Add ability to specify a script's license

CHANGELOG.md

@@ -21,6 +21,8 @@ and this project adheres to
   - [#3046](https://github.com/bpftrace/bpftrace/pull/3046)
 - Add for-each loops for iterating over map elements
   - [#3003](https://github.com/bpftrace/bpftrace/pull/3003)
+- Add ability to specify a script's license
+  - [#3157](https://github.com/bpftrace/bpftrace/pull/3157)
 #### Changed
 - Better error message for args in mixed probes
   - [#3047](https://github.com/bpftrace/bpftrace/pull/3047)

man/adoc/bpftrace.adoc

@@ -49,6 +49,18 @@ List all the probes attached in the program::
 
 x86_64, arm64, s390x, arm32, loongarch64, mips64, ppc64, riscv64
 
+== Script Licenses
+
+The license of a bpftrace script affects how it can be run, as the Linux kernel limits the functionality available to non-GPL licensed programs.
+
+A license can be specified by setting the <<license>> config variable or by including a single-line comment containing a SPDX License ID:
+
+----
+// SPDX-License-Identifier: GPL-2.0-or-later
+----
+
+If a license is not explicitly declared, bpftrace will assume that the script is GPL v2 compatible.
+
 == Options
 
 === *-B* _MODE_
@@ -3340,6 +3352,16 @@ Default: 0
 
 For user space symbols, symbolicate lazily/on-demand (1) or symbolicate everything ahead of time (0).
 
+=== license
+
+Default: <unset>
+
+The license covering the script's source code.
+
+This license string is passed to the kernel where it is used to determine what functionality can be used.
+
+Licenses recognised by the Linux kernel are listed in link:https://docs.kernel.org/process/license-rules.html#id1[its documentation].
+
 === log_size
 
 Default: 1000000

src/ast/irbuilderbpf.cpp

@@ -607,14 +607,12 @@ CallInst *IRBuilderBPF::CreateProbeReadStr(Value *ctx,
   // int bpf_probe_read_str(void *dst, int size, const void *unsafe_ptr)
   FunctionType *probereadstr_func_type = FunctionType::get(
       getInt64Ty(), { dst->getType(), getInt32Ty(), src->getType() }, false);
-  PointerType *probereadstr_func_ptr_type = PointerType::get(
-      probereadstr_func_type, 0);
-  Constant *probereadstr_callee = ConstantExpr::getCast(
-      Instruction::IntToPtr, getInt64(read_fn), probereadstr_func_ptr_type);
-  CallInst *call = createCall(probereadstr_func_type,
-                              probereadstr_callee,
-                              { dst, size_i32, src },
-                              probeReadHelperName(read_fn));
+
+  CallInst *call = CreateHelperCall(read_fn,
+                                    probereadstr_func_type,
+                                    { dst, size_i32, src },
+                                    probeReadHelperName(read_fn),
+                                    &loc);
   CreateHelperErrorCond(ctx, call, read_fn, loc);
   return call;
 }

src/ast/passes/codegen_llvm.cpp

@@ -96,12 +96,16 @@ CodegenLLVM::CodegenLLVM(Node *root, BPFtrace &bpftrace)
                          llvm::DEBUG_METADATA_VERSION);
 
   // Set license of BPF programs
-  const std::string license = "GPL";
+  const auto &license = bpftrace_.get_license();
   auto license_var = llvm::dyn_cast<GlobalVariable>(module_->getOrInsertGlobal(
       "LICENSE", ArrayType::get(b_.getInt8Ty(), license.size() + 1)));
   license_var->setInitializer(
       ConstantDataArray::getString(module_->getContext(), license.c_str()));
   license_var->setSection("license");
+
+  // XXX: Set licenses for manually loaded programs. Remove once libbpf is used
+  // instead:
+  bpftrace_.resources.license = license;
 }
 
 void CodegenLLVM::visit(Integer &integer)

src/attached_probe.cpp

@@ -174,10 +174,11 @@ AttachedProbe::AttachedProbe(Probe &probe,
                              BpfProgram &&prog,
                              bool safe_mode,
                              BPFfeature &feature,
-                             BTF &btf)
+                             BTF &btf,
+                             cstring_view license)
     : probe_(probe), prog_(std::move(prog)), btf_(btf)
 {
-  load_prog(feature);
+  load_prog(feature, license);
   LOG(V1) << "Attaching " << probe_.orig_name;
   switch (probe_.type) {
     case ProbeType::special:
@@ -228,10 +229,11 @@ AttachedProbe::AttachedProbe(Probe &probe,
                              int pid,
                              BPFfeature &feature,
                              BTF &btf,
+                             cstring_view license,
                              bool safe_mode)
     : probe_(probe), prog_(std::move(prog)), btf_(btf)
 {
-  load_prog(feature);
+  load_prog(feature, license);
   switch (probe_.type) {
     case ProbeType::usdt:
       attach_usdt(pid, feature);
@@ -698,14 +700,13 @@ void maybe_throw_helper_verifier_error(std::string_view log,
 }
 }
 
-void AttachedProbe::load_prog(BPFfeature &feature)
+void AttachedProbe::load_prog(BPFfeature &feature, cstring_view license)
 {
   if (use_cached_progfd())
     return;
 
   auto &insns = prog_.getCode();
   auto func_infos = prog_.getFuncInfos();
-  const char *license = "GPL";
   int log_level = 0;
 
   uint64_t log_buf_size = probe_.log_size;
@@ -834,7 +835,7 @@ void AttachedProbe::load_prog(BPFfeature &feature)
         if (btf_fd >= 0) {
           progfd_ = bpf_prog_load(static_cast<::bpf_prog_type>(prog_type),
                                   name.c_str(),
-                                  license,
+                                  license.c_str(),
                                   reinterpret_cast<const struct bpf_insn *>(
                                       insns.data()),
                                   insns.size() / sizeof(struct bpf_insn),
@@ -866,6 +867,10 @@ void AttachedProbe::load_prog(BPFfeature &feature)
     maybe_throw_helper_verifier_error(log_buf.get(),
                                       "helper call is not allowed in probe",
                                       " not allowed in probe");
+    maybe_throw_helper_verifier_error(
+        log_buf.get(),
+        "cannot call GPL-restricted function from non-GPL compatible program",
+        " can only be used in GPL-compatible programs");
 
     std::stringstream errmsg;
     errmsg << "Error loading program: " << probe_.name

src/attached_probe.h

@@ -8,6 +8,7 @@
 #include "bpffeature.h"
 #include "bpfprogram.h"
 #include "btf.h"
+#include "container/cstring_view.h"
 #include "types.h"
 
 #include <bcc/libbpf.h>
@@ -24,12 +25,14 @@ class AttachedProbe {
                 BpfProgram &&prog,
                 bool safe_mode,
                 BPFfeature &feature,
-                BTF &btf);
+                BTF &btf,
+                cstring_view license);
   AttachedProbe(Probe &probe,
                 BpfProgram &&prog,
                 int pid,
                 BPFfeature &feature,
                 BTF &btf,
+                cstring_view license,
                 bool safe_mode = true);
   ~AttachedProbe();
   AttachedProbe(const AttachedProbe &) = delete;
@@ -44,7 +47,7 @@ class AttachedProbe {
   std::string eventname() const;
   void resolve_offset_kprobe(bool safe_mode);
   bool resolve_offset_uprobe(bool safe_mode);
-  void load_prog(BPFfeature &feature);
+  void load_prog(BPFfeature &feature, cstring_view license);
   void attach_multi_kprobe(void);
   void attach_multi_uprobe(int pid);
   void attach_kprobe(bool safe_mode);

src/bpftrace.cpp

@@ -769,7 +769,7 @@ std::vector<std::unique_ptr<AttachedProbe>> BPFtrace::attach_usdt_probe(
   if (feature_->has_uprobe_refcnt() ||
       !(file_activation && probe.path.size())) {
     ret.emplace_back(std::make_unique<AttachedProbe>(
-        probe, std::move(program), pid, *feature_, *btf_));
+        probe, std::move(program), pid, *feature_, *btf_, resources.license));
     return ret;
   }
 
