28#include <ubpf_config.h>
38#if !defined(UBPF_MAX_INSTS)
39#define UBPF_MAX_INSTS 65536
45#if !defined(UBPF_MAX_CALL_DEPTH)
46#define UBPF_MAX_CALL_DEPTH 8
52#if !defined(UBPF_EBPF_STACK_SIZE)
53#define UBPF_EBPF_STACK_SIZE (UBPF_MAX_CALL_DEPTH * 512)
64#if !defined(UBPF_EBPF_LOCAL_FUNCTION_STACK_SIZE)
65#define UBPF_EBPF_LOCAL_FUNCTION_STACK_SIZE 256
71#if !defined(UBPF_MAX_EXT_FUNCS)
72#define UBPF_MAX_EXT_FUNCS 64
75#define UBPF_EBPF_NONVOLATILE_SIZE (sizeof(uint64_t) * 5)
98 typedef uint64_t (*
ubpf_jit_ex_fn)(
void* mem,
size_t mem_len, uint8_t* stack,
size_t stack_len);
338 uint64_t, uint64_t, uint64_t, uint64_t, uint64_t,
unsigned int index,
void* cookie);
414 ubpf_load(
struct ubpf_vm* vm,
const void* code, uint32_t code_len,
char** errmsg);
436#if defined(UBPF_HAS_ELF_H)
458 ubpf_load_elf(
struct ubpf_vm* vm,
const void* elf,
size_t elf_len,
char** errmsg);
483 ubpf_load_elf_ex(
struct ubpf_vm* vm,
const void* elf,
size_t elf_len,
const char* main_section_name,
char** errmsg);
510 ubpf_exec(
const struct ubpf_vm* vm,
void* mem,
size_t mem_len, uint64_t* bpf_return_value);
530 const struct ubpf_vm* vm,
533 uint64_t* bpf_return_value,
592 ubpf_copy_jit(
struct ubpf_vm* vm,
void* buffer,
size_t size,
char** errmsg);
612 ubpf_translate(
struct ubpf_vm* vm, uint8_t* buffer,
size_t* size,
char** errmsg);
694 const char* symbol_name,
695 uint64_t symbol_offset,
696 uint64_t symbol_size);
830 const uint64_t registers[16],
831 const uint8_t* stack_start,
833 uint64_t register_mask,
834 const uint8_t* stack_mask_start);
Safe-profile metadata describing a helper and the shape of its return value.
Definition ubpf.h:278
unsigned int index
Definition ubpf.h:279
external_function_t fn
Definition ubpf.h:281
uint64_t region_size
Definition ubpf.h:284
const char * name
Definition ubpf.h:280
enum ubpf_safe_helper_result_kind result_kind
Definition ubpf.h:282
uint32_t region_id
Definition ubpf.h:283
Descriptor for an external region known to the safe execution profile.
Definition ubpf.h:252
uint64_t size
Definition ubpf.h:255
enum ubpf_safe_region_kind kind
Definition ubpf.h:256
uint32_t permissions
Definition ubpf.h:257
uint32_t id
Definition ubpf.h:253
void * base
Definition ubpf.h:254
int ubpf_set_unwind_function_index(struct ubpf_vm *vm, unsigned int idx)
Instruct the uBPF runtime to apply unwind-on-success semantics to a helper function....
bool ubpf_toggle_constant_blinding(struct ubpf_vm *vm, bool enable)
Enable / disable constant blinding in the JIT compiler. Constant blinding is a security hardening tec...
bool ubpf_toggle_readonly_bytecode(struct ubpf_vm *vm, bool enable)
Enable or disable read-only bytecode storage.
int(* stack_usage_calculator_t)(const struct ubpf_vm *vm, uint16_t pc, void *cookie)
The type of a stack usage calculator callback function.
Definition ubpf.h:370
ubpf_safe_helper_result_kind
Classification for a helper's return value in the safe profile.
Definition ubpf.h:264
@ UBPF_SAFE_HELPER_RESULT_SCALAR
Definition ubpf.h:265
@ UBPF_SAFE_HELPER_RESULT_HANDLE
Definition ubpf.h:267
@ UBPF_SAFE_HELPER_RESULT_POINTER
Definition ubpf.h:266
int ubpf_exec(const struct ubpf_vm *vm, void *mem, size_t mem_len, uint64_t *bpf_return_value)
Execute a BPF program in the VM using the interpreter.
int ubpf_register_external_dispatcher(struct ubpf_vm *vm, external_function_dispatcher_t dispatcher, external_function_validate_t validater)
Register a function that dispatches to external helpers The immediate field of a CALL instruction is ...
ubpf_jit_ex_fn ubpf_compile_ex(struct ubpf_vm *vm, char **errmsg, enum JitMode jit_mode)
Compile a BPF program in the VM to native code.
int ubpf_register_data_bounds_check(struct ubpf_vm *vm, void *user_context, ubpf_bounds_check bounds_check)
Set a bounds check function for the VM.
uint64_t(* ubpf_jit_ex_fn)(void *mem, size_t mem_len, uint8_t *stack, size_t stack_len)
Opaque type for a uBPF JIT compiled function with external stack.
Definition ubpf.h:98
int ubpf_set_pointer_secret(struct ubpf_vm *vm, uint64_t secret)
Optional secret to improve ROP protection.
int ubpf_register(struct ubpf_vm *vm, unsigned int index, const char *name, external_function_t fn)
Register an external function. The immediate field of a CALL instruction is an index into an array of...
bool ubpf_toggle_undefined_behavior_check(struct ubpf_vm *vm, bool enable)
Enable or disable undefined behavior checks. Undefined behavior includes reading from uninitialized m...
JitMode
Enum to describe JIT mode.
Definition ubpf.h:118
@ BasicJitMode
Definition ubpf.h:120
@ ExtendedJitMode
Definition ubpf.h:119
external_function_t as_external_function_t(void *f)
Cast an external function to external_function_t.
struct ubpf_vm * ubpf_create(void)
Create a new uBPF VM.
uint64_t(* ubpf_jit_fn)(void *mem, size_t mem_len)
Opaque type for a uBPF JIT compiled function.
Definition ubpf.h:92
bool(* ubpf_bounds_check)(void *context, uint64_t addr, uint64_t size)
Function that is called by the VM to check if a memory access is within bounds.
Definition ubpf.h:717
ubpf_jit_fn ubpf_compile(struct ubpf_vm *vm, char **errmsg)
Compile a BPF program in the VM to native code.
ubpf_execution_profile
Execution profile for a VM instance.
Definition ubpf.h:181
@ UBPF_EXECUTION_PROFILE_LEGACY
Definition ubpf.h:183
@ UBPF_EXECUTION_PROFILE_SAFE
Definition ubpf.h:185
int ubpf_register_data_relocation(struct ubpf_vm *vm, void *user_context, ubpf_data_relocation relocation)
Set a relocation function for the VM.
int ubpf_exec_ex(const struct ubpf_vm *vm, void *mem, size_t mem_len, uint64_t *bpf_return_value, uint8_t *stack, size_t stack_len)
Execute a BPF program in the VM using the interpreter and a caller-supplied stack.
int ubpf_set_execution_profile(struct ubpf_vm *vm, enum ubpf_execution_profile profile)
Select the execution profile for the VM.
uint64_t(* ubpf_data_relocation)(void *user_context, const uint8_t *data, uint64_t data_size, const char *symbol_name, uint64_t symbol_offset, uint64_t symbol_size)
Data relocation function that is called by the VM when it encounters a R_BPF_64_64 relocation in the ...
