Ubuntu
linux-azure package

[5.4.1089, arm64] eBPF opensnoop does not display PATH

Bug #1988592 reported by Francis Laniel
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux-azure (Ubuntu)
New
Undecided
Unassigned

Bug Description

Hi.

FIrst, I hope you are fine and the same for your relatives.

The actual kernel used on AKS arm64 (i.e. 5.4.1089) suffers from this problem:
https://github.com/iovisor/bcc/issues/2253
As a consequence, opensnoop does not display PATH:
# Run the following from Canonical:UbuntuServer:18_04-daily-lts-arm64:18.04.202208290
$ uname -a
Linux francis-vm-arm64-ubuntu18vm 5.4.0-1089-azure #94~18.04.1-Ubuntu SMP Fri Aug 5 12:36:48 UTC 2022 aarch64 aarch64 aarch64 GNU/Linux
$ lsb_release -rd
Description: Ubuntu 18.04.6 LTS
Release: 18.04
$ git clone --recurse-submodules https://github.com/iovisor/bcc
Linux francis-vm-arm64-ubuntu18vm 5.4.0-1089-azure #94~18.04.1-Ubuntu SMP Fri Aug 5 12:36:48 UTC 2022 aarch64 aarch64 aarch64 GNU/Linux
$ sudo sh -c 'apt update && apt install -qy clang-10 llvm-10 make gcc pkg-config libelf-dev libz-dev'
...
$ cd bcc/libbpf-tools
$ CLANG=clang-10 LLVM_STRIP=llvm-strip-10 make -j opensnoop
...
BINARY opensnoop
$ sudo ./opensnoop
PID COMM FD ERR PATH
1672 python3 3 0
9746 opensnoop 20 0
1672 python3 3 0
1672 python3 3 0
1672 python3 -1 2
1672 python3 3 0
1 systemd 18 0
1672 python3 6 0
1672 python3 3 0
1672 python3 3 0
1672 python3 3 0
1672 python3 3 0
1672 python3 3 0
^C
As you can see, nothing is printed for the PATH while normal behavior prints the path of the opened file:
$ uname -a
Linux pwmachine 5.15.0-46-generic #49~20.04.1-Ubuntu SMP Thu Aug 4 19:15:44 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
$ sudo ./opensnoop
PID COMM FD ERR PATH
2704 systemd 23 0 virtual
2704 systemd 22 0 misc
2704 systemd 23 0 fuse
2704 systemd 22 0 /sys/devices/virtual/misc/fuse/uevent
2704 systemd 22 0 /run/udev/data/c10:229
2704 systemd 22 0 /proc/2704/status
2704 systemd 22 0 /proc/2704/status
2704 systemd 22 0 /proc/2704/status
^C

This bug was fixed in upstream patch:
https://github.com/torvalds/linux/commit/6ae08ae3dea2cfa03dd3665a3c8475c2d429ef47
Sadly, this patch was not back ported, so it is not present in stable kernels.

I backported the patches myself (see attachment) and was able to build the kernel package with the following command:
sudo LANG=C $(dpkg-architecture -aarm64) CROSS_COMPILE=aarch64-linux-gnu- fakeroot debian/rules binary skipdbg=false
Sadly, I was not able to successfully boot it on Azure, either by installing the package or using kexec.
I suspect this is because my image is not signed.

Best regards and thank you in advance.

See original description
Tags: patch
Revision history for this message
Francis Laniel (flaniel) wrote :
description: updated
Ubuntu Foundations Team Bug Bot (crichton)
tags: added: patch
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.