Loading...
1// SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
2/* Copyright (c) 2019 Netronome Systems, Inc. */
3
4#include <ctype.h>
5#include <errno.h>
6#include <string.h>
7#include <unistd.h>
8#include <net/if.h>
9#ifdef USE_LIBCAP
10#include <sys/capability.h>
11#endif
12#include <sys/utsname.h>
13#include <sys/vfs.h>
14
15#include <linux/filter.h>
16#include <linux/limits.h>
17
18#include <bpf/bpf.h>
19#include <bpf/libbpf.h>
20#include <zlib.h>
21
22#include "main.h"
23
24#ifndef PROC_SUPER_MAGIC
25# define PROC_SUPER_MAGIC 0x9fa0
26#endif
27
28enum probe_component {
29 COMPONENT_UNSPEC,
30 COMPONENT_KERNEL,
31 COMPONENT_DEVICE,
32};
33
34#define BPF_HELPER_MAKE_ENTRY(name) [BPF_FUNC_ ## name] = "bpf_" # name
35static const char * const helper_name[] = {
36 __BPF_FUNC_MAPPER(BPF_HELPER_MAKE_ENTRY)
37};
38
39#undef BPF_HELPER_MAKE_ENTRY
40
41static bool full_mode;
42#ifdef USE_LIBCAP
43static bool run_as_unprivileged;
44#endif
45
46/* Miscellaneous utility functions */
47
48static bool check_procfs(void)
49{
50 struct statfs st_fs;
51
52 if (statfs("/proc", &st_fs) < 0)
53 return false;
54 if ((unsigned long)st_fs.f_type != PROC_SUPER_MAGIC)
55 return false;
56
57 return true;
58}
59
60static void uppercase(char *str, size_t len)
61{
62 size_t i;
63
64 for (i = 0; i < len && str[i] != '\0'; i++)
65 str[i] = toupper(str[i]);
66}
67
68/* Printing utility functions */
69
70static void
71print_bool_feature(const char *feat_name, const char *plain_name,
72 const char *define_name, bool res, const char *define_prefix)
73{
74 if (json_output)
75 jsonw_bool_field(json_wtr, feat_name, res);
76 else if (define_prefix)
77 printf("#define %s%sHAVE_%s\n", define_prefix,
78 res ? "" : "NO_", define_name);
79 else
80 printf("%s is %savailable\n", plain_name, res ? "" : "NOT ");
81}
82
83static void print_kernel_option(const char *name, const char *value,
84 const char *define_prefix)
85{
86 char *endptr;
87 int res;
88
89 if (json_output) {
90 if (!value) {
91 jsonw_null_field(json_wtr, name);
92 return;
93 }
94 errno = 0;
95 res = strtol(value, &endptr, 0);
96 if (!errno && *endptr == '\n')
97 jsonw_int_field(json_wtr, name, res);
98 else
99 jsonw_string_field(json_wtr, name, value);
100 } else if (define_prefix) {
101 if (value)
102 printf("#define %s%s %s\n", define_prefix,
103 name, value);
104 else
105 printf("/* %s%s is not set */\n", define_prefix, name);
106 } else {
107 if (value)
108 printf("%s is set to %s\n", name, value);
109 else
110 printf("%s is not set\n", name);
111 }
112}
113
114static void
115print_start_section(const char *json_title, const char *plain_title,
116 const char *define_comment, const char *define_prefix)
117{
118 if (json_output) {
119 jsonw_name(json_wtr, json_title);
120 jsonw_start_object(json_wtr);
121 } else if (define_prefix) {
122 printf("%s\n", define_comment);
123 } else {
124 printf("%s\n", plain_title);
125 }
126}
127
128static void print_end_section(void)
129{
130 if (json_output)
131 jsonw_end_object(json_wtr);
132 else
133 printf("\n");
134}
135
136/* Probing functions */
137
138static int read_procfs(const char *path)
139{
140 char *endptr, *line = NULL;
141 size_t len = 0;
142 FILE *fd;
143 int res;
144
145 fd = fopen(path, "r");
146 if (!fd)
147 return -1;
148
149 res = getline(&line, &len, fd);
150 fclose(fd);
151 if (res < 0)
152 return -1;
153
154 errno = 0;
155 res = strtol(line, &endptr, 10);
156 if (errno || *line == '\0' || *endptr != '\n')
157 res = -1;
158 free(line);
159
160 return res;
161}
162
163static void probe_unprivileged_disabled(void)
164{
165 int res;
166
167 /* No support for C-style ouptut */
168
169 res = read_procfs("/proc/sys/kernel/unprivileged_bpf_disabled");
170 if (json_output) {
171 jsonw_int_field(json_wtr, "unprivileged_bpf_disabled", res);
172 } else {
173 switch (res) {
174 case 0:
175 printf("bpf() syscall for unprivileged users is enabled\n");
176 break;
177 case 1:
178 printf("bpf() syscall restricted to privileged users\n");
179 break;
180 case -1:
181 printf("Unable to retrieve required privileges for bpf() syscall\n");
182 break;
183 default:
184 printf("bpf() syscall restriction has unknown value %d\n", res);
185 }
186 }
187}
188
189static void probe_jit_enable(void)
190{
191 int res;
192
193 /* No support for C-style ouptut */
194
195 res = read_procfs("/proc/sys/net/core/bpf_jit_enable");
196 if (json_output) {
197 jsonw_int_field(json_wtr, "bpf_jit_enable", res);
198 } else {
199 switch (res) {
200 case 0:
201 printf("JIT compiler is disabled\n");
202 break;
203 case 1:
204 printf("JIT compiler is enabled\n");
205 break;
206 case 2:
207 printf("JIT compiler is enabled with debugging traces in kernel logs\n");
208 break;
209 case -1:
210 printf("Unable to retrieve JIT-compiler status\n");
211 break;
212 default:
213 printf("JIT-compiler status has unknown value %d\n",
214 res);
215 }
216 }
217}
218
219static void probe_jit_harden(void)
220{
221 int res;
222
223 /* No support for C-style ouptut */
224
225 res = read_procfs("/proc/sys/net/core/bpf_jit_harden");
226 if (json_output) {
227 jsonw_int_field(json_wtr, "bpf_jit_harden", res);
228 } else {
229 switch (res) {
230 case 0:
231 printf("JIT compiler hardening is disabled\n");
232 break;
233 case 1:
234 printf("JIT compiler hardening is enabled for unprivileged users\n");
235 break;
236 case 2:
237 printf("JIT compiler hardening is enabled for all users\n");
238 break;
239 case -1:
240 printf("Unable to retrieve JIT hardening status\n");
241 break;
242 default:
243 printf("JIT hardening status has unknown value %d\n",
244 res);
245 }
246 }
247}
248
249static void probe_jit_kallsyms(void)
250{
251 int res;
252
253 /* No support for C-style ouptut */
254
255 res = read_procfs("/proc/sys/net/core/bpf_jit_kallsyms");
256 if (json_output) {
257 jsonw_int_field(json_wtr, "bpf_jit_kallsyms", res);
258 } else {
259 switch (res) {
260 case 0:
261 printf("JIT compiler kallsyms exports are disabled\n");
262 break;
263 case 1:
264 printf("JIT compiler kallsyms exports are enabled for root\n");
265 break;
266 case -1:
267 printf("Unable to retrieve JIT kallsyms export status\n");
268 break;
269 default:
270 printf("JIT kallsyms exports status has unknown value %d\n", res);
271 }
272 }
273}
274
275static void probe_jit_limit(void)
276{
277 int res;
278
279 /* No support for C-style ouptut */
280
281 res = read_procfs("/proc/sys/net/core/bpf_jit_limit");
282 if (json_output) {
283 jsonw_int_field(json_wtr, "bpf_jit_limit", res);
284 } else {
285 switch (res) {
286 case -1:
287 printf("Unable to retrieve global memory limit for JIT compiler for unprivileged users\n");
288 break;
289 default:
290 printf("Global memory limit for JIT compiler for unprivileged users is %d bytes\n", res);
291 }
292 }
293}
294
295static bool read_next_kernel_config_option(gzFile file, char *buf, size_t n,
296 char **value)
297{
298 char *sep;
299
300 while (gzgets(file, buf, n)) {
301 if (strncmp(buf, "CONFIG_", 7))
302 continue;
303
304 sep = strchr(buf, '=');
305 if (!sep)
306 continue;
307
308 /* Trim ending '\n' */
309 buf[strlen(buf) - 1] = '\0';
310
311 /* Split on '=' and ensure that a value is present. */
312 *sep = '\0';
313 if (!sep[1])
314 continue;
315
316 *value = sep + 1;
317 return true;
318 }
319
320 return false;
321}
322
323static void probe_kernel_image_config(const char *define_prefix)
324{
325 static const struct {
326 const char * const name;
327 bool macro_dump;
328 } options[] = {
329 /* Enable BPF */
330 { "CONFIG_BPF", },
331 /* Enable bpf() syscall */
332 { "CONFIG_BPF_SYSCALL", },
333 /* Does selected architecture support eBPF JIT compiler */
334 { "CONFIG_HAVE_EBPF_JIT", },
335 /* Compile eBPF JIT compiler */
336 { "CONFIG_BPF_JIT", },
337 /* Avoid compiling eBPF interpreter (use JIT only) */
338 { "CONFIG_BPF_JIT_ALWAYS_ON", },
339
340 /* cgroups */
341 { "CONFIG_CGROUPS", },
342 /* BPF programs attached to cgroups */
343 { "CONFIG_CGROUP_BPF", },
344 /* bpf_get_cgroup_classid() helper */
345 { "CONFIG_CGROUP_NET_CLASSID", },
346 /* bpf_skb_{,ancestor_}cgroup_id() helpers */
347 { "CONFIG_SOCK_CGROUP_DATA", },
348
