build(deps): bump github.com/containerd/cgroups/v3 from 3.0.2 to 3.0.3

Bumps [github.com/containerd/cgroups/v3](https://github.com/containerd/cgroups) from 3.0.2 to 3.0.3. - [Release notes](https://github.com/containerd/cgroups/releases) - [Commits](https://github.com/containerd/cgroups/compare/v3.0.2...v3.0.3) --- updated-dependencies: - dependency-name: github.com/containerd/cgroups/v3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
2023-12-29 11:45:53 +00:00
parent 1f76ca4081
commit 5387747e92
119 changed files with 8743 additions and 3476 deletions
--- a/vendor/github.com/cilium/ebpf/linker.go
+++ b/vendor/github.com/cilium/ebpf/linker.go
@@ -1,14 +1,51 @@
 package ebpf

 import (
+	"encoding/binary"
 	"errors"
 	"fmt"
-	"sync"
+	"io"
+	"math"

 	"github.com/cilium/ebpf/asm"
 	"github.com/cilium/ebpf/btf"
+	"github.com/cilium/ebpf/internal"
 )

+// handles stores handle objects to avoid gc cleanup
+type handles []*btf.Handle
+
+func (hs *handles) add(h *btf.Handle) (int, error) {
+	if h == nil {
+		return 0, nil
+	}
+
+	if len(*hs) == math.MaxInt16 {
+		return 0, fmt.Errorf("can't add more than %d module FDs to fdArray", math.MaxInt16)
+	}
+
+	*hs = append(*hs, h)
+
+	// return length of slice so that indexes start at 1
+	return len(*hs), nil
+}
+
+func (hs handles) fdArray() []int32 {
+	// first element of fda is reserved as no module can be indexed with 0
+	fda := []int32{0}
+	for _, h := range hs {
+		fda = append(fda, int32(h.FD()))
+	}
+
+	return fda
+}
+
+func (hs handles) close() {
+	for _, h := range hs {
+		h.Close()
+	}
+}
+
 // splitSymbols splits insns into subsections delimited by Symbol Instructions.
 // insns cannot be empty and must start with a Symbol Instruction.
 //
@@ -67,7 +104,7 @@ func hasFunctionReferences(insns asm.Instructions) bool {
 //
 // Passing a nil target will relocate against the running kernel. insns are
 // modified in place.
-func applyRelocations(insns asm.Instructions, local, target *btf.Spec) error {
+func applyRelocations(insns asm.Instructions, target *btf.Spec, bo binary.ByteOrder) error {
 	var relos []*btf.CORERelocation
 	var reloInsns []*asm.Instruction
 	iter := insns.Iterate()
@@ -82,19 +119,18 @@ func applyRelocations(insns asm.Instructions, local, target *btf.Spec) error {
 		return nil
 	}

-	target, err := maybeLoadKernelBTF(target)
-	if err != nil {
-		return err
+	if bo == nil {
+		bo = internal.NativeEndian
 	}

-	fixups, err := btf.CORERelocate(local, target, relos)
+	fixups, err := btf.CORERelocate(relos, target, bo)
 	if err != nil {
 		return err
 	}

 	for i, fixup := range fixups {
 		if err := fixup.Apply(reloInsns[i]); err != nil {
-			return fmt.Errorf("apply fixup %s: %w", &fixup, err)
+			return fmt.Errorf("fixup for %s: %w", relos[i], err)
 		}
 	}

@@ -181,8 +217,9 @@ func fixupAndValidate(insns asm.Instructions) error {
 		ins := iter.Ins

 		// Map load was tagged with a Reference, but does not contain a Map pointer.
-		if ins.IsLoadFromMap() && ins.Reference() != "" && ins.Map() == nil {
-			return fmt.Errorf("instruction %d: map %s: %w", iter.Index, ins.Reference(), asm.ErrUnsatisfiedMapReference)
+		needsMap := ins.Reference() != "" || ins.Metadata.Get(kconfigMetaKey{}) != nil
+		if ins.IsLoadFromMap() && needsMap && ins.Map() == nil {
+			return fmt.Errorf("instruction %d: %w", iter.Index, asm.ErrUnsatisfiedMapReference)
 		}

 		fixupProbeReadKernel(ins)
@@ -191,6 +228,88 @@ func fixupAndValidate(insns asm.Instructions) error {
 	return nil
 }

