Annotate EBPF API's with _Must_inspect_result_ (microsoft#1569)

* Annotate EBPF API's with _Must_inspect_result_ Signed-off-by: Alan Jowett <[email protected]> * Fix build break Signed-off-by: Alan Jowett <[email protected]> * Fix test failure Signed-off-by: Alan Jowett <[email protected]> * Handles may be closed by fuzzing Signed-off-by: Alan Jowett <[email protected]> * PR feedback Signed-off-by: Alan Jowett <[email protected]> * Fix code-analysis failure Signed-off-by: Alan Jowett <[email protected]> Signed-off-by: Alan Jowett <[email protected]> Signed-off-by: Alan Jowett <[email protected]> Co-authored-by: Alan Jowett <[email protected]> Co-authored-by: Dave Thaler <[email protected]>
Keerthivardhan1 · Nov 15, 2022 · 4d90840 · 4d90840
1 parent 9ff77ba
commit 4d90840
Show file tree

Hide file tree

Showing 20 changed files with 163 additions and 139 deletions.
diff --git a/include/ebpf_api.h b/include/ebpf_api.h
@@ -3,6 +3,7 @@
 
 #pragma once
 
+#include <specstrings.h>
 #include <stdbool.h>
 #include <stdint.h>
 #include "ebpf_core_structs.h"
@@ -36,7 +37,7 @@ extern "C"
      * @param[out] section_name On success, contains the section name.
      * @retval EBPF_SUCCESS The operation was successful.
      */
-    ebpf_result_t
+    _Must_inspect_result_ ebpf_result_t
     ebpf_program_query_info(
         fd_t fd,
         _Out_ ebpf_execution_type_t* execution_type,
@@ -72,7 +73,7 @@ extern "C"
 -     * @param[out] error_message On failure points to a text description of
 -     *  the error.
       */
-    ebpf_result_t
+    _Must_inspect_result_ ebpf_result_t
     ebpf_enumerate_sections(
         _In_z_ const char* file,
         bool verbose,
@@ -179,7 +180,7 @@ extern "C"
      *
      * @retval EBPF_SUCCESS The operation was successful.
      */
-    ebpf_result_t
+    _Must_inspect_result_ ebpf_result_t
     ebpf_object_unpin(_In_z_ const char* path);
 
     /**
@@ -190,7 +191,7 @@ extern "C"
      * @retval EBPF_SUCCESS The operations succeeded.
      * @retval EBPF_INVALID_ARGUMENT The link handle is invalid.
      */
-    ebpf_result_t
+    _Must_inspect_result_ ebpf_result_t
     ebpf_api_unlink_program(ebpf_handle_t link_handle);
 
     /**
@@ -200,7 +201,7 @@ extern "C"
      * @retval EBPF_SUCCESS Handle was closed.
      * @retval EBPF_INVALID_OBJECT Handle is not valid.
      */
-    ebpf_result_t
+    _Must_inspect_result_ ebpf_result_t
     ebpf_api_close_handle(ebpf_handle_t handle);
 
     /**
@@ -213,7 +214,7 @@ extern "C"
      * @retval EBPF_NO_MEMORY Out of memory.
      * @retval EBPF_INVALID_ARGUMENT One or more parameters are wrong.
      */
-    ebpf_result_t
+    _Must_inspect_result_ ebpf_result_t
     ebpf_api_get_pinned_map_info(
         _Out_ uint16_t* map_count, _Outptr_result_buffer_maybenull_(*map_count) ebpf_map_info_t** map_info);
 
@@ -247,7 +248,7 @@ extern "C"
      * @retval EBPF_SUCCESS The operation was successful.
      * @retval EBPF_INVALID_ARGUMENT One or more parameters are incorrect.
      */
-    ebpf_result_t
+    _Must_inspect_result_ ebpf_result_t
     ebpf_object_set_execution_type(_In_ struct bpf_object* object, ebpf_execution_type_t execution_type);
 
