diff --git a/.azure/OneBranch.PullRequest.yml b/.azure/OneBranch.PullRequest.yml
new file mode 100644
index 0000000000..429b3d38c7
--- /dev/null
+++ b/.azure/OneBranch.PullRequest.yml
@@ -0,0 +1,370 @@
+# Copyright (c) Microsoft Corporation
+# SPDX-License-Identifier: MIT
+
+trigger:
+ ## disable batching of changes when a push happens.
+ batch: false
+ branches:
+ include:
+ - internal/main
+ - internal/release/*
+ - main
+ - release/*
+
+pr:
+- main
+- release/*
+
+schedules:
+- cron: '00 8 * * *'
+ displayName: Schedule CI/CD
+ branches:
+ include:
+ - main
+ always: true
+
+parameters: # parameters are shown up in ADO UI in a build queue time
+- name: 'debug'
+ displayName: 'Enable debug output'
+ type: boolean
+ default: false
+
+variables:
+ CDP_DEFINITION_BUILD_COUNT: $[counter('', 0)]
+ system.debug: ${{ parameters.debug }}
+ ENABLE_PRS_DELAYSIGN: 0
+ ROOT: $(Build.SourcesDirectory)
+ REPOROOT: $(Build.SourcesDirectory)
+ OUTPUTROOT: $(REPOROOT)\out
+ NUGET_XMLDOC_MODE: none
+
+ WindowsContainerImage: 'cdpxwin1809.azurecr.io/global/vse2022:latest' # Docker image which is used to build the project
+
+resources:
+ repositories:
+ - repository: templates
+ type: git
+ name: OneBranch.Pipelines/GovernedTemplates
+ ref: refs/heads/main
+
+
+jobs:
+
+# regular
+# Always run this job.
+- ${{ if in(variables['Build.Reason'], 'PullRequest', 'BatchedCI', 'IndividualCI', 'Schedule', 'Manual') }}:
+ - template: ./reusable-build.yml
+ parameters:
+ name: regular
+ build_artifact: Build-x64
+ generate_release_package: true
+ build_msi: true
+ build_nuget: true
+ build_options: /p:ReleaseJIT=True
+ configurations: ["Debug", "FuzzerDebug", "Release"]
+
+# regular_native_only
+# Always run this job.
+- ${{ if in(variables['Build.Reason'], 'PullRequest', 'BatchedCI', 'IndividualCI', 'Schedule', 'Manual') }}:
+ - template: ./reusable-build.yml
+ parameters:
+ name: regular_native_only
+ build_artifact: Build-x64-native-only
+ build_msi: true
+ build_nuget: true
+ configurations: ["NativeOnlyDebug", "NativeOnlyRelease"]
+
+# unit_tests
+# Always run this job.
+- ${{ if in(variables['Build.Reason'], 'PullRequest', 'BatchedCI', 'IndividualCI', 'Schedule', 'Manual') }}:
+ - template: ./reusable-test.yml
+ parameters:
+ name: unit_tests
+ pre_test: appverif -enable Exceptions Handles Heaps Leak Locks Memory SRWLock Threadpool TLS DangerousAPIs DirtyStacks TimeRollOver -for unit_tests.exe
+ test_command: '.\unit_tests.exe -d yes ~[processes]'
+ dependency: regular
+ build_artifact: Build-x64
+ environment: windows-2022
+ code_coverage: true
+ gather_dumps: true
+ capture_etw: true
+ leak_detection: true
+
+# netebpfext_unit_tests
+# Always run this job.
+- ${{ if in(variables['Build.Reason'], 'PullRequest', 'BatchedCI', 'IndividualCI', 'Schedule', 'Manual') }}:
+ - template: ./reusable-test.yml
+ parameters:
+ name: netebpfext_unit_tests
+ pre_test: appverif -enable Exceptions Handles Heaps Leak Locks Memory SRWLock Threadpool TLS DangerousAPIs DirtyStacks TimeRollOver -for netebpfext_unit.exe
+ test_command: '.\netebpfext_unit.exe -d yes'
+ dependency: regular
+ build_artifact: Build-x64
+ environment: windows-2022
+ code_coverage: true
+ gather_dumps: true
+ capture_etw: true
+ leak_detection: true
+
+# bpf2c
+# Always run this job.
+- ${{ if in(variables['Build.Reason'], 'PullRequest', 'BatchedCI', 'IndividualCI', 'Schedule', 'Manual') }}:
+ - template: ./reusable-test.yml
+ parameters:
+ name: bpf2c
+ test_command: '.\bpf2c_tests.exe -d yes'
+ dependency: regular
+ build_artifact: Build-x64
+ environment: windows-2022
+ vs_dev: true
+ code_coverage: true
+ gather_dumps: true
+ capture_etw: true
+
+# bpf2c_conformance
+# Always run this job.
+- ${{ if in(variables['Build.Reason'], 'PullRequest', 'BatchedCI', 'IndividualCI', 'Schedule', 'Manual') }}:
+ - template: ./reusable-test.yml
+ parameters:
+ name: bpf2c_conformance
+ pre_test: 'powershell.exe Invoke-WebRequest https://github.com/Alan-Jowett/bpf_conformance/releases/download/v0.0.6/bpf_conformance_runner.exe -OutFile bpf_conformance_runner.exe'
+ test_command: '.\bpf_conformance_runner.exe --test_file_directory $(Build.SourcesDirectory)\$(PROJECT_NAME)\external\ebpf-verifier\external\bpf_conformance\tests --cpu_version v3 --exclude_regex lock* --plugin_path bpf2c_plugin.exe --debug true --plugin_options "--include $(Build.SourcesDirectory)\$(PROJECT_NAME)\include"'
+ dependency: regular
+ build_artifact: Build-x64
+ environment: windows-2022
+ vs_dev: true
+ code_coverage: true
+ gather_dumps: true
+ capture_etw: true
+
+# Run the fault injection simulator.
+# Always run this job.
+- ${{ if in(variables['Build.Reason'], 'PullRequest', 'BatchedCI', 'IndividualCI', 'Schedule', 'Manual') }}:
+ - template: ./reusable-test.yml
+ parameters:
+ name: fault_injection
+ test_command: '.\unit_tests.exe'
+ dependency: regular
+ build_artifact: Build-x64
+ environment: windows-2022
+ code_coverage: true
+ gather_dumps: true
+ fault_injection: true
+ leak_detection: true
+
+# Run the fault injection simulator for netebpfext_unit tests.
+# Always run this job.
+- ${{ if in(variables['Build.Reason'], 'PullRequest', 'BatchedCI', 'IndividualCI', 'Schedule', 'Manual') }}:
+ - template: ./reusable-test.yml
+ parameters:
+ name: fault_injection_netebpfext_unit
+ test_command: '.\netebpfext_unit.exe'
+ dependency: regular
+ build_artifact: Build-x64
+ environment: windows-2022
+ code_coverage: true
+ gather_dumps: true
+ fault_injection: true
+ leak_detection: true
+
+# Additional jobs to run on pull and schedule only (skip push).
+# ---------------------------------------------------------------------------
+# Build with C++ static analyzer.
+# Only run on schedule and pull request.
+- ${{ if in(variables['Build.Reason'], 'PullRequest', 'Schedule', 'Manual') }}:
+ - template: ./reusable-build.yml
+ parameters:
+ name: analyze
+ build_artifact: Build-x64-Analyze
+ # Analysis on external projects is conditional, as on small CI/CD VMs the compiler can run OOM
+ build_options: /p:Analysis=True /p:AnalysisOnExternal=False
+
+# Build with C++ address sanitizer.
