Fix repo reference (#22)

* Fix repo reference

Signed-off-by: Alan Jowett <[email protected]>

* Nuget restore

Signed-off-by: Alan Jowett <[email protected]>

* Setup repo

Signed-off-by: Alan Jowett <[email protected]>

* Export program info

Signed-off-by: Alan Jowett <[email protected]>

* Add wprp file

Signed-off-by: Alan Jowett <[email protected]>

* Set analyze options for external repos

Signed-off-by: Alan Jowett <[email protected]>

* Fix static analysis failures

Signed-off-by: Alan Jowett <[email protected]>

* Add test scripts

Signed-off-by: Alan Jowett <[email protected]>

* Enable simple tests

Signed-off-by: Alan Jowett <[email protected]>

* Add address sanitizer pass

Signed-off-by: Alan Jowett <[email protected]>

* Remove unspported tests

Signed-off-by: Alan Jowett <[email protected]>

---------

Signed-off-by: Alan Jowett <[email protected]>
Co-authored-by: Alan Jowett <[email protected]>

.github/codecov.yml

@@ -22,9 +22,9 @@ codecov:
     #         add the number of comma-sepatated configurations to after_n_builds.
     # 'after_n_builds' is now set to the right count.
     #
-    after_n_builds: 14
+    after_n_builds: 2
 comment:
-    after_n_builds: 14
+    after_n_builds: 2
 coverage:
   status:
     project:

.github/workflows/cicd.yml

@@ -53,14 +53,13 @@ jobs:
       configurations: '["Debug", "Release"]'
 
   # Run the ntosebpfext unit tests in GitHub.
-  netebpf_ext_unit_tests:
+  ntosebpfext_units:
     # Always run this job.
     needs: regular
     if: github.event_name == 'schedule' || github.event_name == 'pull_request' || github.event_name == 'push' || github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch'
     uses: ./.github/workflows/reusable-test.yml
     with:
-      name: netebpf_ext_unit_tests
-      pre_test: appverif -enable Exceptions Handles Heaps Leak Locks Memory SRWLock Threadpool TLS DangerousAPIs DirtyStacks TimeRollOver -for unit_tests.exe
+      name: ntosebpfext_units
       test_command: .\ntosebpfext_unit.exe -d yes
       build_artifact: Build-x64
       environment: windows-2022
@@ -100,21 +99,6 @@ jobs:
       build_artifact: Build-x64-Sanitize
       build_options: /p:AddressSanitizer='True'
 
-  # Run the low memory simulator for ntosebpfext_unit tests.
-  fault_injection_ntosebpfext_unit:
-    needs: regular
-    if: github.event_name == 'schedule' || github.event_name == 'pull_request' || github.event_name == 'push' || github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch'
-    uses: ./.github/workflows/reusable-test.yml
-    with:
-      name: ntosebpfext_fault_injection
-      test_command: .\ntosebpfext_unit.exe
-      build_artifact: Build-x64
-      environment: windows-2022
-      code_coverage: true
-      gather_dumps: true
-      fault_injection: true
-      leak_detection: true
-
   # Additional jobs to run on a schedule only (skip push and pull request).
   # ---------------------------------------------------------------------------
   codeql:
@@ -125,19 +109,3 @@ jobs:
       ref: ${{ github.ref }}
       build_artifact: Build-x64-CodeQl
       build_codeql: true
-
-
-  # Run the complete fault injection simulator for ntosebpfext in GitHub.
-  # Runs on a schedule as this takes a long time to run.
-  ntosebpfext_fault_injection_full:
-    needs: regular
-    if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
-    uses: ./.github/workflows/reusable-test.yml
-    with:
-      name: ntosebpfext_fault_injection_full
-      test_command: .\ntosebpfext_unit.exe
-      build_artifact: Build-x64
-      environment: windows-2022
-      code_coverage: false
-      gather_dumps: true
-      fault_injection: true

