v0.13.2

What's Changed

• btf: fix race in mutableTypes.copy by @lmb in #1358

Full Changelog: v0.13.1...v0.13.2

v0.13.1

What's Changed

• fix trusted "Tag breaking changes" workflow by @paulcacheux in #1347
• fix: add testcast for PutInteger by @atgane in #1323
• btf: Take instruction size into account when handling poison relocation by @dylandreimerink in #1351
• btf: fix race due to concurrent read access by @lmb in #1357

New Contributors

• @atgane made their first contribution in #1323

Full Changelog: v0.13.0...v0.13.1

v0.13.0

Faster btf.LoadKernelSpec()

Obtaining the kernel's BTF used to be very slow and is now very fast. See #1235 by @lmb.

TCX

It's now possible to attach TC programs using the new bpf_link based TCX API. See #1163 by @lmb.

UprobeMulti and UretprobeMulti

These are the user-space equivalents to KprobeMulti and Kretprobe multi and allow
attaching to a large number of symbols quickly. See #1269 by @olsajiri.

Netfilter link

There is now support to attach Netfilter programs using bpf_links. See #1313 by @mehrdadrad.

Better ELF section naming compatibility

The list of recognised ELF section names is now automatically generated from
libbpf and should be more accurate and easier to keep up to date. See #1209 by @lmb.

Pre-allocate per-CPU values

It's now possible to cut down on allocations by pre-allocating per-CPU values. See #1220 by @alxn.

Batch operation support for per-CPU values

Batch operations like Map.BatchLookup now support per-CPU values. Note that this
is not particularly optimised, please check whether it is faster based on your
use case. See #1192 by @alxn.

Breaking changes

This release requires at least Go 1.21.

github.com/cilium/ebpf

• (*Map).BatchLookup, (*Map).BatchLookupAndDelete: now take a MapBatchCursor.
  The previous implementation did not properly account for differences between
  map types and was unsafe.

github.com/cilium/ebpf/btf

• CORERelocate: now takes an additional argument, which is usually Spec.TypeID.
• MarshalExtInfos: now takes an additional *Builder instead of allocating it.
  Simply pass NewBuilder().

Both of these are considered somewhat internal API of the library.

github.com/cilium/ebpf/features

• HaveBoundedLoops: changed from var to func
• HaveLargeInstructions: changed from var to func
• HaveV2ISA: changed from var to func
• HaveV3ISA: changed from var to func

github.com/cilium/ebpf/link

• QueryOptions.Path: removed. Instead, pass an fd to the directory via QueryOptions.Target.
• QueryPrograms: now returns QueryResult to be able to extend the API.
• RawAttachProgramOptions.Replace: removed. Instead, pass ReplaceProgram() to RawAttachProgramOptions.Anchor.