+# Only run on schedule and pull request.
+- ${{ if in(variables['Build.Reason'], 'PullRequest', 'Schedule', 'Manual') }}:
+ - template: ./reusable-build.yml
+ parameters:
+ name: sanitize
+ build_artifact: Build-x64-Sanitize
+ build_options: /p:AddressSanitizer=True
+
+# bpf2c_fuzzer
+# Only run on pull request.
+- ${{ if in(variables['Build.Reason'], 'PullRequest') }}:
+ - template: ./reusable-test.yml
+ parameters:
+ name: bpf2c_fuzzer
+ test_command: '.\bpf2c_fuzzer.exe bpf2c_fuzzer_corpus -use_value_profile=1 -max_total_time=300 -artifact_prefix=Artifacts\'
+ dependency: regular
+ build_artifact: Build-x64
+ environment: windows-2022
+ code_coverage: false
+ gather_dumps: true
+ configurations: ["FuzzerDebug"]
+
+# bpf2c_fuzzer_scheduled
+# Only run on schedule.
+- ${{ if in(variables['Build.Reason'], 'Schedule', 'Manual') }}:
+ - template: ./reusable-test.yml
+ parameters:
+ name: bpf2c_fuzzer
+ test_command: '.\bpf2c_fuzzer.exe bpf2c_fuzzer_corpus -use_value_profile=1 -max_total_time=900 -artifact_prefix=Artifacts\'
+ dependency: regular
+ build_artifact: Build-x64
+ environment: windows-2022
+ code_coverage: false
+ gather_dumps: true
+ configurations: ["FuzzerDebug"]
+
+# execution_context_fuzzer
+# Only run on schedule and pull request.
+- ${{ if in(variables['Build.Reason'], 'PullRequest', 'Schedule', 'Manual') }}:
+ - template: ./reusable-test.yml
+ parameters:
+ name: execution_context_fuzzer
+ test_command: '.\execution_context_fuzzer.exe execution_context_fuzzer_corpus -use_value_profile=1 -runs=3000 -artifact_prefix=Artifacts\'
+ dependency: regular
+ build_artifact: Build-x64
+ environment: windows-2022
+ code_coverage: false
+ gather_dumps: true
+ configurations: ["FuzzerDebug"]
+
+# Run the verifier fuzzer.
+# Only run on pull request.
+- ${{ if in(variables['Build.Reason'], 'PullRequest') }}:
+ - template: ./reusable-test.yml
+ parameters:
+ name: verifier_fuzzer
+ test_command: '.\verifier_fuzzer.exe verifier_corpus -use_value_profile=1 -max_total_time=300 -artifact_prefix=Artifacts\'
+ dependency: regular
+ build_artifact: Build-x64
+ environment: windows-2022
+ code_coverage: false
+ gather_dumps: true
+ configurations: ["FuzzerDebug"]
+
+# Run the verifier fuzzer.
+# Only run on schedule.
+- ${{ if in(variables['Build.Reason'], 'Schedule', 'Manual') }}:
+ - template: ./reusable-test.yml
+ parameters:
+ name: verifier_fuzzer
+ test_command: '.\verifier_fuzzer.exe verifier_corpus -use_value_profile=1 -max_total_time=900 -artifact_prefix=Artifacts\'
+ dependency: regular
+ build_artifact: Build-x64
+ environment: windows-2022
+ code_coverage: false
+ gather_dumps: true
+ configurations: ["FuzzerDebug"]
+
+# core_helper_fuzzer
+# Only run on schedule and pull request.
+- ${{ if in(variables['Build.Reason'], 'PullRequest', 'Schedule', 'Manual') }}:
+ - template: ./reusable-test.yml
+ parameters:
+ name: core_helper_fuzzer
+ test_command: '.\core_helper_fuzzer core_helper_corpus -max_len=139 -runs=1000 -use_value_profile=1 -artifact_prefix=Artifacts\'
+ dependency: regular
+ build_artifact: Build-x64
+ environment: windows-2022
+ code_coverage: false
+ gather_dumps: true
+ configurations: ["FuzzerDebug"]
+
+# netebpfext_fuzzer
+# Only run on schedule and pull request.
+- ${{ if in(variables['Build.Reason'], 'PullRequest', 'Schedule', 'Manual') }}:
+ - template: ./reusable-test.yml
+ parameters:
+ name: netebpfext_fuzzer
+ test_command: '.\netebpfext_fuzzer netebpfext_corpus -max_len=12 -runs=1000 -use_value_profile=1 -artifact_prefix=Artifacts\'
+ dependency: regular
+ build_artifact: Build-x64
+ environment: windows-2022
+ code_coverage: false
+ gather_dumps: true
+ configurations: ["FuzzerDebug"]
+
+# cilium_tests
+# Run Cilium regression tests.
+# Only run on schedule and pull request.
+- ${{ if in(variables['Build.Reason'], 'PullRequest', 'Schedule', 'Manual') }}:
+ - template: ./reusable-test.yml
+ parameters:
+ name: cilium_tests
+ test_command: '.\cilium_tests.exe -d yes'
+ dependency: regular
+ build_artifact: Build-x64
+ environment: windows-2022
+ code_coverage: false
+ gather_dumps: true
+
+# Run the quick stress tests
+# Only run on schedule and pull request.
+- ${{ if in(variables['Build.Reason'], 'PullRequest', 'Schedule', 'Manual') }}:
+ - template: ./reusable-test.yml
+ parameters:
+ name: stress
+ test_command: '.\ebpf_performance.exe'
+ dependency: regular
+ build_artifact: Build-x64
+ environment: windows-2022
+ code_coverage: false
+ gather_dumps: true
+
+# Run the unit tests with address sanitizer.
+# Only run on schedule and pull request.
+- ${{ if in(variables['Build.Reason'], 'PullRequest', 'Schedule', 'Manual') }}:
+ - template: ./reusable-test.yml
+ parameters:
+ name: sanitize_unit_tests
+ # Exclude [processes] test that ASAN can't work with.
+ test_command: '.\unit_tests.exe -d yes ~[processes]'
+ dependency: sanitize
+ build_artifact: Build-x64-Sanitize
+ environment: windows-2022
+ gather_dumps: true
+ capture_etw: true
+
+# Run the complete fault injection simulator.
+# Runs on a schedule as this takes a long time to run.
+- ${{ if in(variables['Build.Reason'], 'Schedule', 'Manual') }}:
+ - template: ./reusable-test.yml
+ parameters:
+ name: fault_injection_full
+ test_command: '.\unit_tests.exe -d yes'
+ dependency: regular
+ build_artifact: Build-x64
+ environment: windows-2022
+ gather_dumps: true
+ fault_injection: true
+ leak_detection: true
+
+# Run the complete fault injection simulator for netebpfext.
+# Runs on a schedule as this takes a long time to run.
+- ${{ if in(variables['Build.Reason'], 'Schedule', 'Manual') }}:
+ - template: ./reusable-test.yml
+ parameters:
+ name: netebpfext_fault_injection_full
+ test_command: '.\netebpfext_unit.exe -d yes'
+ dependency: regular
+ build_artifact: Build-x64
+ environment: windows-2022
+ gather_dumps: true
+ fault_injection: true
+ leak_detection: true
+
+# Run multi-threaded stress tests against the user mode 'mock' framework.
+# Runs on a schedule as this takes a long time to run.
