marma-dev
diff --git a/‎internal/uvm/log_wcow.go‎
Lines changed: 1 addition & 2 deletions b/‎internal/uvm/log_wcow.go‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎internal/uvm/etw/default-logsources.json‎ ‎…l/vm/vmutils/etw/default-logsources.json‎internal/uvm/etw/default-logsources.json renamed to internal/vm/vmutils/etw/default-logsources.json b/‎internal/uvm/etw/default-logsources.json‎ ‎…l/vm/vmutils/etw/default-logsources.json‎internal/uvm/etw/default-logsources.json renamed to internal/vm/vmutils/etw/default-logsources.json
diff --git a/‎internal/uvm/etw/etw-map.json‎ ‎internal/vm/vmutils/etw/etw-map.json‎internal/uvm/etw/etw-map.json renamed to internal/vm/vmutils/etw/etw-map.json b/‎internal/uvm/etw/etw-map.json‎ ‎internal/vm/vmutils/etw/etw-map.json‎internal/uvm/etw/etw-map.json renamed to internal/vm/vmutils/etw/etw-map.json
diff --git a/‎internal/uvm/etw/provider_map.go‎ ‎internal/vm/vmutils/etw/provider_map.go‎internal/uvm/etw/provider_map.go renamed to internal/vm/vmutils/etw/provider_map.go
Lines changed: 67 additions & 42 deletions b/‎internal/uvm/etw/provider_map.go‎ ‎internal/vm/vmutils/etw/provider_map.go‎internal/uvm/etw/provider_map.go renamed to internal/vm/vmutils/etw/provider_map.go
Lines changed: 67 additions & 42 deletions
@@ -64,13 +64,12 @@ func (uvm *UtilityVM) SetLogSources(ctx context.Context) error {
 	if wcaps != nil && wcaps.IsLogForwardingSupported() {
 		// Make a call to the GCS to set the ETW providers
 
-		var settings string
 		// Determines the log sources to be set based on the configuration. If default log sources are enabled,
 		// we only include them along with user specified log sources.
 		// For confidential WCOw, we skip the adding guids to the log sources as the sidecar-GCS will verify the
 		// allowed log sources against policy and append the necessary GUIDs to the ones allowed. Rest are dropped.
 		// For non-confidential WCOW, we include the GUIDs in the log sources as the hcsshim communicates directly with the inboxGCS.
-		settings = etw.UpdateEncodedLogSources(uvm.logSources, !uvm.disableDefaultLogSources, !uvm.HasConfidentialPolicy())
+		settings := etw.UpdateEncodedLogSources(ctx, uvm.logSources, !uvm.disableDefaultLogSources, !uvm.HasConfidentialPolicy())
 
 		req := guestrequest.LogForwardServiceRPCRequest{
 			RPCType:  guestrequest.RPCModifyServiceSettings,
 
@@ -1,19 +1,19 @@
 package etw
 
 import (
+	"context"
 	"embed"
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"strings"
 	"sync"
-)
 
-//go:embed etw-map.json
-//go:embed default-logsources.json
+	"github.com/Microsoft/hcsshim/internal/log"
+)
 
-var etwFS embed.FS
-var listFS embed.FS
+//go:embed etw-map.json default-logsources.json
+var embeddedFiles embed.FS
 
 const (
 	EtwMapFileName        = "etw-map.json"
@@ -49,7 +49,7 @@ type Source struct {
 
 type EtwProvider struct {
 	ProviderName string `json:"providerName,omitempty"`
-	ProviderGuid string `json:"providerGuid,omitempty"`
+	ProviderGUID string `json:"providerGuid,omitempty"`
 	Level        string `json:"level,omitempty"`
 	Keywords     string `json:"keywords,omitempty"`
 }
@@ -61,11 +61,11 @@ type EtwInfo struct {
 
 type EtwProviderMap struct {
 	ProviderName string `json:"providerName"`
-	ProviderGuid string `json:"providerGuid"`
+	ProviderGUID string `json:"providerGuid"`
 }
 
-// NormalizeGuid takes a GUID string in various formats and normalizes it to the standard 8-4-4-4-12 format with uppercase letters. It returns an error if the input string is not a valid GUID.
-func NormalizeGuid(in string) (string, error) {
+// NormalizeGUID takes a GUID string in various formats and normalizes it to the standard 8-4-4-4-12 format with uppercase letters. It returns an error if the input string is not a valid GUID.
+func NormalizeGUID(in string) (string, error) {
 	s := strings.TrimSpace(in)
 	s = strings.TrimPrefix(s, "{")
 	s = strings.TrimSuffix(s, "}")
@@ -97,7 +97,7 @@ func NormalizeGuid(in string) (string, error) {
 // LoadEtwMap loads the ETW provider name to GUID mapping from the embedded JSON file. It returns two maps, one for name to GUID and another for GUID to name. If there is an error in loading or parsing the file, it returns empty maps and the error.
 func LoadEtwMap() (map[string]string, map[string]string, error) {
 	onceProvider.Do(func() {
-		b, err := etwFS.ReadFile(EtwMapFileName)
+		b, err := embeddedFiles.ReadFile(EtwMapFileName)
 		if err != nil {
 			return
 		}
@@ -112,7 +112,7 @@ func LoadEtwMap() (map[string]string, map[string]string, error) {
 
