Add ability to enumerate maps associated with a program (microsoft#1395)

* Add map ids test Signed-off-by: Dave Thaler <[email protected]> * Enumerate maps associated with a program Fixes microsoft#1339 Signed-off-by: Dave Thaler <[email protected]> * Initialize info before calling Signed-off-by: Dave Thaler <[email protected]> * Update bpftool Signed-off-by: Dave Thaler <[email protected]> * Make "netsh show prog l=v" show map ids for program Signed-off-by: Dave Thaler <[email protected]> * Return EFAULT if map_ids is not a valid pointer Signed-off-by: Dave Thaler <[email protected]> * Fix warning Signed-off-by: Dave Thaler <[email protected]> * More test fixes Signed-off-by: Dave Thaler <[email protected]> * Fix test Signed-off-by: Dave Thaler <[email protected]> * Fix socket test Signed-off-by: Dave Thaler <[email protected]> * Add more checks in the socket test Signed-off-by: Dave Thaler <[email protected]> * Fix socket test Signed-off-by: Dave Thaler <[email protected]> * Fix netsh Also fix GettingStarted.md and a missing space in the logs that were found while testing this fix. Signed-off-by: Dave Thaler <[email protected]> * Set map_ids on output Signed-off-by: Dave Thaler <[email protected]> Signed-off-by: Dave Thaler <[email protected]>
Keerthivardhan1 · Sep 30, 2022 · 568e8f0 · 568e8f0
1 parent 3b71c61
commit 568e8f0
Show file tree

Hide file tree

Showing 27 changed files with 210 additions and 67 deletions.
diff --git a/docs/GettingStarted.md b/docs/GettingStarted.md
@@ -261,7 +261,7 @@ This tests the XDP_TX functionality.
    2. Load the test eBPF program by running the following command: `netsh ebpf add program reflect_packet.o xdp` and note the ID. See **Note 3** below.
 2. On the second host:
    1. Allow inbound traffic for `xdp_tests.exe` through Windows Defender Firewall. See **Note 1** below.
-   2. Run `xdp_tests.exe xdp_reflect_test --remote_ip <IP on the first host>`. See **Note 2** below.
+   2. Run `xdp_tests.exe xdp_reflect_test --remote-ip <IP on the first host>`. See **Note 2** below.
 
 #### Encapsulation Test
 This uses `bpf_xdp_adjust_head` helper function to encapsulate an outer IP header to a packet.
@@ -270,7 +270,7 @@ This uses `bpf_xdp_adjust_head` helper function to encapsulate an outer IP heade
    2. Load the test eBPF program by running the following command: `netsh ebpf add program encap_reflect_packet.o xdp` and note the ID. See **Note 3** below.
 2. On the second host:
    1. Allow inbound traffic for `xdp_tests.exe` through Windows Defender Firewall. See **Note 1** below.
-   2. Run `xdp_tests.exe xdp_encap_reflect_test --remote_ip <IP on the first host>`. See **Note 2** below.
+   2. Run `xdp_tests.exe xdp_encap_reflect_test --remote-ip <IP on the first host>`. See **Note 2** below.
 
 #### Decapsulation Test
 This uses `bpf_xdp_adjust_head` helper function to decapsulate an outer IP header from a packet.
@@ -279,7 +279,7 @@ This uses `bpf_xdp_adjust_head` helper function to decapsulate an outer IP heade
 3. On the second host:
    1. Load the second test eBPF program by running the following command: `netsh ebpf add program decap_permit_packet.o xdp` and note the ID. See **Note 3** below.
    2. Allow inbound traffic for `xdp_tests.exe` through Windows Defender Firewall. See **Note 1** below.
-   3. Run `xdp_tests.exe xdp_reflect_test --remote_ip <IP on the first host>`. See **Note 2** below.
+   3. Run `xdp_tests.exe xdp_reflect_test --remote-ip <IP on the first host>`. See **Note 2** below.
 
