-
Notifications
You must be signed in to change notification settings - Fork 224
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update store APIs to also update HKLM #3660
Update store APIs to also update HKLM #3660
Conversation
I realize this PR is only for release/0.17, but as an extension developer it is not clear which extension components are supposed to call the store APIs, when they are supposed to be called, and what the expected effects are. Please update the documentation to clearly define:
See microsoft/xdp-for-windows#519, for example, where the expected behavior and effects are ambiguous. |
There is no change in contract for the extension developers, only the internal implementation of the store APIs has been updated to also populate HKLM registry store.
|
Regarding updating documentation, agree that some parts need to be updated. That is currently tracked by #3021 |
When are extensions supposed to invoke their exe? Are they simply supposed to be provided, and any application or user that intends to use the extension directly invokes the extension exe? |
I see what you mean. The "installation" step of the extension should invoke the exe to populate the store. Similarly, uninstallation should again invoke the exe to clear the store. |
Installation of an extension is a system-global operation: the driver can only load once, and even if it were started in parallel, only one instance of the driver can be chosen by eBPF through NMR. The effect of registering with the ebpf store APIs on versions > 0.17, as I understand it, is limited to HKCU, i.e., the user who happens to install the extension. Is this not a contradiction? An ideal software installer should have either global or user scope; having partially global and partially user scope will be confusing for users of the software. |
So this PR is patching 0.17 to also write to HKLM which should fix the issue for 0.17.x releases. For releases 0.18 onwards, we will need to either fix #3046 or port this PR to |
Moving to draft to investigate failures. |
Pull request was converted to draft
return result; | ||
} | ||
|
||
// Next delete from HKLM root key. It possible that the user does not have permission to delete from the HKLM root |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: 'It Is possible' (or it's possible)
Description
Issue:
When using libbpf APIs for attaching eBPF programs, the app / service needs to provide
bpf_attach_type
enum. ebpfapi.dll uses eBPF store to convert this enum to ebpf attach type guid. We recently took a change where we stopped populating eBPF store entries in HKLM, and they are now only updated in HKCU. That caused a regression and breaks any app / service that is running as LOCAL_SYSTEM.Fix:
To mitigate the regressions, only in 0.17 release, update the store APIs to also attempt to update / delete / read from HKLM. If the update or delete operation fails due to ACCESS_DENIED, that error is absorbed, as the app may not be running as admin.
Testing
Existing tests.
Documentation
No.
Installation
Is there any installer impact for this change?