-
Notifications
You must be signed in to change notification settings - Fork 298
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
aya: Fix program loading on kernels with a patch > 255 #791
Conversation
✅ Deploy Preview for aya-rs-docs ready!Built without sensitive environment variables
To edit notification comments on pull requests, go to your Netlify site configuration. |
Thanks! Could you also paste the verifier error? @marysaka has been using kernels with patch > 255 so I'm wondering how we missed this failure and where it shows up |
I'm pretty sure I tested kernel with patch > 255 apart from Debian ones as I was testing all kernel of every major distro around (cc @Arignir could you confirm that?) |
Could you have been using kernels that are above 5.0? Starting on 5.0 the checks for The verifier doesn't have any output on the error, it just returns an |
I added clamping logic in 6e570f0 -- maybe that was overly specific to 4.19.x and can be relaxed rather than adding disjoint logic? |
The commit you linked first appeared in 5.x kernels - how does libbpf deal with this case on that aws 4.14 kernel? |
I saw that clamping code but I wasn't sure if that was meant for checking the kernel version in major/minor/patch form or if it was meant specifically to clamp the code during prog load. For this PR I specifically only want to target the kern code during prog load.
The helper in libbpf clamp the patch to 256 regardless of the major/minor version: |
Even that macro appeared fairly late torvalds/linux@9ae2c26 |
It looks like libbpf when doing prog load relies on the kernel provided |
My thoughts so far: I like the idea of clamping only when generating the kernel code, instead of always clamping in KernelVersion::current() - API wise a caller might want to get the actual patch level for other puposes not necessarily for generating a kernel code. Once we split code generation, we can clamp regardless of 4.x 5.x X.x? |
Does this mean you'd like me to move the pre-existing clamping code into the crate public method I created? |
Yes, I don't think clamping slightly differently in two difference places is a good idea |
c01bc92
to
ead9987
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice archaeology digging up all the commits.
ead9987
to
0819562
Compare
0819562
to
63fba8e
Compare
The integration tests are failing on something unrelated, the image that it is trying to use is no longer available in the Debian ftp. I am not really sure what image would be more stable so you all don't have to keep fixing it every few weeks though |
I'm pretty confused about that - I took a look earlier and the most recent 6.4.0-x image is
I don't understand why it would have been reverted back to August 16. |
63fba8e
to
53cc4c4
Compare
7217132
to
53cc4c4
Compare
53cc4c4
to
0a6a267
Compare
This fixes an issue that made aya not able to load eBPF programs on kernels with a patch number greater than 255.
I noticed this when trying to load some eBPF programs on an AWS instance running a
4.14.304-226.531.amzn2.x86_64
kernel. The kernel code that it tried to load was for a 4.15 kernel instead which caused a verifier error.I considered doing this directly in the
KernelVersion::current
function but per the comments in: torvalds/linux@9b82f13 it looks like the clamp should only be applied for the context of creating theLINUX_VERSION_CODE
so I limited the fix to only the calculating of the code for bpf prog loading.