349 /* Tracing: attach BPF to kprobes, tracepoints, etc. */
350 { "CONFIG_BPF_EVENTS", },
351 /* Kprobes */
352 { "CONFIG_KPROBE_EVENTS", },
353 /* Uprobes */
354 { "CONFIG_UPROBE_EVENTS", },
355 /* Tracepoints */
356 { "CONFIG_TRACING", },
357 /* Syscall tracepoints */
358 { "CONFIG_FTRACE_SYSCALLS", },
359 /* bpf_override_return() helper support for selected arch */
360 { "CONFIG_FUNCTION_ERROR_INJECTION", },
361 /* bpf_override_return() helper */
362 { "CONFIG_BPF_KPROBE_OVERRIDE", },
363
364 /* Network */
365 { "CONFIG_NET", },
366 /* AF_XDP sockets */
367 { "CONFIG_XDP_SOCKETS", },
368 /* BPF_PROG_TYPE_LWT_* and related helpers */
369 { "CONFIG_LWTUNNEL_BPF", },
370 /* BPF_PROG_TYPE_SCHED_ACT, TC (traffic control) actions */
371 { "CONFIG_NET_ACT_BPF", },
372 /* BPF_PROG_TYPE_SCHED_CLS, TC filters */
373 { "CONFIG_NET_CLS_BPF", },
374 /* TC clsact qdisc */
375 { "CONFIG_NET_CLS_ACT", },
376 /* Ingress filtering with TC */
377 { "CONFIG_NET_SCH_INGRESS", },
378 /* bpf_skb_get_xfrm_state() helper */
379 { "CONFIG_XFRM", },
380 /* bpf_get_route_realm() helper */
381 { "CONFIG_IP_ROUTE_CLASSID", },
382 /* BPF_PROG_TYPE_LWT_SEG6_LOCAL and related helpers */
383 { "CONFIG_IPV6_SEG6_BPF", },
384 /* BPF_PROG_TYPE_LIRC_MODE2 and related helpers */
385 { "CONFIG_BPF_LIRC_MODE2", },
386 /* BPF stream parser and BPF socket maps */
387 { "CONFIG_BPF_STREAM_PARSER", },
388 /* xt_bpf module for passing BPF programs to netfilter */
389 { "CONFIG_NETFILTER_XT_MATCH_BPF", },
390 /* bpfilter back-end for iptables */
391 { "CONFIG_BPFILTER", },
392 /* bpftilter module with "user mode helper" */
393 { "CONFIG_BPFILTER_UMH", },
394
395 /* test_bpf module for BPF tests */
396 { "CONFIG_TEST_BPF", },
397
398 /* Misc configs useful in BPF C programs */
399 /* jiffies <-> sec conversion for bpf_jiffies64() helper */
400 { "CONFIG_HZ", true, }
401 };
402 char *values[ARRAY_SIZE(options)] = { };
403 struct utsname utsn;
404 char path[PATH_MAX];
405 gzFile file = NULL;
406 char buf[4096];
407 char *value;
408 size_t i;
409
410 if (!uname(&utsn)) {
411 snprintf(path, sizeof(path), "/boot/config-%s", utsn.release);
412
413 /* gzopen also accepts uncompressed files. */
414 file = gzopen(path, "r");
415 }
416
417 if (!file) {
418 /* Some distributions build with CONFIG_IKCONFIG=y and put the
419 * config file at /proc/config.gz.
420 */
421 file = gzopen("/proc/config.gz", "r");
422 }
423 if (!file) {
424 p_info("skipping kernel config, can't open file: %s",
425 strerror(errno));
426 goto end_parse;
427 }
428 /* Sanity checks */
429 if (!gzgets(file, buf, sizeof(buf)) ||
430 !gzgets(file, buf, sizeof(buf))) {
431 p_info("skipping kernel config, can't read from file: %s",
432 strerror(errno));
433 goto end_parse;
434 }
435 if (strcmp(buf, "# Automatically generated file; DO NOT EDIT.\n")) {
436 p_info("skipping kernel config, can't find correct file");
437 goto end_parse;
438 }
439
440 while (read_next_kernel_config_option(file, buf, sizeof(buf), &value)) {
441 for (i = 0; i < ARRAY_SIZE(options); i++) {
442 if ((define_prefix && !options[i].macro_dump) ||
443 values[i] || strcmp(buf, options[i].name))
444 continue;
445
446 values[i] = strdup(value);
447 }
448 }
449
450end_parse:
451 if (file)
452 gzclose(file);
453
454 for (i = 0; i < ARRAY_SIZE(options); i++) {
455 if (define_prefix && !options[i].macro_dump)
456 continue;
457 print_kernel_option(options[i].name, values[i], define_prefix);
458 free(values[i]);
459 }
460}
461
462static bool probe_bpf_syscall(const char *define_prefix)
463{
464 bool res;
465
466 bpf_load_program(BPF_PROG_TYPE_UNSPEC, NULL, 0, NULL, 0, NULL, 0);
467 res = (errno != ENOSYS);
468
469 print_bool_feature("have_bpf_syscall",
470 "bpf() syscall",
471 "BPF_SYSCALL",
472 res, define_prefix);
473
474 return res;
475}
476
477static void
478probe_prog_type(enum bpf_prog_type prog_type, bool *supported_types,
479 const char *define_prefix, __u32 ifindex)
480{
481 char feat_name[128], plain_desc[128], define_name[128];
482 const char *plain_comment = "eBPF program_type ";
483 size_t maxlen;
484 bool res;
485
486 if (ifindex)
487 /* Only test offload-able program types */
488 switch (prog_type) {
489 case BPF_PROG_TYPE_SCHED_CLS:
490 case BPF_PROG_TYPE_XDP:
491 break;
492 default:
493 return;
494 }
495
496 res = bpf_probe_prog_type(prog_type, ifindex);
497#ifdef USE_LIBCAP
498 /* Probe may succeed even if program load fails, for unprivileged users
499 * check that we did not fail because of insufficient permissions
500 */
501 if (run_as_unprivileged && errno == EPERM)
502 res = false;
503#endif
504
505 supported_types[prog_type] |= res;
506
507 if (!prog_type_name[prog_type]) {
508 p_info("program type name not found (type %d)", prog_type);
509 return;
510 }
511 maxlen = sizeof(plain_desc) - strlen(plain_comment) - 1;
512 if (strlen(prog_type_name[prog_type]) > maxlen) {
513 p_info("program type name too long");
514 return;
515 }
516
517 sprintf(feat_name, "have_%s_prog_type", prog_type_name[prog_type]);
518 sprintf(define_name, "%s_prog_type", prog_type_name[prog_type]);
519 uppercase(define_name, sizeof(define_name));
520 sprintf(plain_desc, "%s%s", plain_comment, prog_type_name[prog_type]);
521 print_bool_feature(feat_name, plain_desc, define_name, res,
522 define_prefix);
523}
524
525static void
526probe_map_type(enum bpf_map_type map_type, const char *define_prefix,
527 __u32 ifindex)
528{
529 char feat_name[128], plain_desc[128], define_name[128];
530 const char *plain_comment = "eBPF map_type ";
531 size_t maxlen;
532 bool res;
533
534 res = bpf_probe_map_type(map_type, ifindex);
535
536 /* Probe result depends on the success of map creation, no additional
537 * check required for unprivileged users
538 */
539
540 if (!map_type_name[map_type]) {
541 p_info("map type name not found (type %d)", map_type);
542 return;
543 }
544 maxlen = sizeof(plain_desc) - strlen(plain_comment) - 1;
545 if (strlen(map_type_name[map_type]) > maxlen) {
546 p_info("map type name too long");
547 return;
548 }
549
550 sprintf(feat_name, "have_%s_map_type", map_type_name[map_type]);
551 sprintf(define_name, "%s_map_type", map_type_name[map_type]);
552 uppercase(define_name, sizeof(define_name));
553 sprintf(plain_desc, "%s%s", plain_comment, map_type_name[map_type]);
554 print_bool_feature(feat_name, plain_desc, define_name, res,
555 define_prefix);
556}
557
558static void
559probe_helper_for_progtype(enum bpf_prog_type prog_type, bool supported_type,
560 const char *define_prefix, unsigned int id,
561 const char *ptype_name, __u32 ifindex)
562{
563 bool res = false;
564
565 if (supported_type) {
566 res = bpf_probe_helper(id, prog_type, ifindex);
567#ifdef USE_LIBCAP
568 /* Probe may succeed even if program load fails, for
569 * unprivileged users check that we did not fail because of
570 * insufficient permissions
571 */
572 if (run_as_unprivileged && errno == EPERM)
573 res = false;
574#endif
575 }
576
577 if (json_output) {
578 if (res)
579 jsonw_string(json_wtr, helper_name[id]);
580 } else if (define_prefix) {
581 printf("#define %sBPF__PROG_TYPE_%s__HELPER_%s %s\n",
582 define_prefix, ptype_name, helper_name[id],
583 res ? "1" : "0");
584 } else {
585 if (res)
586 printf("\n\t- %s", helper_name[id]);
587 }
588}
589
590static void
591probe_helpers_for_progtype(enum bpf_prog_type prog_type, bool supported_type,
592 const char *define_prefix, __u32 ifindex)
593{
594 const char *ptype_name = prog_type_name[prog_type];
595 char feat_name[128];
596 unsigned int id;
597
598 if (ifindex)
599 /* Only test helpers for offload-able program types */
600 switch (prog_type) {
601 case BPF_PROG_TYPE_SCHED_CLS:
602 case BPF_PROG_TYPE_XDP:
603 break;
604 default:
605 return;
606 }
607
608 if (json_output) {
609 sprintf(feat_name, "%s_available_helpers", ptype_name);
610 jsonw_name(json_wtr, feat_name);
611 jsonw_start_array(json_wtr);
612 } else if (!define_prefix) {
613 printf("eBPF helpers supported for program type %s:",
614 ptype_name);
615 }
616
617 for (id = 1; id < ARRAY_SIZE(helper_name); id++) {
618 /* Skip helper functions which emit dmesg messages when not in
619 * the full mode.
