Ubuntu
linux package

generate and ship vmlinux.h to allow packages to build BPF CO-RE

Bug #2050083 reported by Luca Boccassi
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
Undecided
Kleber Sacilotto de Souza
Noble
Fix Released
Low
Mehmet Basaran

Bug Description

A vmlinux.h header generated from a kernel build with bpftool is needed to build and ship BPF CO-RE programs. We are looking to ship these in the next version of systemd.
vmlinux.h being generated depends on the kernel version, architecture and kconfig. There are some vague promises of backward compatibility, but it is hard to gauge.

We definitely do not want this file to be generated from the kernel running the build machine when building a package though, as very often these are very old and stable kernels building packages for the bleeding edge.

In Fedora and now Debian we generate vmlinux.h at kernel package build time, and ship it with the other kernel headers (_not_ UAPI, the internal headers): https://salsa.debian.org/kernel-team/linux/-/commit/ac6f7eda4c3e8b0d0db20ad4bb8236371cf8d38e

Please consider doing the same in Ubuntu's linux-headers.

Brett Grandbois (brettgrand)
Changed in linux (Ubuntu):
assignee: nobody → Kleber Sacilotto de Souza (kleber-souza)
Revision history for this message
Luca Boccassi (bluca) wrote :

We have now moved it in Debian:

https://salsa.debian.org/kernel-team/linux/-/commit/f52d006f3915ac4358dc8c98aa417477ebee026e

New binary package 'linux-bpf-dev' that installs /usr/include/${DEB_HOST_MULTIARCH}/linux/bpf/vmlinux.h - it would be great to have the same setup in Ubuntu so that we don't have to ifdef in debian/rules. It would greatly simplify things. Thanks!

Revision history for this message
Luca Boccassi (bluca) wrote :

I have sent a patch to kernel-team adding this new package, tested a local build on oracular amd64 and it seems to work:

https://lists.ubuntu.com/archives/kernel-team/2024-July/152477.html

Revision history for this message
Timo Aaltonen (tjaalton) wrote :

this would require enabling CONFIG_DEBUG_INFO_BTF for armhf too, but it's broken there so building
linux-bpf-dev should be configurable

Changed in linux (Ubuntu):
status: New → Incomplete
Revision history for this message
Luca Boccassi (bluca) wrote :

I have sent a follow-up here: https://lists.ubuntu.com/archives/kernel-team/2024-August/153006.html

The equivalent debian package ships an empty stub header rather than disabling the package completely, as it's easier to handle for everyone, and can be changed once BTF for armhf starts working: https://salsa.debian.org/kernel-team/linux/-/commit/ac6f7eda4c3e8b0d0db20ad4bb8236371cf8d38e
I have used the same approach here for consistency

Changed in linux (Ubuntu):
status: Incomplete → In Progress
Revision history for this message
Luca Boccassi (bluca) wrote :

New version as requested on the ML at: https://lists.ubuntu.com/archives/kernel-team/2024-August/153061.html

Timo Aaltonen (tjaalton)
Changed in linux (Ubuntu):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (11.5 KiB)

This bug was fixed in the package linux - 6.11.0-7.7

---------------
linux (6.11.0-7.7) oracular; urgency=medium

  * oracular/linux: 6.11.0-7.7 -proposed tracker (LP: #2079949)

