This change allows multiple BPF programs to attach to a cgroup (via the option
`CgroupAttachMode::AllowMultiple`), and allows a program to specify that it can be
overridden by one in a sub-cgroup (via the option `CgroupAttachMode::AllowOverride`).
Adds detection for whether a field is available in `MapInfo`:
- For `map_type()`, we treturn new enum `MapType` instead of the integer
representation.
- For fields that can't be zero, we return `Option<NonZero*>` type.
- For `name_as_str()`, it now uses the feature probe `bpf_name()` to
detect if field is available.
Although the feature probe checks for program name, it can also be
used for map name since they were both introduced in the same commit.
Purpose of this commit is to add detections for whether a field is
available in `ProgramInfo`.
- For `program_type()`, we return the new enum `ProgramType` instead of
the integer representation.
- For fields that we know cannot be zero, we return `Option<NonZero*>`
type.
- For `name_as_str()`, it now also uses the feature probe `bpf_name()`
to detect if field is available or not.
- Two additional feature probes are added for the fields:
- `prog_info_map_ids()` probe -> `map_ids()` field
- `prog_info_gpl_compatible()` probe -> `gpl_compatible()` field
With the `prog_info_map_ids()` probe, the previous implementation that
I had for `bpf_prog_get_info_by_fd()` is shortened to use the probe
instead of having to make 2 potential syscalls.
The `test_loaded_at()` test is also moved into info tests since it is
better related to the info tests.
`aya::programs::Programs::prog_type(&self)` now returns `ProgramType`
instead of the generated FFI from aya-obj.
Also previously, `loaded_programs()` could be accessed either through
`aya` or `aya::programs`. To avoid confusion and duplicate export of
the item, the function should now only be exposed through
`aya::programs`.
Add conversion from u32 to program type, link type, and attach type.
Additionally, remove duplicate match statement for u32 conversion to
`BPF_MAP_TYPE_BLOOM_FILTER` & `BPF_MAP_TYPE_CGRP_STORAGE`.
New error `InvalidTypeBinding<T>` is created to represent when a
parsed/received value binding to a type is invalid.
This is used in the new conversions added here, and also replaces
`InvalidMapTypeError` in `TryFrom` for `bpf_map_type`.
Improves the existing integraiton tests for `loaded_programs()` and
`loaded_maps()` in consideration for older kernels:
- Opt for `SocketFilter` program in tests since XDP requires v4.8 and
fragments requires v5.18.
- For assertion tests, first perform the assertion, if the assertion
fails, then it checks the host kernel version to see if it is above
the minimum version requirement. If not, then continue with test,
otherwise fail.
For assertions that are skipped, they're logged in stderr which can
be observed with `-- --nocapture`.
This also fixes the `bpf_prog_get_info_by_fd()` call for kernels below
v4.15. If calling syscall on kernels below v4.15, it can produce an
`E2BIG` error because `check_uarg_tail_zero()` expects the entire
struct to all-zero bytes (which is caused from the map info).
Instead, we first attempt the syscall with the map info filled, if it
returns `E2BIG`, then perform syscall again with empty closure.
Also adds doc for which version a kernel feature was introduced for
better awareness.
The tests have been verified kernel versions:
- 4.13.0
- 4.15.0
- 6.1.0
In aya/src/sys/bpf.rs, there are several simple bpf programs written as
byte arrays. These need to be adjusted to account for big endian.
Signed-off-by: Billy McFall <22157057+Billy99@users.noreply.github.com>
Adding support for s390x (big endian architecture) and found that some
of the unit tests have structures and files implemented as byte arrays.
They are all coded as little endian and need a bug endian version to
work properly.
Signed-off-by: Billy McFall <22157057+Billy99@users.noreply.github.com>
```
error: first doc comment paragraph is too long
--> aya/src/programs/raw_trace_point.rs:12:1
|
12 | / /// A program that can be attached at a pre-defined kernel trace point, but also
13 | | /// has an access to kernel internal arguments of trace points, which
14 | | /// differentiates them from traditional tracepoint eBPF programs.
15 | | ///
16 | | /// The kernel provides a set of pre-defined trace points that eBPF programs can
| |_
|
= help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#too_long_first_doc_paragraph
error: first doc comment paragraph is too long
--> ebpf/aya-ebpf/src/helpers.rs:1:1
|
1 | / //! This module contains kernel helper functions that may be exposed to specific BPF
2 | | //! program types. These helpers can be used to perform common tasks, query and operate on
3 | | //! data exposed by the kernel, and perform some operations that would normally be denied
4 | | //! by the BPF verifier.
5 | | //!
6 | | //! Here, we provide some higher-level wrappers around the underlying kernel helpers, but
| |_
|
= help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#too_long_first_doc_paragraph
```
Add bpf syscall function for BPF_ENABLE_STATS to enable stats tracking
for benchmarking purposes.