.github/workflows/reusable-build.yml

@@ -87,7 +87,7 @@ jobs:
     - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
       if: steps.skip_check.outputs.should_skip != 'true'
       with:
-        repository: microsoft/ebpf-for-windows
+        repository: ${{github.repository}}
         submodules: 'recursive'
         ref: ${{inputs.ref}}
 
@@ -145,6 +145,15 @@ jobs:
         path: packages
         key: ${{ runner.os }}-${{env.BUILD_PLATFORM}}-${{env.BUILD_CONFIGURATION}}-${{env.BUILD_ARTIFACT_NAME}}-${{ hashFiles('**/packages.config') }}-${{env.msvc_tools_version}}
 
+    - name: Configuring repo for first build
+      if: steps.skip_check.outputs.should_skip != 'true'
+      working-directory: ${{env.GITHUB_WORKSPACE}}
+      env:
+        CXXFLAGS: /ZH:SHA_256 ${{env.CXX_FLAGS}}
+        LDFLAGS: ${{env.LD_FLAGS}}
+      run: |
+        .\scripts\initialize_repo.ps1
+
     - name: Build
       if: steps.skip_check.outputs.should_skip != 'true'
       working-directory: ${{env.GITHUB_WORKSPACE}}

.github/workflows/reusable-test.yml

@@ -154,7 +154,7 @@ jobs:
       shell: cmd
       run: |
         mkdir ${{github.workspace}}\${{env.BUILD_PLATFORM}}\${{env.BUILD_CONFIGURATION}}\TestLogs
-        wpr.exe -start ${{github.workspace}}\${{env.BUILD_PLATFORM}}\${{env.BUILD_CONFIGURATION}}\ebpfforwindows.wprp -filemode
+        wpr.exe -start ${{github.workspace}}\${{env.BUILD_PLATFORM}}\${{env.BUILD_CONFIGURATION}}\ntosebpfext.wprp -filemode
 
     - name: Set ASAN Environment Variable
       if: steps.skip_check.outputs.should_skip != 'true'
@@ -288,7 +288,7 @@ jobs:
       if: always() && (inputs.capture_etw == true) && (steps.skip_check.outputs.should_skip != 'true')
       shell: cmd
       run: |
-          wpr.exe -stop ${{github.workspace}}\${{env.BUILD_PLATFORM}}\${{env.BUILD_CONFIGURATION}}\TestLogs\ebpfforwindows.etl
+          wpr.exe -stop ${{github.workspace}}\${{env.BUILD_PLATFORM}}\${{env.BUILD_CONFIGURATION}}\TestLogs\ntosebpfext.etl
 
     - name: Check for crash dumps
       # Check for crash dumps even if the workflow failed.

external/Analyze.external.ruleset

@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+  Copyright (c) Microsoft Corporation
+  SPDX-License-Identifier: MIT
+-->
+<RuleSet Name="External rules" Description="Override parent ruleset" ToolsVersion="16.0">
+  <Include Path="..\Analyze.default.ruleset" Action="Default" />
+  <Rules AnalyzerId="Microsoft.Analyzers.NativeCodeAnalysis" RuleNamespace="Microsoft.Rules.Native">
+      <!-- Arithmetic overflow: Using operator 'operator' on a size-a byte value and then casting the result to a size-b byte value. Cast the value to the wider type before calling operator 'operator' to avoid overflow -->
+      <Rule Id="C26451" Action="Warning" />
+      <!-- Variable '%variable%' is uninitialized. Always initialize a member variable (type.6). -->
+      <Rule Id="C26495" Action="Warning" />
+      <!-- Warning C26812: Prefer 'enum class' over 'enum' (Enum.3) -->
+      <Rule Id="C26812" Action="Warning" />
+      <!-- "This kind of function may not throw. Declare it 'noexcept'." -->
+      <Rule Id="C26439" Action="Warning" />
+      <!-- Arithmetic overflow: '%operator%' operation causes overflow at compile time. Use a wider type to store the operands -->
+      <Rule Id="C26450" Action="Warning" />
+      <!-- Unannotated fallthrough between switch labels (es.78). -->
+      <Rule Id="C26819" Action="Warning" />
+      <!-- Potentially expensive copy of variable name in range-for loop. Consider making it a const reference (es.71). -->
+      <Rule Id="C26817" Action="Warning" />
+      <!-- Assigning by value when a const-reference would suffice, use const auto& instead (p.9). -->
+      <Rule Id="C26820" Action="Warning" />
+      <!--  Don't try to declare a local variable with no name (es.84) -->
+      <Rule Id="C26444" Action="Warning" />
+  </Rules>
+</RuleSet>

