Linting functionality for BPF C kernel programs. The Linux kernel's BPF sub-system is continuously being improved and certain patterns recommended in the past may no longer be state-of-the-art today. Similarly, some "foot guns" exist that by definition may not be obvious to new comers.
bpflint contains a linter for BPF C kernel programs that accepts
such a .bpf.c file as input and scans it for such known issues,
pointing them out and providing recommendations on how to fix them.
Provided is a Rust library, a command line interface, a Web UI, as well as a [GitHub Action][gh-action] for linting of BPF C programs.
A: We have a list of issues with ideas for contributions, which mark a good starting point. For documentation on lints specifically and how to add a new one, please check out the lints/ sub-directory. All other questions are probably best asked in one of the existing issues (or a new one).
A: If you are using GitHub Actions as the continuous integration
solution of choice, you can use the contained GitHub Action to set up
bpflinter and then invoke it:
- uses: d-e-s-o/bpflint@main
- run: bpflinter <your-file>.bpf.cFor other CI systems some manual plumbing will be necessary. We provide
statically linked bpflinter CLI binaries that can be downloaded from
each cli-vX.Y.Z release and used directly on any Linux. E.g.,
https://github.com/d-e-s-o/bpflint/releases/download/cli-v0.1.5/bpflinter-x86_64-unknown-linux-musl
A: Yes! The library allows for definition of custom lints via the
Lint type. One or more instances of this type can then be
provided to the linter. Please refer to the
custom-lint program for a fully working
example.
A: Some lints require context that is not possible or feasible for
the linter to acquire. E.g., kprobe attach point usage may be flagged
as being an unstable attach point, but the linter cannot know whether a
better alternative, say, in the form of a tracepoint, exists.
bpflint recognizes C comments of the following form on blocks and
statements:
/* bpflint: disable=<lint-name> */
foo();When encountered, the named lint will be disabled for the directly following item (block, statement, ...).