What's Changed

• btf: fix CO-RE relocations for local type id by @lmb in #1191
• fix data race by caching ring buffer size by @brycekahle in #1217
• elf: generate ELF section patterns from libbpf by @lmb in #1209
• Move PossibleCPUs to a public API by @alxn in #1219
• CI: add go-apidiff check by @lmb in #1225
• CI: fix trusted workflow by @lmb in #1227
• CI: allow writing PRs from trusted workflow by @lmb in #1228
• link: add TCX support by @lmb in #1163
• map: allow pre-allocating per-CPU values on lookup by @alxn in #1220
• CI: store apidiff as json artifact by @lmb in #1229
• docs: split CONTRIBUTING.md into separate pages by @lmb in #1221
• CI: add logging to trusted workflow by @lmb in #1233
• Revert "CI: add logging to trusted workflow" by @lmb in #1234
• add kfunc benchmark by @lmb in #1231
• link: rename First, Last to Head, Tail by @lmb in #1232
• docs: remove WIP pages by @lmb in #1236
• go.mod: update golang.org/x/sys to v0.15.0 by @tklauser in #1241
• map: avoid allocations in MapIterator.Next by @lmb in #1243
• map: Introduce BatchCursor abstraction by @christarazi in #1223
• Xabier/fix typos by @txabman42 in #1248
• build(deps): bump pymdown-extensions from 10.3.1 to 10.5 in /docs by @dependabot in #1246
• build(deps): bump mkdocs-material from 9.4.7 to 9.4.14 in /docs by @dependabot in #1247
• map: fix flaky TestMapBatch/Hash by @lmb in #1250
• CI: execute benchmarks once to prevent bitrot by @lmb in #1244
• doc: use Sourcegraph query for list of importers by @lmb in #1252
• test: Migrate tests to github.com/go-quicktest/qt by @sayboras in #1253
• map: avoid allocations during batch lookup of common types by @lmb in #1254
• CI: run tests on arm64 by @lmb in #1245
• map: Fix MapBatch test for BatchLookupAndDelete case by @lmb in #1260
• link: fix TestUprobeExtWithOpts address by @rgo3 in #1272
• cmd/bpf2go: rephrase GOPACKAGE error message by @lmb in #1267
• run-tests: fetch kernels and selftests from containers by @lmb in #1264
• GH: use an issue form for bug reports by @lmb in #1268
• program: fix raw_tracepoint run repeat check bug by @mtardy in #1275
• fix make update-kernel-deps by @lmb in #1276
• Add per-CPU Map Support to Batch Operations by @alxn in #1192
• build(deps): bump mkdocs-material from 9.4.14 to 9.5.3 in /docs by @dependabot in #1285
• build(deps): bump mkdocs-git-revision-date-localized-plugin from 1.2.1 to 1.2.2 in /docs by @dependabot in #1287
• perf: fix nil pointer when perf map create failed by @cfc4n in #1282
• Fix link.Info.XDP comment to match method name by @aibor in #1292
• Add link.Info.TCX method by @aibor in #1293
• link: add feature test for tcx by @rgo3 in #1294
• cmd/bpf2go: Make LoongArch a supported target by @chenhengqi in #1296
• features: fix documentation by @lmb in #1299
• build(deps): bump gitpython from 3.1.40 to 3.1.41 in /docs by @dependabot in #1302
• link: fix tcx feature test by @rgo3 in #1303
• build(deps): bump jinja2 from 3.1.2 to 3.1.3 in /docs by @dependabot in #1305
• cmd/bpf2go: clean up goarch / clang / linux target handling by @lmb in #1310
• add kernel 6.7 by @lmb in #1314
• btf: fix slow LoadKernelSpec by making Spec.Copy lazy by @lmb in #1235
• cmd/bpf2go: fix s390x target by @lmb in #1312
• map: Make the Examples all testable examples. by @alxn in #1278
• Add support for uprobe multi link by @olsajiri in #1269
• link: add netfilter support by @mehrdadrad in #1313
• bpf2go: support specifying output directory and package name by @chent1996 in #1280
• build(deps): bump mkdocs-material from 9.5.3 to 9.5.6 in /docs by @dependabot in #1324
• bump minimum Go to 1.21 by @lmb in #1331
• add support for reading auxv from Go runtime by @paulcacheux in #1319
• dependabot: onboard github actions upgrades by @paulcacheux in #1332
• build(deps): bump actions/checkout from 3 to 4 by @dependabot in #1334
• use slices and maps packages instead of x/exp by @lmb in #1333
• build(deps): bump actions/setup-python from 4 to 5 by @dependabot in #1335
• build(deps): bump actions/github-script from 3 to 7 by @dependabot in #1336
• build(deps): bump actions/upload-artifact from 3 to 4 by @dependabot in #1337
• build(deps): bump mkdocs-git-revision-date-localized-plugin from 1.2.2 to 1.2.4 in /docs by @dependabot in #1339
• build(deps): bump mkdocs-material from 9.5.6 to 9.5.8 in /docs by @dependabot in #1340
• build(deps): bump actions/setup-go from 4 to 5 by @dependabot in #1338
• internal: replace internal memoize with sync.OnceValues by @kwakubiney in #1240
• fix minor contradiction in comments by @christian-2 in #1341
• map: rename BatchCursor to MapBatchCursor by @lmb in #1344

New Contributors

• @txabman42 made their first contribution in #1248
• @sayboras made their first contribution in #1253
• @mtardy made their first contribution in #1275
• @cfc4n m...

v0.12.3

This is a small release to fix an incompatibility with golang.org/x/sys/[email protected]. There is a variety of performance improvements as well.

