build: generate vmlinux at compile time

Previously SeaBee relied on the kernel version to decide which eBPF code
to compile and load. This method proved unreliable since many distros
backport features to old kernel versions. In order to make sure that
our code always builds correctly, this commit strips vmlinux.h from
the respoitory and adds code to the build.rs script to generate
vmlinux.h and detect features in it.

This enables our test cases to pass on rocky 9 linux.

Signed-off-by: Alan Wandke <[email protected]>

Author: awandke

.gitignore

@@ -4,3 +4,5 @@
 __pycache__
 seabee-root-private-key.pem
 seabee-root-public-key.pem
+bpf/include/vmlinux.h
+bpf/include/vmlinux_features.h

Cargo.lock

@@ -12,7 +12,6 @@ ctrlc = { version = "3.4", features = ["termination"] }
 libbpf-rs = { version = "0.25.0-beta.1", default-features = false, features = ["vendored"] }
 libtest-mimic = "0.7"
 nix = "0.28"
-procfs = { version = "0.17", default-features = false }
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
 strum = "0.26"

Cargo.toml

@@ -23,4 +23,3 @@ bindgen = { version = "0.69", default-features = false, features = ["runtime"] }
 doxygen-rs = "0.4"
 libbpf-rs.workspace = true
 libbpf-cargo = { version = "0.25.0-beta.1", default-features = false}
-procfs.workspace = true

bpf/Cargo.toml

@@ -1,32 +1,29 @@
 // SPDX-License-Identifier: Apache-2.0
-use std::env;
-use std::fs;
+use std::collections::HashSet;
+use std::io::{BufRead, BufReader, Write};
 use std::path::{Path, PathBuf};
+use std::process::{Command, Stdio};
+use std::{env, fs};
 
-use anyhow::{Context, Result};
+use anyhow::{anyhow, Context, Result};
 use libbpf_cargo::SkeletonBuilder;
-use procfs::KernelVersion;
+
+const VMLINUX_PATH: &str = "include/vmlinux.h";
+const VMLINUX_FEATURES: [&str; 1] = ["bpf_map_create"];
 
 /// Tells Cargo to rerun the build if the supplied file has changed
 fn track_file(header: &str) {
     println!("cargo:rerun-if-changed={header}");
 }
 
 /// Converts a BPF source code path to a skeleton path for [libbpf_rs]
-fn get_skel_path(src_file: &Path, version: Option<&KernelVersion>) -> String {
+fn get_skel_path(src_file: &Path) -> PathBuf {
     if let Some(bpf) = src_file.file_stem() {
         if let Some(stem) = Path::new(bpf).file_stem() {
-            let mut skel_path = String::new();
-            skel_path.push_str(&stem.to_string_lossy());
-            // if a kernel version is specified, add that at the end of the name
-            if let Some(version) = version {
-                skel_path.push_str(&format!(
-                    "_{}_{}_{}",
-                    version.major, version.minor, version.patch
-                ));
-            }
-            skel_path.push_str(".skel.rs");
-            return skel_path;
+            let mut skel = PathBuf::new();
+            skel.push(stem);
+            skel.set_extension("skel.rs");
+            return skel;
         }
     }
     panic!(
@@ -35,53 +32,14 @@ fn get_skel_path(src_file: &Path, version: Option<&KernelVersion>) -> String {
     );
 }
 
-/// Converts [KernelVersion] to BPF_CODE_VERSION to be compared against the
-/// `KERNEL_VERSION` macro for conditional compilation
-pub fn kernel_version_to_bpf_code_version(version: &KernelVersion) -> u32 {
-    ((version.major as u32) << 16)
-        + ((version.minor as u32) << 8)
-        + std::cmp::max(version.patch as u32, 255)
-}
-
 /// Uses [libbpf_cargo::SkeletonBuilder] to compile BPF source code to a skeleton
-fn compile_bpf_obj(
-    src_file: &PathBuf,
-    out_path: &Path,
-    versions: Option<&[KernelVersion]>,
-) -> Result<()> {
-    let mut clang_args: Vec<String> = vec![
-        "-Iinclude".to_string(),
-        format!("-I{}", out_path.to_string_lossy()),
-    ];
-    let mut skel_build = SkeletonBuilder::new();
-    skel_build.source(src_file);
-    // if multiple versions are specified
-    if let Some(versions) = versions {
-        // compile the default case (every version before the first specified)
-        clang_args.push("-DBPF_CODE_VERSION=0".to_owned());
-        skel_build
-            .clang_args(&clang_args)
-            .build_and_generate(out_path.join(get_skel_path(src_file, None)))?;
-        clang_args.pop();
-        // compile each version of the skeleton separately
-        for version in versions {
-            clang_args.push(format!(
-                "-DBPF_CODE_VERSION={}",
-                kernel_version_to_bpf_code_version(version)
-            ));
-            skel_build
-                .clang_args(&clang_args)
-                .build_and_generate(out_path.join(get_skel_path(src_file, Some(version))))?;
-            clang_args.pop();
-        }
-    }
-    // otherwise, assume all versions are supported with the same skeleton
-    else {
-        skel_build
-            .clang_args(&clang_args)
-            .build_and_generate(out_path.join(get_skel_path(src_file, None)))?;
-    }
-    Ok(())
+fn compile_bpf_obj(src_file: &PathBuf, out_path: &Path) -> Result<PathBuf> {
+    let bpf_skel_path = out_path.join(get_skel_path(src_file));
+    SkeletonBuilder::new()
+        .source(src_file)
+        .clang_args([&format!("-I{}", out_path.to_string_lossy()), "-Iinclude"])
+        .build_and_generate(&bpf_skel_path)?;
+    Ok(bpf_skel_path)
 }
 
