Fix code analysis annotations for In and In_opt parameters by adding …

…const where appropriate or changing to Inout where appropriate. (#1749) * Fix code analysis annotations for _In_ and _In_opt_ parameters, add const where appropriate or change to _Inout_ where appropriate. The following regex expressions were used to find the problems: Find _In_ or _In_opt_ that are not const and are not followed by _Post_invalid_ or _Frees_ptr_ or _Post_ptr_invalid_: ```_In_[ ]+(?!.*(const|_Post_invalid_|_Frees_ptr_|_Post_ptr_invalid_))``` ```_In_opt_[ ]+(?!.*(const|_Post_invalid_|_Frees_ptr_|_Post_ptr_invalid_))``` Some of the _In_ and _In_opt_ parameters are not const due to required compatibility with the Windows API. Pointers to functions are const by definition, so the const qualifier is not required. Signed-off-by: Alan Jowett <[email protected]> * PR feedback Signed-off-by: Alan Jowett <[email protected]> * Fix code analysis failure Signed-off-by: Alan Jowett <[email protected]> * PR feedback Signed-off-by: Alan Jowett <[email protected]> * PR feedback Signed-off-by: Alan Jowett <[email protected]> * PR feedback Signed-off-by: Alan Jowett <[email protected]> Signed-off-by: Alan Jowett <[email protected]>
microsoft · Dec 15, 2022 · 0b293ad · 0b293ad
1 parent 435e633
commit 0b293ad
Show file tree

Hide file tree

Showing 75 changed files with 519 additions and 495 deletions.
diff --git a/ebpfapi/rpc_client.cpp b/ebpfapi/rpc_client.cpp
@@ -23,13 +23,17 @@ static bool _binding_initialized = false;
 
 _Must_inspect_result_ ebpf_result_t
 ebpf_rpc_load_program(
-    _In_ ebpf_program_load_info* info,
+    _In_ const ebpf_program_load_info* info,
     _Outptr_result_maybenull_z_ const char** logs,
     _Inout_ uint32_t* logs_size) noexcept
 {
     ebpf_result_t result;
 
-    RpcTryExcept { result = ebpf_client_verify_and_load_program(info, logs_size, const_cast<char**>(logs)); }
+    RpcTryExcept
+    {
+        result = ebpf_client_verify_and_load_program(
+            const_cast<ebpf_program_load_info*>(info), logs_size, const_cast<char**>(logs));
+    }
     RpcExcept(RpcExceptionFilter(RpcExceptionCode()))
     {
         EBPF_LOG_MESSAGE_UINT64(

diff --git a/ebpfcore/ebpf_drv.c b/ebpfcore/ebpf_drv.c
@@ -220,7 +220,7 @@ _ebpf_driver_file_close(WDFFILEOBJECT wdf_file_object)
 }
 
 static void
-_ebpf_driver_io_device_control_complete(void* context, size_t output_buffer_length, ebpf_result_t result)
+_ebpf_driver_io_device_control_complete(_Inout_ void* context, size_t output_buffer_length, ebpf_result_t result)
 {
     NTSTATUS status;
     WDFREQUEST request = (WDFREQUEST)context;

diff --git a/include/bpf/bpf.h b/include/bpf/bpf.h
@@ -217,7 +217,7 @@ bpf_obj_get(const char* pathname);
  *
  * @param[in] bpf_fd File descriptor referring to an eBPF object.
  * @param[out] info Pointer to memory in which to write the info obtained.
- * @param[in,out] info_len On input, contains the maximum number of bytes to
+ * @param[in, out] info_len On input, contains the maximum number of bytes to
  * write into the info.  On output, contains the actual number of bytes written.
  *
  * @retval 0 The operation was successful.

diff --git a/include/bpf_helper_defs.h b/include/bpf_helper_defs.h
@@ -134,7 +134,7 @@ EBPF_HELPER(int, bpf_csum_diff, (void* from, int from_size, void* to, int to_siz
 /**
  * @brief Copy data into the ring buffer map.
  *
- * @param[in,out] map Pointer to ring buffer map.
+ * @param[in, out] map Pointer to ring buffer map.
  * @param[in] data Data to copy into ring buffer map.
  * @param[in] size Length of data.
  * @param[in] flags Flags indicating if notification for new data availability should be sent.

