We have previously tried to import traits anonymously where possible but
enforcing this manually was hard.
Since Rust 1.83 clippy can now enforce this for us.
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
Change FromRawTracepointArgs::arg to return T rather than *const T which
seems to have been returning a dangling pointer.
Arguably this is not strictly necessary; edition 2024 seems to be
focused on increased strictness around unsafe code which doesn't unlock
new functionality for our users. That said, this work revealed an
apparent bug (see above) that we wouldn't otherwise catch due to
allow-by-default lints.
Per man 2 perf_event_open:
> RETURN VALUE
> On success, perf_event_open() returns the new file descriptor. On
> error, -1 is returned and errno is set to indicate the error.
Bake this into our syscalls so we stop using `_` so much which can hide
information loss. Remove the type parameter to SysResult.
Per man 2 bpf:
> RETURN VALUE
> For a successful call, the return value depends on the operation:
>
> BPF_MAP_CREATE
> The new file descriptor associated with the eBPF map.
>
> BPF_PROG_LOAD
> The new file descriptor associated with the eBPF program.
>
> All other commands
> Zero.
>
> On error, -1 is returned, and errno is set to indicate the error.
Bake this into our syscalls so we stop using `_` so much which can hide
information loss.
When `aya::obj` was migrated to be its own crate `aya-obj`, the `obj`
alias was created to preserve existing imports that relied on
`crate::obj`.
This resulted in 3 ways to import `aya-obj` objects:
- `use aya_obj::*`
- `use obj::*`
- `use crate::obj::*`
The `obj` alias is now removed to avoid confusion, and all `obj` imports
are funneled through `aya_obj`.
This returns error strings from netlink since they are more informative
than the raw os error. For example:
"Device or Resource Busy" vs. "XDP program already attached".
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
```
error: called `Iterator::last` on a `DoubleEndedIterator`; this will needlessly iterate the entire iterator
--> aya/src/programs/uprobe.rs:282:64
|
282 | let path = line.split(|b| b.is_ascii_whitespace()).last()?;
| ^^^^^^ help: try: `next_back()`
|
= help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#double_ended_iterator_last
```
Fixes#1132.
Note that this change does not add support in the public API for kprobes
or tracepoints, but it's a trivial matter of plumbing.
Along the way, the Uprobe::attach API is cleaned up to make the
attachment location more coherent. The logic being: if we're going to be
breaking the API anyway, may as well clean it up a bit.
Furthermore, the aya::sys::bpf_link_attach function is cleaned up by
properly modeling the the union in the final field with a rust enum.
BPF iterators[0] are a way to dump kernel data into user-space and an
alternative to `/proc` filesystem.
This change adds support for BPF iterators on the user-space side. It
provides a possibility to retrieve the outputs of BPF iterator programs
both from sync and async Rust code.
[0] https://docs.kernel.org/bpf/bpf_iterators.html
This commit adds the initial support for TCX
bpf links. This is a new, multi-program, attachment
type allows for the caller to specify where
they would like to be attached relative to other
programs at the attachment point using the LinkOrder
type.
Signed-off-by: astoycos <astoycos@redhat.com>
Co-authored-by: Andre Fredette <afredette@redhat.com>
Co-authored-by: Dave Tucker <dave@dtucker.co.uk>
Co-authored-by: Tamir Duberstein <tamird@gmail.com>
This change allows multiple BPF programs to attach to a cgroup (via the option
`CgroupAttachMode::AllowMultiple`), and allows a program to specify that it can be
overridden by one in a sub-cgroup (via the option `CgroupAttachMode::AllowOverride`).
Purpose of this commit is to add detections for whether a field is
available in `ProgramInfo`.
- For `program_type()`, we return the new enum `ProgramType` instead of
the integer representation.
- For fields that we know cannot be zero, we return `Option<NonZero*>`
type.
- For `name_as_str()`, it now also uses the feature probe `bpf_name()`
to detect if field is available or not.
- Two additional feature probes are added for the fields:
- `prog_info_map_ids()` probe -> `map_ids()` field
- `prog_info_gpl_compatible()` probe -> `gpl_compatible()` field
With the `prog_info_map_ids()` probe, the previous implementation that
I had for `bpf_prog_get_info_by_fd()` is shortened to use the probe
instead of having to make 2 potential syscalls.
The `test_loaded_at()` test is also moved into info tests since it is
better related to the info tests.
`aya::programs::Programs::prog_type(&self)` now returns `ProgramType`
instead of the generated FFI from aya-obj.
Also previously, `loaded_programs()` could be accessed either through
`aya` or `aya::programs`. To avoid confusion and duplicate export of
the item, the function should now only be exposed through
`aya::programs`.
Improves the existing integraiton tests for `loaded_programs()` and
`loaded_maps()` in consideration for older kernels:
- Opt for `SocketFilter` program in tests since XDP requires v4.8 and
fragments requires v5.18.
- For assertion tests, first perform the assertion, if the assertion
fails, then it checks the host kernel version to see if it is above
the minimum version requirement. If not, then continue with test,
otherwise fail.
For assertions that are skipped, they're logged in stderr which can
be observed with `-- --nocapture`.
This also fixes the `bpf_prog_get_info_by_fd()` call for kernels below
v4.15. If calling syscall on kernels below v4.15, it can produce an
`E2BIG` error because `check_uarg_tail_zero()` expects the entire
struct to all-zero bytes (which is caused from the map info).
Instead, we first attempt the syscall with the map info filled, if it
returns `E2BIG`, then perform syscall again with empty closure.
Also adds doc for which version a kernel feature was introduced for
better awareness.
The tests have been verified kernel versions:
- 4.13.0
- 4.15.0
- 6.1.0
```
error: first doc comment paragraph is too long
--> aya/src/programs/raw_trace_point.rs:12:1
|
12 | / /// A program that can be attached at a pre-defined kernel trace point, but also
13 | | /// has an access to kernel internal arguments of trace points, which
14 | | /// differentiates them from traditional tracepoint eBPF programs.
15 | | ///
16 | | /// The kernel provides a set of pre-defined trace points that eBPF programs can
| |_
|
= help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#too_long_first_doc_paragraph
error: first doc comment paragraph is too long
--> ebpf/aya-ebpf/src/helpers.rs:1:1
|
1 | / //! This module contains kernel helper functions that may be exposed to specific BPF
2 | | //! program types. These helpers can be used to perform common tasks, query and operate on
3 | | //! data exposed by the kernel, and perform some operations that would normally be denied
4 | | //! by the BPF verifier.
5 | | //!
6 | | //! Here, we provide some higher-level wrappers around the underlying kernel helpers, but
| |_
|
= help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#too_long_first_doc_paragraph
```
This change enhances the logic for symbol lookup in uprobe or uretprobe.
If the symbol is not found in the original binary, the search continues
in the debug file associated through the debuglink section. Before
searching the symbol table, it compares the build IDs of the two files.
The symbol lookup will only be terminated if both build IDs exist and do
not match. This modification does not affect the existing symbol lookup
logic.
Refs: #936
And BpfLoader to EbpfLoader.
This also adds type aliases to preserve the use of the old names, making
updating to a new Aya release less of a burden. These aliases are marked
as deprecated since we'll likely remove them in a later release.
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
Dave Tucker
Tamir Duberstein
Tyrone Wu
Andrew Werner
Michal Rostecki
astoycos
Zero King
Harvo Jones
Alessandro Decina
swananan
Gary Guo