What's Changed

• Add Remaining and Size to perf/ring Record by @brycekahle in #1167
• btf: correct printing size of Int type in bytes by @Asphaltt in #1182
• collection: Add Assign method by @danobi in #1114
• add 6.6 to CI by @lmb in #1187
• docs: add overview for package features by @rgo3 in #1164
• elf: skip local_kptr_stash libbpf test by @lmb in #1190
• btf: support both elf and raw BTF in loadKernelSpec by @wxx213 in #1177
• elf: skip local_kptr_stash_fail test by @lmb in #1198
• btf, sys: update vmlinux.btf.gz to 6.6 by @lmb in #1200
• btf: optimize stringTable to speed up vmlinux parsing by @lmb in #1203
• program: fix LINUX_HAS_SYSCALL_WRAPPER use with bpf_tracing.h by @paulcacheux in #1202
• btf: Optimize string table for globally increasing offsets by @dylandreimerink in #1210
• map: include full property diff in ErrMapIncompatible error string by @ti-mo in #1212
• Add new ISAv4 instructions by @dylandreimerink in #1193
• asm: cleanups for v4 ISA by @lmb in #1214
• build(deps): bump mkdocs-material from 9.4.4 to 9.4.7 in /docs by @dependabot in #1197
• build(deps): bump pymdown-extensions from 10.3 to 10.3.1 in /docs by @dependabot in #1196
• build(deps): bump mkdocs-macros-plugin from 1.0.4 to 1.0.5 in /docs by @dependabot in #1195
• build(deps): bump mkdocs-git-revision-date-localized-plugin from 1.2.0 to 1.2.1 in /docs by @dependabot in #1194
• small speedups during elf loading by @paulcacheux in #1207
• go.mod: update golang.org/x/sys to latest unreleased version by @tklauser in #1215
• btf: Optimizing BTF parsing by merging readTypes and inflateRawTypes by @dylandreimerink in #1211

New Contributors

• @wxx213 made their first contribution in #1177

Full Changelog: v0.12.2...v0.12.3

v0.12.2

This release fixes unmarshaling from a map operation into a []byte, see #1180. This is a regression in v0.12.0.

We now also properly return an error when the value to unmarshal into is too small, see #1181. This behaviour has existed for a long time.

What's Changed

• btf: stop accessing Spec.types from tests by @lmb in #1176
• PinType: change from int to uint32 by @ti-mo in #1179
• example: fix key type of xdp example by @BillyChen1 in #1178
• sysenc: special case unmarshaling into []byte by @lmb in #1180
• sysenc: refuse to unmarshal into undersized dst by @lmb in #1181

New Contributors

• @BillyChen1 made their first contribution in #1178

Full Changelog: v0.12.1...v0.12.2

v0.12.1

Fixes

Fix ProgramInfo.Instructions failing to decode ExtInfos

A recent change to ProgramInfo.Instructions failed to take a difference between kernel and ELF wire format into account. This meant that retrieving the instructions of a program from the kernel failed with a error.

See #1168, fixed by #1169.

Fix reading auxv on 32-bit platforms

The code to determine the kernel version from vdso has been broken on 32-bit platforms. Note that 32-bit arches are not officially supported to the fix is best effort.

See #1133, fixed by #1144.

