The `bpf_printk!` macro is a helper providing a convenient way to invoke the
`bpf_trace_printk` and `bpf_trace_vprintk` BPF helpers. It is implemented as
a macro because it requires variadic arguments.
Change it from `[i8; 16]` to `[u8; 18]`. `i8` arrays cannot be easily used in
Rust for converting to string (i.e. with `core::str::from_utf8_unchecked`)
and developers have to convert them themselves with unsafe code.
Using u8 arrays lets developers to just convert it with
`core::str::from_utf8_unchecked` without any limitations.
Example:
https://github.com/vadorovsky/aya-examples/blob/main/clone/clone-ebpf/src/main.rs
Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>
This commit replaces the existing RTF test runner with a simple rust
binary package called - integration-test.
integration-test depends on integration-ebpf, which contains test eBPF
code written in Rust and C. `cargo xtask build-integration-test-ebpf`
can be used to build this code and supress rust-analyzer warnings. It
does require `bpf-linker`, but that is highly likely to be available to
developers of Aya. It also requires a checkout of `libbpf` to extract
headers like bpf-helpers.h.
Since everything is compiled into a single binary, it can be run
be run locally using `cargo xtask integration-test` or remotely using
`./run.sh` which re-uses the bash script from the old test framework
to spawn a VM in which to run the tests.
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
This change adds two new helpers:
* bpf_probe_read_user_str_bytes
* bpf_probe_read_kernel_str_bytes
Those new helpers are returning a bytes slice (`&[u8]`) with a length
equal to the length of probed, null-terminated string. When using those
helpers, users don't have to manually check for length and create such
slices themselves. They also make converting to `str` way more
convenient, for example:
```rust
let my_str = unsafe {
core::str::from_utf8_unchecked(
bpf_probe_read_user_str_bytes(user_ptr, &mut buf)?
)
};
```
This change also deprecates the old helpers, since their names are
confusing (they have nothing to do with Rust `str`) and using them
requires writing boilerplate code (for checking the length and making
eBPF verifier happy):
* bpf_probe_read_user_str
* bpf_probe_read_kernel_str
Tested on:
516b29af68
Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>
As it turns out, the verifier gets upset if you try to read the values
directly without using bpf_probe_read.
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
The bpf_map_defs are now wrapped with UnsafeCell, which also happens to
provide a cozy way to get a *mut pointer. An UnsafeCell isn't strictly
required as the struct fields are practically opaque to us, but using an
UnsafeCell follows the general best practices against miscompilation and
also prevents some obvious errors.
HashMap::get_mut was removed because the idea is completely unsound.
Previous users should wrap their data with UnsafeCell instead or use
atomics.
Closes: https://github.com/aya-rs/aya/issues/233
Currently BPF_MAP_TYPE_STACK is supported by user code (`aya/src/maps/stack.rs`),
but it does not support the BPF_MAP_TYPE_STACK BPF code.
This patch fixes it.
This adds a portable wrapper around pt_regs and user_pt_regs.
It makes writing Raw Tracepoint or KProbe programs easier when the
arguments are one of these types while also ensuring code is portable
across architectures
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
Files changed:\nM aya/src/generated/linux_bindings_riscv64.rs
M bpf/aya-bpf-bindings/src/riscv64/bindings.rs
M bpf/aya-bpf-bindings/src/riscv64/getters.rs
M bpf/aya-bpf-bindings/src/riscv64/helpers.rs
Before this change, documentation of helper functions (defined by us,
not bindings) were not visible, because `use gen::*` was overriding them
with helpers coming from aya-bpf-bindings, which have the same names and
no docs.
Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>
Files changed:\nM aya/src/generated/linux_bindings_aarch64.rs
M aya/src/generated/linux_bindings_armv7.rs
M aya/src/generated/linux_bindings_x86_64.rs
M bpf/aya-bpf-bindings/src/aarch64/bindings.rs
M bpf/aya-bpf-bindings/src/aarch64/getters.rs
M bpf/aya-bpf-bindings/src/aarch64/helpers.rs
M bpf/aya-bpf-bindings/src/armv7/bindings.rs
M bpf/aya-bpf-bindings/src/armv7/getters.rs
M bpf/aya-bpf-bindings/src/armv7/helpers.rs
M bpf/aya-bpf-bindings/src/x86_64/bindings.rs
M bpf/aya-bpf-bindings/src/x86_64/getters.rs
M bpf/aya-bpf-bindings/src/x86_64/helpers.rs
Files changed:\nM aya/src/generated/linux_bindings_aarch64.rs
M aya/src/generated/linux_bindings_armv7.rs
M aya/src/generated/linux_bindings_x86_64.rs
M bpf/aya-bpf-bindings/src/aarch64/bindings.rs
M bpf/aya-bpf-bindings/src/aarch64/getters.rs
M bpf/aya-bpf-bindings/src/aarch64/helpers.rs
M bpf/aya-bpf-bindings/src/armv7/bindings.rs
M bpf/aya-bpf-bindings/src/armv7/getters.rs
M bpf/aya-bpf-bindings/src/armv7/helpers.rs
M bpf/aya-bpf-bindings/src/x86_64/bindings.rs
M bpf/aya-bpf-bindings/src/x86_64/getters.rs
M bpf/aya-bpf-bindings/src/x86_64/helpers.rs
This forces all maps to the maps section so we remain compatible with
libbpf. This requires #181 to avoid breaking userspace.
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
This change exposes the BPF helper bpf_socket_get_uid as a public method
of SkBuffContext, which allows to get the owner UID of the socket
associated to the sk_buff stored in the context.
Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>
This helper allows to write to mutable pointers in the userspace, which
come from userspace functions that uprobes attach to.
Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
Before this change, arguments fetched with `arg` from `ProbeContext`
could be only fetched as const pointers. This change allows to get mut
pointers as well.
Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
fentry and fexit programs are similar to kprobe and kretprobe, but they
are newer and they have practically zero overhead to call before or
after kernel function. Also, fexit programs are focused on access to
arguments rather than the return value.
Those kind of programs were introduced in the following patchset:
https://lwn.net/Articles/804112/
Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
Map lookup and deletion can yield stale keys and values by virtue of
sharing a data structure with userspace programs and other BPF programs
which can modify it. However, all accesses remain perfectly safe and will
not cause memory corruption or data races.
This commit ensures that if no attach type is provided, that we use the
cgroup/skb section. If an attach type is provided we use the
cgroup_skb/$attach_type section.
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
This is necessary since the context is used in many other program types
and not just in SK_SKB programs.
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
This patch adds some documentation to aya-bpf/helpers and adds documentation
for the module itself and for all of the wrappers currently defined in the module.
It also implements the rest of the bpf_probe_read_* wrappers that were missing from this
file. In the future, it probably also makes sense to add some bpf_probe_read_* wrappers
that can read directly into a map pointer, avoiding the BPF stack altogether. I'm going to
call this out of scope for this PR, but plan to submit a subsequent one that addresses
this use case.
Signed-off-by: William Findlay <william@williamfindlay.com>
Until we add another set of bpf_probe_read_* wrappers for reading into a map pointer,
users need access to the underlying bpf_probe_read helper, which is clobbered by this
module. This patch enables direct access to the underlying helpers::gen module to support
such use cases.
In my view, it would also probably make sense to just not export helpers::gen::* and force
the user to opt into helpers::gen, but this can be decided on later.
Signed-off-by: William Findlay <william@williamfindlay.com>
This change adds support for the following program types:
* raw tracepoint
* LSM
Supporting LSM programs involved a necessity of supporting more
load_attrs for the BPF_PROG_LOAD operation, concretely:
* expected_attach_type - for LSM programs, it has always to be set to
BPF_LSM_MAC
* attach_btf_obj_fd - it's often used to reference the file descriptor of
program's BTF info, altough in case of LSM programs, it only has to
contain the value 0, which means the vmlinux object file (usually
/sys/kernel/btf/vmlinux)
* attach_btf_id - ID of the BTF object, which in case of LSM programs is
the ID of the function (the LSM hook)
The example of LSM program using that functionality can be found here:
https://github.com/vadorovsky/aya-example-lsmFixes: #9
Signed-off-by: William Findlay <william@williamfindlay.com>
Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>