620 */
621 switch (id) {
622 case BPF_FUNC_trace_printk:
623 case BPF_FUNC_probe_write_user:
624 if (!full_mode)
625 continue;
626 /* fallthrough */
627 default:
628 probe_helper_for_progtype(prog_type, supported_type,
629 define_prefix, id, ptype_name,
630 ifindex);
631 }
632 }
633
634 if (json_output)
635 jsonw_end_array(json_wtr);
636 else if (!define_prefix)
637 printf("\n");
638}
639
640static void
641probe_large_insn_limit(const char *define_prefix, __u32 ifindex)
642{
643 bool res;
644
645 res = bpf_probe_large_insn_limit(ifindex);
646 print_bool_feature("have_large_insn_limit",
647 "Large program size limit",
648 "LARGE_INSN_LIMIT",
649 res, define_prefix);
650}
651
652static void
653section_system_config(enum probe_component target, const char *define_prefix)
654{
655 switch (target) {
656 case COMPONENT_KERNEL:
657 case COMPONENT_UNSPEC:
658 print_start_section("system_config",
659 "Scanning system configuration...",
660 "/*** Misc kernel config items ***/",
661 define_prefix);
662 if (!define_prefix) {
663 if (check_procfs()) {
664 probe_unprivileged_disabled();
665 probe_jit_enable();
666 probe_jit_harden();
667 probe_jit_kallsyms();
668 probe_jit_limit();
669 } else {
670 p_info("/* procfs not mounted, skipping related probes */");
671 }
672 }
673 probe_kernel_image_config(define_prefix);
674 print_end_section();
675 break;
676 default:
677 break;
678 }
679}
680
681static bool section_syscall_config(const char *define_prefix)
682{
683 bool res;
684
685 print_start_section("syscall_config",
686 "Scanning system call availability...",
687 "/*** System call availability ***/",
688 define_prefix);
689 res = probe_bpf_syscall(define_prefix);
690 print_end_section();
691
692 return res;
693}
694
695static void
696section_program_types(bool *supported_types, const char *define_prefix,
697 __u32 ifindex)
698{
699 unsigned int i;
700
701 print_start_section("program_types",
702 "Scanning eBPF program types...",
703 "/*** eBPF program types ***/",
704 define_prefix);
705
706 for (i = BPF_PROG_TYPE_UNSPEC + 1; i < prog_type_name_size; i++)
707 probe_prog_type(i, supported_types, define_prefix, ifindex);
708
709 print_end_section();
710}
711
712static void section_map_types(const char *define_prefix, __u32 ifindex)
713{
714 unsigned int i;
715
716 print_start_section("map_types",
717 "Scanning eBPF map types...",
718 "/*** eBPF map types ***/",
719 define_prefix);
720
721 for (i = BPF_MAP_TYPE_UNSPEC + 1; i < map_type_name_size; i++)
722 probe_map_type(i, define_prefix, ifindex);
723
724 print_end_section();
725}
726
727static void
728section_helpers(bool *supported_types, const char *define_prefix, __u32 ifindex)
729{
730 unsigned int i;
731
732 print_start_section("helpers",
733 "Scanning eBPF helper functions...",
734 "/*** eBPF helper functions ***/",
735 define_prefix);
736
737 if (define_prefix)
738 printf("/*\n"
739 " * Use %sHAVE_PROG_TYPE_HELPER(prog_type_name, helper_name)\n"
740 " * to determine if <helper_name> is available for <prog_type_name>,\n"
741 " * e.g.\n"
742 " * #if %sHAVE_PROG_TYPE_HELPER(xdp, bpf_redirect)\n"
743 " * // do stuff with this helper\n"
744 " * #elif\n"
745 " * // use a workaround\n"
746 " * #endif\n"
747 " */\n"
748 "#define %sHAVE_PROG_TYPE_HELPER(prog_type, helper) \\\n"
749 " %sBPF__PROG_TYPE_ ## prog_type ## __HELPER_ ## helper\n",
750 define_prefix, define_prefix, define_prefix,
751 define_prefix);
752 for (i = BPF_PROG_TYPE_UNSPEC + 1; i < prog_type_name_size; i++)
753 probe_helpers_for_progtype(i, supported_types[i], define_prefix,
754 ifindex);
755
756 print_end_section();
757}
758
759static void section_misc(const char *define_prefix, __u32 ifindex)
760{
761 print_start_section("misc",
762 "Scanning miscellaneous eBPF features...",
763 "/*** eBPF misc features ***/",
764 define_prefix);
765 probe_large_insn_limit(define_prefix, ifindex);
766 print_end_section();
767}
768
769#ifdef USE_LIBCAP
770#define capability(c) { c, false, #c }
771#define capability_msg(a, i) a[i].set ? "" : a[i].name, a[i].set ? "" : ", "
772#endif
773
774static int handle_perms(void)
775{
776#ifdef USE_LIBCAP
777 struct {
778 cap_value_t cap;
779 bool set;
780 char name[14]; /* strlen("CAP_SYS_ADMIN") */
781 } bpf_caps[] = {
782 capability(CAP_SYS_ADMIN),
783#ifdef CAP_BPF
784 capability(CAP_BPF),
785 capability(CAP_NET_ADMIN),
786 capability(CAP_PERFMON),
787#endif
788 };
789 cap_value_t cap_list[ARRAY_SIZE(bpf_caps)];
790 unsigned int i, nb_bpf_caps = 0;
791 bool cap_sys_admin_only = true;
792 cap_flag_value_t val;
793 int res = -1;
794 cap_t caps;
795
796 caps = cap_get_proc();
797 if (!caps) {
798 p_err("failed to get capabilities for process: %s",
799 strerror(errno));
800 return -1;
801 }
802
803#ifdef CAP_BPF
804 if (CAP_IS_SUPPORTED(CAP_BPF))
805 cap_sys_admin_only = false;
806#endif
807
808 for (i = 0; i < ARRAY_SIZE(bpf_caps); i++) {
809 const char *cap_name = bpf_caps[i].name;
810 cap_value_t cap = bpf_caps[i].cap;
811
812 if (cap_get_flag(caps, cap, CAP_EFFECTIVE, &val)) {
813 p_err("bug: failed to retrieve %s status: %s", cap_name,
814 strerror(errno));
815 goto exit_free;
816 }
817
818 if (val == CAP_SET) {
819 bpf_caps[i].set = true;
820 cap_list[nb_bpf_caps++] = cap;
821 }
822
823 if (cap_sys_admin_only)
824 /* System does not know about CAP_BPF, meaning that
825 * CAP_SYS_ADMIN is the only capability required. We
826 * just checked it, break.
827 */
828 break;
829 }
830
831 if ((run_as_unprivileged && !nb_bpf_caps) ||
832 (!run_as_unprivileged && nb_bpf_caps == ARRAY_SIZE(bpf_caps)) ||
833 (!run_as_unprivileged && cap_sys_admin_only && nb_bpf_caps)) {
834 /* We are all good, exit now */
835 res = 0;
836 goto exit_free;
837 }
838
839 if (!run_as_unprivileged) {
840 if (cap_sys_admin_only)
841 p_err("missing %s, required for full feature probing; run as root or use 'unprivileged'",
842 bpf_caps[0].name);
843 else
844 p_err("missing %s%s%s%s%s%s%s%srequired for full feature probing; run as root or use 'unprivileged'",
845 capability_msg(bpf_caps, 0),
846 capability_msg(bpf_caps, 1),
847 capability_msg(bpf_caps, 2),
848 capability_msg(bpf_caps, 3));
849 goto exit_free;
850 }
851
852 /* if (run_as_unprivileged && nb_bpf_caps > 0), drop capabilities. */
853 if (cap_set_flag(caps, CAP_EFFECTIVE, nb_bpf_caps, cap_list,
854 CAP_CLEAR)) {
855 p_err("bug: failed to clear capabilities: %s", strerror(errno));
856 goto exit_free;
857 }
858
859 if (cap_set_proc(caps)) {
860 p_err("failed to drop capabilities: %s", strerror(errno));
861 goto exit_free;
862 }
863
864 res = 0;
865
866exit_free:
867 if (cap_free(caps) && !res) {
868 p_err("failed to clear storage object for capabilities: %s",
869 strerror(errno));
870 res = -1;
871 }
872
873 return res;
874#else
875 /* Detection assumes user has specific privileges.
876 * We do not use libpcap so let's approximate, and restrict usage to
877 * root user only.
878 */
879 if (geteuid()) {
880 p_err("full feature probing requires root privileges");
881 return -1;
882 }
883
884 return 0;
885#endif /* USE_LIBCAP */
886}
887
888static int do_probe(int argc, char **argv)
889{
890 enum probe_component target = COMPONENT_UNSPEC;
891 const char *define_prefix = NULL;
892 bool supported_types[128] = {};
893 __u32 ifindex = 0;
894 char *ifname;
895
896 set_max_rlimit();
897
898 while (argc) {
899 if (is_prefix(*argv, "kernel")) {
900 if (target != COMPONENT_UNSPEC) {
901 p_err("component to probe already specified");
902 return -1;
903 }
904 target = COMPONENT_KERNEL;
905 NEXT_ARG();
906 } else if (is_prefix(*argv, "dev")) {
907 NEXT_ARG();
908
909 if (target != COMPONENT_UNSPEC || ifindex) {
910 p_err("component to probe already specified");
911 return -1;
912 }
913 if (!REQ_ARGS(1))
914 return -1;
915
916 target = COMPONENT_DEVICE;
917 ifname = GET_ARG();
918 ifindex = if_nametoindex(ifname);
919 if (!ifindex) {
920 p_err("unrecognized netdevice '%s': %s", ifname,
921 strerror(errno));
922 return -1;
923 }
924 } else if (is_prefix(*argv, "full")) {
925 full_mode = true;
926 NEXT_ARG();
927 } else if (is_prefix(*argv, "macros") && !define_prefix) {
928 define_prefix = "";
929 NEXT_ARG();
930 } else if (is_prefix(*argv, "prefix")) {
931 if (!define_prefix) {
932 p_err("'prefix' argument can only be use after 'macros'");
933 return -1;
934 }
935 if (strcmp(define_prefix, "")) {
936 p_err("'prefix' already defined");
937 return -1;
938 }
939 NEXT_ARG();
940
941 if (!REQ_ARGS(1))
942 return -1;
943 define_prefix = GET_ARG();
944 } else if (is_prefix(*argv, "unprivileged")) {
945#ifdef USE_LIBCAP
946 run_as_unprivileged = true;
947 NEXT_ARG();
948#else
949 p_err("unprivileged run not supported, recompile bpftool with libcap");
950 return -1;
951#endif
952 } else {
953 p_err("expected no more arguments, 'kernel', 'dev', 'macros' or 'prefix', got: '%s'?",
954 *argv);
955 return -1;
956 }
957 }
958
959 /* Full feature detection requires specific privileges.
960 * Let's approximate, and warn if user is not root.
961 */
962 if (handle_perms())
963 return -1;
964
965 if (json_output) {
966 define_prefix = NULL;
967 jsonw_start_object(json_wtr);
968 }
969
970 section_system_config(target, define_prefix);
971 if (!section_syscall_config(define_prefix))
972 /* bpf() syscall unavailable, don't probe other BPF features */
973 goto exit_close_json;
974 section_program_types(supported_types, define_prefix, ifindex);
975 section_map_types(define_prefix, ifindex);
976 section_helpers(supported_types, define_prefix, ifindex);
977 section_misc(define_prefix, ifindex);
978
979exit_close_json:
980 if (json_output)
981 /* End root object */
982 jsonw_end_object(json_wtr);
983
984 return 0;
985}
986
987static int do_help(int argc, char **argv)
988{
989 if (json_output) {
990 jsonw_null(json_wtr);
991 return 0;
992 }
993
994 fprintf(stderr,
995 "Usage: %1$s %2$s probe [COMPONENT] [full] [unprivileged] [macros [prefix PREFIX]]\n"
996 " %1$s %2$s help\n"
997 "\n"
998 " COMPONENT := { kernel | dev NAME }\n"
999 "",
1000 bin_name, argv[-2]);
1001
1002 return 0;
1003}
1004
1005static const struct cmd cmds[] = {
1006 { "probe", do_probe },
1007 { "help", do_help },
1008 { 0 }
1009};
1010
1011int do_feature(int argc, char **argv)
1012{
1013 return cmd_select(cmds, argc, argv, do_help);
1014}
1// SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
2/* Copyright (c) 2019 Netronome Systems, Inc. */
3
4#include <ctype.h>
5#include <errno.h>
6#include <fcntl.h>
7#include <string.h>
8#include <unistd.h>
9#include <net/if.h>
10#ifdef USE_LIBCAP
11#include <sys/capability.h>
12#endif
13#include <sys/utsname.h>
14#include <sys/vfs.h>
15
16#include <linux/filter.h>
17#include <linux/limits.h>
18
19#include <bpf/bpf.h>
20#include <bpf/libbpf.h>
21#include <zlib.h>
22
23#include "main.h"
24
25#ifndef PROC_SUPER_MAGIC
26# define PROC_SUPER_MAGIC 0x9fa0
27#endif
28
29enum probe_component {
30 COMPONENT_UNSPEC,
31 COMPONENT_KERNEL,
32 COMPONENT_DEVICE,
33};
34
35#define BPF_HELPER_MAKE_ENTRY(name) [BPF_FUNC_ ## name] = "bpf_" # name
36static const char * const helper_name[] = {
37 __BPF_FUNC_MAPPER(BPF_HELPER_MAKE_ENTRY)
38};
39
40#undef BPF_HELPER_MAKE_ENTRY
41
42static bool full_mode;
43#ifdef USE_LIBCAP
44static bool run_as_unprivileged;
45#endif
46
47/* Miscellaneous utility functions */
48
49static bool grep(const char *buffer, const char *pattern)
50{
51 return !!strstr(buffer, pattern);
52}
53
54static bool check_procfs(void)
55{
56 struct statfs st_fs;
57
58 if (statfs("/proc", &st_fs) < 0)
59 return false;
60 if ((unsigned long)st_fs.f_type != PROC_SUPER_MAGIC)
61 return false;
62
63 return true;
64}
65
66static void uppercase(char *str, size_t len)
67{
68 size_t i;
69
70 for (i = 0; i < len && str[i] != '\0'; i++)
71 str[i] = toupper(str[i]);
72}
73
74/* Printing utility functions */
75
76static void
77print_bool_feature(const char *feat_name, const char *plain_name,
78 const char *define_name, bool res, const char *define_prefix)
79{
80 if (json_output)
81 jsonw_bool_field(json_wtr, feat_name, res);
82 else if (define_prefix)
83 printf("#define %s%sHAVE_%s\n", define_prefix,
84 res ? "" : "NO_", define_name);
85 else
86 printf("%s is %savailable\n", plain_name, res ? "" : "NOT ");
87}
88
89static void print_kernel_option(const char *name, const char *value,
90 const char *define_prefix)
91{
92 char *endptr;
93 int res;
94
95 if (json_output) {
96 if (!value) {
97 jsonw_null_field(json_wtr, name);
98 return;
99 }
100 errno = 0;
101 res = strtol(value, &endptr, 0);
102 if (!errno && *endptr == '\n')
103 jsonw_int_field(json_wtr, name, res);
104 else
105 jsonw_string_field(json_wtr, name, value);
106 } else if (define_prefix) {
107 if (value)
108 printf("#define %s%s %s\n", define_prefix,
109 name, value);
110 else
111 printf("/* %s%s is not set */\n", define_prefix, name);
112 } else {
113 if (value)
114 printf("%s is set to %s\n", name, value);
115 else
116 printf("%s is not set\n", name);
117 }
118}
119
120static void
121print_start_section(const char *json_title, const char *plain_title,
122 const char *define_comment, const char *define_prefix)
123{
124 if (json_output) {
125 jsonw_name(json_wtr, json_title);
126 jsonw_start_object(json_wtr);
127 } else if (define_prefix) {
128 printf("%s\n", define_comment);
129 } else {
130 printf("%s\n", plain_title);
131 }
132}
133
134static void print_end_section(void)
135{
136 if (json_output)
137 jsonw_end_object(json_wtr);
138 else
139 printf("\n");
140}
141
142/* Probing functions */
143
144static int get_vendor_id(int ifindex)
145{
146 char ifname[IF_NAMESIZE], path[64], buf[8];
147 ssize_t len;
148 int fd;
149
150 if (!if_indextoname(ifindex, ifname))
151 return -1;
152
153 snprintf(path, sizeof(path), "/sys/class/net/%s/device/vendor", ifname);
154
155 fd = open(path, O_RDONLY | O_CLOEXEC);
156 if (fd < 0)
157 return -1;
158
159 len = read(fd, buf, sizeof(buf));
160 close(fd);
161 if (len < 0)
162 return -1;
163 if (len >= (ssize_t)sizeof(buf))
164 return -1;
165 buf[len] = '\0';
166
167 return strtol(buf, NULL, 0);
168}
169
170static long read_procfs(const char *path)
171{
172 char *endptr, *line = NULL;
173 size_t len = 0;
174 FILE *fd;
175 long res;
176
177 fd = fopen(path, "r");
178 if (!fd)
179 return -1;
180
181 res = getline(&line, &len, fd);