+- ${{ if in(variables['Build.Reason'], 'Schedule', 'Manual') }}:
+ - template: ./reusable-test.yml
+ parameters:
+ name: user_mode_multi_threaded_stress_test
+ test_command: '.\ebpf_stress_tests_um -tt=32 -td=10'
+ dependency: regular
+ build_artifact: Build-x64
+ environment: windows-2022
+ gather_dumps: true
+ leak_detection: false
+ capture_etw: true
diff --git a/.azure/reusable-build.yml b/.azure/reusable-build.yml
new file mode 100644
index 0000000000..86e6ac7c14
--- /dev/null
+++ b/.azure/reusable-build.yml
@@ -0,0 +1,203 @@
+# Copyright (c) Microsoft Corporation
+# SPDX-License-Identifier: MIT
+
+# This workflow performs a build of the project and uploads the result as a build artifact.
+
+parameters:
+ # Name associated with the output of this build.
+ - name: build_artifact
+ type: string
+ # Name of the job
+ - name: name
+ type: string
+ # Additional options passed to msbuild.
+ - name: build_options
+ type: string
+ default: ''
+ - name: generate_release_package
+ type: boolean
+ default: false
+ - name: build_codeql
+ type: boolean
+ default: false
+ - name: build_msi
+ type: boolean
+ default: false
+ - name: build_nuget
+ type: boolean
+ default: false
+ - name: cxx_flags
+ type: string
+ default: ''
+ - name: ld_flags
+ type: string
+ default: ''
+ - name: configurations
+ type: object
+ default: ["Debug", "Release"]
+
+
+jobs:
+ - job: '${{parameters.name}}'
+ timeoutInMinutes: 90
+
+ strategy:
+ matrix:
+ ${{ each configuration in parameters.configurations }}:
+ ${{ configuration }}:
+ buildConfiguration: ${{ configuration }}
+
+ pool:
+ vmImage: 'windows-2022'
+ type: windows
+
+ variables:
+ # Path to the solution file relative to the root of the project.
+ SOLUTION_FILE_PATH: ebpf-for-windows.sln
+ BUILD_ARTIFACT_NAME: ${{parameters.build_artifact}}
+ BUILD_CONFIGURATION: $(buildConfiguration)
+ BUILD_PLATFORM: x64
+ BUILD_OPTIONS: ${{parameters.build_options}}
+ CXX_FLAGS: ${{parameters.cxx_flags}}
+ LD_FLAGS: ${{parameters.ld_flags}}
+ MSBUILD_PATH: 'C:\Program Files\Microsoft Visual Studio\2022\Enterprise\MSBuild\Current\Bin\amd64'
+ VSVARS64_PATH: 'C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build'
+ GDN_CODESIGN_TARGETDIRECTORY: '$(Build.SourcesDirectory)/$(BUILD_PLATFORM)/$(buildConfiguration)'
+
+ steps:
+ - script: |
+ call "$(VSVARS64_PATH)\vcvars64.bat"
+ echo "##vso[task.setvariable variable=msvc_tools_path;isOutput=true]%VCToolsInstallDir%"
+ echo "##vso[task.setvariable variable=msvc_tools_version;isOutput=true]%VCToolsVersion%"
+ name: msvc_variables
+ displayName: 'Set MSVC Environment Variables'
+
+ - powershell: |
+ $value = "true"
+ Write-Host "##vso[task.setvariable variable=ASAN_WIN_CONTINUE_ON_INTERCEPTION_FAILURE;]$value"
+ workingDirectory: $(Build.SourcesDirectory)
+ displayName: 'Set ASAN_WIN_CONTINUE_ON_INTERCEPTION_FAILURE'
+
+ - checkout: self
+ displayName: 'Checkout Repo'
+ submodules: 'recursive'
+ fetchDepth: 0
+
+ - bash: |
+ echo "*** All environment variables ***"
+ env | sort
+ workingDirectory: $(Build.SourcesDirectory)
+ displayName: 'Dump Environment variables'
+
+ - script: |
+ echo ##vso[task.prependpath]C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Tools\llvm\bin
+ displayName: 'Set path'
+
+ - task: PowerShell@2
+ displayName: 'Log CLANG version'
+ inputs:
+ targetType: 'inline'
+ script: |
+ clang --version
+
+ - powershell: |
+ .\scripts\initialize_ebpf_repo.ps1
+ workingDirectory: $(Build.SourcesDirectory)
+ displayName: 'Configuring repo for first build'
+
+ - script: |
+ "$(MSBUILD_PATH)\msbuild.exe" /m /p:Configuration=$(BUILD_CONFIGURATION) /p:Platform=$(BUILD_PLATFORM) $(SOLUTION_FILE_PATH) $(BUILD_OPTIONS)
+ workingDirectory: $(Build.SourcesDirectory)
+ displayName: 'Build'
+
+ - script: |
+ copy "$(msvc_variables.msvc_tools_path)\bin\Hostx64\x64\clang*"" .
+ workingDirectory: $(Build.SourcesDirectory)/$(BUILD_PLATFORM)/$(buildConfiguration)
+ displayName: 'Copy LLVM libs for Fuzzing & Address Sanitizing'
+
+ - powershell: |
+ Invoke-WebRequest https://github.com/microsoft/ebpf-for-windows-demo/releases/download/v0.0.2/$(BUILD_PLATFORM)-Debug-cilium-xdp.zip -OutFile x64-$(BUILD_CONFIGURATION)-cilium-xdp.zip
+ workingDirectory: $(Build.SourcesDirectory)
+ condition: or(eq(variables.buildConfiguration, 'Debug'), eq(variables.buildConfiguration, 'NativeOnlyDebug'))
+ displayName: 'Download demo Debug repository'
+
+ - powershell: |
+ Invoke-WebRequest https://github.com/microsoft/ebpf-for-windows-demo/releases/download/v0.0.2/$(BUILD_PLATFORM)-Release-cilium-xdp.zip -OutFile x64-$(BUILD_CONFIGURATION)-cilium-xdp.zip
+ workingDirectory: $(Build.SourcesDirectory)
+ condition: or(eq(variables.buildConfiguration, 'Release'), eq(variables.buildConfiguration, 'NativeOnlyRelease'))
+ displayName: 'Download demo Release repository'
+
+ - script: |
+ tar -xf ..\..\x64-$(BUILD_CONFIGURATION)-cilium-xdp.zip
+ workingDirectory: $(Build.SourcesDirectory)/$(BUILD_PLATFORM)/$(buildConfiguration)
+ condition: ne(variables.buildConfiguration, 'FuzzerDebug')
+ displayName: 'Extract artifacts to build path'
+
+ - publish: $(Build.SourcesDirectory)/$(BUILD_PLATFORM)/$(buildConfiguration)
+ artifact: "${{parameters.build_artifact}} $(buildConfiguration)"
+ displayName: 'Upload Build Output'
+
+ - publish: $(Build.SourcesDirectory)/$(BUILD_PLATFORM)/$(buildConfiguration)/ebpf-for-windows.msi
+ artifact: "ebpf-for-windows - MSI installer (${{parameters.build_artifact}}_$(buildConfiguration))"
+ condition: and(eq('${{parameters.build_msi}}', 'true'), ne(variables.buildConfiguration, 'FuzzerDebug'))
+ displayName: 'Upload the MSI installer'
+
+ # Locate and upload the VM Extension package
+ - bash: |
+ echo "##vso[task.setvariable variable=REL_VM_EXTENSION_PACKAGE_PATH;isOutput=true]$(ls $(BUILD_PLATFORM)/$(BUILD_CONFIGURATION)/Microsoft.EbpfForWindows.EbpfForWindows.*.zip)"
