Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix eBPF on RHEL 9 family systems #43783

Merged
merged 1 commit into from
Jul 10, 2024
Merged

Fix eBPF on RHEL 9 family systems #43783

merged 1 commit into from
Jul 10, 2024

Conversation

jakule
Copy link
Contributor

@jakule jakule commented Jul 3, 2024
edited
Loading

Fix failed to attach to tracepoint 'syscalls/sys_exit_execve': Permission denied error that happens on RHEL 9 systems.

Background:
Our code was incorrect in the first place. As described here torvalds/linux@ba8ea72 we should be using syscall_trace_* from the very beginning. The only reason why this code used to work in the first place was the same size of trace_event_raw_sys_* and syscall_trace_* structs. When the raw version was modified or code failed to load as the provided struct had a wrong size.

Closes #35286

changelog: Fix eBPF error occuring during startup on Linux RHEL 9

@jakule jakule mentioned this pull request Jul 3, 2024
Closed
@webvictim
Copy link
Contributor

I compiled Teleport from master including this patch - it works fine on the same Rocky Linux 9.4 machine described in #35286

LGTM.

@jakule jakule force-pushed the jakule/maybe-bpf-fix branch from f08d853 to be630c0 Compare July 3, 2024 22:01
@jakule jakule changed the title Fix `failed to attach to tracepoint 'syscalls/sys_exit_execve': Perm… Fix eBPF on RHEL 9 family systems Jul 3, 2024
@jakule jakule marked this pull request as ready for review July 3, 2024 22:07
@github-actions github-actions bot added bpf Used to bugs with bpf and enhanced session recording. size/sm labels Jul 3, 2024
@github-actions github-actions bot requested review from fheinecke and fspmarshall July 3, 2024 22:07
@jakule
Copy link
Contributor Author

jakule commented Jul 9, 2024

Friendly ping @fheinecke @fspmarshall

rosstimothy
rosstimothy reviewed Jul 10, 2024
View reviewed changes
Copy link
Contributor

@rosstimothy rosstimothy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What kind of impact does this have on other distros and kernel versions? Could this break any existing users of enhanced recording?

@jakule
Copy link
Contributor Author

jakule commented Jul 10, 2024

What kind of impact does this have on other distros and kernel versions? Could this break any existing users of enhanced recording?

I tested it with a few other distros that were previously not affected but this bug, but I cannot get you the guaranty that it will work with every possible Linux kernel version and every fork. This patch is based on multiple other OSS repos that were fixing the same issue.
From my point of view, this version seems to work on RHEL and Ubuntu where our current master doesn't work on any RHEL flavor now.

@webvictim
Copy link
Contributor

webvictim commented Jul 10, 2024
edited
Loading

I tried to test my binary on my existing Amazon Linux 2 box where BPF works today, but unfortunately I compiled it on a box with a newer glibc version so it won't run. I think I'd have to put it through CI to get a usable CentOS 7-built binary (not sure what that process looks like today).

If you'd like me to test it on AL2 and can provide a binary, I'm happy to.

@jakule jakule added this pull request to the merge queue Jul 10, 2024
Merged via the queue into master with commit 974db41 Jul 10, 2024
46 checks passed
@jakule jakule deleted the jakule/maybe-bpf-fix branch July 10, 2024 18:16
@public-teleport-github-review-bot
Copy link

@jakule See the table below for backport results.

Branch Result
branch/v14 Create PR
branch/v15 Create PR
branch/v16 Create PR

This was referenced Jul 10, 2024
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rosstimothy rosstimothy rosstimothy left review comments

@codingllama codingllama codingllama approved these changes

@AntonAM AntonAM AntonAM approved these changes

@webvictim webvictim webvictim approved these changes

Assignees
No one assigned
Labels
backport/branch/v14 backport/branch/v15 backport/branch/v16 bpf Used to bugs with bpf and enhanced session recording. size/sm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

enhanced_recording: true (eBPF) causes agent crash on RHEL Rocky v9.3
5 participants
@jakule @webvictim @AntonAM @codingllama @rosstimothy