What's Changed

• internal: fix reading auxv on 32-bit platforms by @lmb in #1144
• perf: clarify purpose of the package by @lmb in #1172
• build(deps): bump urllib3 from 2.0.6 to 2.0.7 in /docs by @dependabot in #1170
• btf: some inflateRawTypes simplifications by @lmb in #1173
• docs: improve Makefile UX with pipenv sync by @ti-mo in #1174
• btf,info: Fix bad instruction offset when parsing infos from kernel by @dylandreimerink in #1169

Full Changelog: v0.12.0...v0.12.1

v0.12.0

This release requires at least Go 1.20. It is mainly a bugfix release without any expected breaking changes. Map operations have also been made faster on the Go side.

Fixes

Correctly freeze .rodata maps

.rodata maps were frozen after programs referring to them were loaded, preventing the verifier from eliminating dead code based on the contents of the .rodata maps. Upgrade if you're running into odd verifier errors that don't occur on libbpf.

See #1159.

Fix fd leak in error path of kfunc support

The library leaked file descriptors when trying to use non-existent kfuncs.

See #1145.

Fix incorrect formatting of signed BTF enums with negative values

Signed enums with negative values were incorrectly formatted, leading to invalid output from bpf2go.

See #1155.

Additions

Map operations using common types are much faster

Keys and values used in map operations were indiscriminately passed through the encoding/binary package. There is now a fast path which skips this step when the in-memory layout of a type is equivalent to the output produced by binary.Write. The result is less allocations and CPU usage.

The optimization doesn't apply to per-CPU maps.

See #1062.

What's Changed

• .semaphore: rename master to main by @lmb in #1092
• improv: make errors more conclusive by @kwakubiney in #1071
• elf: don't clamp PerfEventArray.MaxEntries at parse time by @lmb in #1094
• internal/sys: make generate-btf and regenerate types by @florianl in #1105
• all: fix typos in comments and tests by @alexandear in #1109
• Add riscv64 Linux string by @hack3ric in #1110
• go: require v1.20 by @lmb in #1112
• testutils: log random seed to test output by @lmb in #1113
• Ringbuf read on timeout by @RonFed in #1111
• elf: don't set BPF_F_MMAPABLE on .kconfig by @lmb in #1128
• implementation for hinting on possible error on map create with noPrealloc flag set by @kwakubiney in #1102
• docker: rebuild ebpf-builder to include go 1.20 by @lmb in #1130
• CI: test against 6.1 by @lmb in #1131
• Add metadata to instructions returned by program info by @dylandreimerink in #1118
• Support attaching fentry / fexit on user-defined programs by @jschwinger233 in #1097
• map: zero-allocation operations for common types by @lmb in #1062
• elf_reader_test: check for bpf_testmod before running TestInvalidKfunc by @ti-mo in #1135
• CI: add github actions by @lmb in #1134
• btf: work around missing ENUM64 support by @lmb in #1132
• run-tests: support new packaging by @lmb in #1091
• Update bpf2go and stringer go:generate statements across the codebase by @ti-mo in #1140
• Drop LLVM 7 and 9 in favor of 11, 14 and 17 by @ti-mo in #1141
• btf: clean up some small things by @lmb in #1139
• CI: update apt repositories by @lmb in #1146
• linker: fix fd leak in fixupKfuncs by @lmb in #1145
• Project documentation website by @ti-mo in #1017
• dependabot: add configuration, ignore indirect Python dependencies by @ti-mo in #1148
• build(deps): bump mkdocs-material from 9.3.2 to 9.4.3 in /docs by @dependabot in #1150
• bpf2go,collection: fix typos in test and comment by @alexandear in #1138
• docs: remove partials override for content.html by @ti-mo in #1153
• sys: small cleanups by @lmb in #1154
• docs: copy shorthands to clipboard in getting-started by @ti-mo in #1158
• testdata: drop the use of clang_major directive by @ti-mo in #1151
• btf: fix writing out signed enums by @lmb in #1155
• elf: assume BTF support in loader tests by @lmb in #1161
• elf: Add support for map struct typedef by @anjmao in #1125
• Freeze .rodata before trying to load programs by @ti-mo in #1159

New Contributors

• @alexandear made their first contribution in #1109
• @hack3ric made their first contribution in #1110
• @RonFed made their first contribution in #1111
• @jschwinger233 made their first contribution in #1097
• @dependabot made their first contribution in #1150
• @anjmao made their first contribution in #1125

Full Changelog: v0.11.0...v0.12.0

Support for __ksym and __kfunc

Breaking changes

This release requires at least Go 1.19.

github.com/cilium/ebpf/btf:

• Handle.Spec() now takes a base *Spec argument.
  nil is accepted if the Handle is for vmlinux. If Handle is for a (split BTF) kernel module, pass the result of LoadKernelSpec().
• NewHandle() now takes a *Builder instead of a *Spec.
  Loading BTF into the kernel now goes via a new Builder type. See the 'Additions' section below.

github.com/cilium/ebpf/link:

• KprobeMultiOptions.Addresses: changed from []uint64 to []uintptr
  The old API didn't take 32-bit architectures into account.

Fixes

Work around the kernel rejecting some Datasec

The kernel erroneously rejects Datasec where a Typedef, Volatile, Const, Restrict or typeTag follows a Pointer, Struct, Union or Array. There is now a workaround in place, see #954.

Marshaling Map keys and values is more efficient

The marshaling code in the library now uses sync.Pool to re-use bytes.Buffer, which makes common map operations cheaper, see #1053.

CO-RE relocations are a lot more efficient

The CO-RE code now does much less copying of BTF types, which makes CO-RE relocation a lot faster, especially against large types such as sk_buff. See #1084.

Additions

__ksym (kfunc) support

It's now possible to use new-style BPF helpers aka kfunc with the library. Going forward, all new BPF 'helper' functionality in the kernel will be exposed as kfuncs, and new helpers won't be added. See #966 and #996.

__kconfig support

Tracing programs often need to vary their behaviour based on kernel configuration, such as CONFIG_HZ. Such references to __kconfig variables are now automatically populated from a variety of sources such as /proc/config.gz. Note that if you run your application implementing ebpf-go in a container, it will need access to the host's /boot on some distributions that don't ship /proc/config(.gz). (notably, Debian-based distros)

As a special mention, the LINUX_HAS_SYSCALL_WRAPPER kconfig is also supported. This allows writing portable kprobes using the BPF_KSYSCALL macro from bpf_tracing.h.

See #951, #960 and #995.

Overwritable perf buffer support

The perf reader now allows creating "overwritable" perf buffers, which always contain the most recent events in case the buffer ever gets full. This is in contrast to regular perf buffers which drop recent events if there is no more space. This is useful to implement "flight recorder" type functionality for events sourced from BPF.

See #953.

btf.Builder

Constructing custom BTF type blobs is now possible through the new btf.Builder type. Call btf.NewBuilder() to obtain one, Builder.Add(t btf.Type) to add any types you need, followed by btf.NewHandle(b btf.Builder) to load the types into the kernel. Builder also has a Marshal() method for serializing the type collection into the canonical BTF format so it can be stored for later use.

