NACK: [RFC PATCH v1 0/5, linux-azure, 5.4.1089, arm64] eBPF opensnoop does not display PATH

Stefan Bader stefan.bader at canonical.com
Tue Sep 13 07:28:30 UTC 2022 

On 07.09.22 11:33, Francis Laniel wrote:
> Hi.
> 
> 
> First, I hope you are fine and the same for your relatives.
> 
> The actual kernel used on AKS arm64 (i.e. 5.4.1089) suffers from a known problem
> [1].
> As a consequence, opensnoop does not display PATH:
> # Run the following from Canonical:UbuntuServer:18_04-daily-lts-arm64:18.04.202208290
> $ uname -a
> Linux francis-vm-arm64-ubuntu18vm 5.4.0-1089-azure #94~18.04.1-Ubuntu SMP Fri Aug 5 12:36:48 UTC 2022 aarch64 aarch64 aarch64 GNU/Linux
> $ lsb_release -rd
> Description: Ubuntu 18.04.6 LTS
> Release: 18.04
> $ git clone --recurse-submodules https://github.com/iovisor/bcc
> Linux francis-vm-arm64-ubuntu18vm 5.4.0-1089-azure #94~18.04.1-Ubuntu SMP Fri Aug 5 12:36:48 UTC 2022 aarch64 aarch64 aarch64 GNU/Linux
> $ sudo sh -c 'apt update && apt install -qy clang-10 llvm-10 make gcc pkg-config libelf-dev libz-dev'
> ...
> $ cd bcc/libbpf-tools
> $ CLANG=clang-10 LLVM_STRIP=llvm-strip-10 make -j opensnoop
> ...
> BINARY opensnoop
> $ sudo ./opensnoop
> PID COMM FD ERR PATH
> 1672 python3 3 0
> 9746 opensnoop 20 0
> 1672 python3 3 0
> 1672 python3 3 0
> 1672 python3 -1 2
> 1672 python3 3 0
> 1 systemd 18 0
> 1672 python3 6 0
> 1672 python3 3 0
> 1672 python3 3 0
> 1672 python3 3 0
> 1672 python3 3 0
> 1672 python3 3 0
> ^C
> As you can see, nothing is printed for the PATH while normal behavior prints the
> path of the opened file:
> $ uname -a
> Linux pwmachine 5.15.0-46-generic #49~20.04.1-Ubuntu SMP Thu Aug 4 19:15:44 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
> $ sudo ./opensnoop
> PID COMM FD ERR PATH
> 2704 systemd 23 0 virtual
> 2704 systemd 22 0 misc
> 2704 systemd 23 0 fuse
> 2704 systemd 22 0 /sys/devices/virtual/misc/fuse/uevent
> 2704 systemd 22 0 /run/udev/data/c10:229
> 2704 systemd 22 0 /proc/2704/status
> 2704 systemd 22 0 /proc/2704/status
> 2704 systemd 22 0 /proc/2704/status
> ^C
> 
> This bug was fixed in upstream patch [2]
> Sadly, this patch was not back ported, so it is not present in stable kernels.
> 
> I backported the patches myself and was able to build the kernel package with
> the following command:
> $ sudo LANG=C $(dpkg-architecture -aarm64) CROSS_COMPILE=aarch64-linux-gnu- fakeroot debian/rules binary skipdbg=false
> Sadly, I was not able to successfully boot it on Azure, either by installing the
> package or using kexec.
> I suspect this is because my image was not signed.
> 
> Daniel Borkmann (4):
>    uaccess: Add strict non-pagefault kernel-space read function
>    bpf, samples: Use bpf_probe_read_user where appropriate
>    bpf, testing: Convert prog tests to probe_read_{user, kernel}{, _str}
>      helper
>    bpf, testing: Add selftest to read/write sockaddr from user space
> 
> Francis Laniel (1):
>    bpf: Add probe_read_{user, kernel} and probe_read_{user, kernel}_str
>      helpers
> 
>   arch/x86/mm/Makefile                          |   2 +-
>   arch/x86/mm/maccess.c                         |  43 +++++
>   include/linux/uaccess.h                       |   4 +
>   include/uapi/linux/bpf.h                      | 129 ++++++++-----
>   kernel/trace/bpf_trace.c                      | 181 +++++++++++++-----
>   mm/maccess.c                                  |  25 ++-
>   samples/bpf/map_perf_test_kern.c              |   4 +-
>   samples/bpf/test_map_in_map_kern.c            |   4 +-
>   samples/bpf/test_probe_write_user_kern.c      |   2 +-
>   tools/include/uapi/linux/bpf.h                | 128 ++++++++-----
>   .../selftests/bpf/prog_tests/probe_user.c     |  78 ++++++++
>   tools/testing/selftests/bpf/progs/pyperf.h    |  67 ++++---
>   .../testing/selftests/bpf/progs/strobemeta.h  |  36 ++--
>   .../selftests/bpf/progs/test_probe_user.c     |  26 +++
>   .../selftests/bpf/progs/test_tcp_estats.c     |   2 +-
>   15 files changed, 542 insertions(+), 189 deletions(-)
>   create mode 100644 arch/x86/mm/maccess.c
>   create mode 100644 tools/testing/selftests/bpf/prog_tests/probe_user.c
>   create mode 100644 tools/testing/selftests/bpf/progs/test_probe_user.c
> 
> 
> Best regards and thank you in advance.
> ---
> [1] https://github.com/iovisor/bcc/issues/2253
> [2] https://github.com/torvalds/linux/commit/6ae08ae3dea2cfa03dd3665a3c8475c2d429ef47
> --
> 2.25.1
> 
> 
Apparently this got submitted a second time and then with all 5 patches.

-Stefan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20220913/902d0f42/attachment-0001.sig>

More information about the kernel-team mailing list