Additionally, move `#[cfg(test)]` annotation around the `Drop` trait
instead. Having separate functions causes some complications when
needing ownership/moving of the inner value `OwnedFd` when `Drop` is
manually implemented.
There was a logic bug in the previously merged patch where we
set the correctly calculated max_entries size with the original.
To fix this and prevent regressions a unit test was added.
This highlighted that the original map definition needs to be
mutated in order for the max_entries change to be properly applied.
As such, this resize logic moved out of aya::sys into aya::maps
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
Both libbpf and cilium/ebpf have will set the max_entries of a
BPF_MAP_TYPE_PERF_EVENT_ARRAY to the number of online CPUs if
it was omitted at map definition time. This adds that same
logic to Aya.
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
This fixes the current rustdoc build error by correcting the ordering of
`rustdoc-args` to `-D warnings`. Additionally, this also removes the
`recorder_arrays` field (defaults to false) so that the order is not
modified, which is what caused the error in the first place.
```
warning: lint `pointer_structural_match` has been removed: converted into hard error, see RFC #3535 <https://rust-lang.github.io/rfcs/3535-constants-in-patterns.html> for more information
--> aya/src/lib.rs:57:5
|
57 | pointer_structural_match,
| ^^^^^^^^^^^^^^^^^^^^^^^^
|
= note: `#[warn(renamed_and_removed_lints)]` on by default
```
This change enhances the logic for symbol lookup in uprobe or uretprobe.
If the symbol is not found in the original binary, the search continues
in the debug file associated through the debuglink section. Before
searching the symbol table, it compares the build IDs of the two files.
The symbol lookup will only be terminated if both build IDs exist and do
not match. This modification does not affect the existing symbol lookup
logic.
Refs: #936
The need for this type isn't specific to Miri; it is necessary on
toolchains containing https://github.com/rust-lang/rust/pull/124210 - it
just so happens that today this is nightly only, and so is Miri.
These only warn now:
```
test maps::hash_map::hash_map::tests::test_iter ... warning: integer-to-pointer cast
--> aya/src/maps/hash_map/hash_map.rs:304:15
|
304 | match unsafe { attr.__bindgen_anon_2.key } as *const T {
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ integer-to-pointer cast
|
= help: This program is using integer-to-pointer casts or (equivalently) `ptr::with_exposed_provenance`,
= help: which means that Miri might miss pointer bugs in this program.
= help: See https://doc.rust-lang.org/nightly/std/ptr/fn.with_exposed_provenance.html for more details on that operation.
= help: To ensure that Miri does not miss bugs in your program, use Strict Provenance APIs (https://doc.rust-lang.org/nightly/std/ptr/index.html#strict-provenance, https://crates.io/crates/sptr) instead.
= help: You can then pass the `-Zmiri-strict-provenance` flag to Miri, to ensure you are not relying on `with_exposed_provenance` semantics.
= help: Alternatively, the `-Zmiri-permissive-provenance` flag disables this warning.
= note: BACKTRACE on thread `maps::hash_map:`:
= note: inside `maps::hash_map::hash_map::tests::bpf_key::<i32>` at aya/src/maps/hash_map/hash_map.rs:304:15: 304:63
```
If a bpf syscall fails, it would be useful to know if this is due to
not having enough permissions or that the kernel does not have BPF support.
Ubuntu kernels are compiled without `CONFIG_BPF_LIRC_MODE2` so this is
important for https://github.com/seanyoung/cir/ : I would like to
present a useful error saying your kernel does not support BPF IR
decoders, go fix your kernel.
Also, when removing all BPF programs using `cir config --clear` then
if there is no support for BPF, there is nothing to clear and the
syscall error can be ignored.
This PR includes the licenses files in the crate workspace subdirectory.
Without this, they won't be showing on crates.io and would be giving out
errors on tooling such as rust2rpm.
Signed-off-by: Daniel Mellado <dmellado@redhat.com>
And BpfLoader to EbpfLoader.
This also adds type aliases to preserve the use of the old names, making
updating to a new Aya release less of a burden. These aliases are marked
as deprecated since we'll likely remove them in a later release.
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
This moves the path dependencies back into the per-crate Cargo.toml.
It is required such that the release tooling can correctly calculate
which version constraints require changing when we perform a release.
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
This provides a `BREAKING-CHANGES.md` that we can populate per-crate.
Doing so will allow us to pull this content into our changelog and
websites to make things easier for users.
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
This allows for inheritance of common fields from the workspace root.
The following fields have been made common:
- authors
- license
- repository
- homepage
- edition
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
Corrent an invalid transmutation for sock_map.
fd is already a ref of MapFd, so transmuting &fd to &SockMapFd is
equivalent to transmuting &&SockMapFd into &SockMapFd which is buggy.