     /**
@@ -266,7 +267,7 @@ extern "C"
      *
      * @retval EBPF_SUCCESS The operation was successful.
      */
-    ebpf_result_t
+    _Must_inspect_result_ ebpf_result_t
     ebpf_program_attach(
         _In_ const struct bpf_program* program,
         _In_opt_ const ebpf_attach_type_t* attach_type,
@@ -290,7 +291,7 @@ extern "C"
      *
      * @retval EBPF_SUCCESS The operation was successful.
      */
-    ebpf_result_t
+    _Must_inspect_result_ ebpf_result_t
     ebpf_program_attach_by_fd(
         fd_t program_fd,
         _In_opt_ const ebpf_attach_type_t* attach_type,
@@ -307,7 +308,7 @@ extern "C"
      * @retval EBPF_SUCCESS The operation was successful.
      * @retval EBPF_INVALID_OBJECT Invalid object was passed.
      */
-    ebpf_result_t
+    _Must_inspect_result_ ebpf_result_t
     ebpf_link_detach(_In_ struct bpf_link* link);
 
     /**
@@ -323,7 +324,7 @@ extern "C"
      * @retval EBPF_SUCCESS The operation was successful.
      * @retval EBPF_INVALID_OBJECT Invalid object was passed.
      */
-    ebpf_result_t
+    _Must_inspect_result_ ebpf_result_t
     ebpf_program_detach(
         fd_t program_fd,
         _In_ const ebpf_attach_type_t* attach_type,
@@ -336,14 +337,12 @@ extern "C"
      *
      * @param[in] link Pointer to the bpf_link structure.
      *
-     * @retval EBPF_SUCCESS The operation was successful.
-     * @retval EBPF_INVALID_ARGUMENT Invalid argument was provided.
      *
      * @sa bpf_link__destroy
      * @sa bpf_link_detach
      */
-    ebpf_result_t
-    ebpf_link_close(_In_ _Post_invalid_ struct bpf_link* link);
+    void
+    ebpf_link_close(_Frees_ptr_ struct bpf_link* link);
 
     /**
      * @brief Close a file descriptor. Also close the underlying handle.
@@ -352,7 +351,7 @@ extern "C"
      * @retval EBPF_SUCCESS The operation was successful.
      * @retval EBPF_INVALID_FD Invalid fd was provided.
      */
-    ebpf_result_t
+    _Must_inspect_result_ ebpf_result_t
     ebpf_close_fd(fd_t fd);
 
     /**
@@ -365,7 +364,7 @@ extern "C"
      * @retval EBPF_SUCCESS The operation was successful.
      * @retval EBPF_KEY_NOT_FOUND No program type was found.
      */
-    ebpf_result_t
+    _Must_inspect_result_ ebpf_result_t
     ebpf_get_program_type_by_name(
         _In_z_ const char* name,
         _Out_ ebpf_program_type_t* program_type,
@@ -400,7 +399,7 @@ extern "C"
      * @retval EBPF_SUCCESS The operation was successful.
      * @retval EBPF_NO_MORE_KEYS No more entries found.
      */
-    ebpf_result_t
+    _Must_inspect_result_ ebpf_result_t
     ebpf_get_next_pinned_program_path(
         _In_z_ const char* start_path, _Out_writes_z_(EBPF_MAX_PIN_PATH_LENGTH) char* next_path);
 
@@ -415,7 +414,7 @@ extern "C"
      * @retval EBPF_SUCCESS The operation was successful.
      * @retval EBPF_OBJECT_NOT_FOUND No program information was found.
      */
-    ebpf_result_t
+    _Must_inspect_result_ ebpf_result_t
     ebpf_get_program_info_from_verifier(_Outptr_ const ebpf_program_info_t** program_info);
 
 #ifdef __cplusplus

diff --git a/libs/api/Verifier.cpp b/libs/api/Verifier.cpp
@@ -158,7 +158,7 @@ _get_program_and_map_names(
     }
 }
 
-ebpf_result_t
+_Must_inspect_result_ ebpf_result_t
 load_byte_code(
     _In_z_ const char* filename,
     _In_opt_z_ const char* sectionname,

diff --git a/libs/api/Verifier.h b/libs/api/Verifier.h
@@ -11,7 +11,7 @@
 typedef int (*map_create_fp)(
     uint32_t map_type, uint32_t key_size, uint32_t value_size, uint32_t max_entries, ebpf_verifier_options_t options);
 
-ebpf_result_t
+_Must_inspect_result_ ebpf_result_t
 load_byte_code(
     _In_z_ const char* filename,
     _In_opt_z_ const char* sectionname,