@@ -822,8 +822,12 @@ std::vector<std::unique_ptr<AttachedProbe>> BPFtrace::attach_usdt_probe(
         LOG(FATAL) << "failed to parse pid=" << pid_str;
       }
 
-      ret.emplace_back(std::make_unique<AttachedProbe>(
-          probe, std::move(program), pid_parsed, *feature_, *btf_));
+      ret.emplace_back(std::make_unique<AttachedProbe>(probe,
+                                                       std::move(program),
+                                                       pid_parsed,
+                                                       *feature_,
+                                                       *btf_,
+                                                       resources.license));
       break;
     }
   }
@@ -891,17 +895,30 @@ std::vector<std::unique_ptr<AttachedProbe>> BPFtrace::attach_probe(
       return ret;
     } else if (probe.type == ProbeType::uprobe ||
                probe.type == ProbeType::uretprobe) {
-      ret.emplace_back(std::make_unique<AttachedProbe>(
-          probe, std::move(*program), pid, *feature_, *btf_, safe_mode_));
+      ret.emplace_back(std::make_unique<AttachedProbe>(probe,
+                                                       std::move(*program),
+                                                       pid,
+                                                       *feature_,
+                                                       *btf_,
+                                                       resources.license,
+                                                       safe_mode_));
       return ret;
     } else if (probe.type == ProbeType::watchpoint ||
                probe.type == ProbeType::asyncwatchpoint) {
-      ret.emplace_back(std::make_unique<AttachedProbe>(
-          probe, std::move(*program), pid, *feature_, *btf_));
+      ret.emplace_back(std::make_unique<AttachedProbe>(probe,
+                                                       std::move(*program),
+                                                       pid,
+                                                       *feature_,
+                                                       *btf_,
+                                                       resources.license));
       return ret;
     } else {
-      ret.emplace_back(std::make_unique<AttachedProbe>(
-          probe, std::move(*program), safe_mode_, *feature_, *btf_));
+      ret.emplace_back(std::make_unique<AttachedProbe>(probe,
+                                                       std::move(*program),
+                                                       safe_mode_,
+                                                       *feature_,
+                                                       *btf_,
+                                                       resources.license));
       return ret;
     }
   } catch (const EnospcException &e) {
@@ -2293,4 +2310,14 @@ struct bcc_symbol_option &BPFtrace::get_symbol_opts()
   return symopts;
 }
 
+std::string BPFtrace::get_license() const
+{
+  const auto &opt_license = config_.try_get(ConfigKeyString::license);
+  if (opt_license)
+    return *opt_license;
+
+  LOG(V1) << "No license detected... defaulting to GPL";
+  return "GPL";
+}
+
 } // namespace bpftrace

src/bpftrace.h

@@ -166,6 +166,7 @@ class BPFtrace {
   bool has_btf_data() const;
   Dwarf *get_dwarf(const std::string &filename);
   Dwarf *get_dwarf(const ast::AttachPoint &attachpoint);
+  std::string get_license() const;
 
   std::string cmd_;
   bool finalize_ = false;

src/config.cpp

@@ -13,6 +13,7 @@ Config::Config(bool has_cmd, bool bt_verbose) : bt_verbose_(bt_verbose)
   config_map_ = {
     { ConfigKeyBool::cpp_demangle, { .value = true } },
     { ConfigKeyBool::lazy_symbolication, { .value = false } },
+    { ConfigKeyString::license, { .value = std::nullopt } },
     { ConfigKeyInt::log_size, { .value = (uint64_t)1000000 } },
     { ConfigKeyInt::max_bpf_progs, { .value = (uint64_t)512 } },
     { ConfigKeyInt::max_cat_bytes, { .value = (uint64_t)10240 } },

src/config.h

@@ -39,6 +39,7 @@ enum class ConfigKeyInt {
 };
 
 enum class ConfigKeyString {
+  license,
   str_trunc_trailer,
 };
 
