| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 16 Feb 2021 17:08:04 -0800
From: Joe Stringer <joe@...d.net.nz>
To: bpf@...r.kernel.org
Cc: Joe Stringer <joe@...ium.io>, linux-man@...r.kernel.org,
netdev@...r.kernel.org, mtk.manpages@...il.com, ast@...nel.org,
brianvv@...gle.com, daniel@...earbox.net, daniel@...que.org,
john.fastabend@...il.com, ppenkov@...gle.com,
quentin@...valent.com, sean@...s.org, yhs@...com
Subject: [PATCH bpf-next 00/17] Improve BPF syscall command documentation
From: Joe Stringer <joe@...ium.io>
The state of bpf(2) manual pages today is not exactly ideal. For the
most part, it was written several years ago and has not kept up with the
pace of development in the kernel tree. For instance, out of a total of
~35 commands to the BPF syscall available today, when I pull the
kernel-man-pages tree today I find just 6 documented commands: The very
basics of map interaction and program load.
In contrast, looking at bpf-helpers(7), I am able today to run one
command[0] to fetch API documentation of the very latest eBPF helpers
that have been added to the kernel. This documentation is up to date
because kernel maintainers enforce documenting the APIs as part of
the feature submission process. As far as I can tell, we rely on manual
synchronization from the kernel tree to the kernel-man-pages tree to
distribute these more widely, so all locations may not be completely up
to date. That said, the documentation does in fact exist in the first
place which is a major initial hurdle to overcome.
Given the relative success of the process around bpf-helpers(7) to
encourage developers to document their user-facing changes, in this
patch series I explore applying this technique to bpf(2) as well.
Unfortunately, even with bpf(2) being so out-of-date, there is still a
lot of content to convert over. In particular, I've identified at least
the following aspects of the bpf syscall which could individually be
generated from separate documentation in the header:
* BPF syscall commands
* BPF map types
* BPF program types
* BPF attachment points
Rather than tackle everything at once, I have focused in this series on
the syscall commands, "enum bpf_cmd". This series is structured to first
import what useful descriptions there are from the kernel-man-pages
tree, then piece-by-piece document a few of the syscalls in more detail
in cases where I could find useful documentation from the git tree or
from a casual read of the code. Not all documentation is comprehensive
at this point, but a basis is provided with examples that can be further
enhanced with subsequent follow-up patches. Note, the series in its
current state only includes documentation around the syscall commands
themselves, so in the short term it doesn't allow us to automate bpf(2)
generation; Only one section of the man page could be replaced. Though
if there is appetite for this approach, this should be trivial to
improve on, even if just by importing the remaining static text from the
kernel-man-pages tree.
Following that, the series enhances the python scripting around parsing
the descriptions from the header files and generating dedicated
ReStructured Text and troff output. Finally, to expose the new text and
reduce the likelihood of having it get out of date or break the docs
parser, it is added to the selftests and exposed through the kernel
documentation web pages.
At this point I'd like to put this out for comments. In my mind, the
ideal eventuation of this work would be to extend kernel UAPI headers
such that each of the categories I had listed above (commands, maps,
progs, hooks) have dedicated documentation in the kernel tree, and that
developers must update the comments in the headers to document the APIs
prior to patch acceptance, and that we could auto-generate the latest
version of the bpf(2) manual pages based on a few static description
sections combined with the dynamically-generated output from the header.
Thanks also to Quentin Monnet for initial review.
[0]: make -C tools/bpf -f Makefile.docs bpf-helpers.7
Joe Stringer (17):
bpf: Import syscall arg documentation
bpf: Add minimal bpf() command documentation
bpf: Document BPF_F_LOCK in syscall commands
bpf: Document BPF_PROG_PIN syscall command
bpf: Document BPF_PROG_ATTACH syscall command
bpf: Document BPF_PROG_TEST_RUN syscall command
bpf: Document BPF_PROG_QUERY syscall command
bpf: Document BPF_MAP_*_BATCH syscall commands
scripts/bpf: Rename bpf_helpers_doc.py -> bpf_doc.py
scripts/bpf: Abstract eBPF API target parameter
scripts/bpf: Add syscall commands printer
tools/bpf: Rename Makefile.{helpers,docs}
tools/bpf: Templatize man page generation
tools/bpf: Build bpf-sycall.2 in Makefile.docs
selftests/bpf: Add docs target
docs/bpf: Add bpf() syscall command reference
tools: Sync uapi bpf.h header with latest changes
Documentation/Makefile | 2 +
Documentation/bpf/Makefile | 28 +
Documentation/bpf/bpf_commands.rst | 5 +
Documentation/bpf/index.rst | 14 +-
include/uapi/linux/bpf.h | 709 +++++++++++++++++-
scripts/{bpf_helpers_doc.py => bpf_doc.py} | 189 ++++-
tools/bpf/Makefile.docs | 88 +++
tools/bpf/Makefile.helpers | 60 --
tools/bpf/bpftool/Documentation/Makefile | 12 +-
tools/include/uapi/linux/bpf.h | 709 +++++++++++++++++-
tools/lib/bpf/Makefile | 2 +-
tools/perf/MANIFEST | 2 +-
tools/testing/selftests/bpf/Makefile | 20 +-
.../selftests/bpf/test_bpftool_build.sh | 21 -
tools/testing/selftests/bpf/test_doc_build.sh | 13 +
15 files changed, 1736 insertions(+), 138 deletions(-)
create mode 100644 Documentation/bpf/Makefile
create mode 100644 Documentation/bpf/bpf_commands.rst
rename scripts/{bpf_helpers_doc.py => bpf_doc.py} (82%)
create mode 100644 tools/bpf/Makefile.docs
delete mode 100644 tools/bpf/Makefile.helpers
create mode 100755 tools/testing/selftests/bpf/test_doc_build.sh
--
2.27.0
Powered by blists - more mailing lists