new(driver): add ppc64le support to old bpf and kmod plus CI job #1497
Conversation
poiana
added
kind/feature
| @@ -15,6 +15,7 @@ if(BUILD_BPF) | |||
| set(bpf_min_kver_map_x86_64 4.14) | |||
| set(bpf_min_kver_map_aarch64 4.17) | |||
| set(bpf_min_kver_map_s390x 5.5) | |||
| set(bpf_min_kver_map_ppc64le 4.18) | |||
There was a problem hiding this comment.
I am pretty sure that eBPF support will also need same fixes as modern eBPF, ie:
- https://github.com/falcosecurity/libs/blob/master/driver/bpf/plumbing_helpers.h#L125
- https://github.com/falcosecurity/libs/blob/master/driver/bpf/plumbing_helpers.h#L167
- https://github.com/falcosecurity/libs/blob/master/driver/bpf/plumbing_helpers.h#L286
I also noticed that we skipped an include here: https://github.com/falcosecurity/libs/blob/master/userspace/libscap/engine/gvisor/parsers.cpp#L35.
I am not sure whether it is needed, but i guess so given we added aarch64 and s390x too (btw gvisor should only be supported on x86_64 atm, since the option is only available on it: https://github.com/falcosecurity/libs/blob/master/cmake/modules/engine_config.cmake#L26)
There was a problem hiding this comment.
Okay. I was able to build bpf and kmod out of the box without any changes, so I assumed I did not need to make any other modifications. I will add the fixes you suggested.
There was a problem hiding this comment.
@FedeDP Btw, I noticed these 2 lines point to incorrect links for each architecture.
libs/driver/bpf/plumbing_helpers.h
Line 268 in f61e7ff
libs/driver/bpf/plumbing_helpers.h
Line 289 in f61e7ff
There was a problem hiding this comment.
I think libbpf touched those files (we should've linked a fixed hash instead of master). No problem anyway!
| @@ -26,6 +27,7 @@ else() | |||
| set(kmod_min_kver_map_aarch64 3.16) | |||
| set(kmod_min_kver_map_s390x 2.6) | |||
| set(kmod_min_kver_map_riscv64 5.0) | |||
| set(kmod_min_kver_map_ppc64le 2.6) | |||
There was a problem hiding this comment.
Like for bpf, kmod too needs some small work:
There was a problem hiding this comment.
I am not sure! That depends if ppc64le is hit by the kernel behavior of not sending the clone exit event for the child; at the moment, all supported architectures but x86_64 are hit.
We have drivers tests for it though, eg: https://github.com/falcosecurity/libs/blob/master/test/drivers/test_suites/syscall_exit_suite/clone3_x.cpp#L191
So, if this test is passing fine running on ppc64le, we should not need the CAPTURE_SCHED_PROC_FORK enabled.
The same goes for CAPTURE_SCHED_PROC_EXEC.
cc @Andreagit97
There was a problem hiding this comment.
uhm it seems like ppc64le behaves like x86 since looking at failed tests here #1475 (comment) execve and clone test are passing.
BTW always looking at the tests there is another issue:
[ FAILED ] SyscallExit.execveatX_correct_exit
[ FAILED ] SyscallExit.execveatX_execve_exit
[ FAILED ] SyscallExit.execveatX_success_memfd
it seems that ppc64le correctly returns an execveat exit event when an execveat syscall is called (like s390x and riscv)
Other architectures like x86 instead return an execve instead of an execveat exit event.
There was a problem hiding this comment.
Thanks @FedeDP @Andreagit97. I reran the test and yes clone3_x is passing so we won't need the patch.
[ RUN ] SyscallExit.clone3X_father
[ OK ] SyscallExit.clone3X_father (2780 ms)
[ RUN ] SyscallExit.clone3X_child
[ OK ] SyscallExit.clone3X_child (1139 ms)
[ RUN ] SyscallExit.clone3X_create_child_with_2_threads
[ OK ] SyscallExit.clone3X_create_child_with_2_threads (1659 ms)
[ RUN ] SyscallExit.clone3X_child_clone_parent_flag
[ OK ] SyscallExit.clone3X_child_clone_parent_flag (899 ms)
[ RUN ] SyscallExit.clone3X_child_new_namespace_from_child
[ OK ] SyscallExit.clone3X_child_new_namespace_from_child (1389 ms)
[ RUN ] SyscallExit.clone3X_child_new_namespace_from_caller
[ OK ] SyscallExit.clone3X_child_new_namespace_from_caller (3079 ms)
[ RUN ] SyscallExit.clone3X_child_new_namespace_create_thread
[ OK ] SyscallExit.clone3X_child_new_namespace_create_thread (2649 ms)
[ RUN ] SyscallExit.cloneX_father
[ OK ] SyscallExit.cloneX_father (2619 ms)
[ RUN ] SyscallExit.cloneX_child
[ OK ] SyscallExit.cloneX_child (1279 ms)
For the execveat , I will add a condition for ppc64le but should that be done with a separate PR?
