New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
modern-bpf fails to load on RHEL 8.6 ppc64le (unsupported opcode) #1807
Comments
Thanks for tracking this one! |
I finally have an update on this one now that we've wrapped up our investigation. TL;DR: A single patch is missing on this kernel and makes loading modern_bpf impossible. No libs changes are needed (except perhaps docs adjustment of minimum kernel versions for Power) The unsupported opcode that we originally thought was
This opcode doesn't exist in the // built using libbpf-bootstrap
#include "vmlinux.h"
#include <bpf/bpf_helpers.h>
#include <bpf/bpf_tracing.h>
char LICENSE[] SEC("license") = "Dual BSD/GPL";
int my_pid = 0;
SEC("tp_btf/sys_enter")
int BPF_PROG(handle_tp, struct pt_regs *regs)
{
int pid = bpf_get_current_pid_tgid() >> 32;
// access of regs and use of the variable later causes
// the error
int syscall = (int)regs->gpr[0];
if (pid != my_pid || syscall != 1)
return 0;
bpf_printk("BPF triggered from PID %d.\n", pid);
return 0;
} Later kernels on Power do support this opcode, and modern_bpf loads correctly at that point. (from |
Thanks for the investigation Giles! We already document a minimum kernel version of 5.8 for modern bpf probe: https://github.com/falcosecurity/libs?tab=readme-ov-file#drivers-officially-supported-architectures |
/close |
@FedeDP: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Describe the bug
When loading the modern BPF driver on RHEL 8.6 on ppc64le, the loading fails:
Error 524 is "unsupported" and
dmesg
gives a little more information:This opcode is
BPF_LDX | BPF_DW | BPF_ABS
, but based on docs this opcode seems to be for packet inspection and that doesn't fit with the programs that seem to be affected.How to reproduce it
(running on
4.18.0-372.9.1.el8.ppc64le
)Expected behaviour
The modern bpf probe should load correctly, with no errors.
Environment
Additional context
This is a follow on from initial discussions on #1804
cc: @FedeDP @Andreagit97 @mdafsanhossain @erthalion
The text was updated successfully, but these errors were encountered: