Add sleepable program support and might_sleep helper gating

[elazarg]

Summary

• Add might_sleep flag to EbpfHelperPrototype — marks helpers that may sleep
• Add is_sleepable flag to EbpfProgramType — set when the section prefix contains .s/
• Gate sleepable helpers in is_helper_usable: might_sleep helpers are rejected in non-sleepable programs
• Added .s/ section prefix variants for tracing (fentry.s/, fexit.s/, fmod_ret.s/, iter.s/, tp_btf.s/) and struct_ops.s/
• Marked 5 helpers as might_sleep: copy_from_user, copy_from_user_task, d_path, ima_inode_hash, ima_file_hash

Test plan

• Full test suite passes (1559 cases, 225 expected failures, 0 regressions)

Closes #1133
Ref: #68

🤖 Generated with Claude Code

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

📝 Walkthrough

Walkthrough

Adds program-level sleepable metadata and helper-level might_sleep flags, extends Linux section-prefix detection for .s/ variants, marks five helpers as may-sleep, and rejects those helpers in non-sleepable programs during helper usability checks.

Changes

Sleepable eBPF Programs and Helper Gating

Layer / File(s)	Summary
Type system: sleepable and might_sleep fields src/spec/function_prototypes.hpp, src/spec/type_descriptors.hpp	EbpfHelperPrototype gains bool might_sleep{}; EbpfProgramType gains bool is_sleepable{}.
Program type detection for sleepable programs src/linux/linux_platform.cpp	tracing program type section_prefixes extended with .s/ variants; get_program_type_linux returns a copied EbpfProgramType with is_sleepable set when the matched prefix includes .s/ (syscall forced sleepable).
Sleepable helper marking src/linux/gpl/spec_prototypes.cpp	Five helpers marked .might_sleep = true: bpf_d_path, bpf_copy_from_user, bpf_ima_inode_hash, bpf_copy_from_user_task, bpf_ima_file_hash.
Verification gate: reject sleepable helpers in non-sleepable programs src/linux/gpl/spec_prototypes.cpp	is_helper_usable_linux returns false when a helper has might_sleep == true and the program's is_sleepable == false, before existing ctx-descriptor checks.

Possibly related PRs

• vbpf/prevail#926: Updates is_helper_usable_linux helper-eligibility filtering logic in the same file with context-descriptor gating, related to helper usability verification.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main changes: adding sleepable program support and might_sleep helper gating mechanisms.
Description check	✅ Passed	The description details the implementation with specific flags added, section prefix variants, and affected helpers, corresponding to the code changes.
Linked Issues check	✅ Passed	The PR implements steps 1–4 of issue #1133: adds might_sleep to EbpfHelperPrototype, is_sleepable to EbpfProgramType, parses .s/ suffixes, and gates helpers in non-sleepable programs.
Out of Scope Changes check	✅ Passed	All changes directly support the objectives: prototype/type struct additions, section prefix parsing, and helper gating are all scoped to #1133 requirements.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch sleepable-might-sleep

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 098061cb00

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

src/linux/linux_platform.cpp (1)

161-163: ⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Prefix ordering breaks sleepable detection.

The prefix list order causes incorrect matches. When the section is fentry.s/foo, the loop checks fentry/ first (line 190: section.find(prefix) == 0). Since "fentry.s/foo" starts with "fentry/", it matches and returns immediately with prefix = "fentry/". Line 192 then checks "fentry/".find(".s/"), which fails, so is_sleepable remains false.

All sleepable sections (fentry.s/, fexit.s/, fmod_ret.s/, iter.s/, tp_btf.s/, struct_ops.s/) will incorrectly match their non-sleepable variants first and be classified as non-sleepable, breaking the entire feature.

🐛 Reorder prefixes to check sleepable variants first

     PTYPE("tracing", &g_tracing_descr, BPF_PROG_TYPE_TRACING,
-          {"fentry/" COMMA "fentry.s/" COMMA "fexit/" COMMA "fexit.s/" COMMA "fmod_ret/" COMMA "fmod_ret.s/" COMMA
-           "iter/" COMMA "iter.s/" COMMA "tp_btf/" COMMA "tp_btf.s/"}),
+          {"fentry.s/" COMMA "fentry/" COMMA "fexit.s/" COMMA "fexit/" COMMA "fmod_ret.s/" COMMA "fmod_ret/" COMMA
+           "iter.s/" COMMA "iter/" COMMA "tp_btf.s/" COMMA "tp_btf/"}),
     // struct_ops callbacks receive function arguments as u64 array, same as fentry/fexit.
-    PTYPE("struct_ops", &g_tracing_descr, BPF_PROG_TYPE_STRUCT_OPS, {"struct_ops/" COMMA "struct_ops.s/"}),
-    PTYPE("lsm", &g_tracing_descr, BPF_PROG_TYPE_LSM, {"lsm/" COMMA "lsm.s/"}),
+    PTYPE("struct_ops", &g_tracing_descr, BPF_PROG_TYPE_STRUCT_OPS, {"struct_ops.s/" COMMA "struct_ops/"}),
+    PTYPE("lsm", &g_tracing_descr, BPF_PROG_TYPE_LSM, {"lsm.s/" COMMA "lsm/"}),

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/linux/linux_platform.cpp` around lines 161 - 163, The prefix list for
tracing in the PTYPE initializer causes sleepable variants like "fentry.s/" to
be shadowed by shorter prefixes ("fentry/"), so update the prefixes passed to
PTYPE("tracing", &g_tracing_descr, ...) so that all ".s/" (sleepable) variants
appear before their non-sleepable counterparts (e.g., "fentry.s/" before
"fentry/", "fexit.s/" before "fexit/", "fmod_ret.s/" before "fmod_ret/",
"iter.s/" before "iter/", "tp_btf.s/" before "tp_btf/", and "struct_ops.s/"
before "struct_ops/"), or otherwise ensure matching uses longest-prefix-first;
this fixes the section.find(prefix) == 0 logic and allows the subsequent
is_sleepable check (the ".s/" substring detection) to work correctly.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@src/linux/linux_platform.cpp`:
- Around line 161-163: The prefix list for tracing in the PTYPE initializer
causes sleepable variants like "fentry.s/" to be shadowed by shorter prefixes
("fentry/"), so update the prefixes passed to PTYPE("tracing", &g_tracing_descr,
...) so that all ".s/" (sleepable) variants appear before their non-sleepable
counterparts (e.g., "fentry.s/" before "fentry/", "fexit.s/" before "fexit/",
"fmod_ret.s/" before "fmod_ret/", "iter.s/" before "iter/", "tp_btf.s/" before
"tp_btf/", and "struct_ops.s/" before "struct_ops/"), or otherwise ensure
matching uses longest-prefix-first; this fixes the section.find(prefix) == 0
logic and allows the subsequent is_sleepable check (the ".s/" substring
detection) to work correctly.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: a307f9ea-e67b-4de8-b2b9-3bbaa96b3160

📥 Commits

Reviewing files that changed from the base of the PR and between 098061c and a97a487.

📒 Files selected for processing (1)

• src/linux/linux_platform.cpp

[elazarg]

Regarding the CodeRabbit "prefix ordering breaks sleepable detection" comment: this is a false positive. "fentry.s/foo".find("fentry/") returns npos (not 0), because position 6 is . not /. Each .s/ variant matches only its own prefix — there is no shadowing. Verified:

fentry.s/foo  matches fentry.s/  (only)
fentry/foo    matches fentry/    (only)
lsm.s/hook   matches lsm.s/     (only)