| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20181213121922.6652-1-quentin.monnet@netronome.com>
Date: Thu, 13 Dec 2018 12:19:14 +0000
From: Quentin Monnet <quentin.monnet@...ronome.com>
To: Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>
Cc: netdev@...r.kernel.org, oss-drivers@...ronome.com,
Quentin Monnet <quentin.monnet@...ronome.com>,
Arnaldo Carvalho de Melo <acme@...nel.org>,
Jesper Dangaard Brouer <brouer@...hat.com>,
Stanislav Fomichev <sdf@...gle.com>
Subject: [PATCH bpf-next 0/8] tools: bpftool: add probes for system and device
Hi,
This set add a new command to bpftool in order to dump a list of
eBPF-related parameters for the system (or for a specific network
device) to the console. Once again, this is based on a suggestion from
Daniel.
At this time, output includes:
- Availability of bpf() system call
- Availability of bpf() system call for unprivileged users
- JIT status (enabled or not, with or without debugging traces)
- JIT hardening status
- JIT kallsyms exports status
- Status of kernel compilation options related to BPF features
- Release number of the running kernel
- Availability of known eBPF program types
- Availability of known eBPF map types
- Availability of known eBPF helper functions
There are three different ways to dump this information at this time:
- Plain output dumps probe results in plain text. It is the most
flexible options for providing descriptive output to the user, but
should not be relied upon for parsing the output.
- JSON output is supported.
- A third mode, available through the "macros" keyword appended to
the command line, dumps the parameters as a series of "#define"
directives, that can be included into a C header file for example.
If the user does not have root privileges (or more precisely, the
CAP_SYS_ADMIN capability) detection will be erroneous for most
parameters. Therefore, forbid non-root users to run the command.
Cc: Arnaldo Carvalho de Melo <acme@...nel.org>
Cc: Jesper Dangaard Brouer <brouer@...hat.com>
Cc: Stanislav Fomichev <sdf@...gle.com>
Quentin Monnet (8):
tools: bpftool: add basic probe capability, probe syscall and kversion
tools: bpftool: add probes for /proc/ eBPF parameters
tools: bpftool: add probes for kernel configuration options
tools: bpftool: add probes for eBPF program types
tools: bpftool: add probes for eBPF map types
tools: bpftool: add probes for eBPF helper functions
tools: bpftool: add probes for a network device
tools: bpftool: add bash completion for bpftool probes
.../bpftool/Documentation/bpftool-cgroup.rst | 1 +
.../bpftool/Documentation/bpftool-feature.rst | 85 ++
.../bpf/bpftool/Documentation/bpftool-map.rst | 1 +
.../bpf/bpftool/Documentation/bpftool-net.rst | 1 +
.../bpftool/Documentation/bpftool-perf.rst | 1 +
.../bpftool/Documentation/bpftool-prog.rst | 1 +
tools/bpf/bpftool/Documentation/bpftool.rst | 1 +
tools/bpf/bpftool/bash-completion/bpftool | 19 +
tools/bpf/bpftool/common.c | 2 +-
tools/bpf/bpftool/feature.c | 1012 +++++++++++++++++
tools/bpf/bpftool/main.c | 3 +-
tools/bpf/bpftool/main.h | 5 +
tools/bpf/bpftool/map.c | 4 +-
13 files changed, 1133 insertions(+), 3 deletions(-)
create mode 100644 tools/bpf/bpftool/Documentation/bpftool-feature.rst
create mode 100644 tools/bpf/bpftool/feature.c
--
2.17.1
Powered by blists - more mailing lists