+ condition: eq(variables.buildConfiguration, 'NativeOnlyRelease')
+ name: vm_extension_package
+ displayName: 'Locate the VM Extension package'
+
+ - publish: $(vm_extension_package.REL_VM_EXTENSION_PACKAGE_PATH)
+ artifact: "ebpf-for-windows - VM Extension package (${{parameters.build_artifact}}_$(buildConfiguration))"
+ condition: eq(variables.buildConfiguration, 'NativeOnlyRelease')
+ displayName: 'Upload the VM Extension package'
+
+ # Locate and upload the Redist NuGet package
+ - bash: |
+ echo "##vso[task.setvariable variable=REL_REDIST_NUGET_PACKAGE_PATH;isOutput=true]$(ls $(BUILD_PLATFORM)/$(BUILD_CONFIGURATION)/eBPF-for-Windows-Redist.*.nupkg)"
+ condition: eq(variables.buildConfiguration, 'NativeOnlyRelease')
+ name: redist_nuget_package
+ displayName: 'Locate the Redist NuGet package'
+
+ - publish: $(redist_nuget_package.REL_REDIST_NUGET_PACKAGE_PATH)
+ artifact: "ebpf-for-windows - Redist package (${{parameters.build_artifact}}_$(buildConfiguration))"
+ condition: eq(variables.buildConfiguration, 'NativeOnlyRelease')
+ displayName: 'Upload the Redist NuGet package'
+
+ # Build, locate and upload the development NuGet package
+ - script: |
+ "$(MSBUILD_PATH)\msbuild.exe" /m /p:Configuration="$(BUILD_CONFIGURATION)" /p:Platform="$(BUILD_PLATFORM)" "$(SOLUTION_FILE_PATH)" "$(BUILD_OPTIONS)" /t:tools\nuget
+ condition: and(eq(variables.buildConfiguration, 'Release'), eq('${{parameters.build_nuget}}', 'true'))
+ workingDirectory: $(Build.SourcesDirectory)
+ displayName: 'Build the development NuGet package'
+
+ - bash: |
+ echo "##vso[task.setvariable variable=REL_NUGET_PACKAGE_PATH;isOutput=true]$(ls $(BUILD_PLATFORM)/$(BUILD_CONFIGURATION)/eBPF-for-Windows.*.nupkg)"
+ condition: and(eq(variables.buildConfiguration, 'Release'), eq('${{parameters.build_nuget}}', 'true'))
+ name: nuget_package
+ displayName: 'Locate the development NuGet package'
+
+ - publish: $(nuget_package.REL_NUGET_PACKAGE_PATH)
+ artifact: 'ebpf-for-windows nuget'
+ condition: and(eq(variables.buildConfiguration, 'Release'), eq('${{parameters.build_nuget}}', 'true'), eq('${{parameters.build_artifact}}', 'Build-x64'))
+ displayName: 'Upload the development NuGet package'
+
+ - publish: $(nuget_package.REL_NUGET_PACKAGE_PATH)
+ artifact: 'ebpf-for-windows-native nuget'
+ condition: and(eq(variables.buildConfiguration, 'Release'), eq('${{parameters.build_nuget}}', 'true'), eq('${{parameters.build_artifact}}', 'Build-x64-native-only'))
+ displayName: 'Upload the development NuGet package'
+
+ - powershell: |
+ .\scripts\onebranch\onefuzz-prep.ps1 -BuildPath $(Build.SourcesDirectory)/$(BUILD_PLATFORM)/$(buildConfiguration) -OneFuzzDirectory $(Build.SourcesDirectory)/$(BUILD_PLATFORM)/onefuzz -OneFuzzConfigFile $(Build.SourcesDirectory)/.onefuzz/OneFuzzConfig.json
+ condition: eq(variables.buildConfiguration, 'FuzzerDebug')
+ displayName: 'Prepare OneFuzz directory'
+
+ - task: onefuzz-task@0
+ condition: eq(variables.buildConfiguration, 'FuzzerDebug')
+ inputs:
+ onefuzzOSes: 'windows'
+ env:
+ onefuzzDropDirectory: $(Build.SourcesDirectory)/$(BUILD_PLATFORM)/onefuzz
+ SYSTEM_ACCESSTOKEN: $(System.AccessToken)
\ No newline at end of file
diff --git a/.azure/reusable-test.yml b/.azure/reusable-test.yml
new file mode 100644
index 0000000000..bef4ec042c
--- /dev/null
+++ b/.azure/reusable-test.yml
@@ -0,0 +1,295 @@
+# Copyright (c) Microsoft Corporation
+# SPDX-License-Identifier: MIT
+
+# This workflow executes a single test, optionally gathering code coverage and logs.
+
+parameters:
+ - name: name
+ type: string
+ # Job dependency
+ - name: dependency
+ type: string
+ # The test command to invoke.
+ - name: test_command
+ type: string
+ # The name of the build artifact to download.
+ - name: build_artifact
+ type: string
+ # The environment to run this test on.
+ - name: environment
+ type: string
+ # Set to true to gather code coverage when this test runs.
+ - name: code_coverage
+ type: boolean
+ default: false
+ # Set to true to gather and upload memory dumps if a test process crashes.
+ - name: gather_dumps
+ type: boolean
+ default: false
+ - name: pre_test
+ type: string
+ default: ''
+ - name: post_test
+ type: string
+ default: ''
+ - name: capture_etw
+ type: boolean
+ default: false
+ # Set to true to use Visual Studio Developer command shell.
+ - name: vs_dev
+ type: boolean
+ default: false
+ - name: fault_injection
+ type: boolean
+ default: false
+ - name: leak_detection
+ type: boolean
+ default: false
+ - name: configurations
+ type: object
+ default: ["Debug", "Release"]
+
+jobs:
+ - job: ${{parameters.name}}
+ dependsOn: ${{parameters.dependency}}
+ timeoutInMinutes: 90
+
+ strategy:
+ matrix:
+ ${{ each configuration in parameters.configurations }}:
+ ${{ configuration }}:
+ buildConfiguration: ${{ configuration }}
+
+ pool:
+ vmImage: ${{parameters.environment}}
+ type: windows
+
+ variables:
+ # Configuration type to build.
+ PROJECT_NAME: ebpf-for-windows
+ NAME: ${{parameters.name}}
+ BUILD_CONFIGURATION: $(buildConfiguration)
+ BUILD_PLATFORM: x64
+ TEST_COMMAND: ${{parameters.test_command}}
+ PRE_COMMAND: ${{parameters.pre_test}}
+ POST_COMMAND: ${{parameters.post_test}}
+ USERSIM_MEMORY_LEAK_DETECTION: ${{parameters.leak_detection}}
+ # Skip Codesign Validation task, as ths is a test job.
+ runCodesignValidationInjection: false
+ DUMP_PATH: c:\dumps\$(BUILD_PLATFORM)\$(BUILD_CONFIGURATION)
+ TEST_TIMEOUT: 3600 # 1 hour timeout for tests.
+
+ steps:
+ # Checking out the branch is needed to gather correct code coverage data.
+ - checkout: self
+ submodules: 'recursive'
+ fetchDepth: 0
+ # Only check out source code if code coverage is being gathered.
+ condition: eq('${{parameters.code_coverage}}', 'true')
+ displayName: 'Checkout Repo'
+
+ # Perform shallow checkout for self-hosted runner.