+// fixupKfuncs loops over all instructions in search for kfunc calls.
+// If at least one is found, the current kernels BTF and module BTFis are searched to set Instruction.Constant
+// and Instruction.Offset to the correct values.
+func fixupKfuncs(insns asm.Instructions) (handles, error) {
+	iter := insns.Iterate()
+	for iter.Next() {
+		ins := iter.Ins
+		if ins.IsKfuncCall() {
+			goto fixups
+		}
+	}
+
+	return nil, nil
+
+fixups:
+	// only load the kernel spec if we found at least one kfunc call
+	kernelSpec, err := btf.LoadKernelSpec()
+	if err != nil {
+		return nil, err
+	}
+
+	fdArray := make(handles, 0)
+	for {
+		ins := iter.Ins
+
+		if !ins.IsKfuncCall() {
+			if !iter.Next() {
+				// break loop if this was the last instruction in the stream.
+				break
+			}
+			continue
+		}
+
+		// check meta, if no meta return err
+		kfm, _ := ins.Metadata.Get(kfuncMeta{}).(*btf.Func)
+		if kfm == nil {
+			return nil, fmt.Errorf("kfunc call has no kfuncMeta")
+		}
+
+		target := btf.Type((*btf.Func)(nil))
+		spec, module, err := findTargetInKernel(kernelSpec, kfm.Name, &target)
+		if errors.Is(err, btf.ErrNotFound) {
+			return nil, fmt.Errorf("kfunc %q: %w", kfm.Name, ErrNotSupported)
+		}
+		if err != nil {
+			return nil, err
+		}
+
+		if err := btf.CheckTypeCompatibility(kfm.Type, target.(*btf.Func).Type); err != nil {
+			return nil, &incompatibleKfuncError{kfm.Name, err}
+		}
+
+		id, err := spec.TypeID(target)
+		if err != nil {
+			return nil, err
+		}
+
+		idx, err := fdArray.add(module)
+		if err != nil {
+			return nil, err
+		}
+
+		ins.Constant = int64(id)
+		ins.Offset = int16(idx)
+
+		if !iter.Next() {
+			break
+		}
+	}
+
+	return fdArray, nil
+}
+
+type incompatibleKfuncError struct {
+	name string
+	err  error
+}
+
+func (ike *incompatibleKfuncError) Error() string {
+	return fmt.Sprintf("kfunc %q: %s", ike.name, ike.err)
+}
+
 // fixupProbeReadKernel replaces calls to bpf_probe_read_{kernel,user}(_str)
 // with bpf_probe_read(_str) on kernels that don't support it yet.
 func fixupProbeReadKernel(ins *asm.Instruction) {
@@ -211,28 +330,62 @@ func fixupProbeReadKernel(ins *asm.Instruction) {
 	}
 }

-var kernelBTF struct {
-	sync.Mutex
-	spec *btf.Spec
-}
-
-// maybeLoadKernelBTF loads the current kernel's BTF if spec is nil, otherwise
-// it returns spec unchanged.
+// resolveKconfigReferences creates and populates a .kconfig map if necessary.
 //
-// The kernel BTF is cached for the lifetime of the process.
-func maybeLoadKernelBTF(spec *btf.Spec) (*btf.Spec, error) {
-	if spec != nil {
-		return spec, nil
+// Returns a nil Map and no error if no references exist.
+func resolveKconfigReferences(insns asm.Instructions) (_ *Map, err error) {
+	closeOnError := func(c io.Closer) {
+		if err != nil {
+			c.Close()
+		}
 	}

-	kernelBTF.Lock()
-	defer kernelBTF.Unlock()
-
-	if kernelBTF.spec != nil {
-		return kernelBTF.spec, nil
+	var spec *MapSpec
+	iter := insns.Iterate()
+	for iter.Next() {
+		meta, _ := iter.Ins.Metadata.Get(kconfigMetaKey{}).(*kconfigMeta)
+		if meta != nil {
+			spec = meta.Map
+			break
+		}
 	}

-	var err error
-	kernelBTF.spec, err = btf.LoadKernelSpec()
-	return kernelBTF.spec, err
+	if spec == nil {
+		return nil, nil
+	}
+
+	cpy := spec.Copy()
+	if err := resolveKconfig(cpy); err != nil {
+		return nil, err
+	}
+
+	kconfig, err := NewMap(cpy)
+	if err != nil {
+		return nil, err
+	}
+	defer closeOnError(kconfig)
+
+	// Resolve all instructions which load from .kconfig map with actual map
+	// and offset inside it.
+	iter = insns.Iterate()
+	for iter.Next() {
+		meta, _ := iter.Ins.Metadata.Get(kconfigMetaKey{}).(*kconfigMeta)
+		if meta == nil {
+			continue
+		}
+
+		if meta.Map != spec {
+			return nil, fmt.Errorf("instruction %d: reference to multiple .kconfig maps is not allowed", iter.Index)
+		}
+
+		if err := iter.Ins.AssociateMap(kconfig); err != nil {
+			return nil, fmt.Errorf("instruction %d: %w", iter.Index, err)
+		}
+
+		// Encode a map read at the offset of the var in the datasec.
+		iter.Ins.Constant = int64(uint64(meta.Offset) << 32)
+		iter.Ins.Metadata.Set(kconfigMetaKey{}, nil)
+	}
+
+	return kconfig, nil
 }