-
Notifications
You must be signed in to change notification settings - Fork 648
/
misc.go
227 lines (199 loc) · 6.44 KB
/
misc.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
package features
import (
"bytes"
"errors"
"fmt"
"os"
"sync"
"github.com/cilium/ebpf"
"github.com/cilium/ebpf/asm"
"github.com/cilium/ebpf/internal"
"github.com/cilium/ebpf/internal/sys"
"github.com/cilium/ebpf/internal/unix"
)
func init() {
miscs.miscTypes = make(map[miscType]error, maxMiscType)
}
var (
miscs miscCache
)
type miscCache struct {
sync.Mutex
miscTypes map[miscType]error
}
type miscType uint32
// Max returns the latest supported MiscType.
func (_ miscType) max() miscType {
return maxMiscType - 1
}
const (
// largeInsn support introduced in
// commit c04c0d2b968ac45d6ef020316808ef6c82325a82
largeInsn miscType = iota
// boundedLoops support introduced in
// commit 2589726d12a1b12eaaa93c7f1ea64287e383c7a5
boundedLoops
// v2ISA support introduced in
// commit 92b31a9af73b3a3fc801899335d6c47966351830
v2ISA
// v3ISA support introduced in
// commit 092ed0968bb648cd18e8a0430cd0a8a71727315c
v3ISA
// maxMiscType - Bound enum of FeatureTypes, has to be last in enum.
maxMiscType
)
const (
maxInsns = 4096
)
// HaveLargeInstructions probes the running kernel if more than 4096 instructions
// per program are supported.
// Return values have the following semantics:
//
// err == nil: The feature is available.
// errors.Is(err, ebpf.ErrNotSupported): The feature is not available.
// err != nil: Any errors encountered during probe execution, wrapped.
//
// Note that the latter case may include false negatives, and that program creation may
// succeed despite an error being returned. Some program types cannot reliably be probed and
// will also return error. Only `nil` and `ebpf.ErrNotSupported` are conclusive.
//
// Probe results are cached and persist throughout any process capability changes.
func HaveLargeInstructions() error {
return probeMisc(largeInsn)
}
// HaveBoundedLoops probes the running kernel if bounded loops are supported.
// Return values have the following semantics:
//
// err == nil: The feature is available.
// errors.Is(err, ebpf.ErrNotSupported): The feature is not available.
// err != nil: Any errors encountered during probe execution, wrapped.
//
// Note that the latter case may include false negatives, and that program creation may
// succeed despite an error being returned. Some program types cannot reliably be probed and
// will also return error. Only `nil` and `ebpf.ErrNotSupported` are conclusive.
//
// Probe results are cached and persist throughout any process capability changes.
func HaveBoundedLoops() error {
return probeMisc(boundedLoops)
}
// HaveV2ISA probes the running kernel if instructions of the v2 ISA are supported.
// Return values have the following semantics:
//
// err == nil: The feature is available.
// errors.Is(err, ebpf.ErrNotSupported): The feature is not available.
// err != nil: Any errors encountered during probe execution, wrapped.
//
// Note that the latter case may include false negatives, and that program creation may
// succeed despite an error being returned. Some program types cannot reliably be probed and
// will also return error. Only `nil` and `ebpf.ErrNotSupported` are conclusive.
//
// Probe results are cached and persist throughout any process capability changes.
func HaveV2ISA() error {
return probeMisc(v2ISA)
}
// HaveV3ISA probes the running kernel if instructions of the v3 ISA are supported.
// Return values have the following semantics:
//
// err == nil: The feature is available.
// errors.Is(err, ebpf.ErrNotSupported): The feature is not available.
// err != nil: Any errors encountered during probe execution, wrapped.
//
// Note that the latter case may include false negatives, and that program creation may
// succeed despite an error being returned. Some program types cannot reliably be probed and
// will also return error. Only `nil` and `ebpf.ErrNotSupported` are conclusive.
//
// Probe results are cached and persist throughout any process capability changes.
func HaveV3ISA() error {
return probeMisc(v3ISA)
}
// probeMisc checks the kernel for a given supported misc by creating
// a specialized program probe and loading it.
// Results are cached and persist throughout any process capability changes.
func probeMisc(mt miscType) error {
if mt > mt.max() {
return os.ErrInvalid
}
mc.Lock()
defer mc.Unlock()
err, ok := miscs.miscTypes[mt]
if ok {
return err
}
attr, err := createMiscProbeAttr(mt)
if err != nil {
return fmt.Errorf("couldn't create the attributes for the probe: %w", err)
}
fd, err := sys.ProgLoad(attr)
switch {
// EINVAL occurs when attempting to create a program with an unknown type.
// E2BIG occurs when ProgLoadAttr contains non-zero bytes past the end
// of the struct known by the running kernel, meaning the kernel is too old
// to support the given map type.
case errors.Is(err, unix.EINVAL), errors.Is(err, unix.E2BIG):
err = ebpf.ErrNotSupported
// EPERM is kept as-is and is not converted or wrapped.
case errors.Is(err, unix.EPERM):
break
// Wrap unexpected errors.
case err != nil:
err = fmt.Errorf("unexpected error during feature probe: %w", err)
default:
fd.Close()
}
miscs.miscTypes[mt] = err
return err
}
func createMiscProbeAttr(mt miscType) (*sys.ProgLoadAttr, error) {
var (
insns asm.Instructions
label string
)
switch mt {
case largeInsn:
for i := 0; i < maxInsns; i++ {
insns = append(insns, asm.Mov.Imm(asm.R0, 1))
}
insns = append(insns, asm.Return())
case boundedLoops:
label = "boundedLoop"
insns = asm.Instructions{
asm.Mov.Imm(asm.R0, 10),
asm.Sub.Imm(asm.R0, 1).Sym(label),
asm.JNE.Imm(asm.R0, 0, label),
asm.Return(),
}
case v2ISA:
label = "v2isa"
insns = asm.Instructions{
asm.Mov.Imm(asm.R0, 0).Sym(label),
asm.JLT.Imm(asm.R0, 0, label),
asm.Mov.Imm(asm.R0, 1),
asm.Return(),
}
case v3ISA:
label = "v3isa"
insns = asm.Instructions{
asm.Mov.Imm(asm.R0, 0).Sym(label),
asm.JLT.Imm32(asm.R0, 0, label),
asm.Mov.Imm(asm.R0, 1),
asm.Return(),
}
default:
return nil, fmt.Errorf("feature %d not yet implemented", mt)
}
if err := insns.RewriteJumps(); err != nil {
return nil, err
}
buf := bytes.NewBuffer(make([]byte, 0, insns.Size()))
if err := insns.Marshal(buf, internal.NativeEndian); err != nil {
return nil, err
}
bytecode := buf.Bytes()
instructions := sys.NewSlicePointer(bytecode)
return &sys.ProgLoadAttr{
ProgType: sys.BPF_PROG_TYPE_SOCKET_FILTER,
Insns: instructions,
InsnCnt: uint32(len(bytecode) / asm.InstructionSize),
License: sys.NewStringPointer("MIT"),
}, nil
}