| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <825c69ce-11ac-0675-b310-7c0abab17205@isovalent.com>
Date: Thu, 30 Jun 2022 18:31:33 +0100
From: Quentin Monnet <quentin@...valent.com>
To: Daniel Borkmann <daniel@...earbox.net>,
Alexei Starovoitov <ast@...nel.org>,
Andrii Nakryiko <andrii@...nel.org>
Cc: Martin KaFai Lau <kafai@...com>, Song Liu <songliubraving@...com>,
Yonghong Song <yhs@...com>,
John Fastabend <john.fastabend@...il.com>,
KP Singh <kpsingh@...nel.org>, bpf@...r.kernel.org,
netdev@...r.kernel.org
Subject: Re: [PATCH bpf-next] bpftool: Allow disabling features at compile
time
On 30/06/2022 16:16, Daniel Borkmann wrote:
> On 6/29/22 4:39 PM, Quentin Monnet wrote:
>> Some dependencies for bpftool are optional, and the associated features
>> may be left aside at compilation time depending on the available
>> components on the system (libraries, BTF, clang version, etc.).
>> Sometimes, it is useful to explicitly leave some of those features aside
>> when compiling, even though the system would support them. For example,
>> this can be useful:
>>
>> - for testing bpftool's behaviour when the feature is not present,
>> - for copmiling for a different system, where some libraries are
>> missing,
>> - for producing a lighter binary,
>> - for disabling features that do not compile correctly on older
>> systems - although this is not supposed to happen, this is
>> currently the case for skeletons support on Linux < 5.15, where
>> struct bpf_perf_link is not defined in kernel BTF.
>>
>> For such cases, we introduce, in the Makefile, some environment
>> variables that can be used to disable those features: namely,
>> BPFTOOL_FEATURE_NO_LIBBFD, BPFTOOL_FEATURE_NO_LIBCAP, and
>> BPFTOOL_FEATURE_NO_SKELETONS.
>>
>> Signed-off-by: Quentin Monnet <quentin@...valent.com>
>> ---
>> tools/bpf/bpftool/Makefile | 20 ++++++++++++++++++--
>> 1 file changed, 18 insertions(+), 2 deletions(-)
>>
>> diff --git a/tools/bpf/bpftool/Makefile b/tools/bpf/bpftool/Makefile
>> index c19e0e4c41bd..b3dd6a1482f6 100644
>> --- a/tools/bpf/bpftool/Makefile
>> +++ b/tools/bpf/bpftool/Makefile
>> @@ -93,8 +93,24 @@ INSTALL ?= install
>> RM ?= rm -f
>> FEATURE_USER = .bpftool
>> -FEATURE_TESTS = libbfd disassembler-four-args zlib libcap \
>> - clang-bpf-co-re
>> +FEATURE_TESTS := disassembler-four-args zlib
>> +
>> +# Disable libbfd (for disassembling JIT-compiled programs) by setting
>> +# BPFTOOL_FEATURE_NO_LIBBFD
>> +ifeq ($(BPFTOOL_FEATURE_NO_LIBBFD),)
>> + FEATURE_TESTS += libbfd
>> +endif
>> +# Disable libcap (for probing features available to unprivileged
>> users) by
>> +# setting BPFTOOL_FEATURE_NO_LIBCAP
>> +ifeq ($(BPFTOOL_FEATURE_NO_LIBCAP),)
>> + FEATURE_TESTS += libcap
>> +endif
>
> The libcap one I think is not really crucial, so that lgtm. The other
> ones I would
> keep as requirement so we don't encourage distros to strip away needed
> functionality
> for odd reasons. At min, I think the libbfd is a must, imho.
Thanks Daniel, that's a legitimate concern. Probably best to avoid
offering an easy option to disable the features in that case - I can
live with Makefile edits if I need to test a different feature set.
Please drop this patch.
Thanks,
Quentin
Powered by blists - more mailing lists