Pin dependency github.com/cilium/ebpf

Use same as opencontainers/runc
2020-01-24 13:13:44 +01:00
parent 088ee920e0
commit 5ba2a8da09
35 changed files with 600 additions and 2731 deletions
--- a/vendor/github.com/cilium/ebpf/prog.go
+++ b/vendor/github.com/cilium/ebpf/prog.go
@@ -4,18 +4,22 @@ import (
 	"bytes"
 	"fmt"
 	"math"
+	"path/filepath"
 	"strings"
 	"time"
 	"unsafe"

 	"github.com/cilium/ebpf/asm"
 	"github.com/cilium/ebpf/internal"
-	"github.com/cilium/ebpf/internal/btf"
 	"github.com/cilium/ebpf/internal/unix"

 	"github.com/pkg/errors"
 )

+var (
+	errNotSupported = errors.New("ebpf: not supported by kernel")
+)
+
 const (
 	// Number of bytes to pad the output buffer for BPF_PROG_TEST_RUN.
 	// This is currently the maximum of spare space allocated for SKB
@@ -47,11 +51,6 @@ type ProgramSpec struct {
 	Instructions  asm.Instructions
 	License       string
 	KernelVersion uint32
-
-	// The BTF associated with this program. Changing Instructions
-	// will most likely invalidate the contained data, and may
-	// result in errors when attempting to load it into the kernel.
-	BTF *btf.Program
 }

 // Copy returns a copy of the spec.
@@ -74,7 +73,7 @@ type Program struct {
 	// otherwise it is empty.
 	VerifierLog string

-	fd   *internal.FD
+	fd   *bpfFD
 	name string
 	abi  ProgramABI
 }
@@ -92,20 +91,7 @@ func NewProgram(spec *ProgramSpec) (*Program, error) {
 // Loading a program for the first time will perform
 // feature detection by loading small, temporary programs.
 func NewProgramWithOptions(spec *ProgramSpec, opts ProgramOptions) (*Program, error) {
-	if spec.BTF == nil {
-		return newProgramWithBTF(spec, nil, opts)
-	}
-
-	handle, err := btf.NewHandle(btf.ProgramSpec(spec.BTF))
-	if err != nil && !btf.IsNotSupported(err) {
-		return nil, errors.Wrap(err, "can't load BTF")
-	}
-
-	return newProgramWithBTF(spec, handle, opts)
-}
-
-func newProgramWithBTF(spec *ProgramSpec, btf *btf.Handle, opts ProgramOptions) (*Program, error) {
-	attr, err := convertProgramSpec(spec, btf)
+	attr, err := convertProgramSpec(spec, haveObjName.Result())
 	if err != nil {
 		return nil, err
 	}
@@ -120,51 +106,62 @@ func newProgramWithBTF(spec *ProgramSpec, btf *btf.Handle, opts ProgramOptions)
 		logBuf = make([]byte, logSize)
 		attr.logLevel = opts.LogLevel
 		attr.logSize = uint32(len(logBuf))
-		attr.logBuf = internal.NewSlicePointer(logBuf)
+		attr.logBuf = newPtr(unsafe.Pointer(&logBuf[0]))
 	}

 	fd, err := bpfProgLoad(attr)
 	if err == nil {
 		prog := newProgram(fd, spec.Name, &ProgramABI{spec.Type})
-		prog.VerifierLog = internal.CString(logBuf)
+		prog.VerifierLog = convertCString(logBuf)
 		return prog, nil
 	}

+	truncated := errors.Cause(err) == unix.ENOSPC
 	if opts.LogLevel == 0 {
 		// Re-run with the verifier enabled to get better error messages.
 		logBuf = make([]byte, logSize)
 		attr.logLevel = 1
 		attr.logSize = uint32(len(logBuf))
-		attr.logBuf = internal.NewSlicePointer(logBuf)
+		attr.logBuf = newPtr(unsafe.Pointer(&logBuf[0]))

-		_, logErr := bpfProgLoad(attr)
-		err = internal.ErrorWithLog(err, logBuf, logErr)
+		_, nerr := bpfProgLoad(attr)
+		truncated = errors.Cause(nerr) == unix.ENOSPC
 	}

-	return nil, errors.Wrap(err, "can't load program")
+	logs := convertCString(logBuf)
+	if truncated {
+		logs += "\n(truncated...)"
+	}
+
+	return nil, &loadError{err, logs}
 }

