Azure: Focal 5.4 kernel eBPF opensnoop does not display PATH
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux-azure (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Medium
|
Tim Gardner |
Bug Description
SRU Justification
[Impact]
The actual kernel used on AKS arm64 (i.e. 5.4.1089) suffers from a known problem
[1].
As a consequence, opensnoop does not display PATH:
# Run the following from Canonical:
$ uname -a
Linux francis-
$ lsb_release -rd
Description: Ubuntu 18.04.6 LTS
Release: 18.04
$ git clone --recurse-
Linux francis-
$ sudo sh -c 'apt update && apt install -qy clang-10 llvm-10 make gcc pkg-config libelf-dev libz-dev'
...
$ cd bcc/libbpf-tools
$ CLANG=clang-10 LLVM_STRIP=
...
BINARY opensnoop
$ sudo ./opensnoop
PID COMM FD ERR PATH
1672 python3 3 0
9746 opensnoop 20 0
1672 python3 3 0
1672 python3 3 0
1672 python3 -1 2
1672 python3 3 0
1 systemd 18 0
1672 python3 6 0
1672 python3 3 0
1672 python3 3 0
1672 python3 3 0
1672 python3 3 0
1672 python3 3 0
^C
As you can see, nothing is printed for the PATH while normal behavior prints the
path of the opened file:
$ uname -a
Linux pwmachine 5.15.0-46-generic #49~20.04.1-Ubuntu SMP Thu Aug 4 19:15:44 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
$ sudo ./opensnoop
PID COMM FD ERR PATH
2704 systemd 23 0 virtual
2704 systemd 22 0 misc
2704 systemd 23 0 fuse
2704 systemd 22 0 /sys/devices/
2704 systemd 22 0 /run/udev/
2704 systemd 22 0 /proc/2704/status
2704 systemd 22 0 /proc/2704/status
2704 systemd 22 0 /proc/2704/status
^C
This bug was fixed in upstream patch [2]
Sadly, this patch was not back ported, so it is not present in stable kernels.
[Test plan]
Follow the above instructions
[Where things could go wrong]
Unknown
[Other Info]
Original RFC at https:/
CVE References
Changed in linux-azure (Ubuntu): | |
status: | New → Fix Released |
Changed in linux-azure (Ubuntu Focal): | |
assignee: | nobody → Tim Gardner (timg-tpi) |
importance: | Undecided → Medium |
status: | New → In Progress |
Changed in linux-azure (Ubuntu Focal): | |
status: | In Progress → Fix Committed |
Git repository at 'git:// git.launchpad. net/~timg- tpi/ubuntu/ +source/ linux/+ git/focal focal-azure- opensnoop' . The kernel built using these sources worked correctly.