Merge branch 'main' into clean-issue4261

Author: nmlud21

.github/workflows/cicd.yml

@@ -291,8 +291,8 @@ jobs:
     # Always run this job.
     # Only run this on repos that have self-host runners.
     needs: regular
-    # Disabled for now for pull_request, merge_group, and push until in-progress breaking changes are completed.
-    if: github.repository == 'microsoft/ebpf-for-windows' && (github.event_name == 'schedule' || github.event_name == 'workflow_dispatch')
+    # Disabled for now for schedule, pull_request, merge_group, and push until in-progress breaking changes are completed.
+    if: github.repository == 'microsoft/ebpf-for-windows' && (github.event_name == 'workflow_dispatch')
     uses: ./.github/workflows/reusable-test.yml
     with:
       pre_test: .\setup_ebpf_cicd_tests.ps1 -TestMode "Regression" -RegressionArtifactsVersion "0.21.0" -GranularTracing

docs/NativeCodeGeneration.md

@@ -315,4 +315,6 @@ differ for each person regenerating them.
 
 These paths therefore need to be canonicalized to make them portable and this is done by running the following command
 from the ```ebpf-for-windows``` project root directory:
-``` .\scripts\generate_expected_bpf2c_output.ps1 .\x64\Debug\```
+``` .\scripts\generate_expected_bpf2c_output.ps1 .\x64\Debug\```.
+
+*Note: Tests may also fail if files generated by this script are formatted through clang-format.*

ebpfapi/Source.def

@@ -12,6 +12,7 @@ EXPORTS
     bpf_link__destroy
     bpf_link__disconnect
     bpf_link__fd
+    bpf_link__open
     bpf_link__pin
     bpf_link__unpin
     bpf_link_detach
@@ -128,6 +129,7 @@ EXPORTS
     ebpf_get_program_type_by_name
     ebpf_get_program_type_name
     ebpf_link_close
+    ebpf_link_mark_as_legacy_mode
     ebpf_map_set_wait_handle
     ebpf_object_get
     ebpf_object_get_execution_type

ebpfapi/rpc_client.cpp

@@ -193,7 +193,7 @@ clean_up_rpc_binding()
 _Must_inspect_result_ _Ret_maybenull_
 _Post_writable_byte_size_(size) void* __RPC_USER MIDL_user_allocate(_In_ size_t size)
 {
-    return ebpf_allocate(size);
+    return ebpf_allocate_with_tag(size, EBPF_POOL_TAG_DEFAULT);
 }
 
 void __RPC_USER

ebpfsvc/rpc_util.cpp

@@ -117,7 +117,7 @@ shutdown_rpc_server()
 _Must_inspect_result_ _Ret_maybenull_
 _Post_writable_byte_size_(size) void* __RPC_USER MIDL_user_allocate(_In_ size_t size)
 {
-    return ebpf_allocate(size);
+    return ebpf_allocate_with_tag(size, EBPF_POOL_TAG_DEFAULT);
 }
 
 void __RPC_USER

include/ebpf_api.h

@@ -906,6 +906,18 @@ extern "C"
         _In_opt_ void* ctx,
         _In_opt_ const struct ebpf_perf_buffer_opts* opts) EBPF_NO_EXCEPT;
 
+    /**
+     * @brief Mark a link as operating in legacy mode, which means it doesn't detach
+     * automatically when last user mode reference is closed.
+     * This is used by bpf_prog_attach and related APIs to implement legacy behavior.
+     *
+     * @param[in] link File descriptor for the link.
+     *
+     * @retval EBPF_SUCCESS The operation was successful.
+     * @retval EBPF_INVALID_ARGUMENT One or more parameters are wrong.
+     */
+    _Must_inspect_result_ ebpf_result_t
+    ebpf_link_mark_as_legacy_mode(fd_t link) EBPF_NO_EXCEPT;
 #ifdef __cplusplus
 }
 #endif

include/ebpf_nethooks.h

@@ -56,6 +56,7 @@ bind_hook_t(bind_md_t* context);
 
 #define BPF_SOCK_ADDR_VERDICT_REJECT 0
 #define BPF_SOCK_ADDR_VERDICT_PROCEED 1
+#define BPF_SOCK_ADDR_VERDICT_PROCEED_HARD 2
 
