Add support for extensible maps.#4869
Conversation
saxena-anurag
requested review from
LakshK98,
dthaler,
matthewige,
mikeagun,
mtfriesen,
poornagmsft and
shankarseal
as code owners
| uint8_t* key_value_data; // Key followed by value in contiguous memory | ||
| } sample_hash_bucket_entry_t; | ||
|
|
||
| typedef struct _sample_hash_bucket |
There was a problem hiding this comment.
I'm not sure we should delegate implementation of a map to each extension; it is known to be quite tricky to implement a reliable and high performance RCU hash table.
There was a problem hiding this comment.
Hi, we had discussed this earlier, and the proposal was to let extensions implement the map, as these would typically be program type specific.
eBPF runtime will expose epoch based APIs for extension to utilize the RCU implementation in eBPFCore.
| ## 1 Overview | ||
| An "eBPF extension" is a Windows kernel driver or component that implements eBPF hooks or helper functions. The design | ||
| of eBPF for Windows is such that an extension providing an implementation for hooks and helper functions can be | ||
| An "eBPF extension" is a Windows kernel driver or component that implements eBPF hooks, helper functions and extensible maps. The design |
There was a problem hiding this comment.
To verify: So an extension can implement an extensible map but it cannot implement a non-extensible map? I'll observe that this document never defines the term "extensible map", so either define it or remove that term entirely. Line 30 says "program type specific map", should this line use that language?
| providers. | ||
| eBPF Extensions need to implement *provider modules* for three types of NPIs. They are the **Program Information NPI** | ||
| provider, **Hook NPI** provider and **Map Information NPI**. | ||
| **Map Information NPI** is optional and only needs to be implemented if an extension want to add support for a |
There was a problem hiding this comment.
| **Map Information NPI** is optional and only needs to be implemented if an extension want to add support for a | |
| **Map Information NPI** is optional and only needs to be implemented if an extension wants to add support for a |
grammar
| 3. Author any extensible maps. | ||
| 3. Invoke eBPF programs from hook(s). | ||
| 4. Register program and attach types. | ||
| 5. Register extensible map types, if any. |
There was a problem hiding this comment.
As before, should this say "program type specific map types" rather than "extensible map types"?
| The `dispatch_table` is a pointer to the provider dispatch table that the extension provides for operations on the supported maps. | ||
|
|
||
| #### Map ID | ||
| eBPF-for-Windows runtime supports some global map types. eBPF-for-Windows has reserved the map IDs 1 to 4095 (BPF_MAP_TYPE_MAX) for the global map types implemented in eBPF Core. Extensions need to use a map ID > BPF_MAP_TYPE_MAX for any extensible map they implement. |
There was a problem hiding this comment.
| eBPF-for-Windows runtime supports some global map types. eBPF-for-Windows has reserved the map IDs 1 to 4095 (BPF_MAP_TYPE_MAX) for the global map types implemented in eBPF Core. Extensions need to use a map ID > BPF_MAP_TYPE_MAX for any extensible map they implement. | |
| The eBPF-for-Windows runtime supports some global map types. eBPF-for-Windows has reserved the map IDs 1 to 4095 (BPF_MAP_TYPE_MAX) for the global map types implemented in eBPF Core. Extensions need to use a map ID > BPF_MAP_TYPE_MAX for any extensible map they implement. |
Also I think "Map ID" is the wrong term, since that's the ID for a specific map instance. I think you mean Map Type ID.
| eBPF-for-Windows runtime supports some global map types. eBPF-for-Windows has reserved the map IDs 1 to 4095 (BPF_MAP_TYPE_MAX) for the global map types implemented in eBPF Core. Extensions need to use a map ID > BPF_MAP_TYPE_MAX for any extensible map they implement. | ||
|
|
||
| Note: Though this is not required, extensions *can* register their map types by creating a pull request to eBPF-for-Windows | ||
| repo and updating `ebpf_map_type_t` enum in ebpf_structs.h. This helps in any map type collision with another extension. |
There was a problem hiding this comment.
| repo and updating `ebpf_map_type_t` enum in ebpf_structs.h. This helps in any map type collision with another extension. | |
| repo and updating the `ebpf_map_type_t` enum in ebpf_structs.h. This helps avoid any map type collision with another extension. |
| `ebpf_return_type_t` enums. | ||
|
|
||
| ### 2.8 Registering Program Types and Attach Types - eBPF Store | ||
| ### 2.9 Helper functions that use extensible maps. |
There was a problem hiding this comment.
| ### 2.9 Helper functions that use extensible maps. | |
| ### 2.9 Helper functions that use extensible maps |
| /** | ||
| * @brief eBPF map type. | ||
| * Global map types are defined in the range 1-4095. The range 4096-65535 is reserved | ||
| * for extensible map types. |
There was a problem hiding this comment.
I don't understand how this prevents collisions, and don't understand what happens if a collision can happen. Can we require a mechanism that doesn't have collisions, either by requiring global registration or using BTF IDs or something?
| typedef struct _ebpf_map_provider_data | ||
| { | ||
| ebpf_extension_header_t header; | ||
| uint32_t map_type; // Extensible map type implemented by the provider. |
There was a problem hiding this comment.
| uint32_t map_type; // Extensible map type implemented by the provider. | |
| uint32_t map_type; // Custom map type implemented by the provider. |
| } ebpf_map_provider_data_t; | ||
|
|
||
| /** | ||
| * @brief Extensible map client data. |
There was a problem hiding this comment.
| * @brief Extensible map client data. | |
| * @brief Custom map client data. |
Update to match PR #4882
| @@ -0,0 +1,191 @@ | |||
| // Copyright (c) eBPF for Windows contributors | |||
There was a problem hiding this comment.
Rename filename to ebpf_custom_maps.h
3 participants
Description
This pull request introduces support for extensible eBPF map types in the Windows eBPF extension framework. The changes add a new NPI provider for map information, define new structures and APIs for extensible map management, and update documentation to guide extension authors on implementing custom map types. These updates enable extensions to register and manage their own map types beyond those provided by the core eBPF runtime.
Extensible Map Support
EBPF_MAP_INFO_EXTENSION_IIDGUID. [1] [2]ebpf_map_provider_data_t,ebpf_map_client_data_t, and dispatch tables) and APIs for creating, deleting, and operating on extensible maps, including memory management via epoch-based APIs.ebpf_map_type_t) to reserve IDs 1–4095 for global map types and allow extensions to use IDs aboveBPF_MAP_TYPE_MAXfor their own map types. [1] [2]Documentation Updates
docs/eBpfExtensions.mdto describe the new extensible map support, including how to implement and register map types, the new NPI provider, and sample usage. [1] [2] [3] [4] [5]Miscellaneous
EBPF_MAP_FLAG_HELPER,EBPF_MAP_FIND_FLAG_DELETE).These changes collectively enable extension developers to create, register, and manage custom eBPF map types in Windows, expanding the flexibility and power of the eBPF extension ecosystem.
Testing
This PR adds new tests.
Documentation
Updated documentation.
Installation
No.