Skip to content

Commit

Permalink
Add missing traces, some drive-by clean-up (#2750)
Browse files Browse the repository at this point in the history
Co-authored-by: Dhiren Vispute <[email protected]>
  • Loading branch information
dv-msft and Dhiren Vispute authored Aug 29, 2023
1 parent 8304ae2 commit 2ce0551
Show file tree
Hide file tree
Showing 7 changed files with 326 additions and 115 deletions.
54 changes: 42 additions & 12 deletions netebpfext/net_ebpf_ext.c
Original file line number Diff line number Diff line change
Expand Up @@ -247,10 +247,9 @@ net_ebpf_extension_wfp_filter_context_create(
// Allocate buffer for WFP filter context.
local_filter_context = (net_ebpf_extension_wfp_filter_context_t*)ExAllocatePoolUninitialized(
NonPagedPoolNx, filter_context_size, NET_EBPF_EXTENSION_POOL_TAG);
if (local_filter_context == NULL) {
result = EBPF_NO_MEMORY;
goto Exit;
}
NET_EBPF_EXT_BAIL_ON_ALLOC_FAILURE_RESULT(
NET_EBPF_EXT_TRACELOG_KEYWORD_EXTENSION, local_filter_context, "local_filter_context", result);

memset(local_filter_context, 0, filter_context_size);
local_filter_context->reference_count = 1; // Initial reference.
local_filter_context->client_context = client_context;
Expand Down Expand Up @@ -379,16 +378,17 @@ net_ebpf_extension_add_wfp_filters(
NET_EBPF_EXT_LOG_ENTRY();

if (filter_count == 0) {
NET_EBPF_EXT_LOG_MESSAGE(
NET_EBPF_EXT_TRACELOG_LEVEL_ERROR, NET_EBPF_EXT_TRACELOG_KEYWORD_EXTENSION, "Filter count is 0");
result = EBPF_INVALID_ARGUMENT;
goto Exit;
}

local_filter_ids = (uint64_t*)ExAllocatePoolUninitialized(
NonPagedPoolNx, sizeof(uint64_t) * filter_count, NET_EBPF_EXTENSION_POOL_TAG);
if (local_filter_ids == NULL) {
result = EBPF_NO_MEMORY;
goto Exit;
}
NET_EBPF_EXT_BAIL_ON_ALLOC_FAILURE_RESULT(
NET_EBPF_EXT_TRACELOG_KEYWORD_EXTENSION, local_filter_ids, "local_filter_ids", result);

memset(local_filter_ids, 0, sizeof(uint64_t) * filter_count);

status = FwpmTransactionBegin(_fwp_engine_handle, 0);
Expand Down Expand Up @@ -538,12 +538,14 @@ net_ebpf_ext_initialize_ndis_handles(_In_ const DRIVER_OBJECT* driver_object)
{
NTSTATUS status = STATUS_SUCCESS;
NET_BUFFER_LIST_POOL_PARAMETERS nbl_pool_parameters = {0};
NDIS_HANDLE local_net_ebpf_ext_ndis_handle = NULL;
NDIS_HANDLE local_net_ebpf_ext_nbl_pool_handle = NULL;

NET_EBPF_EXT_LOG_ENTRY();

_net_ebpf_ext_ndis_handle =
local_net_ebpf_ext_ndis_handle =
NdisAllocateGenericObject((DRIVER_OBJECT*)driver_object, NET_EBPF_EXTENSION_POOL_TAG, 0);
if (_net_ebpf_ext_ndis_handle == NULL) {
if (local_net_ebpf_ext_ndis_handle == NULL) {
status = STATUS_INSUFFICIENT_RESOURCES;
NET_EBPF_EXT_LOG_NTSTATUS_API_FAILURE(
NET_EBPF_EXT_TRACELOG_KEYWORD_EXTENSION, "NdisAllocateGenericObject", status);
Expand All @@ -558,12 +560,20 @@ net_ebpf_ext_initialize_ndis_handles(_In_ const DRIVER_OBJECT* driver_object)
nbl_pool_parameters.DataSize = 0;
nbl_pool_parameters.PoolTag = NET_EBPF_EXTENSION_POOL_TAG;