diff --git a/include/ebpf_api.h b/include/ebpf_api.h
@@ -85,7 +85,7 @@ extern "C"
      * @param[in] data Memory to free.
      */
     void
-    ebpf_free_sections(_In_opt_ ebpf_section_info_t* infos);
+    ebpf_free_sections(_In_opt_ _Post_invalid_ ebpf_section_info_t* infos);
 
     /**
      * @brief Convert an eBPF program to human readable byte code.
@@ -237,19 +237,19 @@ extern "C"
      * @returns Execution type.
      */
     ebpf_execution_type_t
-    ebpf_object_get_execution_type(_In_ struct bpf_object* object);
+    ebpf_object_get_execution_type(_In_ const struct bpf_object* object);
 
     /**
      * @brief Set the execution type for an eBPF object file.
      *
-     * @param[in] object The eBPF object file.
+     * @param[in, out] object The eBPF object file.
      * @param[in] execution_type Execution type to set.
      *
      * @retval EBPF_SUCCESS The operation was successful.
      * @retval EBPF_INVALID_ARGUMENT One or more parameters are incorrect.
      */
     _Must_inspect_result_ ebpf_result_t
-    ebpf_object_set_execution_type(_In_ struct bpf_object* object, ebpf_execution_type_t execution_type);
+    ebpf_object_set_execution_type(_Inout_ struct bpf_object* object, ebpf_execution_type_t execution_type);
 
     /**
      * @brief Attach an eBPF program.
@@ -272,7 +272,7 @@ extern "C"
         _In_ const struct bpf_program* program,
         _In_opt_ const ebpf_attach_type_t* attach_type,
         _In_reads_bytes_opt_(attach_params_size) void* attach_parameters,
-        _In_ size_t attach_params_size,
+        size_t attach_params_size,
         _Outptr_ struct bpf_link** link);
 
     /**
@@ -296,20 +296,20 @@ extern "C"
         fd_t program_fd,
         _In_opt_ const ebpf_attach_type_t* attach_type,
         _In_reads_bytes_opt_(attach_parameters_size) void* attach_parameters,
-        _In_ size_t attach_parameters_size,
+        size_t attach_parameters_size,
         _Outptr_ struct bpf_link** link);
 
     /**
      * @brief Detach an eBPF program from an attach point represented by
      *  the bpf_link structure.
      *
-     * @param[in] link Pointer to bpf_link structure.
+     * @param[in, out] link Pointer to bpf_link structure.
      *
      * @retval EBPF_SUCCESS The operation was successful.
      * @retval EBPF_INVALID_OBJECT Invalid object was passed.
      */
     _Must_inspect_result_ ebpf_result_t
-    ebpf_link_detach(_In_ struct bpf_link* link);
+    ebpf_link_detach(_Inout_ struct bpf_link* link);
 
     /**
      * @brief Detach an eBPF program.

diff --git a/include/kernel/ebpf_registry_helper.h b/include/kernel/ebpf_registry_helper.h
@@ -48,10 +48,7 @@ _Success_(return == 0) static NTSTATUS
 
 static _Must_inspect_result_ ebpf_registry_result_t
 write_registry_value_binary(
-    ebpf_registry_key_t key,
-    _In_z_ const wchar_t* value_name,
-    _In_reads_(value_size) uint8_t* value,
-    _In_ size_t value_size)
+    ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _In_reads_(value_size) uint8_t* value, size_t value_size)
 {
     UNICODE_STRING unicode_value_name;
 

diff --git a/libs/api/Verifier.cpp b/libs/api/Verifier.cpp
@@ -55,7 +55,7 @@ struct _thread_local_storage_cache
 
 static void
 _get_program_and_map_names(
-    _In_ string& path,
+    _In_ const string& path,
     _Inout_ vector<section_program_map_t>& section_to_program_map,
     _Inout_ vector<section_offset_to_map_t>& map_names,
     uint32_t expected_map_count) noexcept(false)
@@ -162,7 +162,7 @@ _Must_inspect_result_ ebpf_result_t
 load_byte_code(
     _In_z_ const char* filename,
     _In_opt_z_ const char* section_name,
-    _In_ ebpf_verifier_options_t* verifier_options,
+    _In_ const ebpf_verifier_options_t* verifier_options,
     _In_z_ const char* pin_root_path,
     _Inout_ std::vector<ebpf_program_t*>& programs,
     _Inout_ std::vector<ebpf_map_t*>& maps,