 #[derive(Debug)]
@@ -148,14 +106,11 @@ fn generate_header_bindings(hdr_file: &Path, out_path: &Path) -> Result<PathBuf>
 ///
 /// Copied from https://github.com/libbpf/libbpf-rs/blob/aacaec1b7dfaa4bf9112d2f4168d77dfceee499f/libbpf-cargo/src/build.rs#L55
 fn extract_libbpf_headers_to_disk(target_dir: &Path) -> Result<Option<PathBuf>> {
-    use std::fs::OpenOptions;
-    use std::io::Write;
-
     let dir = target_dir.join("bpf");
     fs::create_dir_all(&dir)?;
     for (filename, contents) in libbpf_rs::libbpf_sys::API_HEADERS.iter() {
         let path = dir.as_path().join(filename);
-        let mut file = OpenOptions::new()
+        let mut file = fs::OpenOptions::new()
             .write(true)
             .create(true)
             .truncate(true)
@@ -170,12 +125,7 @@ fn extract_libbpf_headers_to_disk(target_dir: &Path) -> Result<Option<PathBuf>>
 ///
 /// You can pass a vector of filenames to explicitly ignore if they are known to cause
 /// problems for either Clang or bindgen (e.g. "vmlinux.h")
-fn build(
-    out_path: &Path,
-    base_path: &str,
-    ignore_files: Vec<&str>,
-    versions: Option<&[KernelVersion]>,
-) -> Result<()> {
+fn build(out_path: &Path, base_path: &str, ignore_files: Vec<&str>) -> Result<()> {
     for path in fs::read_dir(base_path)?
         .filter_map(|r| r.ok())
         .map(|r| r.path())
@@ -189,7 +139,7 @@ fn build(
             continue;
         }
         if path_str.ends_with(".bpf.c") {
-            compile_bpf_obj(&path, out_path, versions)?;
+            compile_bpf_obj(&path, out_path)?;
         }
         if path_str.ends_with(".h") {
             generate_header_bindings(&path, out_path)?;
@@ -198,9 +148,82 @@ fn build(
     Ok(())
 }
 
+// Creates vmlinux (truncates if exists)
+fn generate_vmlinux() -> Result<()> {
+    let vmlinux_file = fs::File::create(VMLINUX_PATH)?;
+    // bpftool is installed in the update_test_dependencies.sh which
+    // is run as part of the update_root_dependencies.sh
+    let status = Command::new("bpftool")
+        .args([
+            "btf",
+            "dump",
+            "file",
+            "/sys/kernel/btf/vmlinux",
+            "format",
+            "c",
+        ])
+        .stdout(Stdio::from(vmlinux_file))
+        .status()?;
+    if !status.success() {
+        return Err(anyhow!(
+            "failed to generate vmlinux using bpftool: {}",
+            status
+        ));
+    }
+
+    Ok(())
+}
+
+fn detect_vmlinux_features() -> Result<HashSet<String>> {
+    // detect features
+    let file = fs::File::open(VMLINUX_PATH)?;
+    let reader = BufReader::new(file);
+    let mut found = HashSet::new();
+    for line in reader.lines() {
+        let line = line?;
+        for feat in VMLINUX_FEATURES {
+            if line.contains(feat) {
+                found.insert(feat.to_string());
+            }
+        }
+    }
+
+    // validate features
+    if found.contains("bpf_map_create") && found.contains("bpf_map_alloc_security") {
+        return Err(anyhow!(
+            "Conflicting function definitions for security_bpf_map_create"
+        ));
+    } else if !found.contains("bpf_map_create") && !found.contains("bpf_map_alloc_security") {
+        return Err(anyhow!(
+            "No function definition found for security_bpf_map_create"
+        ));
+    }
+
+    Ok(found)
+}
+
+fn export_features_to_header(features: HashSet<String>) -> Result<()> {
+    let mut f = fs::File::create("include/vmlinux_features.h")?;
+
+    writeln!(f, "// Auto-generated header from build.rs")?;
+
+    for flag in features {
+        let macro_name = flag.to_uppercase();
+        writeln!(f, "#define HAS_{}", macro_name)?;
+    }
+
+    Ok(())
+}
+
 fn main() -> Result<()> {
     let out_path = PathBuf::from(env::var_os("OUT_DIR").context("OUT_DIR must be set")?);
     extract_libbpf_headers_to_disk(&out_path)?;
+    // Create vmlinux and do feature detection based on it
+    if !Path::new(VMLINUX_PATH).exists() {
+        generate_vmlinux()?;
+        let features = detect_vmlinux_features()?;
+        export_features_to_header(features)?;
+    }
     // Build common
     build(
         &out_path,
@@ -213,16 +236,10 @@ fn main() -> Result<()> {
             "seabee_maps.h",
             "seabee_utils.h",
         ],
-        None,
     )?;
     // Build bpf code
-    build(
-        &out_path,
-        "src/seabee",
-        vec!["seabee_log.h"],
-        Some(&[KernelVersion::new(6, 1, 0), KernelVersion::new(6, 9, 0)]),
-    )?;
-    build(&out_path, "src/kernel_api", vec![], None)?;
-    build(&out_path, "src/tests", vec![], None)?;
+    build(&out_path, "src/seabee", vec!["seabee_log.h"])?;
+    build(&out_path, "src/kernel_api", vec![])?;
+    build(&out_path, "src/tests", vec![])?;
     Ok(())
 }