Adds API that probes whether kernel supports a program type.
Assertions for `LircMode2` and `Lsm` are disabled because they require
certain kernel configs to be enabled, which are not by default in VM
tests.
Per man 2 bpf:
> RETURN VALUE
> For a successful call, the return value depends on the operation:
>
> BPF_MAP_CREATE
> The new file descriptor associated with the eBPF map.
>
> BPF_PROG_LOAD
> The new file descriptor associated with the eBPF program.
>
> All other commands
> Zero.
>
> On error, -1 is returned, and errno is set to indicate the error.
Bake this into our syscalls so we stop using `_` so much which can hide
information loss.
PerCpuHashMap was never returning MapError::KeyNotFound because
bpf_map_lookup_elem_per_cpu was replacing Ok(None) with
Ok(Some(zeroed_value)).
Update bpf_map_lookup_elem_per_cpu to map the Option value.
When `aya::obj` was migrated to be its own crate `aya-obj`, the `obj`
alias was created to preserve existing imports that relied on
`crate::obj`.
This resulted in 3 ways to import `aya-obj` objects:
- `use aya_obj::*`
- `use obj::*`
- `use crate::obj::*`
The `obj` alias is now removed to avoid confusion, and all `obj` imports
are funneled through `aya_obj`.
Fixes#1132.
Note that this change does not add support in the public API for kprobes
or tracepoints, but it's a trivial matter of plumbing.
Along the way, the Uprobe::attach API is cleaned up to make the
attachment location more coherent. The logic being: if we're going to be
breaking the API anyway, may as well clean it up a bit.
Furthermore, the aya::sys::bpf_link_attach function is cleaned up by
properly modeling the the union in the final field with a rust enum.
BPF iterators[0] are a way to dump kernel data into user-space and an
alternative to `/proc` filesystem.
This change adds support for BPF iterators on the user-space side. It
provides a possibility to retrieve the outputs of BPF iterator programs
both from sync and async Rust code.
[0] https://docs.kernel.org/bpf/bpf_iterators.html
This commit adds the initial support for TCX
bpf links. This is a new, multi-program, attachment
type allows for the caller to specify where
they would like to be attached relative to other
programs at the attachment point using the LinkOrder
type.
Signed-off-by: astoycos <astoycos@redhat.com>
Co-authored-by: Andre Fredette <afredette@redhat.com>
Co-authored-by: Dave Tucker <dave@dtucker.co.uk>
Co-authored-by: Tamir Duberstein <tamird@gmail.com>
This change allows multiple BPF programs to attach to a cgroup (via the option
`CgroupAttachMode::AllowMultiple`), and allows a program to specify that it can be
overridden by one in a sub-cgroup (via the option `CgroupAttachMode::AllowOverride`).
Purpose of this commit is to add detections for whether a field is
available in `ProgramInfo`.
- For `program_type()`, we return the new enum `ProgramType` instead of
the integer representation.
- For fields that we know cannot be zero, we return `Option<NonZero*>`
type.
- For `name_as_str()`, it now also uses the feature probe `bpf_name()`
to detect if field is available or not.
- Two additional feature probes are added for the fields:
- `prog_info_map_ids()` probe -> `map_ids()` field
- `prog_info_gpl_compatible()` probe -> `gpl_compatible()` field
With the `prog_info_map_ids()` probe, the previous implementation that
I had for `bpf_prog_get_info_by_fd()` is shortened to use the probe
instead of having to make 2 potential syscalls.
The `test_loaded_at()` test is also moved into info tests since it is
better related to the info tests.
`aya::programs::Programs::prog_type(&self)` now returns `ProgramType`
instead of the generated FFI from aya-obj.
Also previously, `loaded_programs()` could be accessed either through
`aya` or `aya::programs`. To avoid confusion and duplicate export of
the item, the function should now only be exposed through
`aya::programs`.
Improves the existing integraiton tests for `loaded_programs()` and
`loaded_maps()` in consideration for older kernels:
- Opt for `SocketFilter` program in tests since XDP requires v4.8 and
fragments requires v5.18.
- For assertion tests, first perform the assertion, if the assertion
fails, then it checks the host kernel version to see if it is above
the minimum version requirement. If not, then continue with test,
otherwise fail.
For assertions that are skipped, they're logged in stderr which can
be observed with `-- --nocapture`.
This also fixes the `bpf_prog_get_info_by_fd()` call for kernels below
v4.15. If calling syscall on kernels below v4.15, it can produce an
`E2BIG` error because `check_uarg_tail_zero()` expects the entire
struct to all-zero bytes (which is caused from the map info).
Instead, we first attempt the syscall with the map info filled, if it
returns `E2BIG`, then perform syscall again with empty closure.