diff --git a/libs/api/Verifier.h b/libs/api/Verifier.h
@@ -15,7 +15,7 @@ _Must_inspect_result_ ebpf_result_t
 load_byte_code(
     _In_z_ const char* filename,
     _In_opt_z_ const char* section_name,
-    _In_ ebpf_verifier_options_t* verifier_options,
+    _In_ const ebpf_verifier_options_t* verifier_options,
     _In_z_ const char* pin_root_path,
     _Inout_ std::vector<ebpf_program_t*>& programs,
     _Inout_ std::vector<ebpf_map_t*>& maps,

diff --git a/libs/api/api_internal.h b/libs/api/api_internal.h
@@ -133,13 +133,13 @@ ebpf_program_previous(_In_opt_ const struct bpf_program* next, _In_ const struct
 /**
  * @brief Unload an eBPF program.
  *
- * @param[in] program Program to unload.
+ * @param[in, out] program Program to unload.
  *
  * @retval EBPF_SUCCESS The operation was successful.
  * @retval EBPF_INVALID_ARGUMENT One or more parameters are wrong.
  */
 _Must_inspect_result_ ebpf_result_t
-ebpf_program_unload(_In_ struct bpf_program* program) noexcept;
+ebpf_program_unload(_Inout_ struct bpf_program* program) noexcept;
 
 /**
  * @brief Bind a map to a program so that it holds a reference on the map.
@@ -413,9 +413,9 @@ ebpf_get_next_program_id(ebpf_id_t start_id, ebpf_id_t _Out_* next_id) noexcept;
  * * struct bpf_prog_info
  *
  * @param[in] bpf_fd File descriptor referring to an eBPF object.
- * @param[in,out] info Pointer to memory in which to write the info obtained.
+ * @param[in, out] info Pointer to memory in which to write the info obtained.
  * On input, contains any additional parameters to use.
- * @param[in,out] info_size On input, contains the maximum number of bytes to
+ * @param[in, out] info_size On input, contains the maximum number of bytes to
  * write into the info.  On output, contains the actual number of bytes written.
  *
  * @retval EBPF_SUCCESS The operation was successful.
@@ -476,7 +476,7 @@ ebpf_object_open(
 /**
  * @brief Load all the programs in a given object.
  *
- * @param[in] object Object from which to load programs.
+ * @param[in, out] object Object from which to load programs.
  *
  * @retval EBPF_SUCCESS The operation was successful.
  * @retval EBPF_INVALID_ARGUMENT One or more parameters are wrong.
@@ -488,21 +488,21 @@ ebpf_object_load(_Inout_ struct bpf_object* object) noexcept;
 /**
  * @brief Unload all the programs in a given object.
  *
- * @param[in] object Object in which to unload programs.
+ * @param[in, out] object Object in which to unload programs.
  *
  * @retval EBPF_SUCCESS The operation was successful.
  * @retval EBPF_INVALID_ARGUMENT One or more parameters are wrong.
  */
 _Must_inspect_result_ ebpf_result_t
-ebpf_object_unload(_In_ struct bpf_object* object) noexcept;
+ebpf_object_unload(_Inout_ struct bpf_object* object) noexcept;
 
 typedef int (*ring_buffer_sample_fn)(void* ctx, void* data, size_t size);
 
 /**
  * @brief Subscribe for notifications from the input ring buffer map.
  *
  * @param[in] ring_buffer_map_fd File descriptor to the ring buffer map.
- * @param[in] sample_callback_context Pointer to supplied context to be passed in notification callback.
+ * @param[in, out] sample_callback_context Pointer to supplied context to be passed in notification callback.
  * @param[in] sample_callback Function pointer to notification handler.
  * @param[out] subscription Opaque pointer to ring buffer subscription object.
  *
@@ -512,7 +512,7 @@ typedef int (*ring_buffer_sample_fn)(void* ctx, void* data, size_t size);
 _Must_inspect_result_ ebpf_result_t
 ebpf_ring_buffer_map_subscribe(
     fd_t ring_buffer_map_fd,
-    _In_opt_ void* sample_callback_context,
+    _Inout_opt_ void* sample_callback_context,
     ring_buffer_sample_fn sample_callback,
     _Outptr_ ring_buffer_subscription_t** subscription) noexcept;
 
@@ -522,7 +522,7 @@ ebpf_ring_buffer_map_subscribe(
  * @param[in] subscription Pointer to ring buffer subscription to be canceled.
  */
 bool
-ebpf_ring_buffer_map_unsubscribe(_Inout_ _Post_invalid_ ring_buffer_subscription_t* subscription) noexcept;
+ebpf_ring_buffer_map_unsubscribe(_In_ _Post_invalid_ ring_buffer_subscription_t* subscription) noexcept;
 