 // NewProgramFromFD creates a program from a raw fd.
 //
 // You should not use fd after calling this function.
-//
-// Requires at least Linux 4.11.
 func NewProgramFromFD(fd int) (*Program, error) {
 	if fd < 0 {
 		return nil, errors.New("invalid fd")
 	}
-	bpfFd := internal.NewFD(uint32(fd))
+	bpfFd := newBPFFD(uint32(fd))

-	name, abi, err := newProgramABIFromFd(bpfFd)
+	info, err := bpfGetProgInfoByFD(bpfFd)
 	if err != nil {
-		bpfFd.Forget()
+		bpfFd.forget()
 		return nil, err
 	}

-	return newProgram(bpfFd, name, abi), nil
+	var name string
+	if bpfName := convertCString(info.name[:]); bpfName != "" {
+		name = bpfName
+	} else {
+		name = convertCString(info.tag[:])
+	}
+
+	return newProgram(bpfFd, name, newProgramABIFromInfo(info)), nil
 }

-func newProgram(fd *internal.FD, name string, abi *ProgramABI) *Program {
+func newProgram(fd *bpfFD, name string, abi *ProgramABI) *Program {
 	return &Program{
 		name: name,
 		fd:   fd,
@@ -172,7 +169,7 @@ func newProgram(fd *internal.FD, name string, abi *ProgramABI) *Program {
 	}
 }

-func convertProgramSpec(spec *ProgramSpec, handle *btf.Handle) (*bpfProgLoadAttr, error) {
+func convertProgramSpec(spec *ProgramSpec, includeName bool) (*bpfProgLoadAttr, error) {
 	if len(spec.Instructions) == 0 {
 		return nil, errors.New("Instructions cannot be empty")
 	}
@@ -189,12 +186,13 @@ func convertProgramSpec(spec *ProgramSpec, handle *btf.Handle) (*bpfProgLoadAttr

 	bytecode := buf.Bytes()
 	insCount := uint32(len(bytecode) / asm.InstructionSize)
+	lic := []byte(spec.License)
 	attr := &bpfProgLoadAttr{
 		progType:           spec.Type,
 		expectedAttachType: spec.AttachType,
 		insCount:           insCount,
-		instructions:       internal.NewSlicePointer(bytecode),
-		license:            internal.NewStringPointer(spec.License),
+		instructions:       newPtr(unsafe.Pointer(&bytecode[0])),
+		license:            newPtr(unsafe.Pointer(&lic[0])),
 	}

 	name, err := newBPFObjName(spec.Name)
@@ -202,38 +200,18 @@ func convertProgramSpec(spec *ProgramSpec, handle *btf.Handle) (*bpfProgLoadAttr
 		return nil, err
 	}

-	if haveObjName() == nil {
+	if includeName {
 		attr.progName = name
 	}

-	if handle != nil && spec.BTF != nil {
-		attr.progBTFFd = uint32(handle.FD())
-
-		recSize, bytes, err := btf.ProgramLineInfos(spec.BTF)
-		if err != nil {
-			return nil, errors.Wrap(err, "can't get BTF line infos")
-		}
-		attr.lineInfoRecSize = recSize
-		attr.lineInfoCnt = uint32(uint64(len(bytes)) / uint64(recSize))
-		attr.lineInfo = internal.NewSlicePointer(bytes)
-
-		recSize, bytes, err = btf.ProgramFuncInfos(spec.BTF)
-		if err != nil {
-			return nil, errors.Wrap(err, "can't get BTF function infos")
-		}
-		attr.funcInfoRecSize = recSize
-		attr.funcInfoCnt = uint32(uint64(len(bytes)) / uint64(recSize))
-		attr.funcInfo = internal.NewSlicePointer(bytes)
-	}
-
 	return attr, nil
 }

 func (p *Program) String() string {
 	if p.name != "" {
-		return fmt.Sprintf("%s(%s)#%v", p.abi.Type, p.name, p.fd)
+		return fmt.Sprintf("%s(%s)#%s", p.abi.Type, p.name, p.fd)
 	}
-	return fmt.Sprintf("%s#%v", p.abi.Type, p.fd)
+	return fmt.Sprintf("%s#%s", p.abi.Type, p.fd)
 }

 // ABI gets the ABI of the Program
@@ -245,7 +223,7 @@ func (p *Program) ABI() ProgramABI {
 //
 // It is invalid to call this function after Close has been called.
 func (p *Program) FD() int {
-	fd, err := p.fd.Value()
+	fd, err := p.fd.value()
 	if err != nil {
 		// Best effort: -1 is the number most likely to be an
 		// invalid file descriptor.
@@ -265,7 +243,7 @@ func (p *Program) Clone() (*Program, error) {
 		return nil, nil
 	}