182 fclose(fd);
183 if (res < 0)
184 return -1;
185
186 errno = 0;
187 res = strtol(line, &endptr, 10);
188 if (errno || *line == '\0' || *endptr != '\n')
189 res = -1;
190 free(line);
191
192 return res;
193}
194
195static void probe_unprivileged_disabled(void)
196{
197 long res;
198
199 /* No support for C-style ouptut */
200
201 res = read_procfs("/proc/sys/kernel/unprivileged_bpf_disabled");
202 if (json_output) {
203 jsonw_int_field(json_wtr, "unprivileged_bpf_disabled", res);
204 } else {
205 switch (res) {
206 case 0:
207 printf("bpf() syscall for unprivileged users is enabled\n");
208 break;
209 case 1:
210 printf("bpf() syscall restricted to privileged users (without recovery)\n");
211 break;
212 case 2:
213 printf("bpf() syscall restricted to privileged users (admin can change)\n");
214 break;
215 case -1:
216 printf("Unable to retrieve required privileges for bpf() syscall\n");
217 break;
218 default:
219 printf("bpf() syscall restriction has unknown value %ld\n", res);
220 }
221 }
222}
223
224static void probe_jit_enable(void)
225{
226 long res;
227
228 /* No support for C-style ouptut */
229
230 res = read_procfs("/proc/sys/net/core/bpf_jit_enable");
231 if (json_output) {
232 jsonw_int_field(json_wtr, "bpf_jit_enable", res);
233 } else {
234 switch (res) {
235 case 0:
236 printf("JIT compiler is disabled\n");
237 break;
238 case 1:
239 printf("JIT compiler is enabled\n");
240 break;
241 case 2:
242 printf("JIT compiler is enabled with debugging traces in kernel logs\n");
243 break;
244 case -1:
245 printf("Unable to retrieve JIT-compiler status\n");
246 break;
247 default:
248 printf("JIT-compiler status has unknown value %ld\n",
249 res);
250 }
251 }
252}
253
254static void probe_jit_harden(void)
255{
256 long res;
257
258 /* No support for C-style ouptut */
259
260 res = read_procfs("/proc/sys/net/core/bpf_jit_harden");
261 if (json_output) {
262 jsonw_int_field(json_wtr, "bpf_jit_harden", res);
263 } else {
264 switch (res) {
265 case 0:
266 printf("JIT compiler hardening is disabled\n");
267 break;
268 case 1:
269 printf("JIT compiler hardening is enabled for unprivileged users\n");
270 break;
271 case 2:
272 printf("JIT compiler hardening is enabled for all users\n");
273 break;
274 case -1:
275 printf("Unable to retrieve JIT hardening status\n");
276 break;
277 default:
278 printf("JIT hardening status has unknown value %ld\n",
279 res);
280 }
281 }
282}
283
284static void probe_jit_kallsyms(void)
285{
286 long res;
287
288 /* No support for C-style ouptut */
289
290 res = read_procfs("/proc/sys/net/core/bpf_jit_kallsyms");
291 if (json_output) {
292 jsonw_int_field(json_wtr, "bpf_jit_kallsyms", res);
293 } else {
294 switch (res) {
295 case 0:
296 printf("JIT compiler kallsyms exports are disabled\n");
297 break;
298 case 1:
299 printf("JIT compiler kallsyms exports are enabled for root\n");
300 break;
301 case -1:
302 printf("Unable to retrieve JIT kallsyms export status\n");
303 break;
304 default:
305 printf("JIT kallsyms exports status has unknown value %ld\n", res);
306 }
307 }
308}
309
310static void probe_jit_limit(void)
311{
312 long res;
313
314 /* No support for C-style ouptut */
315
316 res = read_procfs("/proc/sys/net/core/bpf_jit_limit");
317 if (json_output) {
318 jsonw_int_field(json_wtr, "bpf_jit_limit", res);
319 } else {
320 switch (res) {
321 case -1:
322 printf("Unable to retrieve global memory limit for JIT compiler for unprivileged users\n");
323 break;
324 default:
325 printf("Global memory limit for JIT compiler for unprivileged users is %ld bytes\n", res);
326 }
327 }
328}
329
330static bool read_next_kernel_config_option(gzFile file, char *buf, size_t n,
331 char **value)
332{
333 char *sep;
334
335 while (gzgets(file, buf, n)) {
336 if (strncmp(buf, "CONFIG_", 7))
337 continue;
338
339 sep = strchr(buf, '=');
340 if (!sep)
341 continue;
342
343 /* Trim ending '\n' */
344 buf[strlen(buf) - 1] = '\0';
345
346 /* Split on '=' and ensure that a value is present. */
347 *sep = '\0';
348 if (!sep[1])
349 continue;
350
351 *value = sep + 1;
352 return true;
353 }
354
355 return false;
356}
357
358static void probe_kernel_image_config(const char *define_prefix)
359{
360 static const struct {
361 const char * const name;
362 bool macro_dump;
363 } options[] = {
364 /* Enable BPF */
365 { "CONFIG_BPF", },
366 /* Enable bpf() syscall */
367 { "CONFIG_BPF_SYSCALL", },
368 /* Does selected architecture support eBPF JIT compiler */
369 { "CONFIG_HAVE_EBPF_JIT", },
370 /* Compile eBPF JIT compiler */
371 { "CONFIG_BPF_JIT", },
372 /* Avoid compiling eBPF interpreter (use JIT only) */
373 { "CONFIG_BPF_JIT_ALWAYS_ON", },
374 /* Kernel BTF debug information available */
375 { "CONFIG_DEBUG_INFO_BTF", },
376 /* Kernel module BTF debug information available */
377 { "CONFIG_DEBUG_INFO_BTF_MODULES", },
378
379 /* cgroups */
380 { "CONFIG_CGROUPS", },
381 /* BPF programs attached to cgroups */
382 { "CONFIG_CGROUP_BPF", },
383 /* bpf_get_cgroup_classid() helper */
384 { "CONFIG_CGROUP_NET_CLASSID", },
385 /* bpf_skb_{,ancestor_}cgroup_id() helpers */
386 { "CONFIG_SOCK_CGROUP_DATA", },
387
388 /* Tracing: attach BPF to kprobes, tracepoints, etc. */
389 { "CONFIG_BPF_EVENTS", },
390 /* Kprobes */
391 { "CONFIG_KPROBE_EVENTS", },
392 /* Uprobes */
393 { "CONFIG_UPROBE_EVENTS", },
394 /* Tracepoints */
395 { "CONFIG_TRACING", },
396 /* Syscall tracepoints */
397 { "CONFIG_FTRACE_SYSCALLS", },
398 /* bpf_override_return() helper support for selected arch */
399 { "CONFIG_FUNCTION_ERROR_INJECTION", },
400 /* bpf_override_return() helper */
401 { "CONFIG_BPF_KPROBE_OVERRIDE", },
402
403 /* Network */
404 { "CONFIG_NET", },
405 /* AF_XDP sockets */
406 { "CONFIG_XDP_SOCKETS", },
407 /* BPF_PROG_TYPE_LWT_* and related helpers */
408 { "CONFIG_LWTUNNEL_BPF", },
409 /* BPF_PROG_TYPE_SCHED_ACT, TC (traffic control) actions */
410 { "CONFIG_NET_ACT_BPF", },
411 /* BPF_PROG_TYPE_SCHED_CLS, TC filters */
412 { "CONFIG_NET_CLS_BPF", },
413 /* TC clsact qdisc */
414 { "CONFIG_NET_CLS_ACT", },
415 /* Ingress filtering with TC */
416 { "CONFIG_NET_SCH_INGRESS", },
417 /* bpf_skb_get_xfrm_state() helper */
418 { "CONFIG_XFRM", },
419 /* bpf_get_route_realm() helper */
420 { "CONFIG_IP_ROUTE_CLASSID", },
421 /* BPF_PROG_TYPE_LWT_SEG6_LOCAL and related helpers */
422 { "CONFIG_IPV6_SEG6_BPF", },
423 /* BPF_PROG_TYPE_LIRC_MODE2 and related helpers */
424 { "CONFIG_BPF_LIRC_MODE2", },
425 /* BPF stream parser and BPF socket maps */
426 { "CONFIG_BPF_STREAM_PARSER", },
427 /* xt_bpf module for passing BPF programs to netfilter */
428 { "CONFIG_NETFILTER_XT_MATCH_BPF", },
429
430 /* test_bpf module for BPF tests */
431 { "CONFIG_TEST_BPF", },
432
433 /* Misc configs useful in BPF C programs */
434 /* jiffies <-> sec conversion for bpf_jiffies64() helper */
435 { "CONFIG_HZ", true, }
436 };
437 char *values[ARRAY_SIZE(options)] = { };
438 struct utsname utsn;
439 char path[PATH_MAX];
440 gzFile file = NULL;
441 char buf[4096];
442 char *value;
443 size_t i;
444
445 if (!uname(&utsn)) {
446 snprintf(path, sizeof(path), "/boot/config-%s", utsn.release);
447
448 /* gzopen also accepts uncompressed files. */
449 file = gzopen(path, "r");
450 }
451
452 if (!file) {
453 /* Some distributions build with CONFIG_IKCONFIG=y and put the
454 * config file at /proc/config.gz.