 **Note 1:** To allow inbound traffic to `xdp_tests.exe`, in a Windows Powershell with administrative privilege, run `New-NetFirewallRule -DisplayName "XDP_Test" -Program "<Full path to xdp_tests.exe>" -Direction Inbound -Action Allow`.<br>
 **Note 2:** For the `--remote-ip` parameter to `xdp_tests.exe` program that is run on the second host, pass an IPv4 or IPv6 address of an Ethernet-like interface on the first host in string format.<br>

diff --git a/external/bpftool b/external/bpftool
diff --git a/include/bpf/bpf.h b/include/bpf/bpf.h
@@ -221,6 +221,7 @@ bpf_obj_get(const char* pathname);
  * write into the info.  On output, contains the actual number of bytes written.
  *
  * @retval 0 The operation was successful.
+ * @retval -EFAULT A pointer passed in the input info was invalid.
  * @retval <0 An error occured, and errno was set.
  */
 int

diff --git a/include/ebpf_result.h b/include/ebpf_result.h
@@ -106,9 +106,12 @@ extern "C"
 
         /// Operation was canceled.
         EBPF_CANCELED, // = 30
+
+        /// Invalid pointer.
+        EBPF_INVALID_POINTER,
     } ebpf_result_t;
 
-#define EBPF_RESULT_COUNT (EBPF_CANCELED + 1)
+#define EBPF_RESULT_COUNT (EBPF_INVALID_POINTER + 1)
 
 #ifdef __cplusplus
 }

diff --git a/include/ebpf_structs.h b/include/ebpf_structs.h
@@ -370,6 +370,7 @@ struct bpf_prog_info
     ebpf_id_t id;                ///< Program ID.
     enum bpf_prog_type type;     ///< Program type, if a cross-platform type.
     uint32_t nr_map_ids;         ///< Number of maps associated with this program.
+    uintptr_t map_ids;           ///< Pointer to caller-allocated array to fill map IDs into.
     char name[BPF_OBJ_NAME_LEN]; ///< Null-terminated program name.
 
     // Windows-specific fields.

diff --git a/include/ebpf_utilities.h b/include/ebpf_utilities.h
@@ -143,6 +143,10 @@ win32_error_code_to_ebpf_result(uint32_t error)
         result = EBPF_CANCELED;
         break;
 
+    case ERROR_NOACCESS:
+        result = EBPF_INVALID_POINTER;
+        break;
+
     default:
         result = EBPF_FAILED;
         break;

diff --git a/libs/api/api_internal.h b/libs/api/api_internal.h
@@ -412,7 +412,8 @@ ebpf_get_next_program_id(ebpf_id_t start_id, ebpf_id_t _Out_* next_id) noexcept;
  * * struct bpf_prog_info
  *
  * @param[in] bpf_fd File descriptor referring to an eBPF object.
- * @param[out] info Pointer to memory in which to write the info obtained.
+ * @param[in,out] info Pointer to memory in which to write the info obtained.
+ * On input, contains any additional parameters to use.
  * @param[in,out] info_size On input, contains the maximum number of bytes to
  * write into the info.  On output, contains the actual number of bytes written.
  *
@@ -421,7 +422,7 @@ ebpf_get_next_program_id(ebpf_id_t start_id, ebpf_id_t _Out_* next_id) noexcept;
  */
 ebpf_result_t
 ebpf_object_get_info_by_fd(
-    fd_t bpf_fd, _Out_writes_bytes_to_(*info_size, *info_size) void* info, _Inout_ uint32_t* info_size) noexcept;
+    fd_t bpf_fd, _Inout_updates_bytes_to_(*info_size, *info_size) void* info, _Inout_ uint32_t* info_size) noexcept;
 
 /**
  * @brief Pin an object to the specified path.

