Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cmd, packaging: import BPF headers from kernel, detect whether host headers are usable #10640

Merged
merged 7 commits into from Aug 23, 2021
Merged

cmd, packaging: import BPF headers from kernel, detect whether host headers are usable #10640

merged 7 commits into from Aug 23, 2021

Conversation

bboozzoo
Copy link
Collaborator

Extracted from #10575. The branch imports BPF headers (linux/bpf.h, linux/bpf_common.h) from the Linux kernel v5.13-11855-g77d34a4683b0 in an unchanged form. The bpf_insn.h is an import of samples/bpf/bpf_insn.h from the kernel source trree, further redacted to remove bits that are not strictly necessary for our use of BPF in device cgroup.

@bboozzoo
cmd/libsnap-confine-private: import BPF instruction helper macros fro…
351c7f9 
…m the Linux kernel

Imported from the Linux kernel, commit
77d34a4683b053108ecd466cc7c4193b45805528 (v5.13-11855-g77d34a4683b0).

Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
@bboozzoo
cmd/vendor/linux: import BPF headers from Linux v5.13-11855-g77d34a46…
96723c9 
…83b0

Import BPF headers such that we can build snap-confine with the whole feature
set even on hosts that have outdated headers (eg. Ubuntu 16.04 and 18.04).

Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
@bboozzoo
cmd: autodetect whether the host bpf headers are usable
48690dc 
Try to detect whether the linux/bpf.h header provided by the host is usable by
checking for BPF attach type features that were added with device cgroup
support in 2019.

If the headers are outdated, use the vendored ones.

Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
@bboozzoo
packaging: skip the exact go vendor directory path when packing sources
277598c 
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
@bboozzoo
run-checks: do not spellcheck vendored headers
a5d7dd8 
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
@bboozzoo bboozzoo added Simple 😃 A small PR which can be reviewed quickly cgroupv2 labels Aug 19, 2021
@bboozzoo bboozzoo requested a review from mvo5 August 19, 2021 06:50
@mvo5 mvo5 mentioned this pull request Aug 19, 2021
Merged
mvo5
mvo5 approved these changes Aug 19, 2021
View reviewed changes
Copy link
Contributor

@mvo5 mvo5 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! I like this and looks fine. I also like the idea of ./cmd/vendor, I am contemplating to use it for squashfuse in #10639 too

stolowski
stolowski reviewed Aug 19, 2021
View reviewed changes
cmd/libsnap-confine-private/bpf-insn.h Outdated
Comment on lines 1 to 5
/* SPDX-License-Identifier: GPL-2.0 */

/* imported from the Linux kernel, commit
* 77d34a4683b053108ecd466cc7c4193b45805528 (v5.13-11855-g77d34a4683b0) */

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe import it under a subdirectory, e.g. libsnap-confine-private/linux/bpf-insn.h?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Or libsnap-confine-private/bpf/? Also I could probably move the vendored headers to libsnap-confine-private/bpf/vendor, @mvo5 wdyt?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, sounds good. This location means that I will have to find my own place to vendor "squashfuse" but that is ok, I think the dir layout suggested here makes sense :)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Or libsnap-confine-private/bpf/? Also I could probably move the vendored headers to libsnap-confine-private/bpf/vendor, @mvo5 wdyt?

Yes, either works, my main point was to have it separated from our headers.

stolowski
stolowski approved these changes Aug 19, 2021
View reviewed changes
Copy link
Contributor

@stolowski stolowski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM with one suggestion

@bboozzoo
cmd: move bpf headers around
2a3f240 
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
@bboozzoo
run-checks: update excluded paths to account for new bpf headers loca…
7ab4173 
…tion

Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
@bboozzoo
Copy link
Collaborator Author

@mvo5 the failures are unrelated, please merge

@mvo5 mvo5 merged commit c112039 into snapcore:master Aug 23, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stolowski stolowski stolowski approved these changes

@mvo5 mvo5 mvo5 approved these changes

Assignees
No one assigned
Labels
Simple 😃 A small PR which can be reviewed quickly
Projects
None yet
Milestone
No milestone
3 participants
@bboozzoo @stolowski @mvo5