Also adds doc for which version a kernel feature was introduced for
better awareness.
The tests have been verified kernel versions:
- 4.13.0
- 4.15.0
- 6.1.0
In aya/src/sys/bpf.rs, there are several simple bpf programs written as
byte arrays. These need to be adjusted to account for big endian.
Signed-off-by: Billy McFall <22157057+Billy99@users.noreply.github.com>
Add bpf syscall function for BPF_ENABLE_STATS to enable stats tracking
for benchmarking purposes.
Additionally, move `#[cfg(test)]` annotation around the `Drop` trait
instead. Having separate functions causes some complications when
needing ownership/moving of the inner value `OwnedFd` when `Drop` is
manually implemented.
There was a logic bug in the previously merged patch where we
set the correctly calculated max_entries size with the original.
To fix this and prevent regressions a unit test was added.
This highlighted that the original map definition needs to be
mutated in order for the max_entries change to be properly applied.
As such, this resize logic moved out of aya::sys into aya::maps
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
Both libbpf and cilium/ebpf have will set the max_entries of a
BPF_MAP_TYPE_PERF_EVENT_ARRAY to the number of online CPUs if
it was omitted at map definition time. This adds that same
logic to Aya.
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
The need for this type isn't specific to Miri; it is necessary on
toolchains containing https://github.com/rust-lang/rust/pull/124210 - it
just so happens that today this is nightly only, and so is Miri.
And BpfLoader to EbpfLoader.
This also adds type aliases to preserve the use of the old names, making
updating to a new Aya release less of a burden. These aliases are marked
as deprecated since we'll likely remove them in a later release.
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
On startup, the kernel is probed for support of chained program ids for
CpuMap, DevMap and DevMapHash, and will patch maps at load time to have
the proper size. Then, at runtime, the support is checked and will error
out if a program id is passed when the kernel does not support it.
`MapData::fd` is now a `MapFd`. This means that `MapData` now closes the
file descriptor on drop. In the future we might consider making `MapFd`
hold a `BorrowedFd` but this requires API design work due to overlapping
borrows.
Since `SockMapFd` is no longer `Copy`, attach methods to take it by
reference to allow callers to use it multiple times as they are
accustomed to doing.
`SockMapFd` implements `try_clone`. `MapFd` and `SockMapFd` are now
returned by reference to allow callers to avoid file descriptor cloning
when desired.
This is an API breaking change.
Updates #612.
This is a breaking change but adds another level of safety to ensure
the file descriptor we receive is valid. Additionally, this allows
aya to internally easily duplicate this file descriptor using std
library methods instead of manually calling `dup` which doesn't
duplicate with the CLOSE_ON_EXEC flag that is standard pratice to
avoid leaking the file descriptor when exec'ing.
This commit reveals but does not address a file descriptor leak in
LircLink2::query. This function returns a list of `LircLink`s where
each of them have a program file descriptor that is not going to be
closed. This commit does not add this leak; it merely makes it louder
in the code.
Notably:
- clippy::use_self: replaced many T with Self.
- single_use_lifetimes: removed some single use lifetimes.
- unreachable_pub: removed some unreachable pub items.
- unused_crate_dependencies: removed unused futures,parking_lot deps.
- unused_qualifications: found a potential `crate` vs `$crate` bug.
- let_underscore_drop: not enabled, seems to trigger false positives.
- missing_copy_implementations: not enabled, unclear if we want this.
- unsafe_op_in_unsafe_fn: not enabled, unclear if we want this.
- unused_results: not enabled, needs many fixes (but I think wanted).
The primary driver of change here is that `MapData::create` is now a
factory function that returns `Result<Self, _>` rather than mutating
`&mut self`. The remaining changes are consequences of that change, the
most notable of which is the removal of several errors which are no
longer possible.
`ProgramData::fd` is now a `ProgramFd`. This means that `ProgramData`
now closes the file descriptor on drop. In the future we might consider
making `ProgramFd` hold a `BorrowedFd` but this requires API design work
due to overlapping borrows.
Since `ProgramFd` is no longer `Copy`, update methods to take it by
reference to allow callers to use it multiple times as they are
accustomed to doing.
`ProgramFd` is now returned by reference and implements `try_clone` to
allow callers to avoid file descriptor cloning when desired.
This is an API breaking change.
Updates #612.
This commit adds:
- A probe to see if the ENUM64 feature is supported
- Fixups for the use of signed enums, or enum64 types
on systems where enum64 is not supported
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
Tyrone Wu
Tamir Duberstein
aorhant
Andrew Werner
Michal Rostecki
astoycos
Harvo Jones
Alessandro Decina
Billy McFall
Dave Tucker
Kevin Ji
Adam Preuss
Tuetuopay
Andrés Medina