[libbpf] initial integration (#6608)

* [libbpf] initial integration

* [libbpf] link against zlib statically

it somehow helps to get around https://github.com/google/oss-fuzz/issues/6524

* [libbpf] trim headers

* [libbpf] more sanitizers

* [libbpf] show the commit libelf is built from

to make it easier to roll back to the last known working version
should something go wrong

* [libbpf] pin libelf to a particular commit

to avoid running into unpredictable build failures that
can't be controlled by the libbpf project itself. In the future
libelf should probably be built using the latest stable release
at https://sourceware.org/elfutils/ftp/elfutils-latest.tar.bz2

* [libbpf] add more comment

to hoppefully make it easier to make sense of the build script
in the foreseeable future

* [libbpf] add support for "local" mode without docker

to make it easier to build the fuzz target locally:
```
cd projects/libbpf
git clone https://github.com/libbpf/libbpf
./build.sh
unzip -d CORPUS ./out/bpf-object-fuzzer_seed_corpus.zip
./out/bpf-object-fuzzer CORPUS/
```

* [libbpf] more comments

* [libbpf] add the maintainer's email address

* [libbpf] more comments

* [libbpf] install libz explicitly

* [libbpf] build 4 times a day

It should help to prevent OSS-Fuzz from reporting issues that
have already been fixed

projects/libbpf/Dockerfile

@@ -0,0 +1,28 @@
+# Copyright 2021 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN sed -i -e '/^#\s*deb-src.*\smain\s\+restricted/s/^#//' /etc/apt/sources.list && \
+    apt-get update && \
+    # libelf build dependencies \
+    apt-get build-dep -y --no-install-recommends libelf-dev && \
+    apt-get install -y --no-install-recommends pkg-config && \
+    apt-get install -y --no-install-recommends libcurl4-gnutls-dev && \
+    # libbpf build dependencies \
+    apt-get install -y --no-install-recommends libz-dev
+RUN git clone --depth 1 https://github.com/libbpf/libbpf
+WORKDIR libbpf
+COPY build.sh *.c *.o $SRC/

projects/libbpf/bpf-object-fuzzer.c

@@ -0,0 +1,40 @@
+/*
+# Copyright 2021 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+*/
+#include "libbpf.h"
+
+static int libbpf_print_fn(enum libbpf_print_level level, const char *format, va_list args)
+{
+	return 0;
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+	struct bpf_object *obj = NULL;
+	DECLARE_LIBBPF_OPTS(bpf_object_open_opts, opts);
+	int err;
+
+	libbpf_set_print(libbpf_print_fn);
+
+	opts.object_name = "fuzz-object";
+	obj = bpf_object__open_mem(data, size, &opts);
+	err = libbpf_get_error(obj);
+	if (err)
+		return 0;
+
+	bpf_object__close(obj);
+	return 0;
+}

