kernel/linux.git/tools/bpf/bpftool/main.c, branch linux-7.1.y

bpftool: Allow explicitly skip llvm, libbfd and libcrypto dependencies

2026-03-16T21:14:14+00:00

Introduce SKIP_LLVM, SKIP_LIBBFD, and SKIP_CRYPTO build flags that let users build bpftool without these optional dependencies. SKIP_LLVM=1 skips LLVM even when detected. SKIP_LIBBFD=1 prevents the libbfd JIT disassembly fallback when LLVM is absent. Together, they produce a bpftool with no disassembly support. SKIP_CRYPTO=1 excludes sign.c and removes the -lcrypto link dependency. Inline stubs in main.h return errors with a clear message if signing functions are called at runtime. Use BPFTOOL_WITHOUT_CRYPTO (not HAVE_LIBCRYPTO_SUPPORT) as the C define, following the BPFTOOL_WITHOUT_SKELETONS naming convention for bpftool-internal build config, leaving HAVE_LIBCRYPTO_SUPPORT free for proper feature detection in the future. All three flags are propagated through the selftests Makefile to bpftool sub-builds. Signed-off-by: Mykyta Yatsenko Signed-off-by: Andrii Nakryiko Link: https://lore.kernel.org/bpf/20260312-b4-bpftool_build-v2-1-4c9d57133644@meta.com

bpftool: Add support for signing BPF programs

2025-09-23T02:17:55+00:00

Two modes of operation being added: Add two modes of operation: * For prog load, allow signing a program immediately before loading. This is essential for command-line testing and administration. bpftool prog load -S -k -i fentry_test.bpf.o * For gen skeleton, embed a pre-generated signature into the C skeleton file. This supports the use of signed programs in compiled applications. bpftool gen skeleton -S -k -i fentry_test.bpf.o Generation of the loader program and its metadata map is implemented in libbpf (bpf_obj__gen_loader). bpftool generates a skeleton that loads the program and automates the required steps: freezing the map, creating an exclusive map, loading, and running. Users can use standard libbpf APIs directly or integrate loader program generation into their own toolchains. Signed-off-by: KP Singh Acked-by: Quentin Monnet Link: https://lore.kernel.org/r/20250921160120.9711-5-kpsingh@kernel.org Signed-off-by: Alexei Starovoitov

bpftool: Add bpf_token show

2025-08-02T01:03:23+00:00

Add `bpftool token show` command to get token info from bpffs in /proc/mounts. Example plain output for `token show`: token_info /sys/fs/bpf/token allowed_cmds: map_create prog_load allowed_maps: allowed_progs: kprobe allowed_attachs: xdp token_info /sys/fs/bpf/token2 allowed_cmds: map_create prog_load allowed_maps: allowed_progs: kprobe allowed_attachs: xdp Example json output for `token show`: [{ "token_info": "/sys/fs/bpf/token", "allowed_cmds": ["map_create", "prog_load"], "allowed_maps": [], "allowed_progs": ["kprobe"], "allowed_attachs": ["xdp"] }, { "token_info": "/sys/fs/bpf/token2", "allowed_cmds": ["map_create", "prog_load"], "allowed_maps": [], "allowed_progs": ["kprobe"], "allowed_attachs": ["xdp"] }] Reviewed-by: Quentin Monnet Signed-off-by: Tao Chen Link: https://lore.kernel.org/r/20250723144442.1427943-1-chen.dylane@linux.dev Signed-off-by: Alexei Starovoitov

bpftool: Fix JSON writer resource leak in version command

2025-06-17T20:28:26+00:00

When using `bpftool --version -j/-p`, the JSON writer object created in do_version() was not properly destroyed after use. This caused a memory leak each time the version command was executed with JSON output. Fix: 004b45c0e51a (tools: bpftool: provide JSON output for all possible commands) Suggested-by: Quentin Monnet Signed-off-by: Yuan Chen Signed-off-by: Andrii Nakryiko Reviewed-by: Quentin Monnet Link: https://lore.kernel.org/bpf/20250617132442.9998-1-chenyuan_fl@163.com