+ - checkout: self
+ fetchDepth: 0
+ condition: eq('${{parameters.environment}}', 'ebpf_cicd_tests')
+ displayName: 'Shallow Checkout Repo'
+
+ - powershell: |
+ $value = "true"
+ Write-Host "##vso[task.setvariable variable=ASAN_WIN_CONTINUE_ON_INTERCEPTION_FAILURE;]$value"
+ $value = "allocator_may_return_null=1"
+ Write-Host "##vso[task.setvariable variable=ASAN_OPTIONS;]$value"
+ workingDirectory: $(Build.SourcesDirectory)
+ displayName: 'Set ASAN_WIN_CONTINUE_ON_INTERCEPTION_FAILURE'
+
+ - bash: |
+ choco install -y procdump
+ where procdump.exe
+ condition: eq('${{parameters.gather_dumps}}', 'true')
+ name: install_procdump
+ displayName: 'Install ProcDump'
+
+ - bash: |
+ choco install -y --requirechecksum=true --checksum=2295A733DA39412C61E4F478677519DD0BB1893D88313CE56B468C9E50517888 --checksum-type=sha256 OpenCppCoverage
+ echo '##vso[task.prependpath]C:\Program Files\OpenCppCoverage'
+ condition: and(eq('${{parameters.code_coverage}}', 'true'), ne('${{parameters.environment}}', 'ebpf_cicd_tests'))
+ name: set_up_opencppcoverage
+ displayName: 'Set up OpenCppCoverage and add to PATH'
+
+ - bash: |
+ echo "*** All environment variables ***"
+ env | sort
+ workingDirectory: $(Build.SourcesDirectory)
+ displayName: 'Dump Environment variables'
+
+ - powershell: |
+ mkdir $(DUMP_PATH)
+ New-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps" -ErrorAction SilentlyContinue
+ New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps" -Name "DumpType" -Value 2 -PropertyType DWord -ErrorAction SilentlyContinue
+ $dump_path = "$(DUMP_PATH)".Replace("/", "\")
+ New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps" -Name "DumpFolder" -Value "$dump_path" -PropertyType ExpandString -ErrorAction SilentlyContinue
+ condition: eq('${{parameters.gather_dumps}}', 'true')
+ name: configure_windows_error_reporting
+ displayName: 'Configure Windows Error Reporting to make a local copy of any crashes that occur'
+
+ - powershell: |
+ Remove-Item -Path $(Build.SourcesDirectory)\$(BUILD_PLATFORM)\$(BUILD_CONFIGURATION) -Recurse -Force -ErrorAction SilentlyContinue
+ condition: eq('${{parameters.environment}}', 'ebpf_cicd_tests')
+ displayName: Remove existing artifacts
+
+ - download: current
+ artifact: "${{parameters.build_artifact}} $(buildConfiguration)"
+ condition: succeeded()
+ name: download_artifact
+ displayName: "Download build artifact"
+
+ - powershell: |
+ mkdir $(Build.SourcesDirectory)\$(PROJECT_NAME)\$(BUILD_PLATFORM)\$(BUILD_CONFIGURATION)\
+ cd $(Build.ArtifactStagingDirectory)
+ cd ..
+ $source = ".\${{parameters.build_artifact}} $(buildConfiguration)"
+ $destination = "$(Build.SourcesDirectory)\$(PROJECT_NAME)\$(BUILD_PLATFORM)\$(BUILD_CONFIGURATION)"
+ Get-ChildItem $source | Copy-Item -Destination $destination -Recurse -filter *.*
+ displayName: Copy build artifacts to correct path
+
+ - script: |
+ mkdir "$(Build.SourcesDirectory)\$(PROJECT_NAME)\$(BUILD_PLATFORM)\$(BUILD_CONFIGURATION)\Artifacts"
+ displayName: Create generated artifact folder
+
+ - script: |
+ mkdir $(Build.SourcesDirectory)\$(PROJECT_NAME)\$(BUILD_PLATFORM)\$(BUILD_CONFIGURATION)\TestLogs
+ wpr.exe -start $(Build.SourcesDirectory)\$(PROJECT_NAME)\$(BUILD_PLATFORM)\$(BUILD_CONFIGURATION)\ebpfforwindows.wprp -filemode
+ condition: eq('${{parameters.capture_etw}}', 'true')
+ name: start_etw_tracing
+ displayName: Start ETW tracing
+
+ - script: |
+ .\export_program_info.exe --clear
+ .\export_program_info.exe
+ workingDirectory: $(Build.SourcesDirectory)/$(PROJECT_NAME)/$(BUILD_PLATFORM)/$(BUILD_CONFIGURATION)
+ name: configure_ebpf_store
+ displayName: Configure eBPF store
+
+ - script: |
+ .\export_program_info_sample.exe --clear
+ .\export_program_info_sample.exe
+ workingDirectory: $(Build.SourcesDirectory)/$(PROJECT_NAME)/$(BUILD_PLATFORM)/$(BUILD_CONFIGURATION)
+ condition: ne(variables.buildConfiguration, 'FuzzerDebug')
+ name: configure_ebpf_store_sample
+ displayName: Configure eBPF store (undocked)
+
+ - script: |
+ $(PRE_COMMAND)
+ workingDirectory: $(Build.SourcesDirectory)/$(PROJECT_NAME)/$(BUILD_PLATFORM)/$(BUILD_CONFIGURATION)
+ name: run_pre_test_command
+ displayName: Run pre test command
+
+ - script: |
+ call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\Common7\Tools\VsDevCmd.bat"
+ set EBPF_ENABLE_WER_REPORT=yes
+ OpenCppCoverage.exe -q --cover_children --sources $(Build.SourcesDirectory)\$(PROJECT_NAME) --excluded_sources $(Build.SourcesDirectory)\$(PROJECT_NAME)\external\Catch2 --export_type cobertura:ebpf_for_windows.xml --working_dir $(BUILD_PLATFORM)\$(BUILD_CONFIGURATION) -- $(BUILD_PLATFORM)\$(BUILD_CONFIGURATION)\$(TEST_COMMAND)
+ workingDirectory: $(Build.SourcesDirectory)/$(PROJECT_NAME)
+ condition: and(eq('${{parameters.code_coverage}}', 'true'), eq('${{parameters.vs_dev}}', 'true'))
+ name: run_test_with_code_coverage_in_vs_dev
+ displayName: Run test with Code Coverage in VS Dev environment
+
+ - script: |
+ OpenCppCoverage.exe -q --cover_children --sources $(Build.SourcesDirectory)\$(PROJECT_NAME) --excluded_sources $(Build.SourcesDirectory)\$(PROJECT_NAME)\external\Catch2 --export_type cobertura:ebpf_for_windows.xml --working_dir $(BUILD_PLATFORM)\$(BUILD_CONFIGURATION) -- powershell.exe .\Test-FaultInjection.ps1 $(DUMP_PATH) $(TEST_TIMEOUT) $(TEST_COMMAND) 4
+ workingDirectory: $(Build.SourcesDirectory)/$(PROJECT_NAME)
+ condition: and(eq('${{parameters.code_coverage}}', 'true'), eq('${{parameters.fault_injection}}', 'true'))