projects/libbpf/build.sh

@@ -0,0 +1,104 @@
+#!/bin/bash -e
+# Copyright 2021 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+# This script is supposed to be compatible with OSS-Fuzz, i.e. it has to use
+# environment variables like $CC, $CFLAGS, $OUT, link the fuzz targets with CXX
+# (even though the project is written in C) and so on:
+# https://google.github.io/oss-fuzz/getting-started/new-project-guide/#buildsh
+
+# It can be used to build and run the fuzz targets using Docker and the images
+# provided by the OSS-Fuzz project: https://google.github.io/oss-fuzz/advanced-topics/reproducing/#building-using-docker
+
+# It can also be used to build and run the fuzz target locally without Docker.
+# After installing clang and the build dependencies of libelf by running something
+# like `dnf build-dep elfutils-devel` on Fedora or `apt-get build-dep libelf-dev`
+# on Debian/Ubuntu, the following commands should be run:
+#
+#  $ git clone https://github.com/google/oss-fuzz
+#  $ cd oss-fuzz/projects/libbpf
+#  $ git clone https://github.com/libbpf/libbpf
+#  $ ./build.sh
+#  $ unzip -d CORPUS ./out/bpf-object-fuzzer_seed_corpus.zip
+#  $ ./out/bpf-object-fuzzer CORPUS
+
+
+set -eux
+
+SANITIZER=${SANITIZER:-address}
+flags="-O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=$SANITIZER -fsanitize=fuzzer-no-link"
+
+# TODO: once https://github.com/libbpf/libbpf/issues/391 is fixed
+# "-fsanitize=alignment -fno-sanitize-recover=alignment" should be added
+# to CFLAGS, CXXFLAGS explicitly (because the alignment check is turned off
+# by default on OSS-Fuzz)
+
+export CC=${CC:-clang}
+export CFLAGS=${CFLAGS:-$flags}
+
+export CXX=${CXX:-clang++}
+export CXXFLAGS=${CXXFLAGS:-$flags}
+
+export SRC=${SRC:-$(realpath -- $(dirname -- "$0"))}
+cd "$SRC/libbpf"
+
+export OUT=${OUT:-"$SRC/out"}
+mkdir -p "$OUT"
+
+export LIB_FUZZING_ENGINE=${LIB_FUZZING_ENGINE:--fsanitize=fuzzer}
+
+# Ideally libbelf should be built using release tarballs available
+# at https://sourceware.org/elfutils/ftp/. Unfortunately the latest
+# release fails to compile with LDFLAGS enabled due to https://bugs.gentoo.org/794601
+# (which was fixed in https://sourceware.org/git/?p=elfutils.git;a=commit;h=c6e1f664254a8a)
+rm -rf elfutils
+git clone git://sourceware.org/git/elfutils.git
+(
+cd elfutils &&
+git checkout a83fe48 &&
+git log --oneline -1 &&
+
+# ASan isn't compatible with -Wl,--no-undefined: https://github.com/google/sanitizers/issues/380
+find -name Makefile.am | xargs sed -i 's/,--no-undefined//' &&
+
+# ASan isn't compatible with -Wl,-z,defs either:
+# https://clang.llvm.org/docs/AddressSanitizer.html#usage
+sed -i 's/^\(ZDEFS_LDFLAGS=\).*/\1/' configure.ac &&
+
+
+autoreconf -i -f &&
+./configure --enable-maintainer-mode --disable-debuginfod CC="$CC" CFLAGS="-Wno-error $CFLAGS" CXX="$CXX" CXXFLAGS="-Wno-error $CXXFLAGS" LDFLAGS="$CFLAGS" &&
+make -C config -j$(nproc) V=1 &&
+make -C lib -j$(nproc) V=1 &&
+make -C libelf -j$(nproc) V=1
+)
+
+make -C src BUILD_STATIC_ONLY=y V=1 clean
+make -C src -j$(nproc) CFLAGS="-I$(pwd)/elfutils/libelf $CFLAGS" BUILD_STATIC_ONLY=y V=1
+
+$CC $CFLAGS -Isrc -Iinclude -Iinclude/uapi -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64  -c "$SRC/bpf-object-fuzzer.c" -o bpf-object-fuzzer.o
+ZLIB_DIR=$(pkg-config --variable=libdir zlib)
+$CXX $CXXFLAGS $LIB_FUZZING_ENGINE bpf-object-fuzzer.o src/libbpf.a "$(pwd)/elfutils/libelf/libelf.a" "$ZLIB_DIR/libz.a" -o "$OUT/bpf-object-fuzzer"
+
+# minimal.bpf.o was borrowed from https://github.com/libbpf/libbpf-bootstrap
+# and was generated with
+#   $ clang -g -O2 -target bpf -D__TARGET_ARCH_x86 -I.output -I../../libbpf/include/uapi \
+#          -I../../vmlinux/ -idirafter /usr/local/include -idirafter /usr/lib64/clang/11.0.0/include \
+#          -idirafter /usr/include -c minimal.bpf.c -o .output/minimal.bpf.o
+#   $ llvm-strip -g .output/minimal.bpf.o
+# In theory it's possible to generate it on the fly so as not to keep it in the repository
+# but clang on OSS-Fuzz doesn't support -target bpf
+zip -j "$OUT/bpf-object-fuzzer_seed_corpus.zip" "$SRC/minimal.bpf.o"

projects/libbpf/project.yaml

@@ -0,0 +1,11 @@
+homepage: "https://github.com/libbpf/libbpf"
+language: c
+primary_contact: "andrii.nakryiko@gmail.com"
+sanitizers:
+  - address
+  - undefined
+  - memory
+auto_ccs:
+  - evverx@gmail.com
+main_repo: "https://github.com/libbpf/libbpf"
+builds_per_day: 4