diff --git a/Makefile b/Makefile index 5602e75455967460c7be5a50f0eadf5bfb34747e..7b703fbc9deb1e52dabf2a6148dd0ea6e11f531d 100644 --- a/Makefile +++ b/Makefile @@ -35,7 +35,7 @@ OCI_BIN_PATH := $(shell which docker 2>/dev/null || which podman) OCI_BIN ?= $(shell basename ${OCI_BIN_PATH}) LOCAL_GENERATOR_IMAGE ?= ebpf-generator:latest -CILIUM_EBPF_VERSION := v0.12.0 +CILIUM_EBPF_VERSION := v0.12.2 GOLANGCI_LINT_VERSION = v1.54.2 CLANG ?= clang CFLAGS := -O2 -g -Wall -Werror $(CFLAGS) diff --git a/go.mod b/go.mod index c68d8190acc6935b541753c6c2a8fe43388d61dd..78d2f467daa46a856784e87fe3b247afd63fe6c7 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.20 require ( github.com/caarlos0/env/v6 v6.10.1 - github.com/cilium/ebpf v0.12.0 + github.com/cilium/ebpf v0.12.2 github.com/fsnotify/fsnotify v1.7.0 github.com/gavv/monotime v0.0.0-20190418164738-30dba4353424 github.com/google/gopacket v1.1.19 diff --git a/go.sum b/go.sum index 0e80fa6c780bfba9aa1fbbd276a58d50fc71c584..dbbc9afa553c29254907b0b88fdf66be3b4c7084 100644 --- a/go.sum +++ b/go.sum @@ -53,8 +53,8 @@ github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XL github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= -github.com/cilium/ebpf v0.12.0 h1:oQEuIQIXgYhe1v7sYUG0P9vtJTYZLLdA6tiQmrOB1mo= -github.com/cilium/ebpf v0.12.0/go.mod h1:u9H29/Iq+8cy70YqI6p5pfADkFl3vdnV2qXDg5JL0Zo= +github.com/cilium/ebpf v0.12.2 h1:cP3qL4kkl19kr/F+hKqUo9F9pPMVz1oms8C7Qj0AwWk= +github.com/cilium/ebpf v0.12.2/go.mod h1:u9H29/Iq+8cy70YqI6p5pfADkFl3vdnV2qXDg5JL0Zo= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= diff --git a/vendor/github.com/cilium/ebpf/btf/core.go b/vendor/github.com/cilium/ebpf/btf/core.go index a5c40d36af46ac226b20b194978b081227dc5a88..dec2cc76069421e8480b4127d1cd53f7e596516f 100644 --- a/vendor/github.com/cilium/ebpf/btf/core.go +++ b/vendor/github.com/cilium/ebpf/btf/core.go @@ -799,7 +799,7 @@ func coreFindMember(typ composite, name string) (Member, bool, error) { if visited[target] { continue } - if len(visited) >= maxTypeDepth { + if len(visited) >= maxResolveDepth { // This check is different than libbpf, which restricts the entire // path to BPF_CORE_SPEC_MAX_LEN items. return Member{}, false, fmt.Errorf("type is nested too deep") @@ -895,7 +895,7 @@ func coreAreTypesCompatible(localType Type, targetType Type) error { ) for ; l != nil && t != nil; l, t = localTs.Shift(), targetTs.Shift() { - if depth >= maxTypeDepth { + if depth >= maxResolveDepth { return errors.New("types are nested too deep") } diff --git a/vendor/github.com/cilium/ebpf/btf/ext_info.go b/vendor/github.com/cilium/ebpf/btf/ext_info.go index 36803504be6beaf3c80c51721f67fdcb43bde1d5..3eae08b28eeb517d3d312efaa8f7b34a9faa53ea 100644 --- a/vendor/github.com/cilium/ebpf/btf/ext_info.go +++ b/vendor/github.com/cilium/ebpf/btf/ext_info.go @@ -391,13 +391,14 @@ func newFuncInfos(bfis []bpfFuncInfo, spec *Spec) (FuncInfos, error) { return fis, nil } -// LoadFuncInfos parses btf func info in wire format. +// LoadFuncInfos parses BTF func info in kernel wire format. func LoadFuncInfos(reader io.Reader, bo binary.ByteOrder, recordNum uint32, spec *Spec) (FuncInfos, error) { fis, err := parseFuncInfoRecords( reader, bo, FuncInfoSize, recordNum, + false, ) if