search

Joshua-Riek / ubuntu-rockchip

Ubuntu for Rockchip RK35XX Devices
https://joshua-riek.github.io/ubuntu-rockchip-download/
GNU General Public License v3.0
2.12k stars 230 forks source link

How to enable eBPF on OPi5 and V1.30 images #483

Closed Zhu-HH closed 3 weeks ago

Zhu-HH commented 9 months ago

Thank you for your contribution to the community!

I want to learn eBPF on the OPi5 board by manually compiling the kernel, but after installing and restarting the kernel, I found that I cannot access the system interface, but SSH can connect.

Joshua-Riek commented 9 months ago

I don't know what eBPF is or what modifications made to the kernel in that made the system interface no longer accessible.

Can you provide the exact changes?

r0ysue commented 9 months ago

eBPF Kernel requirements:

https://github.com/iovisor/bcc/blob/master/INSTALL.md#kernel-configuration

Zhu-HH commented 9 months ago

here are the exact changes :

scripts/config --enable CONFIG_BPF_LSM scripts/config --enable CONFIG_KGDB scripts/config --enable CONFIG_FUNCTION_PROFILER scripts/config --enable CONFIG_FTRACE_SYSCALLS scripts/config --enable CONFIG_BPF_KPROBE_OVERRIDE scripts/config --enable CONFIG_TRACE_EVENT_INJECT scripts/config --enable CONFIG_HIST_TRIGGERS scripts/config --enable CONFIG_SCHED_TRACER scripts/config --enable CONFIG_IRQSOFF_TRACER scripts/config --enable CONFIG_FUNCTION_TRACER scripts/config --enable CONFIG_STACK_TRACER scripts/config --disable CONFIG_MAGIC_SYSRQ scripts/config --enable CONFIG_IKHEADERS scripts/config --enable CONFIG_DEBUG_INFO_BTF scripts/config --enable CONFIG_DEBUG_INFO scripts/config --disable DEBUG_INFO_REDUCED scripts/config --disable DEBUG_INFO_COMPRESSED scripts/config --disable DEBUG_INFO_SPLIT scripts/config --disable DEBUG_INFO_DWARF4 scripts/config --disable GDB_SCRIPTS scripts/config --disable DEBUG_EFI scripts/config --disable ARM64_RELOC_TEST

scripts/config --enable CONFIG_BPF_SYSCALL scripts/config --enable CONFIG_BPF_JIT scripts/config --enable CONFIG_HAVE_BPF_JIT scripts/config --enable CONFIG_HAVE_EBPF_JIT scripts/config --enable CONFIG_MODULES scripts/config --enable CONFIG_BPF scripts/config --enable CONFIG_BPF_EVENTS scripts/config --enable CONFIG_PERF_EVENTS scripts/config --enable CONFIG_HAVE_PERF_EVENTS scripts/config --enable CONFIG_PROFILING scripts/config --enable CONFIG_BPF_UNPRIV_DEFAULT_OFF scripts/config --enable CONFIG_CGROUP_BPF scripts/config --enable CONFIG_BPFILTER scripts/config --module CONFIG_BPFILTER_UMH scripts/config --module CONFIG_NET_CLS_BPF scripts/config --module CONFIG_NET_ACT_BPF scripts/config --enable CONFIG_BPF_STREAM_PARSER scripts/config --enable CONFIG_LWTUNNEL_BPF scripts/config --module CONFIG_NETFILTER_XT_MATCH_BPF scripts/config --enable CONFIG_IPV6_SEG6_BPF scripts/config --enable CONFIG_KPROBE_EVENTS scripts/config --enable CONFIG_KPROBES scripts/config --enable CONFIG_HAVE_KPROBES scripts/config --enable CONFIG_HAVE_REGS_AND_STACK_ACCESS_API scripts/config --enable CONFIG_KPROBES_ON_FTRACE scripts/config --enable CONFIG_FPROBE scripts/config --enable CONFIG_BPF_KPROBE_OVERRIDE scripts/config --enable CONFIG_UPROBE_EVENTS scripts/config --enable CONFIG_ARCH_SUPPORTS_UPROBES scripts/config --enable CONFIG_UPROBES scripts/config --enable CONFIG_MMU scripts/config --enable CONFIG_TRACEPOINTS scripts/config --enable CONFIG_HAVE_SYSCALL_TRACEPOINTS scripts/config --enable CONFIG_BPF_LSM scripts/config --enable CONFIG_BPF_LIRC_MODE2 scripts/config --module CONFIG_VSOCKETS scripts/config --module CONFIG_VSOCKETS_DIAG scripts/config --enable CONFIG_VHOST_VSOCK scripts/config --enable CONFIG_VHOST_NET scripts/config --enable CONFIG_VSOCKMON scripts/config --disable SERIAL_CONEXANT_DIGICOLOR scripts/config --disable SERIAL_SPRD scripts/config --disable CONFIG_KPROBES_SANITY_TEST scripts/config --enable KGDB_HONOUR_BLOCKLIST scripts/config --enable BPF_JIT_ALWAYS_ON scripts/config --disable CONFIG_TRACEFS_DISABLE_AUTOMOUNT scripts/config --enable CONFIG_KALLSYMS_ALL

I don't know what eBPF is or what modifications made to the kernel in that made the system interface no longer accessible.

