| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <9ffd4b6b-0073-cfef-5889-cb4d0b838f8e@iogearbox.net>
Date: Thu, 30 Jun 2022 17:16:14 +0200
From: Daniel Borkmann <daniel@...earbox.net>
To: Quentin Monnet <quentin@...valent.com>,
Alexei Starovoitov <ast@...nel.org>,
Andrii Nakryiko <andrii@...nel.org>
Cc: Martin KaFai Lau <kafai@...com>, Song Liu <songliubraving@...com>,
Yonghong Song <yhs@...com>,
John Fastabend <john.fastabend@...il.com>,
KP Singh <kpsingh@...nel.org>, bpf@...r.kernel.org,
netdev@...r.kernel.org
Subject: Re: [PATCH bpf-next] bpftool: Allow disabling features at compile
time
On 6/29/22 4:39 PM, Quentin Monnet wrote:
> Some dependencies for bpftool are optional, and the associated features
> may be left aside at compilation time depending on the available
> components on the system (libraries, BTF, clang version, etc.).
> Sometimes, it is useful to explicitly leave some of those features aside
> when compiling, even though the system would support them. For example,
> this can be useful:
>
> - for testing bpftool's behaviour when the feature is not present,
> - for copmiling for a different system, where some libraries are
> missing,
> - for producing a lighter binary,
> - for disabling features that do not compile correctly on older
> systems - although this is not supposed to happen, this is
> currently the case for skeletons support on Linux < 5.15, where
> struct bpf_perf_link is not defined in kernel BTF.
>
> For such cases, we introduce, in the Makefile, some environment
> variables that can be used to disable those features: namely,
> BPFTOOL_FEATURE_NO_LIBBFD, BPFTOOL_FEATURE_NO_LIBCAP, and
> BPFTOOL_FEATURE_NO_SKELETONS.
>
> Signed-off-by: Quentin Monnet <quentin@...valent.com>
> ---
> tools/bpf/bpftool/Makefile | 20 ++++++++++++++++++--
> 1 file changed, 18 insertions(+), 2 deletions(-)
>
> diff --git a/tools/bpf/bpftool/Makefile b/tools/bpf/bpftool/Makefile
> index c19e0e4c41bd..b3dd6a1482f6 100644
> --- a/tools/bpf/bpftool/Makefile
> +++ b/tools/bpf/bpftool/Makefile
> @@ -93,8 +93,24 @@ INSTALL ?= install
> RM ?= rm -f
>
> FEATURE_USER = .bpftool
> -FEATURE_TESTS = libbfd disassembler-four-args zlib libcap \
> - clang-bpf-co-re
> +FEATURE_TESTS := disassembler-four-args zlib
> +
> +# Disable libbfd (for disassembling JIT-compiled programs) by setting
> +# BPFTOOL_FEATURE_NO_LIBBFD
> +ifeq ($(BPFTOOL_FEATURE_NO_LIBBFD),)
> + FEATURE_TESTS += libbfd
> +endif
> +# Disable libcap (for probing features available to unprivileged users) by
> +# setting BPFTOOL_FEATURE_NO_LIBCAP
> +ifeq ($(BPFTOOL_FEATURE_NO_LIBCAP),)
> + FEATURE_TESTS += libcap
> +endif
The libcap one I think is not really crucial, so that lgtm. The other ones I would
keep as requirement so we don't encourage distros to strip away needed functionality
for odd reasons. At min, I think the libbfd is a must, imho.
> +# Disable skeletons (e.g. for profiling programs or showing PIDs of processes
> +# associated to BPF objects) by setting BPFTOOL_FEATURE_NO_SKELETONS
> +ifeq ($(BPFTOOL_FEATURE_NO_SKELETONS),)
> + FEATURE_TESTS += clang-bpf-co-re
> +endif
> +
> FEATURE_DISPLAY = libbfd disassembler-four-args zlib libcap \
> clang-bpf-co-re
>
>
Powered by blists - more mailing lists