err != nil { return FuncInfos{}, fmt.Errorf("parsing BTF func info: %w", err) @@ -441,7 +442,7 @@ func parseFuncInfos(r io.Reader, bo binary.ByteOrder, strings *stringTable) (map return nil, err } - records, err := parseFuncInfoRecords(r, bo, recordSize, infoHeader.NumInfo) + records, err := parseFuncInfoRecords(r, bo, recordSize, infoHeader.NumInfo, true) if err != nil { return nil, fmt.Errorf("section %v: %w", secName, err) } @@ -453,7 +454,7 @@ func parseFuncInfos(r io.Reader, bo binary.ByteOrder, strings *stringTable) (map // parseFuncInfoRecords parses a stream of func_infos into a funcInfos. // These records appear after a btf_ext_info_sec header in the func_info // sub-section of .BTF.ext. -func parseFuncInfoRecords(r io.Reader, bo binary.ByteOrder, recordSize uint32, recordNum uint32) ([]bpfFuncInfo, error) { +func parseFuncInfoRecords(r io.Reader, bo binary.ByteOrder, recordSize uint32, recordNum uint32, offsetInBytes bool) ([]bpfFuncInfo, error) { var out []bpfFuncInfo var fi bpfFuncInfo @@ -467,13 +468,15 @@ func parseFuncInfoRecords(r io.Reader, bo binary.ByteOrder, recordSize uint32, r return nil, fmt.Errorf("can't read function info: %v", err) } - if fi.InsnOff%asm.InstructionSize != 0 { - return nil, fmt.Errorf("offset %v is not aligned with instruction size", fi.InsnOff) - } + if offsetInBytes { + if fi.InsnOff%asm.InstructionSize != 0 { + return nil, fmt.Errorf("offset %v is not aligned with instruction size", fi.InsnOff) + } - // ELF tracks offset in bytes, the kernel expects raw BPF instructions. - // Convert as early as possible. - fi.InsnOff /= asm.InstructionSize + // ELF tracks offset in bytes, the kernel expects raw BPF instructions. + // Convert as early as possible. + fi.InsnOff /= asm.InstructionSize + } out = append(out, fi) } @@ -537,13 +540,14 @@ type bpfLineInfo struct { LineCol uint32 } -// LoadLineInfos parses btf line info in wire format. +// LoadLineInfos parses BTF line info in kernel wire format. func LoadLineInfos(reader io.Reader, bo binary.ByteOrder, recordNum uint32, spec *Spec) (LineInfos, error) { lis, err := parseLineInfoRecords( reader, bo, LineInfoSize, recordNum, + false, ) if err != nil { return LineInfos{}, fmt.Errorf("parsing BTF line info: %w", err) @@ -649,7 +653,7 @@ func parseLineInfos(r io.Reader, bo binary.ByteOrder, strings *stringTable) (map return nil, err } - records, err := parseLineInfoRecords(r, bo, recordSize, infoHeader.NumInfo) + records, err := parseLineInfoRecords(r, bo, recordSize, infoHeader.NumInfo, true) if err != nil { return nil, fmt.Errorf("section %v: %w", secName, err) } @@ -661,7 +665,7 @@ func parseLineInfos(r io.Reader, bo binary.ByteOrder, strings *stringTable) (map // parseLineInfoRecords parses a stream of line_infos into a lineInfos. // These records appear after a btf_ext_info_sec header in the line_info // sub-section of .BTF.ext. -func parseLineInfoRecords(r io.Reader, bo binary.ByteOrder, recordSize uint32, recordNum uint32) ([]bpfLineInfo, error) { +func parseLineInfoRecords(r io.Reader, bo binary.ByteOrder, recordSize uint32, recordNum uint32, offsetInBytes bool) ([]bpfLineInfo, error) { var out []bpfLineInfo var li bpfLineInfo @@ -675,13 +679,15 @@ func parseLineInfoRecords(r