There was a problem hiding this comment.
Tried it. That seems to be the offending line
There was a problem hiding this comment.
Thanks for the extensive tests!
There was a problem hiding this comment.
Uhm it seems strange
struct list_head *head = &(task->children);
struct list_head *next_child = (struct list_head *)_READ(head->next);
if(next_child != head)
{
/* We have at least one child, so we need a reaper for it */
reaper_pid = find_new_reaper_pid(data, task);
}if head!= null, next_child cannot be null because in the worst case, it would be next_child==head, BTW we never dereference next_child so it shouldn't be an issue at all 🤔
There was a problem hiding this comment.
Yep the issue is within find_new_reaper_pid :/
There was a problem hiding this comment.
I opened the issue to track the legacy bpf verifier failure: #1521
.github/workflows/ci.yml
Outdated
| @@ -362,6 +362,44 @@ jobs: | |||
| KERNELDIR=/lib/modules/$(ls /lib/modules)/build make scap-open driver bpf unit-test-libsinsp -j6 | |||
| ./libsinsp/test/unit-test-libsinsp | |||
|
|
|||
| build-libs-ppc64le: | |||
There was a problem hiding this comment.
This is a nice idea! Can we use a matrix to merge together this job with the build-libs-s390x one?
There was a problem hiding this comment.
Yes we can. I will try it out.
There was a problem hiding this comment.
this is a great point, moreover, I just thought that the s390x job takes almost 1 h to run but in the end, we want to check the build of our drivers (modern_bpf, kmod, bpf) why do we need to build sinsp and run tests? In order to not slow down our CI too much I would propose just building the drivers in this CI job, and maybe we can do the same for the s390x, WDYT?
There was a problem hiding this comment.
Do you recommend a separate job for testing sinsp or do we stick to the driver builds for now?
There was a problem hiding this comment.
I think sticking with the drvers build for now is fine; higher level code rarely needs adjustments for new architecture, therefore we are pretty confident that we cannot break the build of scap/sinsp for a given architecture.
There was a problem hiding this comment.
yep let's say that breaking the build of the userspace part should never happen and a 1h job at every build seems a high price to pay
There was a problem hiding this comment.
Makes sense. I will modify for both archs. @hbrueckner let me know if this is ok for s390x
There was a problem hiding this comment.
Makes sense. I will modify for both archs. @hbrueckner let me know if this is ok for
s390x
@Andreagit97 @FedeDP let's reduce the build time on s390x by focusing on the drivers only.
FedeDP
changed the title
|
I updated the title to be more precise! |
|
Failing tests for each driver: bpf: (without reaper_pid part of procexit filler though...) modern-bpf: |
Getrlimit is not implemented and test should be skipped. Weird thing is that the |
|
Seems to work reliably; added the PR: #1517 |
Thanks for the patch |
mdafsanhossain
force-pushed
the
ci-ppc64le
branch
from
dbd31ac to
716ed99
Compare
|
So, what we need here is the CI part, right? Ie: the matrix merging s390x and ppc64le (and stopping at drivers build without testing libsinsp unit tests). |
Yes. I am testing it. I will commit in some time |
No problem, it was just to recap :) take your time! And thank you! |
|
LGTM label has been added. Git tree hash: 0aebaf20cc5a04cab1334f71d39b1a8dfc11e95f
|
|
/hold |
|
waiting for the CI to complete |
|
Let me add |
|
While you are here @mdafsanhossain care to update naming of the jobs from "build-libs-" to |
Will do it. No issues :) |
Signed-off-by: mdafsanhossain <[email protected]>
mdafsanhossain
dismissed stale reviews from Andreagit97 and FedeDP
via
5079dae
|
LGTM label has been added. Git tree hash: 92174aa30ca74ec5bdcc889534d01267c54e8b7c
|
|
/unhold |
|
/hold |
|
@Andreagit97 didn't see your comment, sorry! |
|
/unhold |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Andreagit97, FedeDP, mdafsanhossain The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Andreagit97
changed the title
What type of PR is this?
/kind feature
Any specific area of the project related to this PR?
/area build
/area CI
/area driver-kmod
/area driver-bpf
/area driver-modern-bpf
/area libsinsp
/area tests
What this PR does / why we need it:
This PR adds GHA job to build
kmod,bpf,modern-bpfon ppc64le (using QEMU) and also run libsinsp unit tests. It is similar to what is currently enabled fors390xhere.Special notes for your reviewer:
Does this PR introduce a user-facing change?: