| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAH3MdRVp4WcWYWBG9wHmvrS8Xb16_jrDxuDqr4uqnxHOknGs1w@mail.gmail.com>
Date: Thu, 3 Jan 2019 22:35:02 -0800
From: Y Song <ys114321@...il.com>
To: Quentin Monnet <quentin.monnet@...ronome.com>
Cc: Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
netdev <netdev@...r.kernel.org>, oss-drivers@...ronome.com,
Arnaldo Carvalho de Melo <acme@...nel.org>,
Jesper Dangaard Brouer <brouer@...hat.com>,
Stanislav Fomichev <sdf@...gle.com>
Subject: Re: [RFC bpf-next v3 3/9] tools: bpftool: add probes for kernel
configuration options
On Thu, Jan 3, 2019 at 9:27 AM Quentin Monnet
<quentin.monnet@...ronome.com> wrote:
>
> Add probes to dump a number of options set (or not set) for compiling
> the kernel image. These parameters provide information about what BPF
> components should be available on the system. A number of them are not
> directly related to eBPF, but are in fact used in the kernel as
> conditions on which to compile, or not to compile, some of the eBPF
> helper functions.
>
> Sample output:
>
> # bpftool feature probe kernel
> Scanning system configuration...
> ...
> CONFIG_BPF is set to y
> CONFIG_BPF_SYSCALL is set to y
> CONFIG_HAVE_EBPF_JIT is set to y
> ...
>
> # bpftool --pretty --json feature probe kernel
> {
> "system_config": {
> ...
> "CONFIG_BPF": "y",
> "CONFIG_BPF_SYSCALL": "y",
> "CONFIG_HAVE_EBPF_JIT": "y",
> ...
> }
> }
>
> v3:
> - Add a comment about /proc/config.gz not being supported as a path for
> the config file at this time.
> - Use p_info() instead of p_err() on failure to get options from config
> file, as bpftool keeps probing other parameters and that would
> possibly create duplicate "error" entries for JSON.
>
> v2:
> - Remove C-style macros output from this patch.
> - NOT addressed: grouping of those config options into subsections
> (I don't see an easy way of grouping them at the moment, please see
> also the discussion on v1 thread).
>
> Signed-off-by: Quentin Monnet <quentin.monnet@...ronome.com>
> Reviewed-by: Jakub Kicinski <jakub.kicinski@...ronome.com>
> ---
> tools/bpf/bpftool/feature.c | 142 ++++++++++++++++++++++++++++++++++++
> 1 file changed, 142 insertions(+)
>
> diff --git a/tools/bpf/bpftool/feature.c b/tools/bpf/bpftool/feature.c
> index 37fe79f59015..05c16fe67005 100644
> --- a/tools/bpf/bpftool/feature.c
> +++ b/tools/bpf/bpftool/feature.c
> @@ -48,6 +48,30 @@ print_bool_feature(const char *feat_name, const char *plain_name, bool res)
> printf("%s is %savailable\n", plain_name, res ? "" : "NOT ");
> }
>
> +static void print_kernel_option(const char *name, const char *value)
> +{
> + char *endptr;
> + int res;
> +
> + if (json_output) {
> + if (!value) {
> + jsonw_null_field(json_wtr, name);
> + return;
> + }
> + errno = 0;
> + res = strtol(value, &endptr, 0);
> + if (!errno && *endptr == '\n')
> + jsonw_int_field(json_wtr, name, res);
> + else
> + jsonw_string_field(json_wtr, name, value);
> + } else {
> + if (value)
> + printf("%s is set to %s\n", name, value);
> + else
> + printf("%s is not set\n", name);
> + }
> +}
> +
> static void
> print_start_section(const char *json_title, const char *plain_title)
> {
> @@ -190,6 +214,123 @@ static void probe_jit_kallsyms(void)
> }
> }
>
> +static char *get_kernel_config_option(FILE *fd, const char *option)
> +{
> + size_t line_n = 0, optlen = strlen(option);