-	dup, err := p.fd.Dup()
+	dup, err := p.fd.dup()
 	if err != nil {
 		return nil, errors.Wrap(err, "can't clone program")
 	}
@@ -286,7 +264,7 @@ func (p *Program) Close() error {
 		return nil
 	}

-	return p.fd.Close()
+	return p.fd.close()
 }

 // Test runs the Program in the kernel with the given input and returns the
@@ -298,7 +276,7 @@ func (p *Program) Close() error {
 // This function requires at least Linux 4.12.
 func (p *Program) Test(in []byte) (uint32, []byte, error) {
 	ret, out, _, err := p.testRun(in, 1)
-	return ret, out, errors.Wrap(err, "can't test program")
+	return ret, out, err
 }

 // Benchmark runs the Program with the given input for a number of times
@@ -310,43 +288,42 @@ func (p *Program) Test(in []byte) (uint32, []byte, error) {
 // This function requires at least Linux 4.12.
 func (p *Program) Benchmark(in []byte, repeat int) (uint32, time.Duration, error) {
 	ret, _, total, err := p.testRun(in, repeat)
-	return ret, total, errors.Wrap(err, "can't benchmark program")
+	return ret, total, err
 }

-var haveProgTestRun = internal.FeatureTest("BPF_PROG_TEST_RUN", "4.12", func() bool {
-	prog, err := NewProgram(&ProgramSpec{
-		Type: SocketFilter,
-		Instructions: asm.Instructions{
-			asm.LoadImm(asm.R0, 0, asm.DWord),
-			asm.Return(),
-		},
-		License: "MIT",
-	})
-	if err != nil {
-		// This may be because we lack sufficient permissions, etc.
-		return false
-	}
-	defer prog.Close()
+var noProgTestRun = featureTest{
+	Fn: func() bool {
+		prog, err := NewProgram(&ProgramSpec{
+			Type: SocketFilter,
+			Instructions: asm.Instructions{
+				asm.LoadImm(asm.R0, 0, asm.DWord),
+				asm.Return(),
+			},
+			License: "MIT",
+		})
+		if err != nil {
+			// This may be because we lack sufficient permissions, etc.
+			return false
+		}
+		defer prog.Close()

-	fd, err := prog.fd.Value()
-	if err != nil {
-		return false
-	}
+		fd, err := prog.fd.value()
+		if err != nil {
+			return false
+		}

-	// Programs require at least 14 bytes input
-	in := make([]byte, 14)
-	attr := bpfProgTestRunAttr{
-		fd:         fd,
-		dataSizeIn: uint32(len(in)),
-		dataIn:     internal.NewSlicePointer(in),
-	}
+		// Programs require at least 14 bytes input
+		in := make([]byte, 14)
+		attr := bpfProgTestRunAttr{
+			fd:         fd,
+			dataSizeIn: uint32(len(in)),
+			dataIn:     newPtr(unsafe.Pointer(&in[0])),
+		}

-	_, err = internal.BPF(_ProgTestRun, unsafe.Pointer(&attr), unsafe.Sizeof(attr))
-
-	// Check for EINVAL specifically, rather than err != nil since we
-	// otherwise misdetect due to insufficient permissions.
-	return errors.Cause(err) != unix.EINVAL
-})
+		_, err = bpfCall(_ProgTestRun, unsafe.Pointer(&attr), unsafe.Sizeof(attr))
+		return errors.Cause(err) == unix.EINVAL
+	},
+}

 func (p *Program) testRun(in []byte, repeat int) (uint32, []byte, time.Duration, error) {
 	if uint(repeat) > math.MaxUint32 {
@@ -361,8 +338,8 @@ func (p *Program) testRun(in []byte, repeat int) (uint32, []byte, time.Duration,
 		return 0, nil, 0, fmt.Errorf("input is too long")
 	}

-	if err := haveProgTestRun(); err != nil {
-		return 0, nil, 0, err
+	if noProgTestRun.Result() {
+		return 0, nil, 0, errNotSupported
 	}

 	// Older kernels ignore the dataSizeOut argument when copying to user space.
@@ -372,7 +349,7 @@ func (p *Program) testRun(in []byte, repeat int) (uint32, []byte, time.Duration,
 	// See https://patchwork.ozlabs.org/cover/1006822/
 	out := make([]byte, len(in)+outputPad)