external/Directory.Build.props

@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+  Copyright (c) Microsoft Corporation
+  SPDX-License-Identifier: MIT
+-->
+<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003" TreatAsLocalProperty="Platform">
+  <!-- Override the rules for projects that are not under control of this project -->
+  <PropertyGroup Condition="'$(Analysis)'=='True' AND '$(AnalysisOnExternal)'=='True'">
+    <DisableAnalyzeExternal>true</DisableAnalyzeExternal>
+    <RunCodeAnalysis>true</RunCodeAnalysis>
+    <CodeAnalysisRuleSet>$(SolutionDir)external\Analyze.external.ruleset</CodeAnalysisRuleSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(AddressSanitizer)'=='True' OR '$(Fuzzer)'=='True' OR '$(Configuration)'=='FuzzerDebug'">
+    <EnableASAN>true</EnableASAN>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Fuzzer)'=='True' OR '$(Configuration)'=='FuzzerDebug'">
+    <AdditionalOptions>/fsanitize-coverage=inline-bool-flag /fsanitize-coverage=edge /fsanitize-coverage=trace-cmp /fsanitize-coverage=trace-div /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
+    <FuzzerLibs>libsancov.lib;clang_rt.fuzzer_MDd-x86_64.lib</FuzzerLibs>
+  </PropertyGroup>
+  <ItemDefinitionGroup>
+    <Link>
+      <AdditionalLibraryDirectories>$(VC_LibraryPath_VC_x64_Desktop);%(Link.AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)'=='Release'">
+    <ClCompile>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <WholeProgramOptimization Condition="'$(EnableASAN)' != 'true'">true</WholeProgramOptimization>
+      <TreatWarningAsError>false</TreatWarningAsError>
+    </ClCompile>
+    <Link>
+      <AdditionalOptions Condition="'$(EnableASAN)' != 'true'">/spgo %(AdditionalOptions)</AdditionalOptions>
+      <LinkTimeCodeGeneration Condition="'$(EnableASAN)' != 'true'">UseLinkTimeCodeGeneration</LinkTimeCodeGeneration>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)'=='Debug' OR '$(Configuration)'=='FuzzerDebug'">
+    <ClCompile>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <TreatWarningAsError>false</TreatWarningAsError>
+    </ClCompile>
+  </ItemDefinitionGroup>
+</Project>

ntosebpfext/ntos_ebpf_ext_process.c

@@ -30,8 +30,8 @@ void
 _ebpf_process_create_process_notify_routine_ex(
     _Inout_ PEPROCESS process, _In_ HANDLE process_id, _Inout_opt_ PPS_CREATE_NOTIFY_INFO create_info);
 
-static int32_t
-_ebpf_process_get_image_path(_In_ process_md_t* process_md, _Out_ uint8_t* path, uint32_t path_length);
+_Success_(return >= 0) static int32_t _ebpf_process_get_image_path(
+    _In_ process_md_t* process_md, _Out_writes_bytes_(path_length) uint8_t* path, uint32_t path_length);
 
 static const void* _ebpf_process_helper_functions[] = {(void*)&_ebpf_process_get_image_path};
 
@@ -330,14 +330,22 @@ _ebpf_process_create_process_notify_routine_ex(
         .process_md = {0}, .process = process, .create_info = create_info};
 