What's Changed

• cs.RewriteConstants: define error MissingConstantsError by @alban in #904
• internal: add Memoize by @lmb in #909
• Fix ProgramInfo.MapIDs for programs without maps on old kernels by @lmb in #905
• link: make KprobeMultiOptions.Addresses a []uintptr by @lmb in #913
• btf: export API to create BTF from scratch by @lmb in #859
• Update CI dependencies by @lmb in #916
• map: replace hacky unsafe.Pointer conversion with PROT_NONE page by @lmb in #915
• link: use strings.Map in sanitizeSymbol by @lmb in #919
• btf: skip .data..percpu in TestRoundtripVMlinux by @lmb in #922
• link: close perfEventLink.fd before perf event in Close() by @ti-mo in #918
• map: ignore BPF_F_RDONLY_PROG for DevMap compatibility check by @aibor in #930
• Remove deprecated +build Go build tags by @ti-mo in #888
• link: use /sys/kernel/tracing if available by @spikat in #906
• collection: work around excessive copying of kernel BTF by @alban in #920
• sys: add fd leak tracing instrumentation by @ti-mo in #732
• program: set name from object info for pinned file by @aibor in #932
• Allow specifying the tracefs prefix in options by @brycekahle in #842
• Fixed broken links pointing to Cilium doc by @PhilipSchmid in #942
• link: use statfs for tracefs mount detection by @brycekahle in #944
• btf: ensure that TypesIterator is not affected by Spec.Add by @lmb in #937
• run-tests: allow using local kernel by @lmb in #952
• require Go 1.19 by @lmb in #950
• Support __kconfig macro for LINUX_KERNEL_VERSION by @eiffel-fl in #951
• btf: work around kernel Datasec bug by @lmb in #954
• link: always include requested symbol in kprobe creation errors by @ti-mo in #959
• Fix expected fs type for /sys/kernel/debug/tracing by @brycekahle in #958
• collection: ensure LINUX_KERNEL_VERSION variable is a btf.Int. by @eiffel-fl in #961
• add tests for FSType and getTracefsPath by @lmb in #962
• Link to maintainers file by @xmulligan in #957
• docs: update various bits of documentation by @lmb in #936
• fix some comments by @cuishuang in #972
• link: new link from fd by @Asphaltt in #971
• Add support for loong64 by @zhaixiaojuan in #975
• Allow debugfs fstype for /sys/kernel/debug/tracing by @brycekahle in #976
• Add error case for creating unspecified map type. by @tommyp1ckles in #974
• perf: Add support for overwritable buffer. by @eiffel-fl in #953
• update platformPrefix list with libbpf values by @paulcacheux in #982
• link: document AttachCgroup and flags by @ti-mo in #980
• perf: clean up tests by @lmb in #979
• btf: remove Spec.firstTypeID() by @lmb in #990
• elf_reader, linker: add kfunc support by @rgo3 in #966
• CI: enable gofmt linter by @lmb in #992
• link: use BPF links to attach Tracing and LSM prog types by @mmat11 in #837
• bpf2go: spring cleaning by @lmb in #910
• btf: fix off-by-one in Spec.TypeByID by @lmb in #993
• link/executable: lazy load symbol table by @mmat11 in #991
• btf: remove type alias for []Type by @lmb in #989
• sys: introduce TypeID by @lmb in #912
• elf: freeze .kconfig map by @lmb in #1000
• btf: clean up handling of split BTF in loadRawSpec and inflateRawTypes by @lmb in #999
• elf: use per-instruction metadata for .kconfig references by @lmb in #994
• btf: avoid repeated kernel BTF copies in Handle.Spec by @lmb in #1001
• docs: document API stability by @lmb in #1003
• bpf2go: Fall back to default module name when debug.ReadBuildInfo is not available by @folbricht in #1004
• update github.com/frankban/quicktest by @lmb in #1010
• asm: update eBPF built-in functions by @florianl in #1011
• ProgramInfo provides CreatedByUid by @zachcheu in #1006
• btf: optimize Spec.Copy by @lmb in #1002
• Add support for LINUX_HAS_SYSCALL_WRAPPER kconfig by @paulcacheux in #995
• program: improve error handling in haveSyscallWrapper by @lmb in #1022
• fix container-all make invocation by @paulcacheux in #1021
• make: allow interrupting container-all with ctrl-c by @lmb in #1024
• refactor tracefs event handling into an object by @lmb in #1023
• Print out the relocation name in the error message by @kuroa-me in #1026
• allow skipping kernel version check for feature tests if test skipped via env variable by @abhipranay in #1025
• replace deprecated rand.Seed calls by @kwakubiney in #978
• elf: support kernel ...

v0.10.0 - BTF Marshaling

We're pleased to announce the first ebpf-go release of 2023! There is one breaking change, so please read through the release notes carefully. All users are encouraged to upgrade.