io.Reader, bo binary.ByteOrder, recordSize uint32, r return nil, fmt.Errorf("can't read line info: %v", err) } - if li.InsnOff%asm.InstructionSize != 0 { - return nil, fmt.Errorf("offset %v is not aligned with instruction size", li.InsnOff) - } + if offsetInBytes { + if li.InsnOff%asm.InstructionSize != 0 { + return nil, fmt.Errorf("offset %v is not aligned with instruction size", li.InsnOff) + } - // ELF tracks offset in bytes, the kernel expects raw BPF instructions. - // Convert as early as possible. - li.InsnOff /= asm.InstructionSize + // ELF tracks offset in bytes, the kernel expects raw BPF instructions. + // Convert as early as possible. + li.InsnOff /= asm.InstructionSize + } out = append(out, li) } diff --git a/vendor/github.com/cilium/ebpf/btf/format.go b/vendor/github.com/cilium/ebpf/btf/format.go index acb489cd0c8cd31e80432393078b1f4b89fe55f6..5e581b4a851848844d406202cbe5c2c486df10ac 100644 --- a/vendor/github.com/cilium/ebpf/btf/format.go +++ b/vendor/github.com/cilium/ebpf/btf/format.go @@ -118,7 +118,7 @@ func (gf *GoFormatter) writeType(typ Type, depth int) error { // uint32 func (gf *GoFormatter) writeTypeLit(typ Type, depth int) error { depth++ - if depth > maxTypeDepth { + if depth > maxResolveDepth { return errNestedTooDeep } @@ -265,7 +265,7 @@ func (gf *GoFormatter) writeStructField(m Member, depth int) error { } depth++ - if depth > maxTypeDepth { + if depth > maxResolveDepth { return errNestedTooDeep } @@ -338,7 +338,7 @@ func (gf *GoFormatter) writePadding(bytes uint32) { func skipQualifiers(typ Type) Type { result := typ - for depth := 0; depth <= maxTypeDepth; depth++ { + for depth := 0; depth <= maxResolveDepth; depth++ { switch v := (result).(type) { case qualifier: result = v.qualify() diff --git a/vendor/github.com/cilium/ebpf/btf/types.go b/vendor/github.com/cilium/ebpf/btf/types.go index 5aedd72d8c32232369f9a6d447c22f9b90f0f2b4..8fe329aa4e4efca37fe288d21714972d04fa1af9 100644 --- a/vendor/github.com/cilium/ebpf/btf/types.go +++ b/vendor/github.com/cilium/ebpf/btf/types.go @@ -5,7 +5,6 @@ import ( "fmt" "io" "math" - "reflect" "strings" "github.com/cilium/ebpf/asm" @@ -13,7 +12,9 @@ import ( "github.com/cilium/ebpf/internal/sys" ) -const maxTypeDepth = 32 +// Mirrors MAX_RESOLVE_DEPTH in libbpf. +// https://github.com/libbpf/libbpf/blob/e26b84dc330c9644c07428c271ab491b0f01f4e1/src/btf.c#L761 +const maxResolveDepth = 32 // TypeID identifies a type in a BTF section. type TypeID = sys.TypeID @@ -590,7 +591,7 @@ func Sizeof(typ Type) (int, error) { elem int64 ) - for i := 0; i < maxTypeDepth; i++ { + for i := 0; i < maxResolveDepth; i++ { switch v := typ.(type) { case *Array: if n > 0 && int64(v.Nelems) > math.MaxInt64/n { @@ -758,11 +759,11 @@ func inflateRawTypes(rawTypes []rawType, rawStrings *stringTable, base *Spec) ([ } var fixups []fixupDef - fixup := func(id TypeID, typ *Type) bool { + fixup := func(id TypeID, typ *Type) { if id < firstTypeID { if baseType, err := base.TypeByID(id); err == nil { *typ = baseType - return true + return } } @@ -770,31 +771,10 @@ func inflateRawTypes(rawTypes []rawType, rawStrings *stringTable, base *Spec) ([ if idx < len(types) { // We've already inflated this type, fix it up immediately. *typ = types[idx] - return true + return } fixups = append(fixups, fixupDef{id, typ}) - return false - } - - type assertion struct { - id TypeID - typ *Type - want reflect.Type - } - - var assertions []assertion - fixupAndAssert := func(id TypeID, typ *Type, want reflect.Type) error { - if !fixup(id, typ) { - assertions = append(assertions, assertion{id, typ, want}) - return nil - } - - // The type has already been fixed up, check the type immediately. - if reflect.TypeOf(*typ) != want { - return fmt.Errorf("type ID %d: expected %s, got %T", id, want, *typ) - } - return nil } type bitfieldFixupDef struct { @@ -955,9 +935,7 @@ func inflateRawTypes(rawTypes []rawType, rawStrings *stringTable, base *Spec) ([ case kindFunc: fn := &Func{name, nil, raw.Linkage()} - if err := fixupAndAssert(raw.Type(), &fn.Type, reflect.TypeOf((*FuncProto)(nil))); err != nil { - return nil, err - } + fixup(raw.Type(), &fn.Type) typ = fn case kindFuncProto: @@ -1066,12 +1044,6 @@ func inflateRawTypes(rawTypes []rawType, rawStrings *stringTable, base *Spec) ([ } } - for _, assertion := range assertions { - if reflect.TypeOf(*assertion.typ) != assertion.want { - return nil, fmt.Errorf("type ID %d: expected %s, got %T", assertion.id, assertion.want, *assertion.typ) - } - } - for _, dt := range declTags { switch t := dt.Type.(type) { case *Var, *Typedef: @@ -1085,7 +1057,12 @@ func inflateRawTypes(rawTypes []rawType, rawStrings *stringTable, base *Spec) ([ } case *Func: - if dt.Index >= len(t.Type.(*FuncProto).Params) { + fp, ok := t.Type.(*FuncProto) + if !ok { + return nil, fmt.Errorf("type %s: %s is not a FuncProto", dt, t.Type) + } + + if dt.Index >= len(fp.Params) { return nil, fmt.Errorf("type %s: index %d exceeds params of %s", dt, dt.Index, t) } @@ -1121,7 +1098,7 @@ func newEssentialName(name string) essentialName { // UnderlyingType skips qualifiers and Typedefs. func UnderlyingType(typ Type) Type { result := typ - for depth := 0; depth <= maxTypeDepth; depth++ { + for depth := 0; depth <= maxResolveDepth; depth++ { switch v := (result).(type) { case qualifier: result = v.qualify() @@ -1140,7 +1117,7 @@ func UnderlyingType(typ Type) Type { // Returns the zero value and false if there is no T or if the type is nested // too deeply. func as[T Type](typ Type) (T, bool) { - for depth := 0; depth <= maxTypeDepth; depth++ { + for depth := 0; depth <= maxResolveDepth; depth++ { switch v := (typ).(type) { case T: return v, true diff --git a/vendor/github.com/cilium/ebpf/internal/sysenc/marshal.go b/vendor/github.com/cilium/ebpf/internal/sysenc/marshal.go index 235a1df2640b4fd9aa87393725e604f482e3126c..52339456aaf23d60f29574274fb683045daf7e6b 100644 --- a/vendor/github.com/cilium/ebpf/internal/sysenc/marshal.go +++ b/vendor/github.com/cilium/ebpf/internal/sysenc/marshal.go @@ -11,6 +11,8 @@ import ( "unsafe" "github.com/cilium/ebpf/internal" + + "golang.org/x/exp/slices" ) // Marshal turns data into a byte slice using the system's native endianness. @@ -88,6 +90,11 @@ func Unmarshal(data interface{}, buf []byte) error { *value = string(buf) return nil + case *[]byte: + // Backwards compat: unmarshaling into a slice replaces the whole slice. + *value = slices.Clone(buf) + return nil + default: if dataBuf := unsafeBackingMemory(data); len(dataBuf) == len(buf) { copy(dataBuf, buf) @@ -99,7 +106,15 @@ func Unmarshal(data interface{}, buf []byte) error { rd.Reset(buf) - return binary.Read(rd, internal.NativeEndian, value) + if err := binary.Read(rd, internal.NativeEndian, value); err != nil { + return err + } + + if rd.Len() != 0 { + return fmt.Errorf("unmarshaling %T doesn't consume all data", data) + } + + return nil } } diff --git a/vendor/github.com/cilium/ebpf/internal/vdso.go b/vendor/github.com/cilium/ebpf/internal/vdso.go index 10e639bf06e91526e437b0224548e706d140c456..c444a41c4b18d2d24cd8db61a194121782071faa 100644 --- a/vendor/github.com/cilium/ebpf/internal/vdso.go +++ b/vendor/github.com/cilium/ebpf/internal/vdso.go @@ -8,6 +8,7 @@ import ( "io" "math" "os" + "unsafe" "github.com/cilium/ebpf/internal/unix" ) @@ -19,6 +20,8 @@ var ( // vdsoVersion returns the LINUX_VERSION_CODE embedded in the vDSO library // linked into the current process image. func vdsoVersion() (uint32, error) { + const uintptrIs32bits = unsafe.Sizeof((uintptr)(0)) == 4 + // Read data from the auxiliary vector, which is normally passed directly // to the process. Go does not expose that data, so we must read it from procfs. // https://man7.org/linux/man-pages/man3/getauxval.3.html @@ -31,7 +34,7 @@ func vdsoVersion() (uint32, error) { } defer av.Close() - vdsoAddr, err := vdsoMemoryAddress(av) + vdsoAddr, err := vdsoMemoryAddress(av, NativeEndian, uintptrIs32bits) if err != nil { return 0, fmt.Errorf("finding vDSO memory address: %w", err) } @@ -52,9 +55,34 @@ func vdsoVersion() (uint32, error) { return c, nil } +type auxvPair32 struct { + Tag, Value uint32 +} + +type auxvPair64 struct { + Tag, Value uint64 +} + +func readAuxvPair(r io.Reader, order binary.ByteOrder, uintptrIs32bits bool) (tag, value uint64, _ error) { + if uintptrIs32bits { + var aux auxvPair32 + if err := binary.Read(r, order, &aux); err != nil { + return 0, 0, fmt.Errorf("reading auxv entry: %w", err) + } + return uint64(aux.Tag), uint64(aux.Value), nil + } + + var aux auxvPair64 + if err := binary.Read(r, order, &aux); err != nil { + return 0, 0, fmt.Errorf("reading auxv entry: %w", err) + } + return aux.Tag, aux.Value, nil +} + // vdsoMemoryAddress returns the memory address of the vDSO library // linked into the current process image. r is an io.Reader into an auxv blob. -func vdsoMemoryAddress(r io.Reader) (uint64, error) { +func vdsoMemoryAddress(r io.Reader, order binary.ByteOrder, uintptrIs32bits bool) (uintptr, error) { + // See https://elixir.bootlin.com/linux/v6.5.5/source/include/uapi/linux/auxvec.h const ( _AT_NULL = 0 // End of vector _AT_SYSINFO_EHDR = 33 // Offset to vDSO blob in process image @@ -62,16 +90,16 @@ func vdsoMemoryAddress(r io.Reader) (uint64, error) { // Loop through all tag/value pairs in auxv until we find `AT_SYSINFO_EHDR`, // the address of a page containing the virtual Dynamic Shared Object (vDSO). - aux := struct{ Tag, Val uint64 }{} for { - if err := binary.Read(r, NativeEndian, &aux); err != nil { - return 0, fmt.Errorf("reading auxv entry: %w", err) + tag, value, err := readAuxvPair(r, order, uintptrIs32bits) + if err != nil { + return 0, err } - switch aux.Tag { + switch tag { case _AT_SYSINFO_EHDR: - if aux.Val != 0 { - return aux.Val, nil + if value != 0 { + return uintptr(value), nil } return 0, fmt.Errorf("invalid vDSO address in auxv") // _AT_NULL is always the last tag/val pair in the aux vector diff --git a/vendor/github.com/cilium/ebpf/map.go b/vendor/github.com/cilium/ebpf/map.go index be732a24fa68bbe597f1b6a5f599a5d5d25f1193..7f6184850bac91ac1a19b27d7cf3f1be129bf098 100644 --- a/vendor/github.com/cilium/ebpf/map.go +++ b/vendor/github.com/cilium/ebpf/map.go @@ -1411,11 +1411,7 @@ func (mi *MapIterator) Next(keyOut, valueOut interface{}) bool { return false } - // The user can get access to nextKey since unmarshalBytes - // does not copy when unmarshaling into a []byte. - // Make a copy to prevent accidental corruption of - // iterator state. - copy(mi.curKey, nextKey) + mi.curKey = nextKey mi.count++ mi.err = mi.target.Lookup(nextKey, valueOut) diff --git a/vendor/github.com/cilium/ebpf/perf/doc.go b/vendor/github.com/cilium/ebpf/perf/doc.go index c8ba91864d5c174ca6bada3f3a970591b332a73f..b92bc56af5a019f60f724ab822bd51d5e5aef551 100644 --- a/vendor/github.com/cilium/ebpf/perf/doc.go +++ b/vendor/github.com/cilium/ebpf/perf/doc.go @@ -1,6 +1,5 @@ -// Package perf allows interacting with Linux perf_events. +// Package perf allows reading from BPF perf event arrays. // -// BPF allows submitting custom perf_events to a ring-buffer set up -// by userspace. This is very useful to push things like packet samples -// from BPF to a daemon running in user space. +// A perf event array contains multiple perf event ringbuffers which can be used +// to exchange sample like data with user space. package perf diff --git a/vendor/github.com/cilium/ebpf/types.go b/vendor/github.com/cilium/ebpf/types.go index af36519994b6b4a292e1919dca74aa35b8e4ebc7..e9215519a2fd10a79c9caa82403a34325d76bf38 100644 --- a/vendor/github.com/cilium/ebpf/types.go +++ b/vendor/github.com/cilium/ebpf/types.go @@ -219,7 +219,7 @@ const ( type AttachFlags uint32 // PinType determines whether a map is pinned into a BPFFS. -type PinType int +type PinType uint32 // Valid pin types. // diff --git a/vendor/github.com/cilium/ebpf/types_string.go b/vendor/github.com/cilium/ebpf/types_string.go index 5679f2254301856ef34a949646ba98d5bdb75fd0..e20c37aa4e43258c1d9baa03637b7df70556e814 100644 --- a/vendor/github.com/cilium/ebpf/types_string.go +++ b/vendor/github.com/cilium/ebpf/types_string.go @@ -111,7 +111,7 @@ const _PinType_name = "PinNonePinByName" var _PinType_index = [...]uint8{0, 7, 16} func (i PinType) String() string { - if i < 0 || i >= PinType(len(_PinType_index)-1) { + if i >= PinType(len(_PinType_index)-1) { return "PinType(" + strconv.FormatInt(int64(i), 10) + ")" } return _PinType_name[_PinType_index[i]:_PinType_index[i+1]] diff --git a/vendor/modules.txt b/vendor/modules.txt index 3f6559b7afd237d3eddc15ec537af5e84a3a5c2b..017fdd0afa289667c3f9ada498f91d288a580781 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -7,7 +7,7 @@ github.com/caarlos0/env/v6 # github.com/cespare/xxhash/v2 v2.2.0 ## explicit; go 1.11 github.com/cespare/xxhash/v2 -# github.com/cilium/ebpf v0.12.0 +# github.com/cilium/ebpf v0.12.2 ## explicit; go 1.20 github.com/cilium/ebpf github.com/cilium/ebpf/asm