Ubuntu
linux-azure package

Azure: Focal 5.4 kernel eBPF opensnoop does not display PATH

Bug #1990009 reported by Tim Gardner
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux-azure (Ubuntu)
Fix Released
Undecided
Unassigned
Focal
Fix Released
Medium
Tim Gardner

Bug Description

SRU Justification

[Impact]

The actual kernel used on AKS arm64 (i.e. 5.4.1089) suffers from a known problem
[1].
As a consequence, opensnoop does not display PATH:
# Run the following from Canonical:UbuntuServer:18_04-daily-lts-arm64:18.04.202208290
$ uname -a
Linux francis-vm-arm64-ubuntu18vm 5.4.0-1089-azure #94~18.04.1-Ubuntu SMP Fri Aug 5 12:36:48 UTC 2022 aarch64 aarch64 aarch64 GNU/Linux
$ lsb_release -rd
Description: Ubuntu 18.04.6 LTS
Release: 18.04
$ git clone --recurse-submodules https://github.com/iovisor/bcc
Linux francis-vm-arm64-ubuntu18vm 5.4.0-1089-azure #94~18.04.1-Ubuntu SMP Fri Aug 5 12:36:48 UTC 2022 aarch64 aarch64 aarch64 GNU/Linux
$ sudo sh -c 'apt update && apt install -qy clang-10 llvm-10 make gcc pkg-config libelf-dev libz-dev'
...
$ cd bcc/libbpf-tools
$ CLANG=clang-10 LLVM_STRIP=llvm-strip-10 make -j opensnoop
...
BINARY opensnoop
$ sudo ./opensnoop
PID COMM FD ERR PATH
1672 python3 3 0
9746 opensnoop 20 0
1672 python3 3 0
1672 python3 3 0
1672 python3 -1 2
1672 python3 3 0
1 systemd 18 0
1672 python3 6 0
1672 python3 3 0
1672 python3 3 0
1672 python3 3 0
1672 python3 3 0
1672 python3 3 0
^C
As you can see, nothing is printed for the PATH while normal behavior prints the
path of the opened file:
$ uname -a
Linux pwmachine 5.15.0-46-generic #49~20.04.1-Ubuntu SMP Thu Aug 4 19:15:44 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
$ sudo ./opensnoop
PID COMM FD ERR PATH
2704 systemd 23 0 virtual
2704 systemd 22 0 misc
2704 systemd 23 0 fuse
2704 systemd 22 0 /sys/devices/virtual/misc/fuse/uevent
2704 systemd 22 0 /run/udev/data/c10:229
2704 systemd 22 0 /proc/2704/status
2704 systemd 22 0 /proc/2704/status
2704 systemd 22 0 /proc/2704/status
^C

This bug was fixed in upstream patch [2]
Sadly, this patch was not back ported, so it is not present in stable kernels.

[Test plan]

Follow the above instructions

[Where things could go wrong]

Unknown

[Other Info]

Original RFC at https://lists.ubuntu.com/archives/kernel-team/2022-September/133038.html

See original description
Tim Gardner (timg-tpi)
Changed in linux-azure (Ubuntu):
status: New → Fix Released
Changed in linux-azure (Ubuntu Focal):
assignee: nobody → Tim Gardner (timg-tpi)
importance: Undecided → Medium
status: New → In Progress
Revision history for this message
Tim Gardner (timg-tpi) wrote :

Git repository at 'git://git.launchpad.net/~timg-tpi/ubuntu/+source/linux/+git/focal focal-azure-opensnoop'. The kernel built using these sources worked correctly.

description: updated
Tim Gardner (timg-tpi)
Changed in linux-azure (Ubuntu Focal):
status: In Progress → Fix Committed
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-azure/5.4.0-1092.97 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-azure - 5.4.0-1094.100

---------------
linux-azure (5.4.0-1094.100) focal; urgency=medium

  [ Ubuntu: 5.4.0-131.147 ]

  * CVE-2022-2602
    - SAUCE: io_uring/af_unix: defer registered files gc to io_uring release
    - SAUCE: io_uring/af_unix: fix memleak during unix GC
  * CVE-2022-41674
    - SAUCE: wifi: cfg80211: fix u8 overflow in
      cfg80211_update_notlisted_nontrans()
    - SAUCE: wifi: cfg80211/mac80211: reject bad MBSSID elements
    - SAUCE: wifi: cfg80211: ensure length byte is present before access
    - SAUCE: wifi: mac80211_hwsim: avoid mac80211 warning on bad rate
    - SAUCE: wifi: cfg80211: update hidden BSSes to avoid WARN_ON
  * CVE-2022-42721
    - SAUCE: wifi: cfg80211: avoid nontransmitted BSS list corruption
  * CVE-2022-42720
    - SAUCE: wifi: cfg80211: fix BSS refcounting bugs

 -- Thadeu Lima de Souza Cascardo <email address hidden> Sun, 16 Oct 2022 23:55:23 -0300

Changed in linux-azure (Ubuntu Focal):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.