@@ -63,6 +64,7 @@ const std::map<std::string, ConfigKey> CONFIG_KEY_MAP = {
   { "cache_user_symbols", ConfigKeyUserSymbolCacheType::default_ },
   { "cpp_demangle", ConfigKeyBool::cpp_demangle },
   { "lazy_symbolication", ConfigKeyBool::lazy_symbolication },
+  { "license", ConfigKeyString::license },
   { "log_size", ConfigKeyInt::log_size },
   { "max_bpf_progs", ConfigKeyInt::max_bpf_progs },
   { "max_cat_bytes", ConfigKeyInt::max_cat_bytes },
@@ -83,7 +85,12 @@ const std::set<std::string> ENV_ONLY = {
 
 struct ConfigValue {
   ConfigSource source = ConfigSource::default_;
-  std::variant<bool, uint64_t, std::string, StackMode, UserSymbolCacheType>
+  std::variant<bool,
+               uint64_t,
+               std::string,
+               StackMode,
+               UserSymbolCacheType,
+               std::nullopt_t>
       value;
 };
 
@@ -106,6 +113,11 @@ class Config {
     return get<std::string>(key);
   }
 
+  std::optional<std::string> try_get(ConfigKeyString key) const
+  {
+    return try_get<std::string>(key);
+  }
+
   StackMode get(ConfigKeyStackMode key) const
   {
     return get<StackMode>(key);
@@ -154,6 +166,19 @@ class Config {
     }
   }
 
+  template <typename T>
+  std::optional<T> try_get(ConfigKey key) const
+  {
+    auto it = config_map_.find(key);
+    if (it == config_map_.end()) {
+      throw std::runtime_error("Config key does not exist in map");
+    }
+    auto *p = std::get_if<T>(&it->second.value);
+    if (p)
+      return *p;
+    return {};
+  }
+
 private:
   bool can_set(ConfigSource prevSource, ConfigSource);
   bool is_aslr_enabled();

src/driver.cpp

@@ -12,6 +12,31 @@ extern bpftrace::location loc;
 
 namespace bpftrace {
 
+namespace {
+std::string_view parse_license()
+{
+  std::string_view program = Log::get().get_source();
+  constexpr std::string_view spdx_id_marker = "SPDX-License-Identifier: ";
+  auto spdx_id_pos = program.find(spdx_id_marker);
+  if (spdx_id_pos == program.npos)
+    return {};
+
+  auto license_pos = spdx_id_pos + spdx_id_marker.size();
+  auto eol_pos = program.find("\n", spdx_id_pos + 1);
+  if (eol_pos == program.npos)
+    return {};
+
+  auto license = program.substr(license_pos, eol_pos - license_pos);
+
+  // Try to translate some known GPL-v2-compatible licenses into a format
+  // understood by the Linux kernel
+  if (license.find("GPL-2.0") == 0)
+    return "GPL";
+
+  return license;
+}
+} // namespace
+
 Driver::Driver(BPFtrace &bpftrace, std::ostream &o)
     : bpftrace_(bpftrace), out_(o)
 {
@@ -31,6 +56,12 @@ int Driver::parse_str(std::string_view script)
 
 int Driver::parse()
 {
+  if (auto license = parse_license(); !license.empty()) {
+    LOG(V1) << "Found license from SPDX ID: " << license;
+    ConfigSetter config_setter(bpftrace_.config_, ConfigSource::default_);
+    config_setter.set(ConfigKeyString::license, std::string{ license });
+  }
+
   // Reset previous state if we parse more than once
   root.reset();
 

src/required_resources.h

@@ -85,6 +85,8 @@ class RequiredResources {
   void load_state(std::istream &in);
   void load_state(const uint8_t *ptr, size_t len);
 
+  std::string license;
+
   // Async argument metadata
   std::vector<std::tuple<FormatString, std::vector<Field>>> system_args;
   // mapped_printf_args stores seq_printf, debugf arguments

tests/CMakeLists.txt

@@ -31,6 +31,7 @@ add_executable(bpftrace_test
   mocks.cpp
   output.cpp
   parser.cpp
+  parser_licenses.cpp
   portability_analyser.cpp
   procmon.cpp
   probe.cpp