     NTOS_EBPF_EXT_LOG_ENTRY();
+    ntos_ebpf_extension_hook_client_t* client_context;
 
     if (create_info != NULL) {
         if (create_info->CommandLine != NULL) {
-            RtlUnicodeStringToUTF8String(&process_notify_context.command_line_utf8, create_info->CommandLine, TRUE);
+            NTSTATUS status =
+                RtlUnicodeStringToUTF8String(&process_notify_context.command_line_utf8, create_info->CommandLine, TRUE);
+            if (!NT_SUCCESS(status)) {
+                goto Exit;
+            }
         }
         if (create_info->ImageFileName != NULL) {
-            RtlUnicodeStringToUTF8String(
+            NTSTATUS status = RtlUnicodeStringToUTF8String(
                 &process_notify_context.image_file_name_utf8, create_info->ImageFileName, TRUE);
+            if (!NT_SUCCESS(status)) {
+                goto Exit;
+            }
         }
         process_notify_context.process_md.operation = PROCESS_OPERATION_CREATE;
         process_notify_context.process_md.process_id = (uint64_t)process_id;
@@ -354,8 +362,7 @@ _ebpf_process_create_process_notify_routine_ex(
 
     // For each attached client call the process hook.
     ebpf_result_t result;
-    ntos_ebpf_extension_hook_client_t* client_context =
-        ntos_ebpf_extension_hook_get_next_attached_client(_ebpf_process_hook_provider_context, NULL);
+    client_context = ntos_ebpf_extension_hook_get_next_attached_client(_ebpf_process_hook_provider_context, NULL);
     while (client_context != NULL) {
         NTSTATUS status = 0;
         if (ntos_ebpf_extension_hook_client_enter_rundown(client_context)) {
@@ -384,6 +391,7 @@ _ebpf_process_create_process_notify_routine_ex(
             ntos_ebpf_extension_hook_get_next_attached_client(_ebpf_process_hook_provider_context, client_context);
     }
 
+Exit:
     if (process_notify_context.command_line_utf8.Buffer != NULL) {
         RtlFreeUTF8String(&process_notify_context.command_line_utf8);
     }
@@ -395,8 +403,8 @@ _ebpf_process_create_process_notify_routine_ex(
     NTOS_EBPF_EXT_LOG_EXIT();
 }
 
-static int32_t
-_ebpf_process_get_image_path(_In_ process_md_t* process_md, _Out_ uint8_t* path, uint32_t path_length)
+_Success_(return >= 0) static int32_t _ebpf_process_get_image_path(
+    _In_ process_md_t* process_md, _Out_writes_bytes_(path_length) uint8_t* path, uint32_t path_length)
 {
     process_notify_context_t* process_notify_context = (process_notify_context_t*)process_md;
     int32_t result = 0;

scripts/Run-Test.ps1

@@ -0,0 +1,48 @@
+# Copyright (c) Microsoft Corporation
+# SPDX-License-Identifier: MIT
+
+# This script executes the provided test command, waits for <timeout in seconds>
+# and then captures a dump of the test process if it is still running. The dump
+# is captured using the procdump tool from Sysinternals. The dump is saved to
+# the <output folder> with the name of the test executable and the current date
+# and time.
+
+# Modifying $args directly can cause issues, so copy it to a new variable.
+$arguments = $args
+
+# Check that the correct number of arguments have been provided.
+if ($arguments.Count -eq 0) {
+    Write-Output "Usage: Run-Test.ps1 <output folder> <timeout in seconds> <test command> <test arguments>"
+    exit 1
+}
+
+# Extract the output folder and timeout from the arguments.
+$OutputFolder = $arguments[0]
+$arguments = $arguments[1..($arguments.Length - 1)]
+$Timeout = [int]$arguments[0]
+$arguments = $arguments[1..($arguments.Length - 1)]
+
+# Start the test process using the provided command and arguments.
+# This can't use Start-Process as that doesn't save exit code and always returns 0.
+$processInfo = New-Object System.Diagnostics.ProcessStartInfo
+$processInfo.UseShellExecute = $false
+$processInfo.FileName = $arguments[0]
+$processInfo.Arguments = $arguments[1..($arguments.Length - 1)] -join ' '
+
+$process = New-Object System.Diagnostics.Process
+$process.StartInfo = $processInfo
+$process.Start() | Out-Null
+
+if (!$process.WaitForExit($Timeout * 1000)) {
+    $dumpFileName = "$($process.ProcessName)_$(Get-Date -Format 'yyyy-MM-dd_HH-mm-ss').dmp"
+    $dumpFilePath = Join-Path $OutputFolder $dumpFileName
+    Write-Output "Capturing dump of $($process.ProcessName) to $dumpFilePath"
+    Start-Process -NoNewWindow -Wait -FilePath procdump -ArgumentList "-accepteula -ma $($process.Id) $dumpFilePath"
+    if (!$process.HasExited) {
+        Write-Output "Killing $($process.ProcessName)"
+        $process.Kill()
+    }
+}
+
+Write-Output "Test $($process.ProcessName) exited with code $($process.ExitCode)"
+exit $process.ExitCode