diff --git a/libs/api/ebpf_api.cpp b/libs/api/ebpf_api.cpp
@@ -1455,7 +1455,7 @@ initialize_map(_Out_ ebpf_map_t* map, _In_ const map_cache_t& map_cache) noexcep
     // Set the inner map ID if we have a real inner map fd.
     map->map_definition.inner_map_id = EBPF_ID_NONE;
     if (map_cache.verifier_map_descriptor.inner_map_fd != ebpf_fd_invalid) {
-        struct bpf_map_info info;
+        struct bpf_map_info info = {0};
         uint32_t info_size = (uint32_t)sizeof(info);
         if (ebpf_object_get_info_by_fd(map_cache.verifier_map_descriptor.inner_map_fd, &info, &info_size) ==
             EBPF_SUCCESS) {
@@ -1486,7 +1486,7 @@ _initialize_ebpf_maps_native(
             result = EBPF_INVALID_ARGUMENT;
             goto Exit;
         }
-        struct bpf_map_info info;
+        struct bpf_map_info info = {0};
         uint32_t info_size = (uint32_t)sizeof(info);
         result = ebpf_object_get_info(map_handles[i], &info, &info_size);
         if (result != EBPF_SUCCESS) {
@@ -1539,7 +1539,7 @@ _initialize_ebpf_programs_native(
             result = EBPF_INVALID_ARGUMENT;
             goto Exit;
         }
-        struct bpf_prog_info info;
+        struct bpf_prog_info info = {};
         uint32_t info_size = (uint32_t)sizeof(info);
         result = ebpf_object_get_info(program_handles[i], &info, &info_size);
         if (result != EBPF_SUCCESS) {
@@ -2238,7 +2238,7 @@ _ebpf_validate_map(_In_ ebpf_map_t* map, fd_t original_map_fd) noexcept
     EBPF_LOG_ENTRY();
     ebpf_assert(map);
     // Validate that the existing map definition matches with this new map.
-    struct bpf_map_info info;
+    struct bpf_map_info info = {0};
     fd_t inner_map_info_fd = ebpf_fd_invalid;
     uint32_t info_size = (uint32_t)sizeof(info);
     ebpf_result_t result = ebpf_object_get_info_by_fd(original_map_fd, &info, &info_size);
@@ -3237,7 +3237,7 @@ ebpf_get_next_program_id(ebpf_id_t start_id, _Out_ ebpf_id_t* next_id) noexcept
 
 ebpf_result_t
 ebpf_object_get_info_by_fd(
-    fd_t bpf_fd, _Out_writes_bytes_to_(*info_size, *info_size) void* info, _Inout_ uint32_t* info_size) noexcept
+    fd_t bpf_fd, _Inout_updates_bytes_to_(*info_size, *info_size) void* info, _Inout_ uint32_t* info_size) noexcept
 {
     EBPF_LOG_ENTRY();
     ebpf_assert(info);

diff --git a/libs/api_common/api_common.cpp b/libs/api_common/api_common.cpp
@@ -62,7 +62,7 @@ get_file_size(const char* filename, size_t* byte_code_size) noexcept
 ebpf_result_t
 ebpf_object_get_info(
     ebpf_handle_t handle,
-    _Out_writes_bytes_to_(*info_size, *info_size) void* info,
+    _Inout_updates_bytes_to_(*info_size, *info_size) void* info,
     _Inout_ uint32_t* info_size) noexcept
 {
     EBPF_LOG_ENTRY();
@@ -74,14 +74,15 @@ ebpf_object_get_info(
         return EBPF_INVALID_FD;
     }
 
-    ebpf_protocol_buffer_t request_buffer(sizeof(ebpf_operation_get_object_info_request_t));
+    ebpf_protocol_buffer_t request_buffer(sizeof(ebpf_operation_get_object_info_request_t) + *info_size);
     ebpf_protocol_buffer_t reply_buffer(EBPF_OFFSET_OF(ebpf_operation_get_object_info_reply_t, info) + *info_size);
     auto request = reinterpret_cast<ebpf_operation_get_object_info_request_t*>(request_buffer.data());
     auto reply = reinterpret_cast<ebpf_operation_get_object_info_reply_t*>(reply_buffer.data());
 
     request->header.length = static_cast<uint16_t>(request_buffer.size());
     request->header.id = ebpf_operation_id_t::EBPF_OPERATION_GET_OBJECT_INFO;
     request->handle = handle;
+    memcpy(request->info, info, *info_size);
 
     ebpf_result_t result = win32_error_code_to_ebpf_result(invoke_ioctl(request_buffer, reply_buffer));
     if (result == EBPF_SUCCESS) {
@@ -101,7 +102,7 @@ query_map_definition(
     _Out_ uint32_t* max_entries,
     _Out_ ebpf_id_t* inner_map_id) noexcept
 {
-    bpf_map_info info;
+    bpf_map_info info = {0};
     uint32_t info_size = sizeof(info);
     ebpf_result_t result = ebpf_object_get_info(handle, &info, &info_size);
     if (result == EBPF_SUCCESS) {

diff --git a/libs/api_common/api_common.hpp b/libs/api_common/api_common.hpp
@@ -128,6 +128,10 @@ ebpf_result_to_errno(ebpf_result_t result)
         error = EACCES;
         break;
 