_net_ebpf_ext_nbl_pool_handle = NdisAllocateNetBufferListPool(_net_ebpf_ext_ndis_handle, &nbl_pool_parameters);
if (_net_ebpf_ext_nbl_pool_handle == NULL) {
local_net_ebpf_ext_nbl_pool_handle =
NdisAllocateNetBufferListPool(local_net_ebpf_ext_ndis_handle, &nbl_pool_parameters);
if (local_net_ebpf_ext_nbl_pool_handle == NULL) {
status = STATUS_INSUFFICIENT_RESOURCES;
NET_EBPF_EXT_LOG_NTSTATUS_API_FAILURE(
NET_EBPF_EXT_TRACELOG_KEYWORD_EXTENSION, "NdisAllocateNetBufferListPool", status);

NdisFreeGenericObject((PNDIS_GENERIC_OBJECT)local_net_ebpf_ext_ndis_handle);
goto Exit;
}

_net_ebpf_ext_ndis_handle = local_net_ebpf_ext_ndis_handle;
_net_ebpf_ext_nbl_pool_handle = local_net_ebpf_ext_nbl_pool_handle;

Exit:
NET_EBPF_EXT_RETURN_NTSTATUS(status);
}
Expand Down Expand Up @@ -751,24 +761,44 @@ net_ebpf_ext_register_providers()

status = net_ebpf_ext_xdp_register_providers();
if (!NT_SUCCESS(status)) {
NET_EBPF_EXT_LOG_MESSAGE_NTSTATUS(
NET_EBPF_EXT_TRACELOG_LEVEL_ERROR,
NET_EBPF_EXT_TRACELOG_KEYWORD_EXTENSION,
"net_ebpf_ext_xdp_register_providers failed.",
status);
goto Exit;
}
_net_ebpf_xdp_providers_registered = true;

status = net_ebpf_ext_bind_register_providers();
if (!NT_SUCCESS(status)) {
NET_EBPF_EXT_LOG_MESSAGE_NTSTATUS(
NET_EBPF_EXT_TRACELOG_LEVEL_ERROR,
NET_EBPF_EXT_TRACELOG_KEYWORD_EXTENSION,
"net_ebpf_ext_bind_register_providers failed.",
status);
goto Exit;
}
_net_ebpf_bind_providers_registered = true;

status = net_ebpf_ext_sock_addr_register_providers();
if (!NT_SUCCESS(status)) {
NET_EBPF_EXT_LOG_MESSAGE_NTSTATUS(
NET_EBPF_EXT_TRACELOG_LEVEL_ERROR,
NET_EBPF_EXT_TRACELOG_KEYWORD_EXTENSION,
"net_ebpf_ext_bind_register_providers failed.",
status);
goto Exit;
}
_net_ebpf_sock_addr_providers_registered = true;

status = net_ebpf_ext_sock_ops_register_providers();
if (!NT_SUCCESS(status)) {
NET_EBPF_EXT_LOG_MESSAGE_NTSTATUS(
NET_EBPF_EXT_TRACELOG_LEVEL_ERROR,
NET_EBPF_EXT_TRACELOG_KEYWORD_EXTENSION,
"net_ebpf_ext_sock_ops_register_providers failed.",
status);
goto Exit;
}
_net_ebpf_sock_ops_providers_registered = true;
Expand Down
56 changes: 43 additions & 13 deletions netebpfext/net_ebpf_ext_bind.c
Original file line number Diff line number Diff line change
Expand Up @@ -156,41 +156,67 @@ _net_ebpf_bind_update_store_entries()
{
NTSTATUS status;

NET_EBPF_EXT_LOG_ENTRY();

// Update section information.
uint32_t section_info_count = sizeof(_ebpf_bind_section_info) / sizeof(ebpf_program_section_info_t);
status = ebpf_store_update_section_information(&_ebpf_bind_section_info[0], section_info_count);
if (!NT_SUCCESS(status)) {
return status;
NET_EBPF_EXT_LOG_MESSAGE_NTSTATUS(
NET_EBPF_EXT_TRACELOG_LEVEL_ERROR,
NET_EBPF_EXT_TRACELOG_KEYWORD_BIND,
"ebpf_store_update_section_information",
status);
goto Exit;
}