```
error: this call to `as_ref.map(...)` does nothing
--> aya/src/bpf.rs:536:30
|
536 | let btf_fd = btf_fd.as_ref().map(Arc::clone);
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ help: try: `btf_fd.clone()`
|
= help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#useless_asref
note: the lint level is defined here
--> aya/src/lib.rs:41:5
|
41 | clippy::all,
| ^^^^^^^^^^^
= note: `#[deny(clippy::useless_asref)]` implied by `#[deny(clippy::all)]`
error: could not compile `aya` (lib) due to 1 previous error
warning: build failed, waiting for other jobs to finish...
error: initializer for `thread_local` value can be made `const`
--> aya/src/sys/fake.rs:14:61
|
14 | pub(crate) static TEST_MMAP_RET: RefCell<*mut c_void> = RefCell::new(ptr::null_mut());
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ help: replace with: `const { RefCell::new(ptr::null_mut()) }`
|
= help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#thread_local_initializer_can_be_made_const
= note: `#[deny(clippy::thread_local_initializer_can_be_made_const)]` implied by `#[deny(clippy::all)]`
```
```
error: lint `unused_tuple_struct_fields` has been renamed to `dead_code`
--> aya/src/lib.rs:74:5
|
74 | unused_tuple_struct_fields,
| ^^^^^^^^^^^^^^^^^^^^^^^^^^ help: use the new name: `dead_code`
|
= note: `-D renamed-and-removed-lints` implied by `-D warnings`
= help: to override `-D warnings` add `#[allow(renamed_and_removed_lints)]`
```
See https://github.com/rust-lang/rust/commit/9fcf9c141068984ffcbb4cb00c.
doctests are not running in CI and therefore the didn't catch the
ringbuf docs failures. This commit fixes the issues in the examples.
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
Implement pinning for perf_event_array and async_perf_event_array.
Additionally make the core MapData.pin method operate on a reference
rather than a mutable reference.
Signed-off-by: astoycos <astoycos@redhat.com>
There was no reason for them not to be -- the APIs all require mutable
references and hold onto mutable references, so there cannot be internal
concurrency. The !Send + !Sync came from the MMap, but not for any good
reason.
This adds a linter to catch common markdown formatting errors.
The linter used is markdownlint-cli2 which is available on all platforms
and has an associated Github Action to automate these checks in CI.
Configuration is checked in at .markdownlint-cli2.yaml.
You may run the check locally using `markdownlint-cli2`.
Or you may install the extension for VSCode:
DavidAnson.vscode-markdownlint
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
Not using the `dep:` syntax created a Cargo feature flag for async-io,
though this feature alone does nothing without the `async_std` or
`async_tokio` features.
This implements the userspace binding for RingBuf.
Instead of streaming the samples as heap buffers, the process_ring
function takes a callback to which we pass the event's byte region,
roughly following [libbpf]'s API design. This avoids a copy and allows
marking the consumer pointer in a timely manner.
[libbpf]: https://github.com/libbpf/libbpf/blob/master/src/ringbuf.c
Additionally, integration tests are added to demonstrate the usage
of the new APIs and to ensure that they work end-to-end.
Co-authored-by: William Findlay <william@williamfindlay.com>
Co-authored-by: Tatsuyuki Ishi <ishitatsuyuki@gmail.com>
- Adds new `maps_mut()` API to the BpfManager to allow us to iterate though
and pin all of maps at the same time.
- Adds new pin(Path)/unpin(Path) api to Maps so they
can be generically pinned AFTER load.
- Adds macro for pinning explicit map types in aya.
Convert all explicit map types "inner" field to be
pub crate in order to facilitate this.
Signed-off-by: astoycos <astoycos@redhat.com>
Aligns with libbpf for the special LIBBPF_PIN_BY_NAME
map flag. Specifically if the flag is provided without a pin path
default to "/sys/fs/bpf".
Signed-off-by: astoycos <astoycos@redhat.com>
Using the prefix only for the host architecture is often not enough,
kernels usually provide symbols for more architectures, which are
used by multilib applications. Handling them might or might not be
necessary depending on the use case. Due to that complexity, we
decided to let the callers to handle prefixes the way they prefer.
Time since boot is defined as the UNIX_EPOCH plus the duration
since boot. which is realtime - boottime NOT boottime - realtime.
Add a integration test to ensure this doesn't happen again.
Signed-off-by: astoycos <astoycos@redhat.com>
On startup, the kernel is probed for support of chained program ids for
CpuMap, DevMap and DevMapHash, and will patch maps at load time to have
the proper size. Then, at runtime, the support is checked and will error
out if a program id is passed when the kernel does not support it.
Tamir Duberstein
Zero King
tyrone-wu
Harvo Jones
Alessandro Decina
Billy McFall
Dave Tucker
Michal Rostecki
Andrew Werner
belohnung
swananan
Sean Young
Kevin Ji
Daniel Mellado
Gary Guo
Σrebe - Romain GERARD
astoycos
Adam Preuss
Andrés Medina
dependabot[bot]
Tuetuopay
William Findlay