  * update apparmor and LSM stacking patch set (LP: #2028253)
    - SAUCE: apparmor4.0.0 [1/99]: LSM: Infrastructure management of the sock
      security
    - SAUCE: apparmor4.0.0 [2/99]: LSM: Add the lsmblob data structure.
    - SAUCE: apparmor4.0.0 [3/99]: LSM: Use lsmblob in security_audit_rule_match
    - SAUCE: apparmor4.0.0 [4/99]: LSM: Call only one hook for audit rules
    - SAUCE: apparmor4.0.0 [5/99]: LSM: Add lsmblob_to_secctx hook
    - SAUCE: apparmor4.0.0 [6/99]: Audit: maintain an lsmblob in audit_context
    - SAUCE: apparmor4.0.0 [7/99]: LSM: Use lsmblob in security_ipc_getsecid
    - SAUCE: apparmor4.0.0 [8/99]: Audit: Update shutdown LSM data
    - SAUCE: apparmor4.0.0 [9/99]: LSM: Use lsmblob in security_current_getsecid
    - SAUCE: apparmor4.0.0 [10/99]: LSM: Use lsmblob in security_inode_getsecid
    - SAUCE: apparmor4.0.0 [11/99]: Audit: use an lsmblob in audit_names
    - SAUCE: apparmor4.0.0 [12/99]: LSM: Create new security_cred_getlsmblob LSM
      hook
    - SAUCE: apparmor4.0.0 [13/99]: Audit: Change context data from secid to
      lsmblob
    - SAUCE: apparmor4.0.0 [14/99]: Netlabel: Use lsmblob for audit data
    - SAUCE: apparmor4.0.0 [15/99]: LSM: Ensure the correct LSM context releaser
    - SAUCE: apparmor4.0.0 [16/99]: LSM: Use lsmcontext in
      security_secid_to_secctx
    - SAUCE: apparmor4.0.0 [17/99]: LSM: Use lsmcontext in
      security_lsmblob_to_secctx
    - SAUCE: apparmor4.0.0 [18/99]: LSM: Use lsmcontext in
      security_inode_getsecctx
    - SAUCE: apparmor4.0.0 [19/99]: LSM: lsmcontext in
      security_dentry_init_security
    - SAUCE: apparmor4.0.0 [20/99]: LSM: security_lsmblob_to_secctx module
      selection
    - SAUCE: apparmor4.0.0 [21/99]: Audit: Create audit_stamp structure
    - SAUCE: apparmor4.0.0 [22/99]: Audit: Allow multiple records in an
      audit_buffer
    - SAUCE: apparmor4.0.0 [23/99]: Audit: Add record for multiple task security
      contexts
    - SAUCE: apparmor4.0.0 [24/99]: audit: multiple subject lsm values for
      netlabel
    - SAUCE: apparmor4.0.0 [25/99]: Audit: Add record for multiple object contexts
    - SAUCE: apparmor4.0.0 [26/99]: LSM: Remove unused lsmcontext_init()
    - SAUCE: apparmor4.0.0 [27/99]: LSM: Improve logic in security_getprocattr
    - SAUCE: apparmor4.0.0 [28/99]: LSM: secctx provider check on release
    - SAUCE: apparmor4.0.0 [29/99]: LSM: Single calls in socket_getpeersec hooks
    - SAUCE: apparmor4.0.0 [30/99]: LSM: Exclusive secmark usage
    - SAUCE: apparmor4.0.0 [31/99]: LSM: Identify which LSM handles the context
      string
    - SAUCE: apparmor4.0.0 [32/99]: AppArmor: Remove the exclusive flag
    - SAUCE: apparmor4.0.0 [33/99]: LSM: Add mount opts blob size tracking
    - SAUCE: apparmor4.0.0 [34/99]: LSM: allocate mnt_opts blobs instead of module
      specific data
    - SAUCE: apparmor4.0.0 [35/99]: LSM: Infrastructure management of the key
      security blob
    - SAUCE: apparmor4.0.0 [36/99]: LSM: Infrastructure management of the mnt...

Changed in linux (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-hwe-6.11/6.11.0-9.9~24.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux-hwe-6.11' to 'verification-done-noble-linux-hwe-6.11'. If the problem still exists, change the tag 'verification-needed-noble-linux-hwe-6.11' to 'verification-failed-noble-linux-hwe-6.11'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-noble-linux-hwe-6.11-v2 verification-needed-noble-linux-hwe-6.11
Revision history for this message
Luca Boccassi (bluca) wrote :

It would be great if the new package was backported to Noble too, so that we can use it in the upstream systemd build and CI. I've tested and sent a patch: https://lists.ubuntu.com/archives/kernel-team/2024-October/154734.html

Stefan Bader (smb)
Changed in linux (Ubuntu Noble):
importance: Undecided → Low
status: New → Confirmed
Roxana Nicolescu (roxanan)
Changed in linux (Ubuntu Noble):
status: Confirmed → Fix Committed
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-realtime/6.11.0-1002.2 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-oracular-linux-realtime' to 'verification-done-oracular-linux-realtime'. If the problem still exists, change the tag 'verification-needed-oracular-linux-realtime' to 'verification-failed-oracular-linux-realtime'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-oracular-linux-realtime-v2 verification-needed-oracular-linux-realtime
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-lowlatency-hwe-6.11/6.11.0-1007.7~24.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux-lowlatency-hwe-6.11' to 'verification-done-noble-linux-lowlatency-hwe-6.11'. If the problem still exists, change the tag 'verification-needed-noble-linux-lowlatency-hwe-6.11' to 'verification-failed-noble-linux-lowlatency-hwe-6.11'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-noble-linux-lowlatency-hwe-6.11-v2 verification-needed-noble-linux-lowlatency-hwe-6.11
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-realtime-6.11/6.11.0-1003.3~24.04.2 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux-realtime-6.11' to 'verification-done-noble-linux-realtime-6.11'. If the problem still exists, change the tag 'verification-needed-noble-linux-realtime-6.11' to 'verification-failed-noble-linux-realtime-6.11'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-noble-linux-realtime-6.11-v2 verification-needed-noble-linux-realtime-6.11
Mehmet Basaran (mehmetbasaran)
Changed in linux (Ubuntu Noble):
assignee: nobody → Mehmet Basaran (mehmetbasaran)
Mehmet Basaran (mehmetbasaran)
Changed in linux (Ubuntu Noble):
assignee: Mehmet Basaran (mehmetbasaran) → nobody
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux/6.8.0-53.55 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux' to 'verification-done-noble-linux'. If the problem still exists, change the tag 'verification-needed-noble-linux' to 'verification-failed-noble-linux'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-noble-linux-v2 verification-needed-noble-linux
Luca Boccassi (bluca)
tags: added: verification-done-noble-linux verification-done-noble-linux-hwe-6.11 verification-done-noble-linux-lowlatency-hwe-6.11 verification-done-noble-linux-realtime-6.11 verification-done-oracular-linux-realtime
removed: verification-needed-noble-linux verification-needed-noble-linux-hwe-6.11 verification-needed-noble-linux-lowlatency-hwe-6.11 verification-needed-noble-linux-realtime-6.11 verification-needed-oracular-linux-realtime
Changed in linux (Ubuntu Noble):
status: Fix Committed → Fix Released
Mehmet Basaran (mehmetbasaran)
Changed in linux (Ubuntu Noble):
assignee: nobody → Mehmet Basaran (mehmetbasaran)
Revision history for this message
Timo Aaltonen (tjaalton) wrote : Update Released