Can you provide the exact changes?

gclawes commented 1 month ago

@Joshua-Riek it looks like this was missing in the upstream linux-raspi as well, fix pending release: https://bugs.launchpad.net/ubuntu/+source/linux-raspi/+bug/2065829 https://launchpad.net/ubuntu/+source/linux-raspi/6.8.0-1009.10

Edit: it looks like the only change was to set DEBUG_INFO_BTF=y

gclawes commented 1 month ago

eBPF Kernel requirements:

https://github.com/iovisor/bcc/blob/master/INSTALL.md#kernel-configuration

Looks like this is the full list of configs: https://github.com/iovisor/bcc/blob/master/docs/kernel_config.md

In particular, the BTF features seem to be required for "Compile Once - Run Everywhere" eBPF programs like those used by falco: https://falco.org/docs/event-sources/kernel/#modern-ebpf-probe https://nakryiko.com/posts/bpf-portability-and-co-re/

Also, it looks like bpftool is missing for the particular kernel versions distributed with these images:

ubuntu@rk01:~$ uname -a
Linux rk01 6.1.0-1021-rockchip #21-Ubuntu SMP Mon Jul 29 03:52:32 UTC 2024 aarch64 aarch64 aarch64 GNU/Linux
ubuntu@rk01:~$ sudo bpftool feature probe kernel | grep -q "map_type ringbuf is available" && echo "true" || echo "false"
WARNING: bpftool not found for kernel 6.1.0-1021

  You may need to install the following packages for this specific kernel:
    linux-tools-6.1.0-1021-rockchip
    linux-cloud-tools-6.1.0-1021-rockchip

  You may also want to install one of the following packages to keep up to date:
    linux-tools-rockchip
    linux-cloud-tools-rockchip
false
Joshua-Riek commented 1 month ago

I enabled the missing kernel modules, though I have not tested to confirm if this works yet.

See: https://github.com/Joshua-Riek/linux-rockchip/commit/73c50d1756568e9c2b1da19b875ea112fa998c00

gclawes commented 3 weeks ago

I see 6.8.0-1009.10 landed in the repos. It looks like BTF is enabled:

ubuntu@rk01:~$ uname -a
Linux rk01 6.1.0-1022-rockchip #22-Ubuntu SMP Sun Aug 11 19:41:32 UTC 2024 aarch64 aarch64 aarch64 GNU/Linux
ubuntu@rk01:~$ ls -lah /sys/kernel/btf/vmlinux
-r--r--r-- 1 root root 8.2M Aug 13 12:57 /sys/kernel/btf/vmlinux

I hit a minor issue running the Falco compatibility check, though. Using bpftool installed via linux-tools-common on the Turing RK1:

ubuntu@rk01:~$ sudo bpftool feature probe kernel | grep -q "map_type ringbuf is available" && echo "true" || echo "false"
WARNING: bpftool not found for kernel 6.1.0-1022

  You may need to install the following packages for this specific kernel:
    linux-tools-6.1.0-1022-rockchip
    linux-cloud-tools-6.1.0-1022-rockchip

  You may also want to install one of the following packages to keep up to date:
    linux-tools-rockchip
    linux-cloud-tools-rockchip
false

It looks like it might need some additional packages for these kernel builds.

Joshua-Riek commented 3 weeks ago

Hmmm strange. I probably need to update kernel packaging to build the binary.

Joshua-Riek commented 3 weeks ago

Ah of course, I forgot to enable bpftool in the kernel packaging.

https://github.com/Joshua-Riek/linux-rockchip/commit/fb5326b94b5a52f522ba6c81d2ae80eb5c6cf86b

Joshua-Riek commented 3 weeks ago

I enabled support for BTF in the kernel for Ubuntu 22.04 as well. I see that bpftool is now in the built package, will do some testing later tonight and see if it works.

Joshua-Riek commented 3 weeks ago

I pushed a kernel update for Jammy and Noble systems. Please update and install the linux-rockchip-tools package.