bpftool: Using the right format specifiers

2025-02-11T00:08:13+00:00

Fixed some formatting specifiers errors, such as using %d for int and %u for unsigned int, as well as other byte-length types. Signed-off-by: Jiayuan Chen Signed-off-by: Andrii Nakryiko Reviewed-by: Quentin Monnet Link: https://lore.kernel.org/bpf/20250207123706.727928-2-mrpre@163.com

bpftool: clean-up usage of libbpf_get_error()

2022-11-21T00:17:46+00:00

bpftool is now totally compliant with libbpf 1.0 mode and is not expected to be compiled with pre-1.0, let's clean-up the usage of libbpf_get_error(). The changes stay aligned with returned errors always negative. - In tools/bpf/bpftool/btf.c This fixes an uninitialized local variable `err` in function do_dump() because it may now be returned without having been set. - This also removes the checks on NULL pointers before calling btf__free() because that function already does the check. Signed-off-by: Sahid Orentino Ferdjaoui Link: https://lore.kernel.org/r/20221120112515.38165-5-sahid.ferdjaoui@industrialdiscipline.com Signed-off-by: Alexei Starovoitov

bpftool: remove support of --legacy option for bpftool

2022-11-21T00:17:46+00:00

Following: commit bd054102a8c7 ("libbpf: enforce strict libbpf 1.0 behaviors") commit 93b8952d223a ("libbpf: deprecate legacy BPF map definitions") The --legacy option is no longer relevant as libbpf no longer supports it. libbpf_set_strict_mode() is a no-op operation. Signed-off-by: Sahid Orentino Ferdjaoui Acked-by: Yonghong Song Reviewed-by: Quentin Monnet Link: https://lore.kernel.org/r/20221120112515.38165-2-sahid.ferdjaoui@industrialdiscipline.com Signed-off-by: Alexei Starovoitov

bpftool: Check argc first before "file" in do_batch()

2022-11-16T05:36:24+00:00

If the parameters for batch are more than 2, check argc first can return immediately, no need to use is_prefix() to check "file" with a little overhead and then check argc, it is better to check "file" only when the parameters for batch are 2. Signed-off-by: Tiezhu Yang Acked-by: Stanislav Fomichev Reviewed-by: Quentin Monnet Link: https://lore.kernel.org/r/1668517207-11822-1-git-send-email-yangtiezhu@loongson.cn Signed-off-by: Alexei Starovoitov

bpftool: Add llvm feature to "bpftool version"

2022-10-25T17:11:57+00:00

Similarly to "libbfd", add a "llvm" feature to the output of command "bpftool version" to indicate that LLVM is used for disassembling JIT-ed programs. This feature is mutually exclusive (from Makefile definitions) with "libbfd". Signed-off-by: Quentin Monnet Tested-by: Niklas Söderlund Acked-by: Yonghong Song Link: https://lore.kernel.org/r/20221025150329.97371-9-quentin@isovalent.com Signed-off-by: Alexei Starovoitov

bpftool: Add "bootstrap" feature to version output

2022-10-21T21:41:13+00:00

Along with the version number, "bpftool version" displays a list of features that were selected at compilation time for bpftool. It would be useful to indicate in that list whether a binary is a bootstrap version of bpftool. Given that an increasing number of components rely on bootstrap versions for generating skeletons, this could help understand what a binary is capable of if it has been copied outside of the usual "bootstrap" directory. To detect a bootstrap version, we simply rely on the absence of implementation for the do_prog() function. To do this, we must move the (unchanged) list of commands before do_version(), which in turn requires renaming this "cmds" array to avoid shadowing it with the "cmds" argument in cmd_select(). Signed-off-by: Quentin Monnet Signed-off-by: Daniel Borkmann Link: https://lore.kernel.org/bpf/20221020100332.69563-1-quentin@isovalent.com