// Update program information.
status = ebpf_store_update_program_information(&_ebpf_bind_program_info, 1);
if (!NT_SUCCESS(status)) {
NET_EBPF_EXT_LOG_MESSAGE_NTSTATUS(
NET_EBPF_EXT_TRACELOG_LEVEL_ERROR,
NET_EBPF_EXT_TRACELOG_KEYWORD_BIND,
"ebpf_store_update_program_information",
status);
goto Exit;
}

return status;
Exit:
NET_EBPF_EXT_RETURN_NTSTATUS(status);
}

NTSTATUS
net_ebpf_ext_bind_register_providers()
{
NTSTATUS status = STATUS_SUCCESS;

status = _net_ebpf_bind_update_store_entries();
if (!NT_SUCCESS(status)) {
return status;
}
NET_EBPF_EXT_LOG_ENTRY();

const net_ebpf_extension_program_info_provider_parameters_t program_info_provider_parameters = {
&_ebpf_bind_program_info_provider_moduleid, &_ebpf_bind_program_info_provider_data};
const net_ebpf_extension_hook_provider_parameters_t hook_provider_parameters = {
&_ebpf_bind_hook_provider_moduleid, &_net_ebpf_extension_bind_hook_provider_data};

NET_EBPF_EXT_LOG_ENTRY();
status = _net_ebpf_bind_update_store_entries();
if (!NT_SUCCESS(status)) {
NET_EBPF_EXT_LOG_MESSAGE_NTSTATUS(
NET_EBPF_EXT_TRACELOG_LEVEL_ERROR,
NET_EBPF_EXT_TRACELOG_KEYWORD_BIND,
"_net_ebpf_bind_update_store_entries failed.",
status);
goto Exit;
}

// Set the program type as the provider module id.
_ebpf_bind_program_info_provider_moduleid.Guid = EBPF_PROGRAM_TYPE_BIND;
status = net_ebpf_extension_program_info_provider_register(
&program_info_provider_parameters, &_ebpf_bind_program_info_provider_context);
if (!NT_SUCCESS(status)) {
NET_EBPF_EXT_LOG_MESSAGE_NTSTATUS(
NET_EBPF_EXT_TRACELOG_LEVEL_ERROR,
NET_EBPF_EXT_TRACELOG_KEYWORD_BIND,
"net_ebpf_extension_program_info_provider_register",
status);
goto Exit;
}

Expand All @@ -206,6 +232,11 @@ net_ebpf_ext_bind_register_providers()
NULL,
&_ebpf_bind_hook_provider_context);
if (status != EBPF_SUCCESS) {
NET_EBPF_EXT_LOG_MESSAGE_NTSTATUS(
NET_EBPF_EXT_TRACELOG_LEVEL_ERROR,
NET_EBPF_EXT_TRACELOG_KEYWORD_BIND,
"net_ebpf_extension_hook_provider_register",
status);
goto Exit;
}

Expand Down Expand Up @@ -415,11 +446,7 @@ _ebpf_bind_context_create(

bind_context =
(bind_md_t*)ExAllocatePoolUninitialized(NonPagedPool, sizeof(bind_md_t), NET_EBPF_EXTENSION_POOL_TAG);

if (!bind_context) {
result = EBPF_NO_MEMORY;
goto Exit;
}
NET_EBPF_EXT_BAIL_ON_ALLOC_FAILURE_RESULT(NET_EBPF_EXT_TRACELOG_KEYWORD_BIND, bind_context, "bind_context", result);

// Copy the context from the caller.
memcpy(bind_context, context_in, sizeof(bind_md_t));
Expand All @@ -431,6 +458,7 @@ _ebpf_bind_context_create(
*context = bind_context;
bind_context = NULL;
result = EBPF_SUCCESS;

Exit:
if (bind_context) {
ExFreePool(bind_context);
Expand All @@ -453,7 +481,7 @@ _ebpf_bind_context_destroy(
bind_md_t* bind_context_out = (bind_md_t*)context_out;

if (!bind_context) {
return;
goto Exit;
}

if (context_out != NULL && *context_size_out >= sizeof(bind_md_t)) {
Expand All @@ -477,5 +505,7 @@ _ebpf_bind_context_destroy(
}

ExFreePool(bind_context);

Exit:
NET_EBPF_EXT_LOG_EXIT();
}
25 changes: 21 additions & 4 deletions netebpfext/net_ebpf_ext_hook_provider.c
Original file line number Diff line number Diff line change
Expand Up @@ -83,12 +83,15 @@ _ebpf_ext_attach_init_rundown(net_ebpf_extension_hook_client_t* hook_client)
NTSTATUS status = STATUS_SUCCESS;
net_ebpf_ext_hook_client_rundown_t* rundown = &hook_client->rundown;