Definition ubpf.h:690
bool ubpf_toggle_bounds_check(struct ubpf_vm *vm, bool enable)
Enable / disable bounds_check. Bounds check is enabled by default, but it may be too restrictive.
int ubpf_load(struct ubpf_vm *vm, const void *code, uint32_t code_len, char **errmsg)
Load code into a VM. This must be done before calling ubpf_exec or ubpf_compile and after registering...
bool(* external_function_validate_t)(unsigned int index, const struct ubpf_vm *vm)
The type of an external helper validation function.
Definition ubpf.h:343
int ubpf_register_safe_region(struct ubpf_vm *vm, const struct ubpf_safe_region *region)
Register a descriptor-backed external region for the safe execution profile.
int ubpf_set_jit_code_size(struct ubpf_vm *vm, size_t code_size)
Set a size for the buffer allocated to machine code generated during JIT compilation....
uint64_t(* external_function_t)(uint64_t p0, uint64_t p1, uint64_t p2, uint64_t p3, uint64_t p4)
The type of an external helper function.
Definition ubpf.h:221
ubpf_jit_fn ubpf_copy_jit(struct ubpf_vm *vm, void *buffer, size_t size, char **errmsg)
Copy the JIT'd program code to the given buffer.
uint64_t * ubpf_get_registers(const struct ubpf_vm *vm)
Retrieve the storage location for the BPF registers in the VM.
ubpf_safe_region_kind
Classification for a region exposed to the safe execution profile.
Definition ubpf.h:227
@ UBPF_SAFE_REGION_HANDLE
Definition ubpf.h:231
@ UBPF_SAFE_REGION_POINTER
Definition ubpf.h:229
uint64_t(* external_function_dispatcher_t)(uint64_t, uint64_t, uint64_t, uint64_t, uint64_t, unsigned int index, void *cookie)
The type of an external helper dispatcher function.
Definition ubpf.h:337
int ubpf_register_stack_usage_calculator(struct ubpf_vm *vm, stack_usage_calculator_t calculator, void *cookie)
Register a function that will be called during eBPF program validation to determine stack usage for a...
int ubpf_register_debug_fn(struct ubpf_vm *vm, void *context, ubpf_debug_fn debug_function)
Add option to invoke a debug function before each instruction. Note: This only applies to the interpr...
int ubpf_translate(struct ubpf_vm *vm, uint8_t *buffer, size_t *size, char **errmsg)
Translate the eBPF byte code to machine code.
ubpf_safe_region_permissions
Allowed operations for a safe-profile region.
Definition ubpf.h:238
@ UBPF_SAFE_REGION_READ
Definition ubpf.h:239
@ UBPF_SAFE_REGION_ATOMIC
Definition ubpf.h:241
@ UBPF_SAFE_REGION_WRITE
Definition ubpf.h:240
int ubpf_set_instruction_limit(struct ubpf_vm *vm, uint32_t limit, uint32_t *previous_limit)
Set the instruction limit for the VM. This is the maximum number of instructions that a program may e...
void ubpf_destroy(struct ubpf_vm *vm)
Free a uBPF VM.
int ubpf_register_safe_helper(struct ubpf_vm *vm, const struct ubpf_safe_helper_descriptor *descriptor)
Register a helper together with the safe-profile metadata needed to classify its return value.
void ubpf_set_error_print(struct ubpf_vm *vm, int(*error_printf)(FILE *stream, const char *format,...))
Set the function to be invoked if the program hits a fatal error.
void ubpf_unload_code(struct ubpf_vm *vm)
Unload code from a VM.
void ubpf_set_registers(struct ubpf_vm *vm, uint64_t *regs)
Override the storage location for the BPF registers in the VM.
void(* ubpf_debug_fn)(void *context, int program_counter, const uint64_t registers[16], const uint8_t *stack_start, size_t stack_length, uint64_t register_mask, const uint8_t *stack_mask_start)
A function to invoke before each instruction.
Definition ubpf.h:827
int ubpf_translate_ex(struct ubpf_vm *vm, uint8_t *buffer, size_t *size, char **errmsg, enum JitMode jit_mode)
Translate the eBPF byte code to machine code.