+    case EBPF_INVALID_POINTER:
+        error = EFAULT;
+        break;
+
     default:
         error = EOTHER;
         break;
@@ -139,7 +143,7 @@ ebpf_result_to_errno(ebpf_result_t result)
 ebpf_result_t
 ebpf_object_get_info(
     ebpf_handle_t handle,
-    _Out_writes_bytes_to_(*info_size, *info_size) void* info,
+    _Inout_updates_bytes_to_(*info_size, *info_size) void* info,
     _Inout_ uint32_t* info_size) noexcept;
 
 ebpf_result_t

diff --git a/libs/ebpfnetsh/pins.cpp b/libs/ebpfnetsh/pins.cpp
@@ -48,7 +48,7 @@ handle_ebpf_show_pins(
             continue;
         }
 
-        struct bpf_prog_info info;
+        struct bpf_prog_info info = {};
         uint32_t info_size = (uint32_t)sizeof(info);
         if (bpf_obj_get_info_by_fd(program_fd, &info, &info_size) == 0) {
             printf("%7u  Program  %s\n", info.id, path.c_str());

diff --git a/libs/ebpfnetsh/programs.cpp b/libs/ebpfnetsh/programs.cpp
@@ -237,7 +237,7 @@ handle_ebpf_add_program(
     }
 
     // Get the ID and display it.
-    struct bpf_prog_info info;
+    struct bpf_prog_info info = {};
     uint32_t info_size = sizeof(info);
     if (bpf_obj_get_info_by_fd(program_fd, &info, &info_size) < 0) {
         std::cerr << "error " << errno << ": loaded program but could not get ID" << std::endl;
@@ -273,7 +273,7 @@ _unpin_program_by_id(ebpf_id_t id)
         if (fd < 0) {
             continue;
         }
-        bpf_prog_info info;
+        bpf_prog_info info = {};
         uint32_t info_size = sizeof(info);
         if (bpf_obj_get_info_by_fd(fd, &info, &info_size) == 0) {
             if (id == info.id) {
@@ -299,7 +299,7 @@ _find_object_with_program(ebpf_id_t id)
         bpf_object__for_each_program(program, *object)
         {
             int program_fd = bpf_program__fd(program);
-            struct bpf_prog_info info;
+            struct bpf_prog_info info = {};
             uint32_t info_size = sizeof(info);
             if (bpf_obj_get_info_by_fd(program_fd, &info, &info_size) < 0) {
                 continue;
@@ -387,7 +387,7 @@ _ebpf_program_attach_by_id(ebpf_id_t program_id, ebpf_attach_type_t attach_type,
     }
 
     if (interface_parameter != nullptr) {
-        struct bpf_prog_info info;
+        struct bpf_prog_info info = {};
         uint32_t info_size = sizeof(info);
         if (bpf_obj_get_info_by_fd(program_fd, &info, &info_size) < 0) {
             result = EBPF_INVALID_ARGUMENT;
@@ -677,7 +677,7 @@ handle_ebpf_show_programs(
         }
         program_fd = bpf_prog_get_fd_by_id(program_id);
 
-        struct bpf_prog_info info;
+        struct bpf_prog_info info = {};
         uint32_t info_size = (uint32_t)sizeof(info);
         int error = bpf_obj_get_info_by_fd(program_fd, &info, &info_size);
         if (error < 0) {
@@ -746,6 +746,25 @@ handle_ebpf_show_programs(
                     std::cout << "Program type   : " << program_type_name << "\n";
                     std::cout << "Mode           : " << execution_type_name << "\n";
                     std::cout << "# map IDs      : " << info.nr_map_ids << "\n";
+
+                    if (info.nr_map_ids > 0) {
+                        ebpf_id_t* map_ids = (ebpf_id_t*)malloc(info.nr_map_ids * sizeof(ebpf_id_t));
+                        if (map_ids == nullptr) {
+                            break;
+                        }
+                        info.map_ids = (uintptr_t)map_ids;
+                        error = bpf_obj_get_info_by_fd(program_fd, &info, &info_size);
+                        if (error < 0) {
+                            break;
+                        }
+                        std::cout << "map IDs        : " << map_ids[0] << "\n";
+                        for (uint32_t i = 1; i < info.nr_map_ids; i++) {
+                            std::cout << "                 " << map_ids[i] << "\n";
+                        }
+
+                        free(map_ids);
+                    }
+
                     std::cout << "# pinned paths : " << info.pinned_path_count << "\n";
                     std::cout << "# links        : " << info.link_count << "\n";
                 }