NET_EBPF_EXT_LOG_ENTRY();

//
// Allocate work item for client detach processing.
//
hook_client->detach_work_item = IoAllocateWorkItem(_net_ebpf_ext_driver_device_object);
if (hook_client->detach_work_item == NULL) {
status = STATUS_INSUFFICIENT_RESOURCES;
NET_EBPF_EXT_LOG_NTSTATUS_API_FAILURE(NET_EBPF_EXT_TRACELOG_KEYWORD_EXTENSION, "IoAllocateWorkItem", status);
goto Exit;
}

Expand All @@ -99,7 +102,7 @@ _ebpf_ext_attach_init_rundown(net_ebpf_extension_hook_client_t* hook_client)
rundown->rundown_occurred = FALSE;

Exit:
return status;
NET_EBPF_EXT_RETURN_NTSTATUS(status);
}

/**
Expand All @@ -111,8 +114,12 @@ _ebpf_ext_attach_init_rundown(net_ebpf_extension_hook_client_t* hook_client)
static void
_ebpf_ext_attach_enable_rundown(_Inout_ net_ebpf_ext_hook_client_rundown_t* rundown)
{
NET_EBPF_EXT_LOG_ENTRY();

ExReInitializeRundownProtection(&rundown->protection);
rundown->rundown_reinitialized = TRUE;

NET_EBPF_EXT_LOG_EXIT();
}

/**
Expand All @@ -124,8 +131,12 @@ _ebpf_ext_attach_enable_rundown(_Inout_ net_ebpf_ext_hook_client_rundown_t* rund
static void
_ebpf_ext_attach_wait_for_rundown(_Inout_ net_ebpf_ext_hook_client_rundown_t* rundown)
{
NET_EBPF_EXT_LOG_ENTRY();

ExWaitForRundownProtectionRelease(&rundown->protection);
rundown->rundown_occurred = TRUE;

NET_EBPF_EXT_LOG_EXIT();
}

IO_WORKITEM_ROUTINE _net_ebpf_extension_detach_client_completion;
Expand All @@ -147,11 +158,10 @@ _net_ebpf_extension_detach_client_completion(_In_ DEVICE_OBJECT* device_object,
PIO_WORKITEM work_item;

PAGED_CODE();
UNREFERENCED_PARAMETER(device_object);

NET_EBPF_EXT_LOG_ENTRY();

UNREFERENCED_PARAMETER(device_object);

ASSERT(hook_client != NULL);
_Analysis_assume_(hook_client != NULL);

Expand Down Expand Up @@ -244,6 +254,10 @@ net_ebpf_extension_hook_check_attach_parameter(
// Client requested wild card attach parameter. This will only be allowed if there are no other clients
// attached.
if (!IsListEmpty(&provider_context->attached_clients_list)) {
NET_EBPF_EXT_LOG_MESSAGE(
NET_EBPF_EXT_TRACELOG_LEVEL_ERROR,
NET_EBPF_EXT_TRACELOG_KEYWORD_EXTENSION,
"Wildcard attach denied as other clients present.");
result = EBPF_ACCESS_DENIED;
goto Exit;
}
Expand All @@ -261,6 +275,10 @@ net_ebpf_extension_hook_check_attach_parameter(
(next_client_data->data == NULL) ? wild_card_attach_parameter : next_client_data->data;
if (((memcmp(wild_card_attach_parameter, next_client_attach_parameter, attach_parameter_size) == 0)) ||
(memcmp(attach_parameter, next_client_attach_parameter, attach_parameter_size) == 0)) {
NET_EBPF_EXT_LOG_MESSAGE(
NET_EBPF_EXT_TRACELOG_LEVEL_ERROR,
NET_EBPF_EXT_TRACELOG_KEYWORD_EXTENSION,
"Attach denied as other clients present with wildcard/exact attach parameter.");
result = EBPF_ACCESS_DENIED;
goto Exit;
}
Expand Down Expand Up @@ -385,7 +403,6 @@ _net_ebpf_extension_hook_provider_attach_client(
}

Exit:

if (NT_SUCCESS(status)) {
*provider_binding_context = hook_client;
hook_client = NULL;
Expand Down
Loading

0 comments on commit 2ce0551

Please sign in to comment.