-
Notifications
You must be signed in to change notification settings - Fork 210
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix closing native program / maps handles in system worker thread. #2500
Changes from all commits
00e0a56
d1c3a30
2ea1813
f94a583
0c9fa42
bcd3f47
babb008
2a7ac5b
7820407
e2ce9de
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -15,6 +15,11 @@ static uint32_t _ebpf_platform_maximum_processor_count = 0; | |
extern DEVICE_OBJECT* | ||
ebpf_driver_get_device_object(); | ||
|
||
typedef struct _ebpf_process_state | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
|
||
{ | ||
KAPC_STATE state; | ||
} ebpf_process_state_t; | ||
|
||
typedef struct _ebpf_memory_descriptor | ||
{ | ||
MDL memory_descriptor_list; | ||
|
@@ -920,3 +925,37 @@ ebpf_utf8_string_to_unicode(_In_ const ebpf_utf8_string_t* input, _Outptr_ wchar | |
ebpf_free(unicode_string); | ||
return retval; | ||
} | ||
|
||
intptr_t | ||
ebpf_platform_reference_process() | ||
{ | ||
PEPROCESS process = PsGetCurrentProcess(); | ||
ObReferenceObject(process); | ||
return (intptr_t)process; | ||
} | ||
|
||
_Ret_maybenull_ ebpf_process_state_t* | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. ?? what is the need for this function? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Since ebpf_platform.h only contains: |
||
ebpf_allocate_process_state() | ||
{ | ||
// Skipping fault injection as call to ebpf_allocate() covers it. | ||
ebpf_process_state_t* state = ebpf_allocate(sizeof(ebpf_process_state_t)); | ||
return state; | ||
} | ||
|
||
void | ||
ebpf_platform_dereference_process(intptr_t process_handle) | ||
{ | ||
ObDereferenceObject((PEPROCESS)process_handle); | ||
} | ||
|
||
void | ||
ebpf_platform_attach_process(intptr_t process_handle, _Inout_ ebpf_process_state_t* state) | ||
{ | ||
KeStackAttachProcess((PEPROCESS)process_handle, &state->state); | ||
} | ||
|
||
void | ||
ebpf_platform_detach_process(_In_ ebpf_process_state_t* state) | ||
{ | ||
KeUnstackDetachProcess(&state->state); | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -37,6 +37,11 @@ | |
|
||
ebpf_leak_detector_ptr _ebpf_leak_detector_ptr; | ||
|
||
typedef struct _ebpf_process_state | ||
{ | ||
uint8_t unused; | ||
} ebpf_process_state_t; | ||
|
||
/** | ||
* @brief Environment variable to enable fault injection testing. | ||
* | ||
|
@@ -1408,3 +1413,41 @@ | |
ebpf_free(unicode_string); | ||
return retval; | ||
} | ||
|
||
_Ret_maybenull_ ebpf_process_state_t* | ||
ebpf_allocate_process_state() | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Can you check Fault injection needed for all the new functions introduced? I believe it is needed. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This PR is adding the following APIs:
Only one of these APIs is expected to fail -- There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Thanks for checking it. Please add a comment for ebpf_allocate_process_state with There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Added. |
||
{ | ||
// Skipping fault injection as call to ebpf_allocate() covers it. | ||
ebpf_process_state_t* state = (ebpf_process_state_t*)ebpf_allocate(sizeof(ebpf_process_state_t)); | ||
return state; | ||
} | ||
|
||
intptr_t | ||
ebpf_platform_reference_process() | ||
{ | ||
|
||
HANDLE process = GetCurrentProcess(); | ||
saxena-anurag marked this conversation as resolved.
Show resolved
Hide resolved
|
||
return (intptr_t)process; | ||
} | ||
|
||
void | ||
ebpf_platform_dereference_process(intptr_t process_handle) | ||
{ | ||
// This is a no-op for the user mode implementation. | ||
UNREFERENCED_PARAMETER(process_handle); | ||
} | ||
|
||
void | ||
ebpf_platform_attach_process(intptr_t process_handle, _Inout_ ebpf_process_state_t* state) | ||
{ | ||
// This is a no-op for the user mode implementation. | ||
UNREFERENCED_PARAMETER(process_handle); | ||
UNREFERENCED_PARAMETER(state); | ||
} | ||
|
||
void | ||
ebpf_platform_detach_process(_In_ ebpf_process_state_t* state) | ||
{ | ||
// This is a no-op for the user mode implementation. | ||
UNREFERENCED_PARAMETER(state); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this needed given line 1319 ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, 1319 line is for the cleanup path which is not called in this path.