Breaking Changes

Support for BTF marshaling

So far, the library would only load BTF into the kernel that was originally generated by clang or pahole. As of this release, the library will instead marshal btf.Types directly into BTF blobs. For example, it's now possible to create an ebpf.Map from Go code by populating the MapSpec.Key and .Value fields with the map's k/v types to make bpftool map dump nicely pretty-print its contents for you.

As expected, there are a few important side effects and breaking changes to be aware of:

• Setting MapSpec.BTF and ProgramSpec.BTF to nil can no longer be used to disable BTF during loading, which was the fields' last remaining purpose. The fields have been removed to make sure this doesn't slip through library upgrades unnoticed.
• If your userspace program replaces individual instructions in ProgramSpec.Instructions before loading a program, make sure to copy the old Instruction's Metadata using Instruction.WithMetadata(old.Metadata). Not doing so may cause you to discard the original instruction's func_info or line_info, leading to the verifier rejecting your program with e.g. invalid argument: missing bpf_line_info for func#0. (see cilium/cilium#21933 for how this can go wrong)
• Disabling BTF for program loads now requires calling btf.WithFuncMetadata(ins, nil) on the first instruction of each (sub)program, as well as Instruction.WithSource(nil) on each Instruction containing lineinfo.
• Disabling BTF for map loads now requires MapSpec.Key and .Value being set to nil.

We're interested in hearing your use cases for explicitly disabling BTF during map/prog loads. We hope the need for disabling BTF altogether should arise less frequently, given the library falls back gracefully when the underlying kernel doesn't support BTF. In case you do believe this to be necessary, please raise an issue to discuss this further.

Fixes

NewProgram returns an unwrapped VerifierError

Since commit 148c76c ("internal: make VerifierError more succinct") the library has defaulted to omitting most of the verifier log when loading a program failed. The intention was that callers would use formatting with the %+v verb to output as much context as necessary. Due to how error wrapping with fmt.Errorf works this meant that the error had to be unwrapped with errors.As, which led to confusion.

NewProgram and friends now return an unwrapped VerifierError so that callers can format the error more easily.

Reliable VerifierError.Truncate field

Prior to this release, the VerifierError.Truncate field would only be set in case ProgramOptions.LogLevel was left to the default value of 0, among a few other quirks. This has now been resolved, making the VerifierError.Truncate field a reliable driver for a retry loop that automatically grows the verifier log buffer and retries loading the program(s). See cilium/cilium@934bccf for an example implementation.

Additions

Expanded and overhauled feature probes

features.HaveProgramType() can now conclusively probe for the program types ebpf.LSM, ebpf.Tracing and ebpf.Extension without relying on recognizing specific error return values.

Package features has been refactored to use internal.FeatureTest, unifying error wrapping and result caching with the library's internal machinery. ErrNotSupported returned from features now includes the minimum required kernel version and a feature name.

Kretprobes allow setting maxactive

The kernel's kretprobe implementation has a limitation where only a fixed number of concurrent calls to a probed function are handled. Usually the kernel chooses a sufficient default value, but for very busy functions this default is too low. This leads to missed kretprobe events.

There is an (unfortunate) workaround for this: the user can specify how many concurrent calls they want to support via a maxactive parameter. This comes with a lot of drawbacks however. maxactive is only supported when using an obsolete interface to kretprobes, and it's not at all clear how to arrive at the correct maxactive setting. link.KprobeOptions now exposes this setting to the user, since it is the only partial fix.

The authors of the library recommend to not use maxactive unless absolutely necessary. Incorrect use will make your application more brittle and may have system-wide performance impact.