 /**
  * @brief Get list of programs and stats in an ELF eBPF file.

diff --git a/libs/api/ebpf_api.cpp b/libs/api/ebpf_api.cpp
@@ -1096,7 +1096,7 @@ ebpf_program_attach(
     _In_ const struct bpf_program* program,
     _In_opt_ const ebpf_attach_type_t* attach_type,
     _In_reads_bytes_opt_(attach_params_size) void* attach_parameters,
-    _In_ size_t attach_params_size,
+    size_t attach_params_size,
     _Outptr_ struct bpf_link** link)
 {
     EBPF_LOG_ENTRY();
@@ -1133,7 +1133,7 @@ ebpf_program_attach_by_fd(
     fd_t program_fd,
     _In_opt_ const ebpf_attach_type_t* attach_type,
     _In_reads_bytes_opt_(attach_parameters_size) void* attach_parameters,
-    _In_ size_t attach_parameters_size,
+    size_t attach_parameters_size,
     _Outptr_ struct bpf_link** link)
 {
     EBPF_LOG_ENTRY();
@@ -1173,7 +1173,7 @@ ebpf_api_unlink_program(ebpf_handle_t link_handle)
 }
 
 _Must_inspect_result_ ebpf_result_t
-ebpf_link_detach(_In_ struct bpf_link* link)
+ebpf_link_detach(_Inout_ struct bpf_link* link)
 {
     EBPF_LOG_ENTRY();
     ebpf_assert(link);
@@ -1398,7 +1398,7 @@ clean_up_ebpf_maps(_Inout_ std::vector<ebpf_map_t*>& maps) noexcept
 }
 
 static void
-_clean_up_ebpf_object(_In_opt_ ebpf_object_t* object) noexcept
+_clean_up_ebpf_object(_In_opt_ _Post_invalid_ ebpf_object_t* object) noexcept
 {
     EBPF_LOG_ENTRY();
     if (object != nullptr) {
@@ -1846,7 +1846,7 @@ _ebpf_free_section_info(_In_ _Frees_ptr_ ebpf_section_info_t* info) noexcept
 }
 
 void
-ebpf_free_sections(_In_opt_ ebpf_section_info_t* infos)
+ebpf_free_sections(_In_opt_ _Post_invalid_ ebpf_section_info_t* infos)
 {
     EBPF_LOG_ENTRY();
     while (infos != nullptr) {
@@ -2261,7 +2261,7 @@ ebpf_object_open(
 }
 
 static inline bool
-_ebpf_is_map_in_map(ebpf_map_t* map) noexcept
+_ebpf_is_map_in_map(_In_ const ebpf_map_t* map) noexcept
 {
     EBPF_LOG_ENTRY();
     ebpf_assert(map);
@@ -2274,7 +2274,7 @@ _ebpf_is_map_in_map(ebpf_map_t* map) noexcept
 }
 
 _Must_inspect_result_ ebpf_result_t
-ebpf_object_set_execution_type(_In_ struct bpf_object* object, ebpf_execution_type_t execution_type)
+ebpf_object_set_execution_type(_Inout_ struct bpf_object* object, ebpf_execution_type_t execution_type)
 {
     if (Platform::_is_native_program(object->file_name)) {
         if (execution_type == EBPF_EXECUTION_INTERPRET || execution_type == EBPF_EXECUTION_JIT) {
@@ -2296,13 +2296,13 @@ ebpf_object_set_execution_type(_In_ struct bpf_object* object, ebpf_execution_ty
 }
 
 ebpf_execution_type_t
-ebpf_object_get_execution_type(_In_ struct bpf_object* object)
+ebpf_object_get_execution_type(_In_ const struct bpf_object* object)
 {
     return object->execution_type;
 }
 
 static ebpf_result_t
-_ebpf_validate_map(_In_ ebpf_map_t* map, fd_t original_map_fd) noexcept
+_ebpf_validate_map(_In_ const ebpf_map_t* map, fd_t original_map_fd) noexcept
 {
     EBPF_LOG_ENTRY();
     ebpf_assert(map);
@@ -2349,7 +2349,7 @@ _ebpf_validate_map(_In_ ebpf_map_t* map, fd_t original_map_fd) noexcept
 }
 
 static ebpf_result_t
-_ebpf_object_reuse_map(_In_ ebpf_map_t* map) noexcept
+_ebpf_object_reuse_map(_Inout_ ebpf_map_t* map) noexcept
 {
     EBPF_LOG_ENTRY();
     ebpf_result_t result = EBPF_SUCCESS;
@@ -2683,7 +2683,7 @@ ebpf_object_load(_Inout_ struct bpf_object* object) noexcept
 