455 */
456 file = gzopen("/proc/config.gz", "r");
457 }
458 if (!file) {
459 p_info("skipping kernel config, can't open file: %s",
460 strerror(errno));
461 goto end_parse;
462 }
463 /* Sanity checks */
464 if (!gzgets(file, buf, sizeof(buf)) ||
465 !gzgets(file, buf, sizeof(buf))) {
466 p_info("skipping kernel config, can't read from file: %s",
467 strerror(errno));
468 goto end_parse;
469 }
470 if (strcmp(buf, "# Automatically generated file; DO NOT EDIT.\n")) {
471 p_info("skipping kernel config, can't find correct file");
472 goto end_parse;
473 }
474
475 while (read_next_kernel_config_option(file, buf, sizeof(buf), &value)) {
476 for (i = 0; i < ARRAY_SIZE(options); i++) {
477 if ((define_prefix && !options[i].macro_dump) ||
478 values[i] || strcmp(buf, options[i].name))
479 continue;
480
481 values[i] = strdup(value);
482 }
483 }
484
485 for (i = 0; i < ARRAY_SIZE(options); i++) {
486 if (define_prefix && !options[i].macro_dump)
487 continue;
488 print_kernel_option(options[i].name, values[i], define_prefix);
489 free(values[i]);
490 }
491
492end_parse:
493 if (file)
494 gzclose(file);
495}
496
497static bool probe_bpf_syscall(const char *define_prefix)
498{
499 bool res;
500
501 bpf_prog_load(BPF_PROG_TYPE_UNSPEC, NULL, NULL, NULL, 0, NULL);
502 res = (errno != ENOSYS);
503
504 print_bool_feature("have_bpf_syscall",
505 "bpf() syscall",
506 "BPF_SYSCALL",
507 res, define_prefix);
508
509 return res;
510}
511
512static bool
513probe_prog_load_ifindex(enum bpf_prog_type prog_type,
514 const struct bpf_insn *insns, size_t insns_cnt,
515 char *log_buf, size_t log_buf_sz,
516 __u32 ifindex)
517{
518 LIBBPF_OPTS(bpf_prog_load_opts, opts,
519 .log_buf = log_buf,
520 .log_size = log_buf_sz,
521 .log_level = log_buf ? 1 : 0,
522 .prog_ifindex = ifindex,
523 );
524 int fd;
525
526 errno = 0;
527 fd = bpf_prog_load(prog_type, NULL, "GPL", insns, insns_cnt, &opts);
528 if (fd >= 0)
529 close(fd);
530
531 return fd >= 0 && errno != EINVAL && errno != EOPNOTSUPP;
532}
533
534static bool probe_prog_type_ifindex(enum bpf_prog_type prog_type, __u32 ifindex)
535{
536 /* nfp returns -EINVAL on exit(0) with TC offload */
537 struct bpf_insn insns[2] = {
538 BPF_MOV64_IMM(BPF_REG_0, 2),
539 BPF_EXIT_INSN()
540 };
541
542 return probe_prog_load_ifindex(prog_type, insns, ARRAY_SIZE(insns),
543 NULL, 0, ifindex);
544}
545
546static void
547probe_prog_type(enum bpf_prog_type prog_type, const char *prog_type_str,
548 bool *supported_types, const char *define_prefix, __u32 ifindex)
549{
550 char feat_name[128], plain_desc[128], define_name[128];
551 const char *plain_comment = "eBPF program_type ";
552 size_t maxlen;
553 bool res;
554
555 if (ifindex) {
556 switch (prog_type) {
557 case BPF_PROG_TYPE_SCHED_CLS:
558 case BPF_PROG_TYPE_XDP:
559 break;
560 default:
561 return;
562 }
563
564 res = probe_prog_type_ifindex(prog_type, ifindex);
565 } else {
566 res = libbpf_probe_bpf_prog_type(prog_type, NULL) > 0;
567 }
568
569#ifdef USE_LIBCAP
570 /* Probe may succeed even if program load fails, for unprivileged users
571 * check that we did not fail because of insufficient permissions
572 */
573 if (run_as_unprivileged && errno == EPERM)
574 res = false;
575#endif
576
577 supported_types[prog_type] |= res;
578
579 maxlen = sizeof(plain_desc) - strlen(plain_comment) - 1;
580 if (strlen(prog_type_str) > maxlen) {
581 p_info("program type name too long");
582 return;
583 }
584
585 sprintf(feat_name, "have_%s_prog_type", prog_type_str);
586 sprintf(define_name, "%s_prog_type", prog_type_str);
587 uppercase(define_name, sizeof(define_name));
588 sprintf(plain_desc, "%s%s", plain_comment, prog_type_str);
589 print_bool_feature(feat_name, plain_desc, define_name, res,
590 define_prefix);
591}
592
593static bool probe_map_type_ifindex(enum bpf_map_type map_type, __u32 ifindex)
594{
595 LIBBPF_OPTS(bpf_map_create_opts, opts);
596 int key_size, value_size, max_entries;
597 int fd;
598
599 opts.map_ifindex = ifindex;
600
601 key_size = sizeof(__u32);
602 value_size = sizeof(__u32);
603 max_entries = 1;
604
605 fd = bpf_map_create(map_type, NULL, key_size, value_size, max_entries,
606 &opts);
607 if (fd >= 0)
608 close(fd);
609
610 return fd >= 0;
611}
612
613static void
614probe_map_type(enum bpf_map_type map_type, char const *map_type_str,
615 const char *define_prefix, __u32 ifindex)
616{
617 char feat_name[128], plain_desc[128], define_name[128];
618 const char *plain_comment = "eBPF map_type ";
619 size_t maxlen;
620 bool res;
621
622 if (ifindex) {
623 switch (map_type) {
624 case BPF_MAP_TYPE_HASH:
625 case BPF_MAP_TYPE_ARRAY:
626 break;
627 default:
628 return;
629 }
630
631 res = probe_map_type_ifindex(map_type, ifindex);
632 } else {
633 res = libbpf_probe_bpf_map_type(map_type, NULL) > 0;
634 }
635
636 /* Probe result depends on the success of map creation, no additional
637 * check required for unprivileged users
638 */
639
640 maxlen = sizeof(plain_desc) - strlen(plain_comment) - 1;
641 if (strlen(map_type_str) > maxlen) {
642 p_info("map type name too long");
643 return;
644 }
645
646 sprintf(feat_name, "have_%s_map_type", map_type_str);
647 sprintf(define_name, "%s_map_type", map_type_str);
648 uppercase(define_name, sizeof(define_name));
649 sprintf(plain_desc, "%s%s", plain_comment, map_type_str);
650 print_bool_feature(feat_name, plain_desc, define_name, res,
651 define_prefix);
652}
653
654static bool
655probe_helper_ifindex(enum bpf_func_id id, enum bpf_prog_type prog_type,
656 __u32 ifindex)
657{
658 struct bpf_insn insns[2] = {
659 BPF_EMIT_CALL(id),
660 BPF_EXIT_INSN()
661 };
662 char buf[4096] = {};
663 bool res;
664
665 probe_prog_load_ifindex(prog_type, insns, ARRAY_SIZE(insns), buf,
666 sizeof(buf), ifindex);
667 res = !grep(buf, "invalid func ") && !grep(buf, "unknown func ");
668
669 switch (get_vendor_id(ifindex)) {
670 case 0x19ee: /* Netronome specific */
671 res = res && !grep(buf, "not supported by FW") &&
672 !grep(buf, "unsupported function id");
673 break;
674 default:
675 break;
676 }
677
678 return res;
679}
680
681static bool
682probe_helper_for_progtype(enum bpf_prog_type prog_type, bool supported_type,
683 const char *define_prefix, unsigned int id,
684 const char *ptype_name, __u32 ifindex)
685{
686 bool res = false;
687
688 if (supported_type) {
689 if (ifindex)
690 res = probe_helper_ifindex(id, prog_type, ifindex);
691 else
692 res = libbpf_probe_bpf_helper(prog_type, id, NULL) > 0;
693#ifdef USE_LIBCAP
694 /* Probe may succeed even if program load fails, for
695 * unprivileged users check that we did not fail because of
696 * insufficient permissions
697 */
698 if (run_as_unprivileged && errno == EPERM)
699 res = false;
700#endif
701 }
702
703 if (json_output) {
704 if (res)
705 jsonw_string(json_wtr, helper_name[id]);
706 } else if (define_prefix) {
707 printf("#define %sBPF__PROG_TYPE_%s__HELPER_%s %s\n",
708 define_prefix, ptype_name, helper_name[id],
709 res ? "1" : "0");
710 } else {
711 if (res)
712 printf("\n\t- %s", helper_name[id]);
713 }
714
715 return res;
716}
717
718static void
719probe_helpers_for_progtype(enum bpf_prog_type prog_type,
720 const char *prog_type_str, bool supported_type,
721 const char *define_prefix, __u32 ifindex)
722{
723 char feat_name[128];
724 unsigned int id;
725 bool probe_res = false;
726
727 if (ifindex)
728 /* Only test helpers for offload-able program types */
729 switch (prog_type) {
730 case BPF_PROG_TYPE_SCHED_CLS:
731 case BPF_PROG_TYPE_XDP:
732 break;
733 default:
734 return;
735 }
736
737 if (json_output) {
738 sprintf(feat_name, "%s_available_helpers", prog_type_str);
739 jsonw_name(json_wtr, feat_name);
740 jsonw_start_array(json_wtr);
741 } else if (!define_prefix) {
742 printf("eBPF helpers supported for program type %s:",
743 prog_type_str);
744 }
745
746 for (id = 1; id < ARRAY_SIZE(helper_name); id++) {
747 /* Skip helper functions which emit dmesg messages when not in
748 * the full mode.