The verification of the Stable Release Update for linux-lowlatency-hwe-6.8 has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-intel/6.8.0-1020.27 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux-intel' to 'verification-done-noble-linux-intel'. If the problem still exists, change the tag 'verification-needed-noble-linux-intel' to 'verification-failed-noble-linux-intel'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-noble-linux-intel-v2 verification-needed-noble-linux-intel
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-nvidia-tegra/6.8.0-1003.3 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux-nvidia-tegra' to 'verification-done-noble-linux-nvidia-tegra'. If the problem still exists, change the tag 'verification-needed-noble-linux-nvidia-tegra' to 'verification-failed-noble-linux-nvidia-tegra'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-noble-linux-nvidia-tegra-v2 verification-needed-noble-linux-nvidia-tegra
Luca Boccassi (bluca)
tags: added: verification-done-noble-linux-intel verification-done-noble-linux-nvidia-tegra
removed: verification-needed-noble-linux-intel verification-needed-noble-linux-nvidia-tegra
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-nvidia-tegra-pvw/6.8.0-1004.4 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux-nvidia-tegra-pvw' to 'verification-done-noble-linux-nvidia-tegra-pvw'. If the problem still exists, change the tag 'verification-needed-noble-linux-nvidia-tegra-pvw' to 'verification-failed-noble-linux-nvidia-tegra-pvw'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-noble-linux-nvidia-tegra-pvw-v2 verification-needed-noble-linux-nvidia-tegra-pvw
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-azure/6.8.0-1025.30 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux-azure' to 'verification-done-noble-linux-azure'. If the problem still exists, change the tag 'verification-needed-noble-linux-azure' to 'verification-failed-noble-linux-azure'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-noble-linux-azure-v2 verification-needed-noble-linux-azure
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-azure-nvidia/6.8.0-1014.15 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux-azure-nvidia' to 'verification-done-noble-linux-azure-nvidia'. If the problem still exists, change the tag 'verification-needed-noble-linux-azure-nvidia' to 'verification-failed-noble-linux-azure-nvidia'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-noble-linux-azure-nvidia-v2 verification-needed-noble-linux-azure-nvidia
Juerg Haefliger (juergh)
tags: added: kernel-daily-bug
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-fips/6.8.0-72.72+fips1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux-fips' to 'verification-done-noble-linux-fips'. If the problem still exists, change the tag 'verification-needed-noble-linux-fips' to 'verification-failed-noble-linux-fips'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-noble-linux-fips-v2 verification-needed-noble-linux-fips
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-aws-fips/6.8.0-1034.36+fips1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux-aws-fips' to 'verification-done-noble-linux-aws-fips'. If the problem still exists, change the tag 'verification-needed-noble-linux-aws-fips' to 'verification-failed-noble-linux-aws-fips'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-noble-linux-aws-fips-v2 verification-needed-noble-linux-aws-fips
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-gcp-fips/6.8.0-1035.37+fips1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux-gcp-fips' to 'verification-done-noble-linux-gcp-fips'. If the problem still exists, change the tag 'verification-needed-noble-linux-gcp-fips' to 'verification-failed-noble-linux-gcp-fips'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-noble-linux-gcp-fips-v2 verification-needed-noble-linux-gcp-fips
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-xilinx/6.8.0-1017.18 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux-xilinx' to 'verification-done-noble-linux-xilinx'. If the problem still exists, change the tag 'verification-needed-noble-linux-xilinx' to 'verification-failed-noble-linux-xilinx'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-noble-linux-xilinx-v2 verification-needed-noble-linux-xilinx
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-azure-fips/6.8.0-1034.39+fips1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux-azure-fips' to 'verification-done-noble-linux-azure-fips'. If the problem still exists, change the tag 'verification-needed-noble-linux-azure-fips' to 'verification-failed-noble-linux-azure-fips'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-noble-linux-azure-fips-v2 verification-needed-noble-linux-azure-fips
Wei-Lin Chang (rhythm16)
tags: added: verification-done-noble-linux-xilinx
removed: verification-needed-noble-linux-xilinx
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.