What's Changed

• map, prog: fix broken links by @boratanrikulu in #816
• program: clarify how to use VerifierError by @lmb in #819
• link: Allow kprobe multi to be disabled in kernel by @arthurfabre in #812
• Add IsPinned() to RawLink by @boratanrikulu in #817
• fix bad link to GitHub Discussions by @dmitris in #824
• internal: detect if /proc/self/auxv is not readable due to file caps by @lmb in #825
• btf: add support for marshaling Type and use it for Program and Map by @lmb in #796
• btf: support enum64 by @willfindlay in #820
• Add stringer to ebpf-builder by @lmb in #827
• asm: add .WithMetadata() for conveniently replacing individual Instructions by @ti-mo in #832
• prog: populate VerifierError.Truncate when LogLevel > 0 by @ti-mo in #834
• elf_reader: check if ELF is for BPF data by @florianl in #830
• map_test: clean up after tests and close maps by @florianl in #841
• btf: check for compatibility first when searching for a CO-RE field by @lmb in #852
• Set Program.name when constructing from file descriptor by @aibor in #849
• btf: do Datasec fixup on inflated types by @lmb in #860
• btf: distinguish 'map' and 'program' BTF by @ti-mo in #855
• program: return unwrapped VerifierError by @lmb in #851
• map: export MapSpec.Compatible by @olsajiri in #858
• btf: Remove deprecated {Map,Program}Spec.BTF field by @ti-mo in #864
• btf: fix some split BTF shortcomings by @lmb in #861
• Update dependencies for current Go versions by @thaJeztah in #866
• map: include generated pin path in newMapWithOptions error by @ti-mo in #870
• features: reuse internal.FeatureTest instead of open coding probes by @lmb in #776
• feat: support LSM prog type by @daemon1024 in #885
• bpf2go: write dependencies to temporary file to support Windows by @junjiexing in #865
• program: block SIGPROF during BPF_PROG_RUN by @lmb in #887
• btf: fix function doc typo by @rgo3 in #889
• link: add QueryPrograms API by @rgo3 in #867
• link: add maxactive for kretprobe by @alahaiyo in #755
• Add missing program type feature probes by @rgo3 in #890

New Contributors

• @boratanrikulu made their first contribution in #816
• @willfindlay made their first contribution in #820
• @aibor made their first contribution in #849
• @daemon1024 made their first contribution in #885
• @junjiexing made their first contribution in #865
• @alahaiyo made their first contribution in #755

Full Changelog: v0.9.3...v0.10.0

v0.9.3 - Prevent livelocks loading BPF programs while profiling

This is a bugfix release for an endless loop that could occur when running a pprof session while loading a BPF program.

@danobi published an article with a deep-dive into the problem: https://dxuuu.xyz/bpf-go-pprof.html.

If a thread receives a signal while blocked in BPF_PROG_LOAD, the verifier can cooperatively interrupt itself by checking pending signals for the thread and return -EAGAIN from the syscall to request userspace to retry.

During a Go pprof session, threads are routinely sent a SIGPROF to make them dump profiling information, which can lead to a runaway reaction if the program takes longer to verify than the interrupt frequency. To prevent this, the SIGPROF signal is now masked during BPF_PROG_LOAD.

What's Changed

• CI: test on 5.19 by @lmb in #793
• prep work for BTF marshaling by @lmb in #791
• cmd/bpf2go: test against clang-14 by default by @lmb in #794
• btf: fix IntEncoding by @lmb in #797
• bpf2go: use [16]byte instead of uint128 by @Benjamin-Yim in #799
• Semaphore: remove manual Go installation, expedite 'cache restore' by @ti-mo in #803
• Prevent pprof from causing BPF verifier livelocks by @ti-mo in #805
• bpf2go: add flag for alternative filename stem by @MarcusWichelmann in #770
• README: update to reflect the project's situation in H2 2022 by @ti-mo in #804
• sys: use SIG_BLOCK and SIG_UNBLOCK from x/sys/unix by @lmb in #807

New Contributors

• @Benjamin-Yim made their first contribution in #799
• @MarcusWichelmann made their first contribution in #770

Full Changelog: v0.9.2...v0.9.3