eBPF support in HWE kernels + userland changes needed

Rafael David Tinoco rafaeldtinoco at gmail.com
Wed Nov 3 11:23:10 UTC 2021 

Hello list,

I have been trying to address this issue for sometime now, without success. Hopefully this can gain some traction with this e-mail. I know many of you address most of your efforts into the current development version, but I'd like to call attention for something I judge is important for the LTS versions in the cloud world (regarding eBPF only).

eBPF CO-RE technology [1][2] is becoming the base for cloud native introspection / networking / performance tools, and many projects are starting to use it. Examples I can remember off the top of my head are:

- cilium
- inspektor gadget
- sysdig
- datadog agent
- tracee (the one I currently work with)
- sysmon tool for linux (does not need BTF but might in near future)

But, because of LP #1926330, HWE kernels aren't enabling CONFIG_DEBUG_INFO_BTF. 

After libbpf started supporting external BTF files (converted from DWARF), I have created the following project:

- https://github.com/aquasecurity/btfhub/

containing BTF files for all existing Ubuntu HWE kernels (and from other distros) I could get. But now, -generic 5.11 HWE kernels don't have their debug packages published (another bug I was told kernel team was already aware).

It's becoming very hard to help Ubuntu LTS to be eBPF CO-RE capable. All other distros already are (as you can see at the btfhub README.md page).

-- Problems:

- #1 = Ubuntu HWE kernels aren't being compiled with BTF support, something that is critical for eBPF CO-RE, turning an eBPF object portable among different kernel versions.

https://github.com/aquasecurity/btfhub/issues/9
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1926330
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1949286

My proposal to this problem is the "MIR" bug I created with a package called "pahole-btf". It is a backport of Impish's dwarves "pahole" binary (only) to Bionic and Focal. If this package is added to [main], then it will allow HWE kernels to use a recent "pahole-btf" binary in vmlinux-link script and generate correct BTF debug information for those kernels, allowing eBPF CO-RE technology to work.

Would that be acceptable ? If not, what is the alternative ?

- #2 = Ubuntu HWE kernels should always have dbg packages published in ddebs. What happened to 5.11 kernels ? Why can't we have access to the debug packages ?

Could I get some help/feedback in addressing those issues ? Thank you!

----
[1] https://nakryiko.com/posts/bpf-portability-and-co-re/
[2] https://github.com/aquasecurity/btfhub/tree/main/tools

rafaeldtinoco

More information about the ubuntu-devel mailing list