 		for _, p := range cfg.EtwMap {
 			name := strings.TrimSpace(p.ProviderName)
-			guid, err := NormalizeGuid(p.ProviderGuid)
+			guid, err := NormalizeGUID(p.ProviderGUID)
 			if name == "" || err != nil {
 				// skip invalid entries
 				continue
@@ -140,27 +140,48 @@ func LoadEtwMap() (map[string]string, map[string]string, error) {
 	return nameToGUID, guidToName, nil
 }
 
-// GetDefaultLogSources returns the default log sources from the embedded json file. If there is an error in loading or parsing the file, it returns an empty LogSourcesInfo struct and the error.
-func GetDefaultLogSources() (LogSourcesInfo, error) {
+// GetDefaultLogSources returns the default log sources from the embedded JSON file. If there is an error in loading or parsing the file, it returns an empty LogSourcesInfo struct and the error.
+// The default log sources are defined in the "default-logsources.json" file and are loaded only once using sync.Once to ensure thread safety and performance.
+// The providers in the default-logsources.json file should only have Provider Names and must not contain GUIDs as the handling of GUIDs is based on the configuration and is done in the UpdateEncodedLogSources function where we
+// check if we need to include GUIDs for the log sources based on the configuration and if needed, we map the provider names to their corresponding GUIDs using the ETW map loaded from the "etw-map.json" file.
+// The only exception to this is if the provider does not have any name and only has a GUID.
+func GetDefaultLogSources(ctx context.Context) (LogSourcesInfo, error) {
 	onceLists.Do(func() {
 
-		allList, err := listFS.ReadFile(DefaultLogSourcesFile)
+		allList, err := embeddedFiles.ReadFile(DefaultLogSourcesFile)
 		if err != nil {
+			log.G(ctx).Errorf("Error reading default log sources file: %v", err)
 			return
 		}
 
 		if err := json.Unmarshal(allList, &defaultLogSources); err != nil {
+			log.G(ctx).Errorf("Error unmarshalling default log sources file: %v", err)
 			return
 		}
+
+		// Check if the default log sources have provider names. If they do, do not include GUIDs in the
+		// default log sources, because GUID handling is based on configuration and is done in the
+		// UpdateEncodedLogSources function. There we check if GUIDs are needed for the log sources and,
+		// if so, map provider names to their corresponding GUIDs using the ETW map from "etw-map.json".
+		// The only exception is when a provider has no name and only a GUID.
+		for i := range defaultLogSources.LogConfig.Sources {
+			for j := range defaultLogSources.LogConfig.Sources[i].Providers {
+				if defaultLogSources.LogConfig.Sources[i].Providers[j].ProviderName != "" &&
+					defaultLogSources.LogConfig.Sources[i].Providers[j].ProviderGUID != "" {
+					defaultLogSources.LogConfig.Sources[i].Providers[j].ProviderGUID = ""
+				}
+			}
+		}
 	})
 	return defaultLogSources, nil
 }
 
-// GetDefaultLogSourcesWithMappedGuid returns the default log sources with provider GUIDs included in the providers. If there is an error in loading the default log sources or the ETW map, it returns the default log sources without GUIDs.
-func GetDefaultLogSourcesWithMappedGuid() (LogSourcesInfo, error) {
+// GetDefaultLogSourcesWithMappedGUID returns the default log sources with provider GUIDs included in the providers. If there is an error in loading the default log sources or the ETW map, it returns the default log sources without GUIDs.
+func GetDefaultLogSourcesWithMappedGUID(ctx context.Context) (LogSourcesInfo, error) {
 	onceListMap.Do(func() {
-		_, err := GetDefaultLogSources()
+		_, err := GetDefaultLogSources(ctx)
 		if err != nil {
+			log.G(ctx).Errorf("Error getting default log sources: %v", err)
 			return
 		}
 
@@ -173,8 +194,8 @@ func GetDefaultLogSourcesWithMappedGuid() (LogSourcesInfo, error) {
 				etwProvider.Keywords = provider.Keywords
 				etwProvider.Level = provider.Level
 				etwProvider.ProviderName = provider.ProviderName
-				etwProvider.ProviderGuid = GetProviderGuidFromName(provider.ProviderName)
-				source.Providers = append(src.Providers, etwProvider)
+				etwProvider.ProviderGUID = GetProviderGUIDFromName(provider.ProviderName)
+				source.Providers = append(source.Providers, etwProvider)
 			}
 
 			logConfig.Sources = append(logConfig.Sources, source)
@@ -185,32 +206,36 @@ func GetDefaultLogSourcesWithMappedGuid() (LogSourcesInfo, error) {
 	return defaultLogSourcesWithMap, nil
 }
 