 #ifdef _MSC_VER
 #pragma warning(push)
@@ -134,10 +135,11 @@ EBPF_HELPER(int, bpf_sock_addr_set_redirect_context, (bpf_sock_addr_t * ctx, voi
  *  \ref EBPF_ATTACH_TYPE_CGROUP_INET6_RECV_ACCEPT
  *
  * @param[in] context \ref bpf_sock_addr_t
- * @retval BPF_SOCK_ADDR_VERDICT_PROCEED Block the socket operation.
- * @retval BPF_SOCK_ADDR_VERDICT_REJECT Allow the socket operation.
+ * @retval BPF_SOCK_ADDR_VERDICT_REJECT Block the socket operation. Maps to a hard block in WFP.
+ * @retval BPF_SOCK_ADDR_VERDICT_PROCEED Allow the socket operation. Maps to a soft permit in WFP.
+ * @retval BPF_SOCK_ADDR_VERDICT_PROCEED_HARD Allow the socket operation. Maps to a hard permit in WFP.
  *
- * Any other return value other than the two mentioned above is treated as BPF_SOCK_ADDR_VERDICT_REJECT.
+ * Any return value other than the ones mentioned above is treated as BPF_SOCK_ADDR_VERDICT_REJECT.
  */
 typedef int
 sock_addr_hook_t(bpf_sock_addr_t* context);

libs/api/Verifier.cpp

@@ -326,7 +326,7 @@ load_byte_code(
         }
 
         for (auto& raw_program : raw_programs) {
-            program = (ebpf_program_t*)ebpf_allocate(sizeof(ebpf_program_t));
+            program = (ebpf_program_t*)ebpf_allocate_with_tag(sizeof(ebpf_program_t), EBPF_POOL_TAG_DEFAULT);
             if (program == nullptr) {
                 result = EBPF_NO_MEMORY;
                 goto Exit;
@@ -348,7 +348,7 @@ load_byte_code(
                 goto Exit;
             }
             size_t ebpf_bytes = instruction_count * sizeof(ebpf_inst);
-            program->instructions = (ebpf_inst*)ebpf_allocate(ebpf_bytes);
+            program->instructions = (ebpf_inst*)ebpf_allocate_with_tag(ebpf_bytes, EBPF_POOL_TAG_DEFAULT);
             if (program->instructions == nullptr) {
                 result = EBPF_NO_MEMORY;
                 goto Exit;
@@ -405,7 +405,7 @@ load_byte_code(
                 goto Exit;
             }
 
-            map = (ebpf_map_t*)ebpf_allocate(sizeof(ebpf_map_t));
+            map = (ebpf_map_t*)ebpf_allocate_with_tag(sizeof(ebpf_map_t), EBPF_POOL_TAG_DEFAULT);
             if (map == nullptr) {
                 result = EBPF_NO_MEMORY;
                 goto Exit;
@@ -435,7 +435,7 @@ load_byte_code(
     } catch (std::runtime_error& err) {
         auto message = err.what();
         auto message_length = strlen(message) + 1;
-        char* error = reinterpret_cast<char*>(ebpf_allocate(message_length + 1));
+        char* error = reinterpret_cast<char*>(ebpf_allocate_with_tag(message_length + 1, EBPF_POOL_TAG_DEFAULT));
         if (error) {
             strcpy_s(error, message_length, message);
         }
@@ -468,7 +468,7 @@ load_byte_code(
 static void
 _ebpf_add_stat(_Inout_ ebpf_api_program_info_t* info, std::string key, int value) noexcept(false)
 {
-    ebpf_stat_t* stat = (ebpf_stat_t*)ebpf_allocate(sizeof(*stat));
+    ebpf_stat_t* stat = (ebpf_stat_t*)ebpf_allocate_with_tag(sizeof(*stat), EBPF_POOL_TAG_DEFAULT);
     if (stat == nullptr) {
         throw std::runtime_error("Out of memory");
     }
@@ -503,7 +503,7 @@ ebpf_api_elf_enumerate_programs(
     try {
         auto raw_programs = read_elf(file, section ? std::string(section) : std::string(), verifier_options, platform);
         for (const auto& raw_program : raw_programs) {
-            info = (ebpf_api_program_info_t*)ebpf_allocate(sizeof(*info));
+            info = (ebpf_api_program_info_t*)ebpf_allocate_with_tag(sizeof(*info), EBPF_POOL_TAG_DEFAULT);
             if (info == nullptr) {
                 throw std::runtime_error("Out of memory");
             }
@@ -548,7 +548,7 @@ ebpf_api_elf_enumerate_programs(
             info->offset_in_section = raw_program.insn_off;
             std::vector<uint8_t> raw_data = convert_ebpf_program_to_bytes(raw_program.prog);
             info->raw_data_size = raw_data.size();
-            info->raw_data = (char*)ebpf_allocate(info->raw_data_size);
+            info->raw_data = (char*)ebpf_allocate_with_tag(info->raw_data_size, EBPF_POOL_TAG_DEFAULT);
             if (info->raw_data == nullptr) {
                 throw std::runtime_error("Out of memory");
             }

