Initial Linux ABI compat fixes #3766
Conversation
lmb
requested review from
dthaler,
poornagmsft,
Alan-Jowett,
saxena-anurag,
shankarseal,
dv-msft,
gtrevi,
shpalani,
matthewige,
mtfriesen and
rectified95
as code owners
|
@microsoft-github-policy-service agree company="Cisco" |
The Linux ABI returns all syscall errors via the function return value, not via errno. Fixes microsoft#3749
On Linux, bpf() accepts a bpf_attr which is larger than what the syscall expects, as long as the unknown fields are all 0. It also accepts a bpf_attr which is smaller than what it expects, by assuming that all missing fields are zero. This allows forwards and backwards compatilibity between old and new versions of both the Linux kernel and user space tooling. Implement a similar scheme for the bpf() emulation.
On Linux, bpf() returns EPERM if the user doesn't have CAP_BPF. Return the same error when the user isn't able to open the device handle.
bpf_cmd_id values do not match the constants used by Linux.
Export functions used to manipulate fd_t. This makes the use of the UCRT _get_osfhandle an implementation detail which is abstracted away from users of ebpfapi.dll. This also makes it easier to use the API via run-time dynamic linking.
Allow retrieving the fd from a link while destroying the link. It would be nicer to avoid the indirection via link, but that is a bigger change.
Add a function to load a native image without going through the bpf_object abstraction. The function expects program and map fd arrays to be allocated by the caller because dealing with memory which is dynamically allocated in C/C++ is quite cumbersome in Go. Returns a size hint and a well known error in case the arrays are too small.
Move fields around so that they match Linux ABI. Also change BPF_OBJ_NAME_LEN to match.
|
I've pushed all the changes I've accumulated so far. They allow me to load a native image from the Go side and call OBJ_GET_INFO_BY_FD on the maps and programs.
|
| * The file descriptor must be closed using \ref ebpf_close_fd. | ||
| * | ||
| * @param[in] link Pointer to the bpf_link structure. | ||
| * @retval The file descriptor of the link. |
There was a problem hiding this comment.
| * @retval The file descriptor of the link. | |
| * @returns The file descriptor of the link. |
Use retval only for listing specific return values since doxygen generates a 2 column table if you use retval.
| * **Helpers available:** all helpers defined in bpf_helpers.h | ||
| */ | ||
| BPF_PROG_TYPE_BIND, // TODO(#333): replace with cross-platform program type | ||
| BPF_PROG_TYPE_XDP = 6, |
There was a problem hiding this comment.
Why do we need the same literal values? Discussed with John Fastabend in the triage meeting this morning. Changing the value is a breaking change (in the sense that existing compiled apps might not work) and we don't think there is a reason the same binary value is needed.
There was a problem hiding this comment.
These constants are used to specify the program type in bpf() BPF_PROG_LOAD. If we don’t change them to match Linux we’d need separate definitions for Windows. It’s doable but makes the bpf() wrapper not truly ABI compatible.
There is a related problem where it’s not clear how to load windows specific program types via the shim. I need to think about that, maybe both problems can be solved in the same fashion.
Would it be possible to use separate constants for bpf() to avoid breaking code that doesn’t use the wrapper?
|
@shankarseal @Alan-Jowett any thoughts on this besides the questions raised by Dave? |
|
I broke the first part of changes out of this PR, maybe this will help with review. See #3870 |
|
Splitting this up into smaller PRs. |
bpf(): do not return errors via errno
Add forwards and backwards compatibility to bpf() emulation
Return EPERM from bpf() if user is not privileged
Fix incorrect bpf_cmd_id values
export ebpf_close_fd and ebpf_dup_fd
Add ebpf_link_free
Add ebpf_object_load_native_fds
Make some map and program related types Linux ABI compatible