-// GetProviderGuidFromName returns the provider guid for a given provider name. If the provider name is not found in the map, it returns an empty string.
-func GetProviderGuidFromName(providerName string) string {
-	LoadEtwMap()
+// GetProviderGUIDFromName returns the provider GUID for a given provider name. If the provider name is not found in the map, it returns an empty string.
+func GetProviderGUIDFromName(providerName string) string {
+	if _, _, err := LoadEtwMap(); err != nil {
+		return ""
+	}
 	return nameToGUID[providerName]
 }
 
-// GetProviderNameFromGuid returns the provider name for a given provider guid. If the provider guid is not found in the map, it returns an empty string.
-func GetProviderNameFromGuid(providerGuid string) string {
-	LoadEtwMap()
-	return guidToName[providerGuid]
+// GetProviderNameFromGUID returns the provider name for a given provider GUID. If the provider GUID is not found in the map, it returns an empty string.
+func GetProviderNameFromGUID(providerGUID string) string {
+	if _, _, err := LoadEtwMap(); err != nil {
+		return ""
+	}
+	return guidToName[providerGUID]
 }
 
-// Updates the user provided log sources with the default log sources based on the configuration and returns the updated log sources as a base64 encoded json string. If there is an error in the process, it returns the original user provided log sources string.
-func UpdateEncodedLogSources(base64EncodedJsonLogConfig string, useDefaultLogSources bool, includeGuids bool) string {
+// Updates the user provided log sources with the default log sources based on the configuration and returns the updated log sources as a base64 encoded JSON string. If there is an error in the process, it returns the original user provided log sources string.
+func UpdateEncodedLogSources(ctx context.Context, base64EncodedJSONLogConfig string, useDefaultLogSources bool, includeGUIDs bool) string {
 
 	var resultLogCfg LogSourcesInfo
 	if useDefaultLogSources {
-		if includeGuids {
-			resultLogCfg, _ = GetDefaultLogSourcesWithMappedGuid()
+		if includeGUIDs {
+			resultLogCfg, _ = GetDefaultLogSourcesWithMappedGUID(ctx)
 		} else {
-			resultLogCfg, _ = GetDefaultLogSources()
+			resultLogCfg, _ = GetDefaultLogSources(ctx)
 		}
 	}
 
-	if base64EncodedJsonLogConfig != "" {
-		jsonBytes, err := base64.StdEncoding.DecodeString(base64EncodedJsonLogConfig)
+	if base64EncodedJSONLogConfig != "" {
+		jsonBytes, err := base64.StdEncoding.DecodeString(base64EncodedJSONLogConfig)
 		if err == nil {
 			var userLogConfig LogSourcesInfo
 			if err := json.Unmarshal(jsonBytes, &userLogConfig); err == nil {
@@ -226,21 +251,21 @@ func UpdateEncodedLogSources(base64EncodedJsonLogConfig string, useDefaultLogSou
 					if destSrc, ok := resultSrcMap[source.Type]; ok {
 						// then update the source's providers
 						for _, srcProvider := range source.Providers {
-							if includeGuids {
-								if srcProvider.ProviderGuid == "" {
-									srcProvider.ProviderGuid = GetProviderGuidFromName(srcProvider.ProviderName)
+							if includeGUIDs {
+								if srcProvider.ProviderGUID == "" {
+									srcProvider.ProviderGUID = GetProviderGUIDFromName(srcProvider.ProviderName)
 								}
 							} else {
 								// If Include GUIDs is false, then
 								// We still include GUIDs if that is the only identity present. Only when both Name and GUID is provided for a ETW provider, we
 								// check if the provided GUID is valid and remove it if we can fetch the same from our well known list of guids by using the name
 								// This is because the sidecar-GCS prefers verification of log providers by name against the policy.
-								if srcProvider.ProviderName != "" && srcProvider.ProviderGuid != "" {
-									guid, _ := NormalizeGuid(srcProvider.ProviderGuid)
-									if strings.EqualFold(guid, GetProviderGuidFromName(srcProvider.ProviderName)) {
-										srcProvider.ProviderGuid = ""
+								if srcProvider.ProviderName != "" && srcProvider.ProviderGUID != "" {
+									guid, _ := NormalizeGUID(srcProvider.ProviderGUID)
+									if strings.EqualFold(guid, GetProviderGUIDFromName(srcProvider.ProviderName)) {
+										srcProvider.ProviderGUID = ""
 									} else {
-										srcProvider.ProviderGuid = guid
+										srcProvider.ProviderGUID = guid
 									}
 								}
 							}
@@ -271,7 +296,7 @@ func UpdateEncodedLogSources(base64EncodedJsonLogConfig string, useDefaultLogSou
 
 	jsonBytes, err := json.Marshal(resultLogCfg)
 	if err != nil {
-		return base64EncodedJsonLogConfig
+		return base64EncodedJSONLogConfig
 	}
 
 	encodedCfg := base64.StdEncoding.EncodeToString(jsonBytes)