diff --git a/0001-Workaround-OpaquePointers-for-LLVM-15.patch b/0001-Workaround-OpaquePointers-for-LLVM-15.patch new file mode 100644 index 0000000000000000000000000000000000000000..a8bd291bdd05b038e6f0a451008004aa5c160866 --- /dev/null +++ b/0001-Workaround-OpaquePointers-for-LLVM-15.patch @@ -0,0 +1,29 @@ +From 07fa48a94ef6d6bb1f335de345de18fe9776ca57 Mon Sep 17 00:00:00 2001 +From: kenneth topp +Date: Mon, 26 Sep 2022 00:33:29 -0400 +Subject: [PATCH] Workaround OpaquePointers for LLVM 15 + +This workaround allows bpftrace to be compiled against +LLVM-15. This will have to be address properly before LLVM-16 +More details from LLVM here: https://llvm.org/docs/OpaquePointers.html +--- + src/ast/irbuilderbpf.cpp | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/ast/irbuilderbpf.cpp b/src/ast/irbuilderbpf.cpp +index d49883f7..00f0f172 100644 +--- a/src/ast/irbuilderbpf.cpp ++++ b/src/ast/irbuilderbpf.cpp +@@ -123,6 +123,9 @@ IRBuilderBPF::IRBuilderBPF(LLVMContext &context, + module_(module), + bpftrace_(bpftrace) + { ++#if LLVM_VERSION_MAJOR == 15 ++ context.setOpaquePointers(false); ++#endif + // Declare external LLVM function + FunctionType *pseudo_func_type = FunctionType::get( + getInt64Ty(), +-- +2.37.3 + diff --git a/0001-fix-CVE-2024-2313.patch b/0001-fix-CVE-2024-2313.patch new file mode 100644 index 0000000000000000000000000000000000000000..f1ad5d65357e5a966e5cb64d14505ed19e9f2fca --- /dev/null +++ b/0001-fix-CVE-2024-2313.patch @@ -0,0 +1,124 @@ +From 7540e3111bf711ad86f8ab63d195f203be915a81 Mon Sep 17 00:00:00 2001 +From: cuilichen +Date: Mon, 3 Jun 2024 13:21:11 +0800 +Subject: [PATCH] fix-CVE-2024-2313 + +--- + src/utils.cpp | 27 ++++++++++++++++++++++++--- + src/utils.h | 1 + + tests/utils.cpp | 22 ++++++++++++++++++++++ + 3 files changed, 47 insertions(+), 3 deletions(-) + +diff --git a/src/utils.cpp b/src/utils.cpp +index 8b070eb..8b30afc 100644 +--- a/src/utils.cpp ++++ b/src/utils.cpp +@@ -109,6 +109,8 @@ const struct vmlinux_location vmlinux_locs[] = { + { nullptr, false }, + }; + ++constexpr std::string_view PROC_KHEADERS_PATH = "/sys/kernel/kheaders.tar.xz"; ++ + static bool pid_in_different_mountns(int pid); + static std::vector + resolve_binary_path(const std::string &cmd, const char *env_paths, int pid); +@@ -700,6 +702,22 @@ bool is_dir(const std::string& path) + return std_filesystem::is_directory(buf, ec); + } + ++bool file_exists_and_ownedby_root(const char *f) ++{ ++ struct stat st; ++ if (stat(f, &st) == 0) ++ { ++ if (st.st_uid != 0) ++ { ++ LOG(ERROR) << "header file ownership expected to be root: " ++ << std::string(f); ++ return false; ++ } ++ return true; ++ } ++ return false; ++} ++ + namespace { + struct KernelHeaderTmpDir { + KernelHeaderTmpDir(const std::string& prefix) : path{prefix + "XXXXXX"} +@@ -736,14 +754,14 @@ namespace { + #else + std_filesystem::path path_prefix{ "/tmp" }; + #endif +- std_filesystem::path path_kheaders{ "/sys/kernel/kheaders.tar.xz" }; ++ std_filesystem::path path_kheaders{ PROC_KHEADERS_PATH }; + if (const char* tmpdir = ::getenv("TMPDIR")) { + path_prefix = tmpdir; + } + path_prefix /= "kheaders-"; + std_filesystem::path shared_path{ path_prefix.string() + utsname.release }; + +- if (std_filesystem::exists(shared_path, ec)) ++ if (file_exists_and_ownedby_root(shared_path.c_str())) + { + // already unpacked + return shared_path.string(); +@@ -767,7 +785,10 @@ namespace { + + KernelHeaderTmpDir tmpdir{path_prefix}; + +- FILE* tar = ::popen(("tar xf /sys/kernel/kheaders.tar.xz -C " + tmpdir.path).c_str(), "w"); ++ FILE *tar = ::popen(("tar xf " + std::string(PROC_KHEADERS_PATH) + " -C " + ++ tmpdir.path) ++ .c_str(), ++ "w"); + if (!tar) { + return ""; + } +diff --git a/src/utils.h b/src/utils.h +index 7c08961..b804749 100644 +--- a/src/utils.h ++++ b/src/utils.h +@@ -185,6 +185,7 @@ std::vector get_wildcard_tokens(const std::string &input, + std::vector get_online_cpus(); + std::vector get_possible_cpus(); + bool is_dir(const std::string &path); ++bool file_exists_and_ownedby_root(const char *f); + std::tuple get_kernel_dirs( + const struct utsname &utsname, + bool unpack_kheaders = true); +diff --git a/tests/utils.cpp b/tests/utils.cpp +index 88d4800..9a192cc 100644 +--- a/tests/utils.cpp ++++ b/tests/utils.cpp +@@ -363,6 +363,28 @@ TEST(utils, get_pids_for_program) + ASSERT_EQ(pids.size(), 0); + } + ++TEST(utils, file_exists_and_ownedby_root) ++{ ++ std::string tmpdir = "/tmp/bpftrace-test-utils-XXXXXX"; ++ std::string file1 = "/ownedby-user"; ++ std::string file2 = "/no-exists"; ++ if (::mkdtemp(tmpdir.data()) == nullptr) ++ { ++ throw std::runtime_error("creating temporary path for tests failed"); ++ } ++ ++ int fd; ++ fd = open((tmpdir + file1).c_str(), O_CREAT, S_IRUSR); ++ close(fd); ++ ASSERT_GE(fd, 0); ++ ++ EXPECT_FALSE(file_exists_and_ownedby_root((tmpdir + file1).c_str())); ++ EXPECT_FALSE(file_exists_and_ownedby_root((tmpdir + file2).c_str())); ++ EXPECT_TRUE(file_exists_and_ownedby_root("/proc/1/maps")); ++ ++ EXPECT_GT(std_filesystem::remove_all(tmpdir), 0); ++} ++ + } // namespace utils + } // namespace test + } // namespace bpftrace +-- +2.41.0 + diff --git a/7eea7872b0c6600b69c5766ef7bdf736dd73ce9c.patch b/7eea7872b0c6600b69c5766ef7bdf736dd73ce9c.patch deleted file mode 100644 index b95a1c8df9848e5ec96fde5beea293149be83373..0000000000000000000000000000000000000000 --- a/7eea7872b0c6600b69c5766ef7bdf736dd73ce9c.patch +++ /dev/null @@ -1,23 +0,0 @@ -From 7eea7872b0c6600b69c5766ef7bdf736dd73ce9c Mon Sep 17 00:00:00 2001 -From: Khem Raj -Date: Fri, 10 Mar 2023 00:08:27 -0800 -Subject: [PATCH] cmake: Raise max llvm major version to 16 - -Signed-off-by: Khem Raj ---- - CMakeLists.txt | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/CMakeLists.txt b/CMakeLists.txt -index db5618e4efb..5cc489afe44 100644 ---- a/CMakeLists.txt -+++ b/CMakeLists.txt -@@ -173,7 +173,7 @@ else() - endif() - - set(MIN_LLVM_MAJOR 6) -- set(MAX_LLVM_MAJOR 15) -+ set(MAX_LLVM_MAJOR 16) - - if((${LLVM_VERSION_MAJOR} VERSION_LESS ${MIN_LLVM_MAJOR}) OR (${LLVM_VERSION_MAJOR} VERSION_GREATER ${MAX_LLVM_MAJOR})) - message(SEND_ERROR "Unsupported LLVM version found via ${LLVM_INCLUDE_DIRS}: ${LLVM_VERSION_MAJOR}") diff --git a/bpftrace-0.16.0.tar.gz b/bpftrace-0.16.0.tar.gz deleted file mode 100644 index dea403637f588d1f5782b03c04f51bf03187d966..0000000000000000000000000000000000000000 Binary files a/bpftrace-0.16.0.tar.gz and /dev/null differ diff --git a/bpftrace-0.20.1.tar.gz b/bpftrace-0.20.1.