+ name: run_test_with_code_coverage_with_fault_injection
+ displayName: Run test with Code Coverage and low resource simulation
+
+ - script: |
+ powershell.exe .\Test-FaultInjection.ps1 $(DUMP_PATH) $(TEST_TIMEOUT) $(TEST_COMMAND) 16
+ workingDirectory: $(Build.SourcesDirectory)/$(PROJECT_NAME)/$(BUILD_PLATFORM)/$(BUILD_CONFIGURATION)
+ condition: and(ne('${{parameters.code_coverage}}', 'true'), eq('${{parameters.fault_injection}}', 'true'))
+ name: run_test_with_fault_injection
+ displayName: Run test with low resource simulation
+
+ - script: |
+ set EBPF_ENABLE_WER_REPORT=yes
+ OpenCppCoverage.exe -q --sources $(Build.SourcesDirectory)\$(PROJECT_NAME) --excluded_sources $(Build.SourcesDirectory)\$(PROJECT_NAME)\external\Catch2 --export_type cobertura:ebpf_for_windows.xml --working_dir $(BUILD_PLATFORM)\$(BUILD_CONFIGURATION) -- powershell .\Run-Test.ps1 $(DUMP_PATH) $(TEST_TIMEOUT) $(TEST_COMMAND)
+ workingDirectory: $(Build.SourcesDirectory)/$(PROJECT_NAME)
+ condition: and(eq('${{parameters.code_coverage}}', 'true'), ne('${{parameters.vs_dev}}', 'true'), ne('${{parameters.fault_injection}}', 'true'))
+ name: run_test_with_code_coverage
+ displayName: Run test with Code Coverage
+
+ - script: |
+ $(TEST_COMMAND)
+ workingDirectory: $(Build.SourcesDirectory)/$(PROJECT_NAME)/$(BUILD_PLATFORM)/$(BUILD_CONFIGURATION)
+ condition: eq('${{parameters.code_coverage}}', 'false')
+ name: run_test_without_code_coverage
+ displayName: Run test without Code Coverage
+
+ - script: |
+ $(POST_COMMAND)
+ condition: succeededOrFailed()
+ workingDirectory: $(Build.SourcesDirectory)/$(PROJECT_NAME)/$(BUILD_PLATFORM)/$(BUILD_CONFIGURATION)
+ name: run_post_test_command
+ displayName: Run post test command
+
+ - powershell: |
+ $fileExists = Test-Path -Path "$(Build.SourcesDirectory)\$(PROJECT_NAME)\ebpf_for_windows.xml"
+ Write-Output "##vso[task.setvariable variable=FileExists;isOutput=true]$fileExists"
+ name: check_coverage
+ displayName: Check for CodeCoverage
+
+ - task: PublishCodeCoverageResults@1
+ inputs:
+ codeCoverageTool: 'Cobertura'
+ summaryFileLocation: $(Build.SourcesDirectory)/$(PROJECT_NAME)/ebpf_for_windows.xml
+ pathToSources: $(Build.SourcesDirectory)/$(PROJECT_NAME)
+ condition: eq(variables['check_coverage.FileExists'], 'True')
+ displayName: Upload Code Coverage Report
+
+ - script: |
+ wpr.exe -stop $(Build.SourcesDirectory)\$(PROJECT_NAME)\$(BUILD_PLATFORM)\$(BUILD_CONFIGURATION)\TestLogs\ebpfforwindows.etl
+ condition: eq('${{parameters.capture_etw}}', 'true')
+ displayName: Stop ETW tracing
+
+ - script: |
+ copy $(Build.SourcesDirectory)\$(PROJECT_NAME)\$(BUILD_PLATFORM)\$(BUILD_CONFIGURATION)\*.log $(Build.SourcesDirectory)\$(PROJECT_NAME)\$(BUILD_PLATFORM)\$(BUILD_CONFIGURATION)\TestLogs
+ condition: and(eq('${{parameters.name}}', 'bpf2c'), eq('${{parameters.capture_etw}}', 'true'))
+ displayName: Copy any bpf2c test logs to TestLogs
+
+ - powershell: |
+ $fileExists = Test-Path -Path "$(DUMP_PATH)\*.dmp"
+ Write-Output "##vso[task.setvariable variable=FileExists;isOutput=true]$fileExists"
+ condition: succeededOrFailed()
+ name: check_dumps
+ displayName: Check for crash dumps
+
+ - publish: '$(DUMP_PATH)'
+ artifact: 'Crash-Dumps-$(NAME)-$(BUILD_PLATFORM)-$(BUILD_CONFIGURATION)'
+ condition: and(succeededOrFailed(), eq('${{parameters.gather_dumps}}', 'true'), eq(variables['check_dumps.FileExists'], 'True'))
+ displayName: "Upload any crash dumps"
+
+ - powershell: |
+ $fileExists = Test-Path -Path "$(Build.SourcesDirectory)\$(PROJECT_NAME)\$(BUILD_PLATFORM)\$(BUILD_CONFIGURATION)\TestLogs\*"
+ Write-Output "##vso[task.setvariable variable=FileExists;isOutput=true]$fileExists"
+ condition: and(succeededOrFailed(), eq('${{parameters.capture_etw}}', 'true'))
+ name: check_logs
+ displayName: Check for TestLogs
+
+ - publish: $(Build.SourcesDirectory)/$(PROJECT_NAME)/$(BUILD_PLATFORM)/$(buildConfiguration)/TestLogs
+ artifact: 'Test-Logs-$(NAME)-$(BUILD_PLATFORM)-$(BUILD_CONFIGURATION)'
+ condition: and(succeededOrFailed(), eq(variables['check_logs.FileExists'], 'True'))
+ displayName: "Upload log files"
+
+ - powershell: |
+ $fileExists = Test-Path -Path "$(Build.SourcesDirectory)\$(PROJECT_NAME)\$(BUILD_PLATFORM)\$(BUILD_CONFIGURATION)\Artifacts\*"
+ Write-Output "##vso[task.setvariable variable=FileExists;isOutput=true]$fileExists"
+ condition: succeededOrFailed()
+ name: check_artifacts
+ displayName: Check for generated artifacts
+
+ - publish: $(Build.SourcesDirectory)/$(PROJECT_NAME)/$(BUILD_PLATFORM)/$(BUILD_CONFIGURATION)/Artifacts
+ artifact: 'Artifacts-$(NAME)-$(BUILD_PLATFORM)-$(BUILD_CONFIGURATION)'
+ condition: and(succeededOrFailed(), eq(variables['check_artifacts.FileExists'], 'True'))
+ displayName: "Upload log files"
+
+ - script: |
+ exit 1
+ condition: eq(variables['check_dumps.FileExists'], 'True')
+ displayName: Mark run as failed if crash dumps are found
diff --git a/.onefuzz/OneFuzzConfig.json b/.onefuzz/OneFuzzConfig.json
new file mode 100644
index 0000000000..8556d82095
--- /dev/null
+++ b/.onefuzz/OneFuzzConfig.json
@@ -0,0 +1,392 @@
+{
+ "$schema": null,
+ "ConfigVersion": 3,
+ "Entries": [
+ {
+ "JobNotificationEmail": "edgeosebpf@microsoft.com",
+ "Skip": false,
+ "TargetBuildBranches": [
+ "feature/security_fix"
+ ],
+ "Fuzzer": {
+ "$type": "libfuzzer",
+ "FuzzingHarnessExecutableName": "execution_context_fuzzer.exe",