libs/api/ebpf_api.cpp

@@ -1483,8 +1483,8 @@ ebpf_program_query_info(
 
     size_t file_name_length = reply->section_name_offset - reply->file_name_offset;
     size_t section_name_length = reply->header.length - reply->section_name_offset;
-    char* local_file_name = reinterpret_cast<char*>(ebpf_allocate(file_name_length + 1));
-    char* local_section_name = reinterpret_cast<char*>(ebpf_allocate(section_name_length + 1));
+    char* local_file_name = reinterpret_cast<char*>(ebpf_allocate_with_tag(file_name_length + 1, EBPF_POOL_TAG_DEFAULT));
+    char* local_section_name = reinterpret_cast<char*>(ebpf_allocate_with_tag(section_name_length + 1, EBPF_POOL_TAG_DEFAULT));
 
     if (!local_file_name || !local_section_name) {
         ebpf_free(local_file_name);
@@ -1656,7 +1656,7 @@ ebpf_program_attach(
 
     ebpf_assert(program);
 
-    ebpf_link_t* new_link = (ebpf_link_t*)ebpf_allocate(sizeof(ebpf_link_t));
+    ebpf_link_t* new_link = (ebpf_link_t*)ebpf_allocate_with_tag(sizeof(ebpf_link_t), EBPF_POOL_TAG_DEFAULT);
     if (new_link == nullptr) {
         EBPF_RETURN_RESULT(EBPF_NO_MEMORY);
     }
@@ -1712,7 +1712,7 @@ ebpf_program_attach_by_fd(
     EBPF_LOG_ENTRY();
     ebpf_assert(link);
 
-    ebpf_link_t* new_link = (ebpf_link_t*)ebpf_allocate(sizeof(ebpf_link_t));
+    ebpf_link_t* new_link = (ebpf_link_t*)ebpf_allocate_with_tag(sizeof(ebpf_link_t), EBPF_POOL_TAG_DEFAULT);
     if (new_link == nullptr) {
         EBPF_RETURN_RESULT(EBPF_NO_MEMORY);
     }
@@ -2286,7 +2286,7 @@ _initialize_ebpf_object_from_native_file(
     object.execution_type = EBPF_EXECUTION_NATIVE;
 
     for (ebpf_api_program_info_t* info = infos; info; info = info->next) {
-        program = (ebpf_program_t*)ebpf_allocate(sizeof(ebpf_program_t));
+        program = (ebpf_program_t*)ebpf_allocate_with_tag(sizeof(ebpf_program_t), EBPF_POOL_TAG_DEFAULT);
         if (program == nullptr) {
             result = EBPF_NO_MEMORY;
             goto Exit;
@@ -2580,7 +2580,7 @@ _ebpf_pe_get_map_definitions(
                     break;
                 }
 
-                map = (ebpf_map_t*)ebpf_allocate(sizeof(ebpf_map_t));
+                map = (ebpf_map_t*)ebpf_allocate_with_tag(sizeof(ebpf_map_t), EBPF_POOL_TAG_DEFAULT);
                 if (map == nullptr) {
                     goto Error;
                 }
@@ -2759,7 +2759,7 @@ _ebpf_pe_add_section(
     std::string elf_section_name = pe_context->section_names[pe_section_name];
     std::string program_name = pe_context->program_names[pe_section_name];
 