 // This function is intended to work like libbpf's bpf_object__unload().
 _Must_inspect_result_ ebpf_result_t
-ebpf_object_unload(_In_ struct bpf_object* object) noexcept
+ebpf_object_unload(_Inout_ struct bpf_object* object) noexcept
 {
     EBPF_LOG_ENTRY();
     ebpf_assert(object);
@@ -2708,7 +2708,7 @@ ebpf_object_unload(_In_ struct bpf_object* object) noexcept
 
 // This function is intended to work like libbpf's bpf_program__unload().
 _Must_inspect_result_ ebpf_result_t
-ebpf_program_unload(_In_ struct bpf_program* program) noexcept
+ebpf_program_unload(_Inout_ struct bpf_program* program) noexcept
 {
     EBPF_LOG_ENTRY();
     ebpf_assert(program);
@@ -3610,7 +3610,7 @@ _ebpf_ring_buffer_map_async_query_completion(_Inout_ void* completion_context) n
 _Must_inspect_result_ ebpf_result_t
 ebpf_ring_buffer_map_subscribe(
     fd_t ring_buffer_map_fd,
-    _In_opt_ void* sample_callback_context,
+    _Inout_opt_ void* sample_callback_context,
     ring_buffer_sample_fn sample_callback,
     _Outptr_ ring_buffer_subscription_t** subscription) noexcept
 {
@@ -3689,7 +3689,7 @@ ebpf_ring_buffer_map_subscribe(
 }
 
 bool
-ebpf_ring_buffer_map_unsubscribe(_Inout_ _Post_invalid_ ring_buffer_subscription_t* subscription) noexcept
+ebpf_ring_buffer_map_unsubscribe(_In_ _Post_invalid_ ring_buffer_subscription_t* subscription) noexcept
 {
     EBPF_LOG_ENTRY();
     ebpf_assert(subscription);

diff --git a/libs/api/rpc_client.h b/libs/api/rpc_client.h
@@ -14,6 +14,6 @@ clean_up_rpc_binding(void);
 
 _Must_inspect_result_ ebpf_result_t
 ebpf_rpc_load_program(
-    _In_ ebpf_program_load_info* info,
+    _In_ const ebpf_program_load_info* info,
     _Outptr_result_maybenull_z_ const char** logs,
     _Inout_ uint32_t* logs_size) noexcept;
diff --git a/libs/api_common/device_helper.cpp b/libs/api_common/device_helper.cpp
@@ -177,7 +177,7 @@ initialize_async_ioctl_operation(
 
     // Set up threadpool wait for the overlapped hEvent and pass the async completion context as wait callback context.
     local_async_ioctl_completion->wait = CreateThreadpoolWait(
-        [](_In_ const PTP_CALLBACK_INSTANCE instance,
+        [](_Inout_ TP_CALLBACK_INSTANCE* instance,
            _Inout_ void* context,
            _Inout_ PTP_WAIT wait,
            TP_WAIT_RESULT wait_result) {
@@ -212,7 +212,7 @@ initialize_async_ioctl_operation(
 }
 
 bool
-cancel_async_ioctl(_In_opt_ OVERLAPPED* overlapped = nullptr)
+cancel_async_ioctl(_Inout_opt_ OVERLAPPED* overlapped = nullptr)
 {
     return Platform::CancelIoEx(get_device_handle(), overlapped);
 }
diff --git a/libs/api_common/device_helper.hpp b/libs/api_common/device_helper.hpp
@@ -53,7 +53,7 @@ _Ret_notnull_ OVERLAPPED*
 get_async_ioctl_operation_overlapped(_In_ const async_ioctl_completion_t* ioctl_completion);
 
 bool
-cancel_async_ioctl(_In_opt_ OVERLAPPED* overlapped);
+cancel_async_ioctl(_Inout_opt_ OVERLAPPED* overlapped);
 
 _Must_inspect_result_ ebpf_result_t
 get_async_ioctl_result(_In_ const async_ioctl_completion_t* ioctl_completion);