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..d14c27923db9d5100199462625fe299d6c1cd829 Binary files /dev/null and b/bpftrace-0.20.1.tar.gz differ diff --git a/bpftrace.spec b/bpftrace.spec index 4e4f35d345e69b57b0740d2ae3c12a35dc060843..cb4de08f3b3f9c8e041d3caafcc2f5981271d53b 100644 --- a/bpftrace.spec +++ b/bpftrace.spec @@ -1,24 +1,27 @@ -%define anolis_release 3 +%define anolis_release 2 %global __os_install_post %{nil} %global _find_debuginfo_opts -g Name: bpftrace -Version: 0.16.0 +Version: 0.20.1 Release: %{anolis_release}%{?dist} Summary: High-level tracing language for Linux eBPF -License: ASL 2.0 +License: Apache-2.0 + URL: https://github.com/iovisor/bpftrace Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz -# https://github.com/iovisor/bpftrace/pull/2528 -Patch0: 7eea7872b0c6600b69c5766ef7bdf736dd73ce9c.patch - -BuildRequires: gcc-c++ cmake llvm-devel libxml2-devel clang-devel -BuildRequires: rubygem-asciidoctor bison flex elfutils-libelf-devel -BuildRequires: zlib-devel bcc-devel >= 0.19.0 libbpf-devel libbpf-static -BuildRequires: binutils-devel cereal-devel libdwarf-devel +Patch1: 0001-Workaround-OpaquePointers-for-LLVM-15.patch +Patch2: 0001-fix-CVE-2024-2313.patch +# Arches will be included as upstream support is added and dependencies are +# satisfied in the respective arches ExclusiveArch: x86_64 aarch64 +BuildRequires: gcc-c++ cmake llvm-devel clang-devel rubygem-asciidoctor llvm-googletest +BuildRequires: bison flex elfutils-libelf-devel zlib-devel bcc-devel >= 0.19.0-1 +BuildRequires: libbpf-devel libbpf-static binutils-devel cereal-devel libdwarf-devel python3-setuptools + + %description BPFtrace is a high-level tracing language for Linux enhanced Berkeley Packet Filter (eBPF) available in recent Linux kernels (4.x). BPFtrace uses LLVM as a @@ -37,13 +40,14 @@ BuildArch: noarch The %{name}-doc package contains documentation files for %{name} %prep -%autosetup +%autosetup -p1 + %build %cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo \ -DBUILD_TESTING:BOOL=OFF \ -DBUILD_SHARED_LIBS:BOOL=OFF \ - -DENABLE_LLVM_SHARED=1 + -DUSE_SYSTEM_BPF_BCC:BOOL=ON %cmake_build @@ -56,12 +60,15 @@ find %{buildroot}%{_datadir}/%{name}/tools -type f -exec \ %generate_compatibility_deps %files -%{_bindir}/%{name} -%{_bindir}/%{name}-aotrt +%doc docs/reference_guide.md docs/tutorial_one_liners.md +%license LICENSE %dir %{_datadir}/%{name} %dir %{_datadir}/%{name}/tools %dir %{_datadir}/%{name}/tools/doc %dir %{_datadir}/%{name}/tools/old +%{_bindir}/%{name} +%{_bindir}/%{name}-aotrt +%{_mandir}/man8/* %attr(0755,-,-) %{_datadir}/%{name}/tools/*.bt %attr(0755,-,-) %{_datadir}/%{name}/tools/old/*.bt %{_datadir}/%{name}/tools/doc/*.txt @@ -69,14 +76,17 @@ find %{buildroot}%{_datadir}/%{name}/tools -type f -exec \ %dir %{abidir} %{abidir}/bpftrace-aotrt-option.list %{abidir}/bpftrace-option.list -%{_mandir}/man8/* -%license LICENSE %files doc -%doc README.md INSTALL.md CHANGELOG.md -%doc docs/*.md +%doc README.md CONTRIBUTING-TOOLS.md %changelog +* Mon Jun 3 2024 Cui lichen - 0.20.1-2 +- Fix CVE-2024-2313 + +* Thu Mar 21 2024 mgb01105731 - 0.20.1-1 +- update to 0.20.1 + * Fri Apr 14 2023 Yuanhong Peng - 0.16.0-3 - Refactor the specfile - cmake: Raise max llvm major version to 16