aya: Fix program loading on kernels with a patch > 255 #791
Conversation
✅ Deploy Preview for aya-rs-docs ready!Built without sensitive environment variables
To edit notification comments on pull requests, go to your Netlify site configuration. |
|
Thanks! Could you also paste the verifier error? @marysaka has been using kernels with patch > 255 so I'm wondering how we missed this failure and where it shows up |
|
I'm pretty sure I tested kernel with patch > 255 apart from Debian ones as I was testing all kernel of every major distro around (cc @Arignir could you confirm that?) |
|
Could you have been using kernels that are above 5.0? Starting on 5.0 the checks for The verifier doesn't have any output on the error, it just returns an |
|
I added clamping logic in 6e570f0 -- maybe that was overly specific to 4.19.x and can be relaxed rather than adding disjoint logic? |
|
The commit you linked first appeared in 5.x kernels - how does libbpf deal with this case on that aws 4.14 kernel? |
I saw that clamping code but I wasn't sure if that was meant for checking the kernel version in major/minor/patch form or if it was meant specifically to clamp the code during prog load. For this PR I specifically only want to target the kern code during prog load.
The helper in libbpf clamp the patch to 256 regardless of the major/minor version: |
|
Even that macro appeared fairly late torvalds/linux@9ae2c26 |
|
It looks like libbpf when doing prog load relies on the kernel provided |
|
My thoughts so far: I like the idea of clamping only when generating the kernel code, instead of always clamping in KernelVersion::current() - API wise a caller might want to get the actual patch level for other puposes not necessarily for generating a kernel code. Once we split code generation, we can clamp regardless of 4.x 5.x X.x? |
|
Does this mean you'd like me to move the pre-existing clamping code into the crate public method I created? |
Yes, I don't think clamping slightly differently in two difference places is a good idea |
nrxus
force-pushed
the
fix-kernel-code-on-submode-gt-255
branch
from
c01bc92
to
ead9987
Compare
nrxus
force-pushed
the
fix-kernel-code-on-submode-gt-255
branch
from
ead9987
to
0819562
Compare
nrxus
force-pushed
the
fix-kernel-code-on-submode-gt-255
branch
from
0819562
to
63fba8e
Compare
|
The integration tests are failing on something unrelated, the image that it is trying to use is no longer available in the Debian ftp. I am not really sure what image would be more stable so you all don't have to keep fixing it every few weeks though |
|
I'm pretty confused about that - I took a look earlier and the most recent 6.4.0-x image is I don't understand why it would have been reverted back to August 16. |
tamird
force-pushed
the
fix-kernel-code-on-submode-gt-255
branch
from
63fba8e
to
53cc4c4
Compare
nrxus
force-pushed
the
fix-kernel-code-on-submode-gt-255
branch
from
7217132
to
53cc4c4
Compare
tamird
force-pushed
the
fix-kernel-code-on-submode-gt-255
branch
from
53cc4c4
to
0a6a267
Compare
This fixes an issue that made aya not able to load eBPF programs on kernels with a patch number greater than 255.
I noticed this when trying to load some eBPF programs on an AWS instance running a
4.14.304-226.531.amzn2.x86_64kernel. The kernel code that it tried to load was for a 4.15 kernel instead which caused a verifier error.I considered doing this directly in the
KernelVersion::currentfunction but per the comments in: torvalds/linux@9b82f13 it looks like the clamp should only be applied for the context of creating theLINUX_VERSION_CODEso I limited the fix to only the calculating of the code for bpf prog loading.