bpflint

Linting functionality for BPF C kernel programs. The Linux kernel's BPF sub-system is continuously being improved and certain patterns recommended in the past may no longer be state-of-the-art today. Similarly, some "foot guns" exist that by definition may not be obvious to new comers.

bpflint contains a linter for BPF C kernel programs that accepts such a .bpf.c file as input and scans it for such known issues, pointing them out and providing recommendations on how to fix them.

Provided is a Rust library, a command line interface, a Web UI, as well as a GitHub Action for linting of BPF C programs.

📚 Frequently Asked Questions (FAQ)

❓ Q: Why are there so few lints?

A: This repository provides basic infrastructure components to build on, but we hope for contributions from the community for best practices and how to formalize them.

❓ Q: I am interested in helping out. How can I get started?

A: We have a list of issues with ideas for contributions, which mark a good starting point. For documentation on lints specifically and how to add a new one, please check out the lints/ sub-directory. All other questions are probably best asked in one of the existing issues (or a new one).

❓ Q: I have a repository with BPF code, can I lint contributions easily?

A: If you are using GitHub Actions as the continuous integration solution of choice, you can add a separate job using the lint-bpf Action. For other CI systems some manual plumbing will be necessary. We provide statically linked bpflinter CLI binaries that can be downloaded from each cli-vX.Y.Z release and used directly on any Linux. E.g., https://github.com/d-e-s-o/bpflint/releases/download/cli-v0.1.2/bpflinter-x86_64-unknown-linux-musl

❓ Q: I got a false-positive, what can I do?