search

aquasecurity / btfhub

BTFhub, in collaboration with the BTFhub Archive repository, supplies BTF files for all published kernels that lack native support for embedded BTF. This joint effort ensures that even kernels without built-in BTF support can effectively leverage the benefits of eBPF programs, promoting compatibility across various kernel versions.
Apache License 2.0
387 stars 45 forks source link

Some Centos 7 BTFs removed from the archive between September 2022 and now (July 2024) #120

Closed nelljerram closed 3 months ago

nelljerram commented 3 months ago

Thanks for the btfhub archive! I've been reviewing the loss of some Centos 7 files since September 2022, namely:

/btf/centos/7/x86_64/3.10.0-123.1.2.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-123.13.1.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-123.13.2.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-123.20.1.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-123.4.2.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-123.4.4.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-123.6.3.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-123.8.1.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-123.9.2.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-123.9.3.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-123.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-229.1.2.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-229.11.1.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-229.14.1.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-229.20.1.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-229.4.2.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-229.7.2.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-229.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-327.10.1.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-327.13.1.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-327.18.2.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-327.22.2.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-327.28.2.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-327.28.3.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-327.3.1.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-327.36.1.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-327.36.2.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-327.36.3.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-327.4.4.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-327.4.5.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-327.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-514.10.2.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-514.16.1.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-514.2.2.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-514.21.1.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-514.21.2.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-514.26.1.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-514.26.2.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-514.6.1.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-514.6.2.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-514.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-693.1.1.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-693.11.1.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-693.11.6.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-693.17.1.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-693.2.1.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-693.2.2.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-693.21.1.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-693.5.2.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-693.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-862.11.6.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-862.14.4.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-862.2.3.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-862.3.2.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-862.3.3.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-862.6.3.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-862.9.1.el7.x86_64.btf
/btf/centos/7/x86_64/3.10.0-862.el7.x86_64.btf

I am not 100% sure, but I believe all of these were removed as a result of "83e61d7 * workflow: enable centos BTF updates". The commit is not very well documented, but based on the code changes it looks like:

It's a bit weird because there were several corrections in that commit were the previous code had numbers that were all +/- 1 from what they should be. It's not clear if the minimum kernel version change was one of those, or for a different reason.

Would you reviewing and letting me know your thoughts on whether it was the right thing for these BTFs to be removed from the archive?

geyslan commented 3 months ago

@rafaeldtinoco I know it's been a while since 83e61d745e921ad3469541263dbe8f262de2b956, but do you remember the reasons? Cheers!

rafaeldtinoco commented 3 months ago

Likely due to the kernel being too old and not supporting CO-RE (so having BTFs made no sense). Also, they were likely added "by accident" because of automation during initial development IIRC. I could be wrong and yes, the btfhub commit messages were not very detailed unfortunately.

nelljerram commented 3 months ago

Thank you for reviewing this. Please feel free to close the issue.