89dee1a114
aya-bpf: implement argument coercion for pt_regs and BTF programs
Implements argument and return value coercion helpers for:
    - LSM programs
    - BTF tracepoints
    - [ku]{ret}probes

Signed-off-by: William Findlay <william@williamfindlay.com>
4 years ago
William Findlay 972e5e636a
aya-bpf-macros: fix tests
Doctests were failing due to a dependency on the aya-bpf crate.
4 years ago
alessandrod 4a7f47d93a Update libbpf to 16dfb4ffe4aed03fafc00e0557b1ce1310a09731 4 years ago
William Findlay 4a02d0038f
aya-bpf/helpers: add documentation and implement all bpf_probe_read_* wrappers
This patch adds some documentation to aya-bpf/helpers and adds documentation
for the module itself and for all of the wrappers currently defined in the module.

It also implements the rest of the bpf_probe_read_* wrappers that were missing from this
file. In the future, it probably also makes sense to add some bpf_probe_read_* wrappers
that can read directly into a map pointer, avoiding the BPF stack altogether. I'm going to
call this out of scope for this PR, but plan to submit a subsequent one that addresses
this use case.

Signed-off-by: William Findlay <william@williamfindlay.com>
4 years ago
William Findlay b30fd424ef
aya-bpf/helpers: expose raw bindings through helpers::gen
Until we add another set of bpf_probe_read_* wrappers for reading into a map pointer,
users need access to the underlying bpf_probe_read helper, which is clobbered by this
module. This patch enables direct access to the underlying helpers::gen module to support
such use cases.

In my view, it would also probably make sense to just not export helpers::gen::* and force
the user to opt into helpers::gen, but this can be decided on later.

Signed-off-by: William Findlay <william@williamfindlay.com>
4 years ago
William Findlay 6539cbb555
aya/aya-bpf: implement btf tracepoint programs 4 years ago
William Findlay 169478c863 Add support for raw tracepoint and LSM programs
This change adds support for the following program types:

* raw tracepoint
* LSM

Supporting LSM programs involved a necessity of supporting more
load_attrs for the BPF_PROG_LOAD operation, concretely:

* expected_attach_type - for LSM programs, it has always to be set to
  BPF_LSM_MAC
* attach_btf_obj_fd - it's often used to reference the file descriptor of
  program's BTF info, altough in case of LSM programs, it only has to
  contain the value 0, which means the vmlinux object file (usually
  /sys/kernel/btf/vmlinux)
* attach_btf_id - ID of the BTF object, which in case of LSM programs is
  the ID of the function (the LSM hook)

The example of LSM program using that functionality can be found here:

https://github.com/vadorovsky/aya-example-lsm

Fixes: #9
Signed-off-by: William Findlay <william@williamfindlay.com>
Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
4 years ago
alessandrod 03e9935358 Bump libbpf to 92c1e61a605410b16d6330fdd4a7a4e03add86d4
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
4 years ago
Alessandro Decina 1f3acbcfe0 bpf: add override for bpf_probe_read_user_str 4 years ago
Alessandro Decina 4116442cda bpf: PerfEventByteArray: remove unused import 4 years ago
Alessandro Decina 0220a4192c bpf: add PerfEventByteArray
Similar to PerfEventArray but allows to output variable length byte
slices
4 years ago
Alessandro Decina 23a70382b2 bpf: PerfEventArray: tweak output API 4 years ago
Alessandro Decina ea91fe08d3 bpf: rename PerfMap to PerfEventArray 4 years ago
Alessandro Decina 32350f81b7 bpf: add memset impl that doesn't trip the verifier
Add a verifier proof memset implementation. This is a quick hack until
we fix compiler-builtins for the bpf target.
4 years ago
Dave Tucker 090efc863d bpf: Fix clippy warnings
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
4 years ago
Dave Tucker 69041954cb bpf: Added pinned constructor to maps
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
4 years ago
Markus Stange c39dff6025 Add support for PerfEvent programs. 4 years ago
Alessandro Decina 269be03a89 bpf: add PerCpuArray 4 years ago
Alessandro Decina d7ef47686b bpf: update bindings against libbpf 8bdc267e7b853ca08ed762b21fecc0e019ddc332 4 years ago