-	fd, err := p.fd.Value()
+	fd, err := p.fd.value()
 	if err != nil {
 		return 0, nil, 0, err
 	}
@@ -381,12 +358,12 @@ func (p *Program) testRun(in []byte, repeat int) (uint32, []byte, time.Duration,
 		fd:          fd,
 		dataSizeIn:  uint32(len(in)),
 		dataSizeOut: uint32(len(out)),
-		dataIn:      internal.NewSlicePointer(in),
-		dataOut:     internal.NewSlicePointer(out),
+		dataIn:      newPtr(unsafe.Pointer(&in[0])),
+		dataOut:     newPtr(unsafe.Pointer(&out[0])),
 		repeat:      uint32(repeat),
 	}

-	_, err = internal.BPF(_ProgTestRun, unsafe.Pointer(&attr), unsafe.Sizeof(attr))
+	_, err = bpfCall(_ProgTestRun, unsafe.Pointer(&attr), unsafe.Sizeof(attr))
 	if err != nil {
 		return 0, nil, 0, errors.Wrap(err, "can't run test")
 	}
@@ -415,18 +392,18 @@ func unmarshalProgram(buf []byte) (*Program, error) {
 		return nil, err
 	}

-	name, abi, err := newProgramABIFromFd(fd)
+	abi, err := newProgramABIFromFd(fd)
 	if err != nil {
-		_ = fd.Close()
+		_ = fd.close()
 		return nil, err
 	}

-	return newProgram(fd, name, abi), nil
+	return newProgram(fd, "", abi), nil
 }

 // MarshalBinary implements BinaryMarshaler.
 func (p *Program) MarshalBinary() ([]byte, error) {
-	value, err := p.fd.Value()
+	value, err := p.fd.value()
 	if err != nil {
 		return nil, err
 	}
@@ -442,7 +419,7 @@ func (p *Program) Attach(fd int, typ AttachType, flags AttachFlags) error {
 		return errors.New("invalid fd")
 	}

-	pfd, err := p.fd.Value()
+	pfd, err := p.fd.value()
 	if err != nil {
 		return err
 	}
@@ -463,7 +440,7 @@ func (p *Program) Detach(fd int, typ AttachType, flags AttachFlags) error {
 		return errors.New("invalid fd")
 	}

-	pfd, err := p.fd.Value()
+	pfd, err := p.fd.value()
 	if err != nil {
 		return err
 	}
@@ -480,20 +457,31 @@ func (p *Program) Detach(fd int, typ AttachType, flags AttachFlags) error {

 // LoadPinnedProgram loads a Program from a BPF file.
 //
-// Requires at least Linux 4.11.
+// Requires at least Linux 4.13, use LoadPinnedProgramExplicit on
+// earlier versions.
 func LoadPinnedProgram(fileName string) (*Program, error) {
 	fd, err := bpfGetObject(fileName)
 	if err != nil {
 		return nil, err
 	}

-	name, abi, err := newProgramABIFromFd(fd)
+	abi, err := newProgramABIFromFd(fd)
 	if err != nil {
-		_ = fd.Close()
-		return nil, errors.Wrapf(err, "can't get ABI for %s", fileName)
+		_ = fd.close()
+		return nil, err
 	}

-	return newProgram(fd, name, abi), nil
+	return newProgram(fd, filepath.Base(fileName), abi), nil
+}
+
+// LoadPinnedProgramExplicit loads a program with explicit parameters.
+func LoadPinnedProgramExplicit(fileName string, abi *ProgramABI) (*Program, error) {
+	fd, err := bpfGetObject(fileName)
+	if err != nil {
+		return nil, err
+	}
+
+	return newProgram(fd, filepath.Base(fileName), abi), nil
 }

 // SanitizeName replaces all invalid characters in name.
@@ -512,9 +500,24 @@ func SanitizeName(name string, replacement rune) string {
 	}, name)
 }

+type loadError struct {
+	cause       error
+	verifierLog string
+}
+
+func (le *loadError) Error() string {
+	if le.verifierLog == "" {
+		return fmt.Sprintf("failed to load program: %s", le.cause)
+	}
+	return fmt.Sprintf("failed to load program: %s: %s", le.cause, le.verifierLog)
+}
+
+func (le *loadError) Cause() error {
+	return le.cause
+}
+
 // IsNotSupported returns true if an error occurred because
 // the kernel does not have support for a specific feature.
 func IsNotSupported(err error) bool {
-	_, notSupported := errors.Cause(err).(*internal.UnsupportedFeatureError)
-	return notSupported
+	return errors.Cause(err) == errNotSupported
 }