-    ebpf_api_program_info_t* info = (ebpf_api_program_info_t*)ebpf_allocate(sizeof(*info));
+    ebpf_api_program_info_t* info = (ebpf_api_program_info_t*)ebpf_allocate_with_tag(sizeof(*info), EBPF_POOL_TAG_DEFAULT);
     if (info == nullptr) {
         pe_context->result = EBPF_NO_MEMORY;
         return_value = 1;
@@ -2785,7 +2785,7 @@ _ebpf_pe_add_section(
     info->expected_attach_type = pe_context->section_attach_types[pe_section_name];
 
     info->raw_data_size = section_header.Misc.VirtualSize;
-    info->raw_data = (char*)ebpf_allocate(section_header.Misc.VirtualSize);
+    info->raw_data = (char*)ebpf_allocate_with_tag(section_header.Misc.VirtualSize, EBPF_POOL_TAG_DEFAULT);
     if (info->raw_data == nullptr || info->section_name == nullptr) {
         pe_context->result = EBPF_NO_MEMORY;
         return_value = 1;
@@ -3633,7 +3633,7 @@ _load_native_programs(
     size_t buffer_size = offsetof(ebpf_operation_load_native_programs_reply_t, data) + handles_size;
 
     if (count_of_maps > 0) {
-        *map_handles = (ebpf_handle_t*)ebpf_allocate(map_handles_size);
+        *map_handles = (ebpf_handle_t*)ebpf_allocate_with_tag(map_handles_size, EBPF_POOL_TAG_DEFAULT);
         if (*map_handles == nullptr) {
             EBPF_LOG_MESSAGE(
                 EBPF_TRACELOG_LEVEL_ERROR,
@@ -3645,7 +3645,7 @@ _load_native_programs(
     }
 
     if (count_of_programs > 0) {
-        *program_handles = (ebpf_handle_t*)ebpf_allocate(program_handles_size);
+        *program_handles = (ebpf_handle_t*)ebpf_allocate_with_tag(program_handles_size, EBPF_POOL_TAG_DEFAULT);
         if (*program_handles == nullptr) {
             EBPF_LOG_MESSAGE(
                 EBPF_TRACELOG_LEVEL_ERROR,
@@ -5222,3 +5222,20 @@ ebpf_map_set_wait_handle(fd_t map_fd, uint64_t index, ebpf_handle_t handle) NO_E
     EBPF_RETURN_RESULT(result);
 }
 CATCH_NO_MEMORY_EBPF_RESULT
+
+_Must_inspect_result_ ebpf_result_t
+ebpf_link_mark_as_legacy_mode(fd_t link_fd) NO_EXCEPT_TRY
+{
+    EBPF_LOG_ENTRY();
+    ebpf_result_t result = EBPF_SUCCESS;
+    ebpf_handle_t link_handle = _get_handle_from_file_descriptor(link_fd);
+    if (link_handle == ebpf_handle_invalid) {
+        result = EBPF_INVALID_FD;
+        EBPF_RETURN_RESULT(result);
+    }
+    ebpf_operation_link_set_legacy_mode_request_t request{
+        sizeof(request), ebpf_operation_id_t::EBPF_OPERATION_LINK_SET_LEGACY_MODE, link_handle};
+    result = win32_error_code_to_ebpf_result(invoke_ioctl(request));
+    EBPF_RETURN_RESULT(result);
+}
+CATCH_NO_MEMORY_EBPF_RESULT

libs/api/libbpf_link.cpp

@@ -7,6 +7,39 @@
 #include "libbpf.h"
 #include "libbpf_internal.h"
 
+struct bpf_link*
+bpf_link__open(const char* path)
+{
+    struct bpf_link* link = nullptr;
+    fd_t link_fd;
+    ebpf_result_t result;
+
+    result = ebpf_object_get(path, &link_fd);
+    if (result != EBPF_SUCCESS) {
+        libbpf_result_err(result); // Set errno.
+        return nullptr;
+    }
+
+    link = (struct bpf_link*)ebpf_allocate_with_tag(sizeof(struct bpf_link), EBPF_POOL_TAG_DEFAULT);
+    if (!link) {
+        (void)ebpf_close_fd(link_fd);
+        libbpf_err(-ENOMEM);
+        return nullptr;
+    }
+
+    link->fd = link_fd;
+    link->pin_path = cxplat_duplicate_string(path);
+    if (!link->pin_path) {
+        (void)ebpf_close_fd(link_fd);
+        ebpf_free(link);
+        libbpf_err(-ENOMEM);
+        return nullptr;
+    }
+    link->disconnected = false;
+
+    return link;
+}
+
 int
 bpf_link__pin(struct bpf_link* link, const char* path)
 {