scripts/initialize_repo.ps1

@@ -0,0 +1,23 @@
+# Copyright (c) Microsoft Corporation
+# SPDX-License-Identifier: MIT
+
+# Define the commands to run
+$commands = @(
+    "git submodule update --init --recursive",
+    "cmake -G 'Visual Studio 17 2022' -S external\catch2 -B external\catch2\build -DBUILD_TESTING=OFF",
+    "nuget restore ntosebpfext.sln",
+    "packages\eBPF-for-Windows.0.15.1\build\native\bin\export_program_info.exe"
+)
+
+# Loop through each command and run them sequentially without opening a new window
+foreach ($command in $commands) {
+    Write-Host ">> Running command: $command"
+    Invoke-Expression -Command $command
+
+    # Check the exit code
+    if ($LASTEXITCODE -ne 0) {
+        Write-Host "Command failed. Exit code: $LASTEXITCODE"
+        Exit  $LASTEXITCODE
+    }
+}
+Write-Host "All commands succeeded."

scripts/ntosebpfext.wprp

@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+  Copyright (c) Microsoft Corporation
+  SPDX-License-Identifier: MIT
+-->
+<WindowsPerformanceRecorder Version="1.0" Author="Microsoft Corporation" Copyright="Microsoft Corporation" Company="Microsoft Corporation">
+  <Profiles>
+    <EventCollector Id="EventCollector_EbpfCoreProvider" Name="EbpfCoreProvider">
+      <BufferSize Value="256" />
+      <Buffers Value="1024" />
+    </EventCollector>
+
+    <EventProvider Id="ExecutionContext" Name="394f321c-5cf4-404c-aa34-4df1428a7f9c" NonPagedMemory="true"/>
+    <EventProvider Id="NtosEbpfExt" Name="d15cc421-e9e4-459b-87a6-b45b7d84e9a8" NonPagedMemory="true"/>
+
+    <Profile
+        Id="EbpfForWindowsProvider-File.Verbose.File"
+        Name="EbpfForWindowsProvider-File"
+        Description="Traces for all eBPF for Windows providers"
+        LoggingMode="File"
+        DetailLevel="Verbose">
+      <Collectors>
+        <EventCollectorId Value="EventCollector_EbpfCoreProvider">
+          <EventProviders>
+            <EventProviderId Value="ExecutionContext"/>
+          </EventProviders>
+          <EventProviders>
+            <EventProviderId Value="NtosEbpfExt"/>
+          </EventProviders>
+        </EventCollectorId>
+      </Collectors>
+    </Profile>
+
+    <Profile
+        Id="EbpfForWindowsProvider-Memory.Verbose.Memory"
+        Name="EbpfForWindowsProvider-Memory"
+        Description="Traces for all eBPF for Windows providers"
+        LoggingMode="Memory"
+        DetailLevel="Verbose">
+      <Collectors>
+        <EventCollectorId Value="EventCollector_EbpfCoreProvider">
+          <EventProviders>
+            <EventProviderId Value="ExecutionContext"/>
+          </EventProviders>
+          <EventProviders>
+            <EventProviderId Value="NtosEbpfExt"/>
+          </EventProviders>
+        </EventCollectorId>
+      </Collectors>
+    </Profile>
+
+  </Profiles>
+</WindowsPerformanceRecorder>