> + char *res, *strval, *line = NULL;
> + ssize_t n;
> +
> + rewind(fd);
> + while ((n = getline(&line, &line_n, fd)) > 0) {
> + if (strncmp(line, option, optlen))
> + continue;
> + /* Check we have at least '=', value, and '\n' */
> + if (strlen(line) < optlen + 3)
> + continue;
> + if (*(line + optlen) != '=')
> + continue;
> +
> + /* Trim ending '\n' */
> + line[strlen(line) - 1] = '\0';
> +
> + /* Copy and return config option value */
> + strval = line + optlen + 1;
> + res = strdup(strval);
> + free(line);
> + return res;
> + }
> + free(line);
> +
> + return NULL;
> +}
> +
> +static void probe_kernel_image_config(void)
> +{
> + const char * const options[] = {
> + "CONFIG_BPF",
> + "CONFIG_BPF_SYSCALL",
> + "CONFIG_HAVE_EBPF_JIT",
> + "CONFIG_BPF_JIT",
> + "CONFIG_BPF_JIT_ALWAYS_ON",
> + "CONFIG_NET",
> + "CONFIG_XDP_SOCKETS",
> + "CONFIG_CGROUPS",
> + "CONFIG_CGROUP_BPF",
> + "CONFIG_CGROUP_NET_CLASSID",
> + "CONFIG_BPF_EVENTS",
> + "CONFIG_LWTUNNEL_BPF",
> + "CONFIG_NET_ACT_BPF",
> + "CONFIG_NET_CLS_ACT",
> + "CONFIG_NET_CLS_BPF",
> + "CONFIG_NET_SCH_INGRESS",
> + "CONFIG_XFRM",
> + "CONFIG_SOCK_CGROUP_DATA",
> + "CONFIG_IP_ROUTE_CLASSID",
> + "CONFIG_IPV6_SEG6_BPF",
> + "CONFIG_FUNCTION_ERROR_INJECTION",
> + "CONFIG_BPF_KPROBE_OVERRIDE",
> + "CONFIG_BPF_LIRC_MODE2",
> + "CONFIG_NETFILTER_XT_MATCH_BPF",
> + "CONFIG_TEST_BPF",
> + "CONFIG_BPFILTER",
> + "CONFIG_BPFILTER_UMH",
> + "CONFIG_BPF_STREAM_PARSER",
The list does not have any tracing specific configs like
CONFIG_KPROBES, CONFIG_UPROBES, etc.
Should we check those as well?
> + };
> + char *value, *buf = NULL;
> + struct utsname utsn;
> + char path[PATH_MAX];
> + size_t i, n;
> + ssize_t ret;
> + FILE *fd;
> +
> + if (uname(&utsn))
> + goto no_config;
> +
> + snprintf(path, sizeof(path), "/boot/config-%s", utsn.release);
> +
> + fd = fopen(path, "r");
> + if (!fd && errno == ENOENT) {
> + /* Some distributions put the config file at /proc/config, give
> + * it a try.
> + * Sometimes it is also at /proc/config.gz but we do not try
> + * this one for now, it would require linking against libz.
> + */
> + fd = fopen("/proc/config", "r");
> + }
> + if (!fd) {
> + p_info("skipping kernel config, can't open file: %s",
> + strerror(errno));
> + goto no_config;
> + }
> + /* Sanity checks */
> + ret = getline(&buf, &n, fd);
> + ret = getline(&buf, &n, fd);
> + if (!buf || !ret) {
> + p_info("skipping kernel config, can't read from file: %s",
> + strerror(errno));
> + free(buf);
> + goto no_config;
> + }
> + if (strcmp(buf, "# Automatically generated file; DO NOT EDIT.\n")) {
> + p_info("skipping kernel config, can't find correct file");
> + free(buf);
> + goto no_config;
> + }
> + free(buf);
> +
> + for (i = 0; i < ARRAY_SIZE(options); i++) {
> + value = get_kernel_config_option(fd, options[i]);
> + print_kernel_option(options[i], value);
> + free(value);
> + }
> + fclose(fd);
> + return;
> +
> +no_config:
> + for (i = 0; i < ARRAY_SIZE(options); i++)
> + print_kernel_option(options[i], NULL);
> +}
> +
> static bool probe_bpf_syscall(void)
> {
> bool res;
> @@ -249,6 +390,7 @@ static int do_probe(int argc, char **argv)
> } else {
> p_info("/* procfs not mounted, skipping related probes */");
> }
> + probe_kernel_image_config();
> if (json_output)
> jsonw_end_object(json_wtr);
> else
> --
> 2.17.1
>
Powered by blists - more mailing lists