+ "CheckFuzzerHelp": true,
+ "FuzzingEntrypoint": "LLVMFuzzerTestOneInput",
+ "CollectCrashDumps": true,
+ "FuzzingTargetBinaries": [
+ "ebpfcore.sys"
+ ]
+ },
+ "MinAvailableMemoryMB": null,
+ "FuzzerTimeoutInSeconds": 120,
+ "RebootAfterSetup": null,
+ "Tags": {},
+ "TargetEnv": {
+ "ASAN_OPTIONS": "allocator_may_return_null=1"
+ },
+ "OneFuzzJobs": [
+ {
+ "ProjectName": "eBPF for Windows",
+ "TargetName": "ExecutionContext",
+ "SeedCorpusContainer": "ebpf-for-windows-execution-context-corpus",
+ "Tags": {},
+ "TargetEnv": {
+ "ASAN_OPTIONS": "allocator_may_return_null=1"
+ }
+ }
+ ],
+ "JobDependencies": [
+ "execution_context_fuzzer.exe",
+ "execution_context_fuzzer.pdb",
+ "clang_rt.asan_dbg_dynamic-x86_64.dll",
+ "clang_rt.asan_dynamic-x86_64.dll",
+ "msvcp140d.dll",
+ "msvcp140d_atomic_wait.dll",
+ "msvcp140d_codecvt_ids.dll",
+ "msvcp140_1d.dll",
+ "msvcp140_2d.dll",
+ "vccorlib140d.dll",
+ "vcruntime140d.dll",
+ "vcruntime140_1d.dll",
+ "vcruntime140_threadsd.dll",
+ "usersim.dll",
+ "ucrtbased.dll"
+ ],
+ "CodeCoverage": {
+ "Org": "microsoft",
+ "Project": "OS",
+ "PipelineId": "79576"
+ },
+ "AdoTemplate": {
+ "Org": "mscodehub",
+ "Project": "eBPFForWindows",
+ "AssignedTo": "alanjo@microsoft.com",
+ "AreaPath": "eBPFForWindows",
+ "IterationPath": "eBPFForWindows",
+ "Type": "Bug",
+ "BaseUrl": "https://dev.azure.com/mscodehub",
+ "Comment": "This input caused the fuzz target {{ report.executable }} to crash. The faulting input SHA256 hash is {{ report.input_sha256 }}
",
+ "OnDuplicate": {
+ "Increment": [
+ ""
+ ],
+ "Comment": "This input caused the fuzz target {{ report.executable }} to crash. The faulting input SHA256 hash is {{ report.input_sha256 }}
",
+ "SetState": {
+ "Resolved": "Active",
+ "Closed": "Active"
+ }
+ }
+ }
+ },
+ {
+ "JobNotificationEmail": "edgeosebpf@microsoft.com",
+ "Skip": false,
+ "TargetBuildBranches": [
+ "feature/security_fix"
+ ],
+ "Fuzzer": {
+ "$type": "libfuzzer",
+ "FuzzingHarnessExecutableName": "bpf2c_fuzzer.exe",
+ "CheckFuzzerHelp": true,
+ "FuzzingEntrypoint": "LLVMFuzzerTestOneInput",
+ "CollectCrashDumps": true,
+ "FuzzingTargetBinaries": [
+ "bpf2c.exe"
+ ]
+ },
+ "MinAvailableMemoryMB": null,
+ "FuzzerTimeoutInSeconds": 120,
+ "RebootAfterSetup": null,
+ "Tags": {},
+ "TargetEnv": {
+ "ASAN_OPTIONS": "allocator_may_return_null=1"
+ },
+ "OneFuzzJobs": [
+ {
+ "ProjectName": "eBPF for Windows",
+ "TargetName": "bpf2c",
+ "SeedCorpusContainer": "bpf2c-corpus",
+ "Tags": {},
+ "TargetEnv": {
+ "ASAN_OPTIONS": "allocator_may_return_null=1"
+ }
+ }
+ ],
+ "JobDependencies": [
+ "bpf2c_fuzzer.exe",
+ "bpf2c_fuzzer.pdb",
+ "clang_rt.asan_dbg_dynamic-x86_64.dll",
+ "clang_rt.asan_dynamic-x86_64.dll",
+ "msvcp140d.dll",
+ "msvcp140d_atomic_wait.dll",
+ "msvcp140d_codecvt_ids.dll",
+ "msvcp140_1d.dll",
+ "msvcp140_2d.dll",
+ "vccorlib140d.dll",
+ "vcruntime140d.dll",
+ "vcruntime140_1d.dll",
+ "vcruntime140_threadsd.dll",
+ "usersim.dll",
+ "ucrtbased.dll"
+ ],
+ "CodeCoverage": {
+ "Org": "microsoft",
+ "Project": "OS",
+ "PipelineId": "79576"
+ },
+ "AdoTemplate": {
+ "Org": "mscodehub",
+ "Project": "eBPFForWindows",
+ "AssignedTo": "alanjo@microsoft.com",
+ "AreaPath": "eBPFForWindows",
+ "IterationPath": "eBPFForWindows",
+ "Type": "Bug",
+ "BaseUrl": "https://dev.azure.com/mscodehub",
+ "Comment": "This input caused the fuzz target {{ report.executable }} to crash. The faulting input SHA256 hash is {{ report.input_sha256 }}
",
+ "OnDuplicate": {
+ "Increment": [
+ ""
+ ],
+ "Comment": "This input caused the fuzz target {{ report.executable }} to crash. The faulting input SHA256 hash is {{ report.input_sha256 }}
",
+ "SetState": {
+ "Resolved": "Active",
+ "Closed": "Active"
+ }
+ }
+ }
+ },
+ {
+ "JobNotificationEmail": "edgeosebpf@microsoft.com",
+ "Skip": false,
+ "TargetBuildBranches": [
+ "feature/security_fix"
+ ],
+ "Fuzzer": {
+ "$type": "libfuzzer",
+ "FuzzingHarnessExecutableName": "core_helper_fuzzer.exe",
+ "CheckFuzzerHelp": true,
+ "FuzzingEntrypoint": "LLVMFuzzerTestOneInput",
+ "CollectCrashDumps": true,
+ "FuzzingTargetBinaries": [
+ "ebpfcore.sys"
+ ]
+ },
+ "MinAvailableMemoryMB": null,
+ "FuzzerTimeoutInSeconds": 120,
+ "RebootAfterSetup": null,
+ "Tags": {},
+ "TargetEnv": {
+ "ASAN_OPTIONS": "allocator_may_return_null=1"
+ },
+ "OneFuzzJobs": [
+ {
+ "ProjectName": "eBPF for Windows",
+ "TargetName": "core_helper",
+ "SeedCorpusContainer": "core-helper-corpus",
+ "Tags": {},
+ "TargetEnv": {
+ "ASAN_OPTIONS": "allocator_may_return_null=1"
+ }
+ }
+ ],
+ "JobDependencies": [
+ "core_helper_fuzzer.exe",
+ "core_helper_fuzzer.pdb",
+ "clang_rt.asan_dbg_dynamic-x86_64.dll",
+ "clang_rt.asan_dynamic-x86_64.dll",
+ "msvcp140d.dll",
+ "msvcp140d_atomic_wait.dll",
+ "msvcp140d_codecvt_ids.dll",
+ "msvcp140_1d.dll",
+ "msvcp140_2d.dll",
+ "vccorlib140d.dll",
+ "vcruntime140d.dll",
+ "vcruntime140_1d.dll",
+ "vcruntime140_threadsd.dll",
+ "usersim.dll",
+ "ucrtbased.dll"
+ ],
+ "CodeCoverage": {
+ "Org": "microsoft",
+ "Project": "OS",
+ "PipelineId": "79576"
+ },
+ "AdoTemplate": {
+ "Org": "mscodehub",
+ "Project": "eBPFForWindows",
+ "AssignedTo": "alanjo@microsoft.com",
+ "AreaPath": "eBPFForWindows",
+ "IterationPath": "eBPFForWindows",
+ "Type": "Bug",
+ "BaseUrl": "https://dev.azure.com/mscodehub",
+ "Comment": "This input caused the fuzz target {{ report.executable }} to crash. The faulting input SHA256 hash is {{ report.input_sha256 }}