749 */
750 switch (id) {
751 case BPF_FUNC_trace_printk:
752 case BPF_FUNC_trace_vprintk:
753 case BPF_FUNC_probe_write_user:
754 if (!full_mode)
755 continue;
756 fallthrough;
757 default:
758 probe_res |= probe_helper_for_progtype(prog_type, supported_type,
759 define_prefix, id, prog_type_str,
760 ifindex);
761 }
762 }
763
764 if (json_output)
765 jsonw_end_array(json_wtr);
766 else if (!define_prefix) {
767 printf("\n");
768 if (!probe_res) {
769 if (!supported_type)
770 printf("\tProgram type not supported\n");
771 else
772 printf("\tCould not determine which helpers are available\n");
773 }
774 }
775
776
777}
778
779static void
780probe_misc_feature(struct bpf_insn *insns, size_t len,
781 const char *define_prefix, __u32 ifindex,
782 const char *feat_name, const char *plain_name,
783 const char *define_name)
784{
785 LIBBPF_OPTS(bpf_prog_load_opts, opts,
786 .prog_ifindex = ifindex,
787 );
788 bool res;
789 int fd;
790
791 errno = 0;
792 fd = bpf_prog_load(BPF_PROG_TYPE_SOCKET_FILTER, NULL, "GPL",
793 insns, len, &opts);
794 res = fd >= 0 || !errno;
795
796 if (fd >= 0)
797 close(fd);
798
799 print_bool_feature(feat_name, plain_name, define_name, res,
800 define_prefix);
801}
802
803/*
804 * Probe for availability of kernel commit (5.3):
805 *
806 * c04c0d2b968a ("bpf: increase complexity limit and maximum program size")
807 */
808static void probe_large_insn_limit(const char *define_prefix, __u32 ifindex)
809{
810 struct bpf_insn insns[BPF_MAXINSNS + 1];
811 int i;
812
813 for (i = 0; i < BPF_MAXINSNS; i++)
814 insns[i] = BPF_MOV64_IMM(BPF_REG_0, 1);
815 insns[BPF_MAXINSNS] = BPF_EXIT_INSN();
816
817 probe_misc_feature(insns, ARRAY_SIZE(insns),
818 define_prefix, ifindex,
819 "have_large_insn_limit",
820 "Large program size limit",
821 "LARGE_INSN_LIMIT");
822}
823
824/*
825 * Probe for bounded loop support introduced in commit 2589726d12a1
826 * ("bpf: introduce bounded loops").
827 */
828static void
829probe_bounded_loops(const char *define_prefix, __u32 ifindex)
830{
831 struct bpf_insn insns[4] = {
832 BPF_MOV64_IMM(BPF_REG_0, 10),
833 BPF_ALU64_IMM(BPF_SUB, BPF_REG_0, 1),
834 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, -2),
835 BPF_EXIT_INSN()
836 };
837
838 probe_misc_feature(insns, ARRAY_SIZE(insns),
839 define_prefix, ifindex,
840 "have_bounded_loops",
841 "Bounded loop support",
842 "BOUNDED_LOOPS");
843}
844
845/*
846 * Probe for the v2 instruction set extension introduced in commit 92b31a9af73b
847 * ("bpf: add BPF_J{LT,LE,SLT,SLE} instructions").
848 */
849static void
850probe_v2_isa_extension(const char *define_prefix, __u32 ifindex)
851{
852 struct bpf_insn insns[4] = {
853 BPF_MOV64_IMM(BPF_REG_0, 0),
854 BPF_JMP_IMM(BPF_JLT, BPF_REG_0, 0, 1),
855 BPF_MOV64_IMM(BPF_REG_0, 1),
856 BPF_EXIT_INSN()
857 };
858
859 probe_misc_feature(insns, ARRAY_SIZE(insns),
860 define_prefix, ifindex,
861 "have_v2_isa_extension",
862 "ISA extension v2",
863 "V2_ISA_EXTENSION");
864}
865
866/*
867 * Probe for the v3 instruction set extension introduced in commit 092ed0968bb6
868 * ("bpf: verifier support JMP32").
869 */
870static void
871probe_v3_isa_extension(const char *define_prefix, __u32 ifindex)
872{
873 struct bpf_insn insns[4] = {
874 BPF_MOV64_IMM(BPF_REG_0, 0),
875 BPF_JMP32_IMM(BPF_JLT, BPF_REG_0, 0, 1),
876 BPF_MOV64_IMM(BPF_REG_0, 1),
877 BPF_EXIT_INSN()
878 };
879
880 probe_misc_feature(insns, ARRAY_SIZE(insns),
881 define_prefix, ifindex,
882 "have_v3_isa_extension",
883 "ISA extension v3",
884 "V3_ISA_EXTENSION");
885}
886
887static void
888section_system_config(enum probe_component target, const char *define_prefix)
889{
890 switch (target) {
891 case COMPONENT_KERNEL:
892 case COMPONENT_UNSPEC:
893 print_start_section("system_config",
894 "Scanning system configuration...",
895 "/*** Misc kernel config items ***/",
896 define_prefix);
897 if (!define_prefix) {
898 if (check_procfs()) {
899 probe_unprivileged_disabled();
900 probe_jit_enable();
901 probe_jit_harden();
902 probe_jit_kallsyms();
903 probe_jit_limit();
904 } else {
905 p_info("/* procfs not mounted, skipping related probes */");
906 }
907 }
908 probe_kernel_image_config(define_prefix);
909 print_end_section();
910 break;
911 default:
912 break;
913 }
914}
915
916static bool section_syscall_config(const char *define_prefix)
917{
918 bool res;
919
920 print_start_section("syscall_config",
921 "Scanning system call availability...",
922 "/*** System call availability ***/",
923 define_prefix);
924 res = probe_bpf_syscall(define_prefix);
925 print_end_section();
926
927 return res;
928}
929
930static void
931section_program_types(bool *supported_types, const char *define_prefix,
932 __u32 ifindex)
933{
934 unsigned int prog_type = BPF_PROG_TYPE_UNSPEC;
935 const char *prog_type_str;
936
937 print_start_section("program_types",
938 "Scanning eBPF program types...",
939 "/*** eBPF program types ***/",
940 define_prefix);
941
942 while (true) {
943 prog_type++;
944 prog_type_str = libbpf_bpf_prog_type_str(prog_type);
945 /* libbpf will return NULL for variants unknown to it. */
946 if (!prog_type_str)
947 break;
948
949 probe_prog_type(prog_type, prog_type_str, supported_types, define_prefix,
950 ifindex);
951 }
952
953 print_end_section();
954}
955
956static void section_map_types(const char *define_prefix, __u32 ifindex)
957{
958 unsigned int map_type = BPF_MAP_TYPE_UNSPEC;
959 const char *map_type_str;
960
961 print_start_section("map_types",
962 "Scanning eBPF map types...",
963 "/*** eBPF map types ***/",
964 define_prefix);
965
966 while (true) {
967 map_type++;
968 map_type_str = libbpf_bpf_map_type_str(map_type);
969 /* libbpf will return NULL for variants unknown to it. */
970 if (!map_type_str)
971 break;
972
973 probe_map_type(map_type, map_type_str, define_prefix, ifindex);
974 }
975
976 print_end_section();
977}
978
979static void
980section_helpers(bool *supported_types, const char *define_prefix, __u32 ifindex)
981{
982 unsigned int prog_type = BPF_PROG_TYPE_UNSPEC;
983 const char *prog_type_str;
984
985 print_start_section("helpers",
986 "Scanning eBPF helper functions...",
987 "/*** eBPF helper functions ***/",
988 define_prefix);
989
990 if (define_prefix)
991 printf("/*\n"
992 " * Use %sHAVE_PROG_TYPE_HELPER(prog_type_name, helper_name)\n"
993 " * to determine if <helper_name> is available for <prog_type_name>,\n"
994 " * e.g.\n"
995 " * #if %sHAVE_PROG_TYPE_HELPER(xdp, bpf_redirect)\n"
996 " * // do stuff with this helper\n"
997 " * #elif\n"
998 " * // use a workaround\n"
999 " * #endif\n"
1000 " */\n"
1001 "#define %sHAVE_PROG_TYPE_HELPER(prog_type, helper) \\\n"
1002 " %sBPF__PROG_TYPE_ ## prog_type ## __HELPER_ ## helper\n",
1003 define_prefix, define_prefix, define_prefix,
1004 define_prefix);
1005 while (true) {
1006 prog_type++;
1007 prog_type_str = libbpf_bpf_prog_type_str(prog_type);
1008 /* libbpf will return NULL for variants unknown to it. */
1009 if (!prog_type_str)
1010 break;
1011
1012 probe_helpers_for_progtype(prog_type, prog_type_str,
1013 supported_types[prog_type],
1014 define_prefix,
1015 ifindex);
1016 }
1017
1018 print_end_section();
1019}
1020
1021static void section_misc(const char *define_prefix, __u32 ifindex)
1022{
1023 print_start_section("misc",
1024 "Scanning miscellaneous eBPF features...",
1025 "/*** eBPF misc features ***/",
1026 define_prefix);
1027 probe_large_insn_limit(define_prefix, ifindex);
1028 probe_bounded_loops(define_prefix, ifindex);
1029 probe_v2_isa_extension(define_prefix, ifindex);
1030 probe_v3_isa_extension(define_prefix, ifindex);
1031 print_end_section();
1032}
1033
1034#ifdef USE_LIBCAP
1035#define capability(c) { c, false, #c }
1036#define capability_msg(a, i) a[i].set ? "" : a[i].name, a[i].set ? "" : ", "
1037#endif
1038
1039static int handle_perms(void)
1040{
1041#ifdef USE_LIBCAP
1042 struct {
1043 cap_value_t cap;
1044 bool set;
1045 char name[14]; /* strlen("CAP_SYS_ADMIN") */
1046 } bpf_caps[] = {
1047 capability(CAP_SYS_ADMIN),
1048#ifdef CAP_BPF
1049 capability(CAP_BPF),
1050 capability(CAP_NET_ADMIN),
1051 capability(CAP_PERFMON),
1052#endif
1053 };
1054 cap_value_t cap_list[ARRAY_SIZE(bpf_caps)];
1055 unsigned int i, nb_bpf_caps = 0;
1056 bool cap_sys_admin_only = true;
1057 cap_flag_value_t val;
1058 int res = -1;
1059 cap_t caps;
1060
1061 caps = cap_get_proc();
1062 if (!caps) {
1063 p_err("failed to get capabilities for process: %s",
1064 strerror(errno));
1065 return -1;
1066 }
1067
1068#ifdef CAP_BPF
1069 if (CAP_IS_SUPPORTED(CAP_BPF))
1070 cap_sys_admin_only = false;
1071#endif
1072
1073 for (i = 0; i < ARRAY_SIZE(bpf_caps); i++) {
1074 const char *cap_name = bpf_caps[i].name;
1075 cap_value_t cap = bpf_caps[i].cap;
1076
1077 if (cap_get_flag(caps, cap, CAP_EFFECTIVE, &val)) {
1078 p_err("bug: failed to retrieve %s status: %s", cap_name,
1079 strerror(errno));
1080 goto exit_free;
1081 }
1082
1083 if (val == CAP_SET) {
1084 bpf_caps[i].set = true;
1085 cap_list[nb_bpf_caps++] = cap;
1086 }
1087
1088 if (cap_sys_admin_only)
1089 /* System does not know about CAP_BPF, meaning that
1090 * CAP_SYS_ADMIN is the only capability required. We
1091 * just checked it, break.