diff --git a/libs/execution_context/ebpf_core.c b/libs/execution_context/ebpf_core.c
@@ -1508,7 +1508,7 @@ _ebpf_core_protocol_get_object_info(
         result = ebpf_map_get_info((ebpf_map_t*)object, reply->info, &info_size);
         break;
     case EBPF_OBJECT_PROGRAM:
-        result = ebpf_program_get_info((ebpf_program_t*)object, reply->info, &info_size);
+        result = ebpf_program_get_info((ebpf_program_t*)object, request->info, reply->info, &info_size);
         break;
     }
 
@@ -1975,7 +1975,7 @@ static ebpf_protocol_handler_t _ebpf_protocol_handlers[] = {
     DECLARE_PROTOCOL_HANDLER_FIXED_REQUEST_FIXED_REPLY(get_next_link_id, PROTOCOL_ALL_MODES),
     DECLARE_PROTOCOL_HANDLER_FIXED_REQUEST_FIXED_REPLY(get_next_map_id, PROTOCOL_ALL_MODES),
     DECLARE_PROTOCOL_HANDLER_FIXED_REQUEST_FIXED_REPLY(get_next_program_id, PROTOCOL_ALL_MODES),
-    DECLARE_PROTOCOL_HANDLER_FIXED_REQUEST_VARIABLE_REPLY(get_object_info, info, PROTOCOL_ALL_MODES),
+    DECLARE_PROTOCOL_HANDLER_VARIABLE_REQUEST_VARIABLE_REPLY(get_object_info, info, info, PROTOCOL_ALL_MODES),
     DECLARE_PROTOCOL_HANDLER_VARIABLE_REQUEST_VARIABLE_REPLY(
         get_next_pinned_program_path, start_path, next_path, PROTOCOL_ALL_MODES),
     DECLARE_PROTOCOL_HANDLER_FIXED_REQUEST_NO_REPLY(bind_map, PROTOCOL_ALL_MODES),

diff --git a/libs/execution_context/ebpf_link.c b/libs/execution_context/ebpf_link.c
@@ -221,6 +221,7 @@ ebpf_link_get_info(
         EBPF_RETURN_RESULT(EBPF_INSUFFICIENT_BUFFER);
     }
 
+    memset(info, 0, sizeof(*info));
     info->id = link->object.id;
     info->prog_id = (link->program) ? ((ebpf_core_object_t*)link->program)->id : EBPF_ID_NONE;
     info->type = link->link_type;

diff --git a/libs/execution_context/ebpf_maps.c b/libs/execution_context/ebpf_maps.c
@@ -2221,6 +2221,7 @@ ebpf_map_get_info(
     info->key_size = map->ebpf_map_definition.key_size;
     info->value_size = map->original_value_size;
     info->max_entries = map->ebpf_map_definition.max_entries;
+    info->map_flags = 0;
     if (info->type == BPF_MAP_TYPE_ARRAY_OF_MAPS || info->type == BPF_MAP_TYPE_HASH_OF_MAPS) {
         ebpf_core_object_map_t* object_map = EBPF_FROM_FIELD(ebpf_core_object_map_t, core_map, map);
         info->inner_map_id =
@@ -2308,3 +2309,9 @@ ebpf_map_peek_entry(_In_ ebpf_map_t* map, size_t value_size, _Out_writes_(value_
     memcpy(value, return_value, map->ebpf_map_definition.value_size);
     return EBPF_SUCCESS;
 }
+
+ebpf_id_t
+ebpf_map_get_id(_In_ const ebpf_map_t* map)
+{
+    return map->object.id;
+}
diff --git a/libs/execution_context/ebpf_maps.h b/libs/execution_context/ebpf_maps.h
@@ -280,6 +280,14 @@ extern "C"
     ebpf_result_t
     ebpf_map_peek_entry(_In_ ebpf_map_t* map, size_t value_size, _Out_writes_(value_size) uint8_t* value, int flags);
 
+    /**
+     * @brief Get the ID of a given map.
+     *
+     * @param[in] map Map to get ID of.
+     * @returns Map ID.
+     */
+    ebpf_id_t
+    ebpf_map_get_id(_In_ const ebpf_map_t* map);
 #ifdef __cplusplus
 }
 #endif