Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Kernel version detection does not work with vDSO disabled #1408

Open
Vyom-Yadav opened this issue Mar 30, 2024 · 6 comments
Open

Kernel version detection does not work with vDSO disabled #1408

Vyom-Yadav opened this issue Mar 30, 2024 · 6 comments
Labels
bug Something isn't working help wanted Extra attention is needed

Comments

@Vyom-Yadav
Copy link

Vyom-Yadav commented Mar 30, 2024
edited by lmb

Describe the bug

Automatic detection of Kernel Version is not supported without vDSO.

How to reproduce

  • Disable vDSO on a machine.
  • Reboot the machine.
root@docker-vdso-test:~/ebpf-main# go test -v ./internal -run TestCurrentKernelVersion
=== RUN   TestCurrentKernelVersion
    version_test.go:53: finding vDSO memory address: no vdso address found in auxv
--- FAIL: TestCurrentKernelVersion (0.00s)
FAIL
FAIL	github.com/cilium/ebpf/internal	0.004s
FAIL

Version information

main
@Vyom-Yadav Vyom-Yadav added the bug Something isn't working label Mar 30, 2024
@Vyom-Yadav Vyom-Yadav mentioned this issue Mar 30, 2024
Closed
@Vyom-Yadav
Copy link
Author

For why support without vDSO is required, see: #1399

@lmb
Copy link
Collaborator

lmb commented Apr 2, 2024

Can you explain how you disable vDSO please?

@Vyom-Yadav
Copy link
Author

Vyom-Yadav commented Apr 2, 2024 via email

@lmb
Copy link
Collaborator

lmb commented Apr 2, 2024

There are three different ways of "disabling" vDSO in that post. One of them strips the auxv, which is what we use. I need to know which one you're using / expect to work.

@Vyom-Yadav
Copy link
Author

Vyom-Yadav commented Apr 2, 2024 via email

@lmb
Copy link
Collaborator

lmb commented Apr 2, 2024

Seems like vdso=0 causes the kernel to omit AT_SYSINFO_EHDR on am64. On arm64 the header is emitted unconditionally (maybe because arm64 doesn't allow turning of the vdso?)

My conclusion is that turning off the vdso is still kind of esoteric, and not something I want to spend a lot of effort supporting. I definitely don't want to bring back uname parsing. It also seems like it's possible to intercept gettimeofday using ltrace, so there is at least one possible work around.

If you really want this to work with vDSO off I can only offer you a partial work around. You can adjust

ebpf/prog.go

Line 253 in a330a78

if spec.Type == Kprobe && (kv == 0 || kv == internal.MagicKernelVersion) {
to only call internal.KernelVersion on old kernels (< 5.0) by writing a feature test (see haveProgRun in prog.go for inspiration) which checks whether the kernel requires KernelVersion to be present for Kprobes.

@lmb lmb added the help wanted Extra attention is needed label Apr 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lmb @Vyom-Yadav