Load cgroup_{device,sysctl}, flow_dissector, lirc_mode2, sk_msg,
sock_ops programs with their fixed expected attach types instead of
omitting them.
These program types already use the same constants when attaching.
Pass the kernel attach type into the shared loader from each typed
wrapper instead of storing a second mutable copy in `ProgramData`.
This removes the from_pin repair pattern, avoids stale shadow state, and
keeps attach paths driven by wrapper-owned typed attach metadata or
fixed constants.
Also simplify `{sk,cgroup}_skb` section parsing by representing all
variants as `ProgramSection::SkSkb { kind }` and
`ProgramSection::CgroupSkb { attach_type }` respectively, with the
attach type enums shared from aya-obj.
Rename the eBPF global wrapper type to `Global` and update its
downstream uses and API snapshot so the public surface matches the new
name.
Co-authored-by: Codex <noreply@openai.com>
The netlink attribute buffer in TcRequest was only 64 bytes, which is
not enough when TC program names get close to the kernel's 256-byte
limit. This led to a misleading no space left error when attaching
programs with longer names.
Bump the buffer size so it can precisely fit all the netlink attributes
and the max-length name.
Override ring buffer value_size to 0 to allow slightly malformed
programs to load. This is the same approach taken by Cillium.
Signed-off-by: Lukas Hoehl <lukas.hoehl@stackit.cloud>
Add documentation and integration test for SchedClassifier link pinning,
which enables zero-downtime program updates in production environments.
- Add link pinning example to SchedClassifier::attach_with_options()
showing atomic replacement workflow for TCX mode (kernel >= 6.6).
- Add pin_tcx_link() integration test verifying link persistence
across program unload and atomic replacement capability.
There are various oddities in how the kernel prints path including
"(deleted)" suffix, bracketed properties e.g. "[vdso]", ashmem and memfd
paths, and possibly others. Rather than try to handle these in
`ProcMapEntry::parse` just leave them as they appear and let the caller
deal with them.
Change splitting behavior to any number of consecutive whitespace
characters between columns to account for padding.
This allows uprobe attachment to succeed in the presence of deleted
mapped files and in more cases of android special attributes.
Rewrite tests using `test_case`.
Co-authored-by: Tamir Duberstein <tamird@gmail.com>
Signed-off-by: cyril <multya77@gmail.com>
This follows the #1417 review discussion: by bundling location
+ cookie into a UProbeAttachPoint we get a more idiomatic Into<_>
entry point, keep the one-to-one relationship enforced by the type
system, and make it easier to extend attach with multi-location
support without introducing parallel arrays or a brand new API.
Implement `PerfEventConfig::Breakpoint`, allowing users to attach
hardware breakpoints. Generate `HW_BREAKPOINT_*` and `struct
bpf_perf_event_data` in support of this feature and update the type of
`PerfEventContext` accordingly.
Add a test exercising R, W, RW, and X breakpoints. Note that R
breakpoints are unsupported on x86, and this is asserted in the test.
Extend the VM integration test harness and supporting infrastructure
(e.g. `download_kernel_images.sh`) to download kernel debug packages and
mount `System.map` in initramfs. This is needed (at least) on the aarch
6.1 Debian kernel which was not compiled with `CONFIG_KALLSYMS_ALL=y`
for some reason, and the locations of globals are not available in
kallsyms. To attach breakpoints to these symbols in the test pipeline,
we need to read them from System.map and apply the KASLR offset to get
their real address. The `System.map` file is not provided in the kernel
package by default, so we need to extract it from the corresponding
debug package. The KASLR offset is computed using `gunzip` which appears
in kallsyms on all Debian kernels tested.
Co-authored-by: Tamir Duberstein <tamird@gmail.com>
This makes it more difficult to mishandle callers of `perf_event_open`.
Change `wakeup_events = 0` to 1; per `man 2 perf_event_open`:
Prior to Linux 3.0, setting wakeup_events to 0 resulted in
no overflow notifications; more recent kernels treat 0 the
same as 1.
Proc maps terminate with a newline so split(b'\n') yields an empty
slice at the end. Filter it out before parsing so the absolute-path
fallback for pid-scoped attach doesn't get short-circuited by a
ProcMap::ParseLine error.
The RingBuf caches the last value it read of the producer so it doesn't
need to constantly contend on the actual producer cache line if lots of
messages have yet to be consumed. It was bogus to initialize this cache
at 0. This patch initializes it properly and adds testing.
Fixes: #1309
This commit extends the EbpfLoader with set_map_pin_path that allows the
caller to associate a named map with a pin path.
One note is that this path is an absolute path, not relative to
`map_pin_path`, and it forces the map to be loaded from that path.
This is the path in which pinned maps are created or resolved. It
isn't actually the path for any specific map itself. This rename
makes way for a method `set_map_pin_path` that actually specifies
the pin path for a specific map.
Tamir Duberstein
Kirill Lykov
Alessandro Decina
cong-or
vad
Jamie Hill-Daniel
Lukas Hoehl
Sven Cowart
cyril
swananan
Friday Ortiz
JPaja
Andrew Werner