1092 */
1093 break;
1094 }
1095
1096 if ((run_as_unprivileged && !nb_bpf_caps) ||
1097 (!run_as_unprivileged && nb_bpf_caps == ARRAY_SIZE(bpf_caps)) ||
1098 (!run_as_unprivileged && cap_sys_admin_only && nb_bpf_caps)) {
1099 /* We are all good, exit now */
1100 res = 0;
1101 goto exit_free;
1102 }
1103
1104 if (!run_as_unprivileged) {
1105 if (cap_sys_admin_only)
1106 p_err("missing %s, required for full feature probing; run as root or use 'unprivileged'",
1107 bpf_caps[0].name);
1108 else
1109 p_err("missing %s%s%s%s%s%s%s%srequired for full feature probing; run as root or use 'unprivileged'",
1110 capability_msg(bpf_caps, 0),
1111#ifdef CAP_BPF
1112 capability_msg(bpf_caps, 1),
1113 capability_msg(bpf_caps, 2),
1114 capability_msg(bpf_caps, 3)
1115#else
1116 "", "", "", "", "", ""
1117#endif /* CAP_BPF */
1118 );
1119 goto exit_free;
1120 }
1121
1122 /* if (run_as_unprivileged && nb_bpf_caps > 0), drop capabilities. */
1123 if (cap_set_flag(caps, CAP_EFFECTIVE, nb_bpf_caps, cap_list,
1124 CAP_CLEAR)) {
1125 p_err("bug: failed to clear capabilities: %s", strerror(errno));
1126 goto exit_free;
1127 }
1128
1129 if (cap_set_proc(caps)) {
1130 p_err("failed to drop capabilities: %s", strerror(errno));
1131 goto exit_free;
1132 }
1133
1134 res = 0;
1135
1136exit_free:
1137 if (cap_free(caps) && !res) {
1138 p_err("failed to clear storage object for capabilities: %s",
1139 strerror(errno));
1140 res = -1;
1141 }
1142
1143 return res;
1144#else
1145 /* Detection assumes user has specific privileges.
1146 * We do not use libcap so let's approximate, and restrict usage to
1147 * root user only.
1148 */
1149 if (geteuid()) {
1150 p_err("full feature probing requires root privileges");
1151 return -1;
1152 }
1153
1154 return 0;
1155#endif /* USE_LIBCAP */
1156}
1157
1158static int do_probe(int argc, char **argv)
1159{
1160 enum probe_component target = COMPONENT_UNSPEC;
1161 const char *define_prefix = NULL;
1162 bool supported_types[128] = {};
1163 __u32 ifindex = 0;
1164 char *ifname;
1165
1166 set_max_rlimit();
1167
1168 while (argc) {
1169 if (is_prefix(*argv, "kernel")) {
1170 if (target != COMPONENT_UNSPEC) {
1171 p_err("component to probe already specified");
1172 return -1;
1173 }
1174 target = COMPONENT_KERNEL;
1175 NEXT_ARG();
1176 } else if (is_prefix(*argv, "dev")) {
1177 NEXT_ARG();
1178
1179 if (target != COMPONENT_UNSPEC || ifindex) {
1180 p_err("component to probe already specified");
1181 return -1;
1182 }
1183 if (!REQ_ARGS(1))
1184 return -1;
1185
1186 target = COMPONENT_DEVICE;
1187 ifname = GET_ARG();
1188 ifindex = if_nametoindex(ifname);
1189 if (!ifindex) {
1190 p_err("unrecognized netdevice '%s': %s", ifname,
1191 strerror(errno));
1192 return -1;
1193 }
1194 } else if (is_prefix(*argv, "full")) {
1195 full_mode = true;
1196 NEXT_ARG();
1197 } else if (is_prefix(*argv, "macros") && !define_prefix) {
1198 define_prefix = "";
1199 NEXT_ARG();
1200 } else if (is_prefix(*argv, "prefix")) {
1201 if (!define_prefix) {
1202 p_err("'prefix' argument can only be use after 'macros'");
1203 return -1;
1204 }
1205 if (strcmp(define_prefix, "")) {
1206 p_err("'prefix' already defined");
1207 return -1;
1208 }
1209 NEXT_ARG();
1210
1211 if (!REQ_ARGS(1))
1212 return -1;
1213 define_prefix = GET_ARG();
1214 } else if (is_prefix(*argv, "unprivileged")) {
1215#ifdef USE_LIBCAP
1216 run_as_unprivileged = true;
1217 NEXT_ARG();
1218#else
1219 p_err("unprivileged run not supported, recompile bpftool with libcap");
1220 return -1;
1221#endif
1222 } else {
1223 p_err("expected no more arguments, 'kernel', 'dev', 'macros' or 'prefix', got: '%s'?",
1224 *argv);
1225 return -1;
1226 }
1227 }
1228
1229 /* Full feature detection requires specific privileges.
1230 * Let's approximate, and warn if user is not root.
1231 */
1232 if (handle_perms())
1233 return -1;
1234
1235 if (json_output) {
1236 define_prefix = NULL;
1237 jsonw_start_object(json_wtr);
1238 }
1239
1240 section_system_config(target, define_prefix);
1241 if (!section_syscall_config(define_prefix))
1242 /* bpf() syscall unavailable, don't probe other BPF features */
1243 goto exit_close_json;
1244 section_program_types(supported_types, define_prefix, ifindex);
1245 section_map_types(define_prefix, ifindex);
1246 section_helpers(supported_types, define_prefix, ifindex);
1247 section_misc(define_prefix, ifindex);
1248
1249exit_close_json:
1250 if (json_output)
1251 /* End root object */
1252 jsonw_end_object(json_wtr);
1253
1254 return 0;
1255}
1256
1257static const char *get_helper_name(unsigned int id)
1258{
1259 if (id >= ARRAY_SIZE(helper_name))
1260 return NULL;
1261
1262 return helper_name[id];
1263}
1264
1265static int do_list_builtins(int argc, char **argv)
1266{
1267 const char *(*get_name)(unsigned int id);
1268 unsigned int id = 0;
1269
1270 if (argc < 1)
1271 usage();
1272
1273 if (is_prefix(*argv, "prog_types")) {
1274 get_name = (const char *(*)(unsigned int))libbpf_bpf_prog_type_str;
1275 } else if (is_prefix(*argv, "map_types")) {
1276 get_name = (const char *(*)(unsigned int))libbpf_bpf_map_type_str;
1277 } else if (is_prefix(*argv, "attach_types")) {
1278 get_name = (const char *(*)(unsigned int))libbpf_bpf_attach_type_str;
1279 } else if (is_prefix(*argv, "link_types")) {
1280 get_name = (const char *(*)(unsigned int))libbpf_bpf_link_type_str;
1281 } else if (is_prefix(*argv, "helpers")) {
1282 get_name = get_helper_name;
1283 } else {
1284 p_err("expected 'prog_types', 'map_types', 'attach_types', 'link_types' or 'helpers', got: %s", *argv);
1285 return -1;
1286 }
1287
1288 if (json_output)
1289 jsonw_start_array(json_wtr); /* root array */
1290
1291 while (true) {
1292 const char *name;
1293
1294 name = get_name(id++);
1295 if (!name)
1296 break;
1297 if (json_output)
1298 jsonw_string(json_wtr, name);
1299 else
1300 printf("%s\n", name);
1301 }
1302
1303 if (json_output)
1304 jsonw_end_array(json_wtr); /* root array */
1305
1306 return 0;
1307}
1308
1309static int do_help(int argc, char **argv)
1310{
1311 if (json_output) {
1312 jsonw_null(json_wtr);
1313 return 0;
1314 }
1315
1316 fprintf(stderr,
1317 "Usage: %1$s %2$s probe [COMPONENT] [full] [unprivileged] [macros [prefix PREFIX]]\n"
1318 " %1$s %2$s list_builtins GROUP\n"
1319 " %1$s %2$s help\n"
1320 "\n"
1321 " COMPONENT := { kernel | dev NAME }\n"
1322 " GROUP := { prog_types | map_types | attach_types | link_types | helpers }\n"
1323 " " HELP_SPEC_OPTIONS " }\n"
1324 "",
1325 bin_name, argv[-2]);
1326
1327 return 0;
1328}
1329
1330static const struct cmd cmds[] = {
1331 { "probe", do_probe },
1332 { "list_builtins", do_list_builtins },
1333 { "help", do_help },
1334 { 0 }
1335};
1336
1337int do_feature(int argc, char **argv)
1338{
1339 return cmd_select(cmds, argc, argv, do_help);
1340}