",
+ "OnDuplicate": {
+ "Increment": [
+ ""
+ ],
+ "Comment": "This input caused the fuzz target {{ report.executable }} to crash. The faulting input SHA256 hash is {{ report.input_sha256 }}
",
+ "SetState": {
+ "Resolved": "Active",
+ "Closed": "Active"
+ }
+ }
+ }
+ },
+ {
+ "JobNotificationEmail": "edgeosebpf@microsoft.com",
+ "Skip": false,
+ "TargetBuildBranches": [
+ "feature/security_fix"
+ ],
+ "Fuzzer": {
+ "$type": "libfuzzer",
+ "FuzzingHarnessExecutableName": "netebpfext_fuzzer.exe",
+ "CheckFuzzerHelp": true,
+ "FuzzingEntrypoint": "LLVMFuzzerTestOneInput",
+ "CollectCrashDumps": true,
+ "FuzzingTargetBinaries": [
+ "netebpfext.sys"
+ ]
+ },
+ "MinAvailableMemoryMB": null,
+ "FuzzerTimeoutInSeconds": 120,
+ "RebootAfterSetup": null,
+ "Tags": {},
+ "TargetEnv": {
+ "ASAN_OPTIONS": "allocator_may_return_null=1"
+ },
+ "OneFuzzJobs": [
+ {
+ "ProjectName": "eBPF for Windows",
+ "TargetName": "netebpfext",
+ "SeedCorpusContainer": "netebpfext-corpus",
+ "Tags": {},
+ "TargetEnv": {
+ "ASAN_OPTIONS": "allocator_may_return_null=1"
+ }
+ }
+ ],
+ "JobDependencies": [
+ "netebpfext_fuzzer.exe",
+ "netebpfext_fuzzer.pdb",
+ "clang_rt.asan_dbg_dynamic-x86_64.dll",
+ "clang_rt.asan_dynamic-x86_64.dll",
+ "msvcp140d.dll",
+ "msvcp140d_atomic_wait.dll",
+ "msvcp140d_codecvt_ids.dll",
+ "msvcp140_1d.dll",
+ "msvcp140_2d.dll",
+ "vccorlib140d.dll",
+ "vcruntime140d.dll",
+ "vcruntime140_1d.dll",
+ "vcruntime140_threadsd.dll",
+ "usersim.dll",
+ "ucrtbased.dll"
+ ],
+ "CodeCoverage": {
+ "Org": "microsoft",
+ "Project": "OS",
+ "PipelineId": "79576"
+ },
+ "AdoTemplate": {
+ "Org": "mscodehub",
+ "Project": "eBPFForWindows",
+ "AssignedTo": "alanjo@microsoft.com",
+ "AreaPath": "eBPFForWindows",
+ "IterationPath": "eBPFForWindows",
+ "Type": "Bug",
+ "BaseUrl": "https://dev.azure.com/mscodehub",
+ "Comment": "This input caused the fuzz target {{ report.executable }} to crash. The faulting input SHA256 hash is {{ report.input_sha256 }}
",
+ "OnDuplicate": {
+ "Increment": [
+ ""
+ ],
+ "Comment": "This input caused the fuzz target {{ report.executable }} to crash. The faulting input SHA256 hash is {{ report.input_sha256 }}
",
+ "SetState": {
+ "Resolved": "Active",
+ "Closed": "Active"
+ }
+ }
+ }
+ },
+ {
+ "JobNotificationEmail": "edgeosebpf@microsoft.com",
+ "Skip": false,
+ "TargetBuildBranches": [
+ "feature/security_fix"
+ ],
+ "Fuzzer": {
+ "$type": "libfuzzer",
+ "FuzzingHarnessExecutableName": "verifier_fuzzer.exe",
+ "CheckFuzzerHelp": true,
+ "FuzzingEntrypoint": "LLVMFuzzerTestOneInput",
+ "CollectCrashDumps": true,
+ "FuzzingTargetBinaries": [
+ "ebpapi.sys",
+ "ebpfcore.sys"
+ ]
+ },
+ "MinAvailableMemoryMB": null,
+ "FuzzerTimeoutInSeconds": 120,
+ "RebootAfterSetup": null,
+ "Tags": {},
+ "TargetEnv": {
+ "ASAN_OPTIONS": "allocator_may_return_null=1"
+ },
+ "OneFuzzJobs": [
+ {
+ "ProjectName": "eBPF for Windows",
+ "TargetName": "verifier",
+ "SeedCorpusContainer": "verifier-corpus",
+ "Tags": {},
+ "TargetEnv": {
+ "ASAN_OPTIONS": "allocator_may_return_null=1"
+ }
+ }
+ ],
+ "JobDependencies": [
+ "verifier_fuzzer.exe",
+ "verifier_fuzzer.pdb",
+ "clang_rt.asan_dbg_dynamic-x86_64.dll",
+ "clang_rt.asan_dynamic-x86_64.dll",
+ "msvcp140d.dll",
+ "msvcp140d_atomic_wait.dll",
+ "msvcp140d_codecvt_ids.dll",
+ "msvcp140_1d.dll",
+ "msvcp140_2d.dll",
+ "vccorlib140d.dll",
+ "vcruntime140d.dll",
+ "vcruntime140_1d.dll",
+ "vcruntime140_threadsd.dll",
+ "usersim.dll",
+ "ucrtbased.dll"
+ ],
+ "CodeCoverage": {
+ "Org": "microsoft",
+ "Project": "OS",
+ "PipelineId": "79576"
+ },
+ "AdoTemplate": {
+ "Org": "mscodehub",
+ "Project": "eBPFForWindows",
+ "AssignedTo": "alanjo@microsoft.com",
+ "AreaPath": "eBPFForWindows",
+ "IterationPath": "eBPFForWindows",
+ "Type": "Bug",
+ "BaseUrl": "https://dev.azure.com/mscodehub",
+ "Comment": "This input caused the fuzz target {{ report.executable }} to crash. The faulting input SHA256 hash is {{ report.input_sha256 }}
",
+ "OnDuplicate": {
+ "Increment": [
+ ""
+ ],
+ "Comment": "This input caused the fuzz target {{ report.executable }} to crash. The faulting input SHA256 hash is {{ report.input_sha256 }}
",
+ "SetState": {
+ "Resolved": "Active",
+ "Closed": "Active"
+ }
+ }
+ }
+ }
+ ]
+}
\ No newline at end of file
diff --git a/scripts/onebranch/onefuzz-prep.ps1 b/scripts/onebranch/onefuzz-prep.ps1
new file mode 100644
index 0000000000..23921a443e
--- /dev/null
+++ b/scripts/onebranch/onefuzz-prep.ps1
@@ -0,0 +1,30 @@
+# Copyright (c) Microsoft Corporation
+# SPDX-License-Identifier: MIT
+
+<#
+.SYNOPSIS
+This script copies all the files required by the OneFuzz system to an output directory.
+
+.EXAMPLE
+ onefuzz-prep.ps1 -BuildPath "C:\path\to\build" -OneFuzzDirectory "C:\path\to\onefuzz" -OneFuzzConfigFile "C:\path\to\onefuzz.json"
+#>
+
+param(
+ [Parameter(Mandatory=$true)] [string] $BuildPath,
+ [Parameter(Mandatory=$true)] [string] $OneFuzzDirectory,
+ [Parameter(Mandatory=$true)] [string] $OneFuzzConfigFile
+)
+
+$onefuzzconfig = Get-Content $OneFuzzConfigFile | ConvertFrom-Json
+
+mkdir $OneFuzzDirectory -ErrorAction SilentlyContinue
+
+Copy-Item -Path $OneFuzzConfigFile -Destination $OneFuzzDirectory
+
+$onefuzzconfig.Entries | ForEach-Object {
+ $_.JobDependencies | ForEach-Object {
+ $source = Join-Path $BuildPath $_
+ $destination = Join-Path $OneFuzzDirectory $_
+ Copy-Item -Path $source -Destination $destination -Recurse
+ }
+}