Drop btfhub support

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>

Author: saschagrunert

Makefile

@@ -373,10 +373,6 @@ $(BUILD_DIR)/enricher.bpf.o: $(BUILD_DIR) ## Build the BPF module
 update-vmlinux: ## Generate the vmlinux.h required for building the BPF modules.
 	./hack/update-vmlinux
 
-.PHONY: update-btf
-update-btf: $(BUILD_DIR) ## Build and update all generated BTF code for supported kernels
-	$(GO) run ./internal/pkg/daemon/bpfrecorder/generate
-
 .PHONY: update-bpf
 update-bpf: clean \
     internal/pkg/daemon/bpfrecorder/bpf/recorder.bpf.o.amd64 \
@@ -486,10 +482,6 @@ verify-mocks: update-mocks ## Verify the content of the generated mocks
 verify-bpf: update-bpf ## Verify the generated bpf code
 	hack/tree-status
 
-.PHONY: verify-btf
-verify-btf: update-btf ## Verify the generated btf code
-	git diff
-
 .PHONY: verify-format
 verify-format: ## Verify the code format
 	clang-format -i $(shell find . -type f -name '*.c' -or -name '*.proto' | grep -v ./vendor)

bpf-support.md

@@ -183,12 +183,6 @@ dependencies:
     - path: hack/pull-security-profiles-operator-verify
       match: CLANG_VERSION
 
-  - name: btfhub
-    version: 12d2b6bb4664b6b1d15076f8090dcb0e55696d34
-    refPaths:
-    - path: hack/update-btf
-      match: BTFHUB_COMMIT
-
   - name: flatcar
     version: 3510.2.3
     refPaths:

dependencies.yaml

@@ -653,11 +653,10 @@ to record the syscalls or SELinux events.
 
 The operator also supports an [eBPF](https://ebpf.io) based recorder. This
 recorder only supports seccomp and apparmor profiles for now. Recording via ebpf works for
-kernels which expose the `/sys/kernel/btf/vmlinux` file per default as well as a
-[custom list of selected Linux kernels](bpf-support.md). In addition, this
-feature requires new library versions and thus might not be enabled. You
-can find out if your SPO build has the eBPF feature disabled by looking at
-the build tags:
+kernels which expose the `/sys/kernel/btf/vmlinux` file per default. In
+addition, this feature requires new library versions and thus might not be
+enabled. You can find out if your SPO build has the eBPF feature disabled by
+looking at the build tags:
 
 ```
 > kubectl logs --selector name=security-profiles-operator | grep buildTags

hack/update-btf

@@ -37,7 +37,6 @@ import (
 	"time"
 
 	bpf "github.com/aquasecurity/libbpfgo"
-	"github.com/blang/semver/v4"
 	"github.com/go-logr/logr"
 	"github.com/jellydator/ttlcache/v3"
 	"google.golang.org/grpc"
@@ -49,7 +48,6 @@ import (
 	apimetrics "sigs.k8s.io/security-profiles-operator/api/grpc/metrics"
 	"sigs.k8s.io/security-profiles-operator/internal/pkg/bimap"
 	"sigs.k8s.io/security-profiles-operator/internal/pkg/config"
-	"sigs.k8s.io/security-profiles-operator/internal/pkg/daemon/bpfrecorder/types"
 	"sigs.k8s.io/security-profiles-operator/internal/pkg/util"
 )
 
@@ -481,8 +479,7 @@ func (b *BpfRecorder) Load() (err error) {
 
 	b.logger.Info("Loading bpf module...")
 
-	b.btfPath, err = b.findBtfPath()
-	if err != nil {
+	if err := b.findBtfPath(); err != nil {
 		return fmt.Errorf("find btf: %w", err)
 	}
 
@@ -678,100 +675,17 @@ func (b *BpfRecorder) StopRecording() error {
 	return nil
 }
 
-func (b *BpfRecorder) findBtfPath() (string, error) {
+func (b *BpfRecorder) findBtfPath() error {
+	const btf = "/sys/kernel/btf/vmlinux"
+
 	// Use the system btf if possible
-	if _, err := b.Stat("/sys/kernel/btf/vmlinux"); err == nil {
+	if _, err := b.Stat(btf); err == nil {
 		b.logger.Info("Using system btf file")
 
-		return "", nil
-	}
-
-	b.logger.Info("Trying to find matching in-memory btf")
-
-	btf := types.Btf{}
-	if err := b.Unmarshal([]byte(btfJSON), &btf); err != nil {
-		return "", fmt.Errorf("unmarshal btf JSON: %w", err)
-	}
-
-	res, err := b.ReadOSRelease()
-	if err != nil {
-		return "", fmt.Errorf("read os-release file: %w", err)
-	}
-
-	osID := types.Os(res["ID"])
-	btfOs, ok := btf[osID]
-
-	if !ok {
-		b.logger.Info(fmt.Sprintf("OS not found in btf map: %s", osID))
-
-		return "", nil
-	}
-
-	b.logger.Info(fmt.Sprintf("OS found in btf map: %s", osID))
-
-	osVersion := types.OsVersion(res["VERSION_ID"])
-	btfOsVersion, ok := btfOs[osVersion]
-
-	if !ok {
-		b.logger.Info(fmt.Sprintf("OS version not found in btf map: %s", osVersion))
-
-		return "", nil
-	}
-
-	b.logger.Info(fmt.Sprintf("OS version found in btf map: %s", osVersion))
-
-	arch, version, err := b.Uname()
-	if err != nil {
-		b.logger.Error(err, "failed to get kernel version, continuing without BTF...")
-
-		return "", nil
-	}
-
-	btfArch, ok := btfOsVersion[arch]
-	if !ok {
-		b.logger.Info(fmt.Sprintf("Architecture not found in btf map: %s", arch))
-
-		return "", nil
-	}
-
-	b.logger.Info(fmt.Sprintf("Architecture found in btf map: %s", arch))
-
-	const (
-		lowestMajor = 5
-		lowestMinor = 8
-	)
-
-	if version.LT(semver.Version{Major: lowestMajor, Minor: lowestMinor}) {
-		return "", fmt.Errorf("unsupported kernel version %s: at least Linux 5.8 is required", version)
-	}
-
-	kernel := types.Kernel(version.String())
-	btfBytes, ok := btfArch[kernel]
-
-	if !ok {
-		b.logger.Info(fmt.Sprintf("Kernel not found in btf map: %s", kernel))
-
-		return "", nil
-	}
-
-	b.logger.Info(fmt.Sprintf("Kernel found in btf map: %s", kernel))
-
-	file, err := b.TempFile(
-		"",
-		fmt.Sprintf("spo-btf-%s-%s-%s-%s", osID, osVersion, arch, kernel),
-	)
-	if err != nil {
-		return "", fmt.Errorf("create temp file: %w", err)
-	}
-	defer file.Close()
-
-	if _, err := b.Write(file, btfBytes); err != nil {
-		return "", fmt.Errorf("write BTF: %w", err)
+		return nil
 	}
 
-	b.logger.Info("Wrote BTF to file: " + file.Name())
-
-	return file.Name(), nil
+	return fmt.Errorf("we dropped support for in-memory btf, please use a kernel which supports %s", btf)
 }
 
 func (b *BpfRecorder) processEvents(events chan []byte) {