Currently BPF_MAP_TYPE_STACK is supported by user code (`aya/src/maps/stack.rs`),
but it does not support the BPF_MAP_TYPE_STACK BPF code.
This patch fixes it.
This adds a portable wrapper around pt_regs and user_pt_regs.
It makes writing Raw Tracepoint or KProbe programs easier when the
arguments are one of these types while also ensuring code is portable
across architectures
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
Before this change, documentation of helper functions (defined by us,
not bindings) were not visible, because `use gen::*` was overriding them
with helpers coming from aya-bpf-bindings, which have the same names and
no docs.
Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>
This change exposes the BPF helper bpf_socket_get_uid as a public method
of SkBuffContext, which allows to get the owner UID of the socket
associated to the sk_buff stored in the context.
Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>
This helper allows to write to mutable pointers in the userspace, which
come from userspace functions that uprobes attach to.
Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
Before this change, arguments fetched with `arg` from `ProbeContext`
could be only fetched as const pointers. This change allows to get mut
pointers as well.
Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
fentry and fexit programs are similar to kprobe and kretprobe, but they
are newer and they have practically zero overhead to call before or
after kernel function. Also, fexit programs are focused on access to
arguments rather than the return value.
Those kind of programs were introduced in the following patchset:
https://lwn.net/Articles/804112/
Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
Map lookup and deletion can yield stale keys and values by virtue of
sharing a data structure with userspace programs and other BPF programs
which can modify it. However, all accesses remain perfectly safe and will
not cause memory corruption or data races.
This is necessary since the context is used in many other program types
and not just in SK_SKB programs.
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
This patch adds some documentation to aya-bpf/helpers and adds documentation
for the module itself and for all of the wrappers currently defined in the module.
It also implements the rest of the bpf_probe_read_* wrappers that were missing from this
file. In the future, it probably also makes sense to add some bpf_probe_read_* wrappers
that can read directly into a map pointer, avoiding the BPF stack altogether. I'm going to
call this out of scope for this PR, but plan to submit a subsequent one that addresses
this use case.
Signed-off-by: William Findlay <william@williamfindlay.com>
Until we add another set of bpf_probe_read_* wrappers for reading into a map pointer,
users need access to the underlying bpf_probe_read helper, which is clobbered by this
module. This patch enables direct access to the underlying helpers::gen module to support
such use cases.
In my view, it would also probably make sense to just not export helpers::gen::* and force
the user to opt into helpers::gen, but this can be decided on later.
Signed-off-by: William Findlay <william@williamfindlay.com>
This change adds support for the following program types:
* raw tracepoint
* LSM
Supporting LSM programs involved a necessity of supporting more
load_attrs for the BPF_PROG_LOAD operation, concretely:
* expected_attach_type - for LSM programs, it has always to be set to
BPF_LSM_MAC
* attach_btf_obj_fd - it's often used to reference the file descriptor of
program's BTF info, altough in case of LSM programs, it only has to
contain the value 0, which means the vmlinux object file (usually
/sys/kernel/btf/vmlinux)
* attach_btf_id - ID of the BTF object, which in case of LSM programs is
the ID of the function (the LSM hook)
The example of LSM program using that functionality can be found here:
https://github.com/vadorovsky/aya-example-lsmFixes: #9
Signed-off-by: William Findlay <william@williamfindlay.com>
Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
The type casting introduces an allocation, this will cause compiling failure when linking final bpf target.
So remove this casting to fix this issue.
BTW, the following is the failure I met:
= note: 07:24:12 [ERROR] fatal error: "unable to allocate function return #1"
PLEASE submit a bug report to https://bugs.llvm.org/ and include the crash backtrace.
Stack dump:
0. Running pass 'Function Pass Manager' on module 'trace_bpf-001a275b17e9eb12'.
1. Running pass 'BPF DAG->DAG Pattern Instruction Selection' on function '@_ZN7aya_bpf4maps11stack_trace10StackTrace11get_stackid17h32b649bc3780c0aaE'
Signed-off-by: Tw <wei.tan@intel.com>