Open zhangzju opened 1 month ago
kernel:Linux n37-049-131 5.4.0-149-generic #166-Ubuntu SMP Tue Apr 18 16:51:45 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux os: Ubuntu 20.04.6 LTS \n \l bcc version: libbcc_bpf.so.0 -> libbcc_bpf.so.0.31.0 libcc1.so.0 -> libcc1.so.0.0.0 libbcc.so.0 -> libbcc.so.0.31.0
git clone https://github.com/bytedance/netcap.git
go list -m github.com/iovisor/gobpf@master
github.com/iovisor/gobpf v0.2.1-0.20221005153822-16120a1bf4d4
make all
sudo ./netcap skb -f icmp_rcv@1
seems fail to load ebpf prog to kernel, verifier reject with 2024/09/26 11:16:21 Dump err: error loading BPF program: permission denied
82: (85) call bpf_probe_read#4 R0=inv(id=0) R1_w=map_value(id=0,off=40,ks=4,vs=296,imm=0) R2_w=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R3_w=inv(id=0) R6=inv(id=0) R7=map_value(id=0,off=0,ks=4,vs=296,imm=0) R8_w=inv(id=0) R9_w=inv(id=0) R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm fp-24=mmmmmmmm fp-32=mmmmmmmm fp-40=ctx fp-48=mmmmmmmm fp-56=mmmmmmmm R2 unbounded memory access, use 'var &= const' or 'if (var < const)'
Fix it. https://github.com/bytedance/netcap/pull/10
enviroment
kernel:Linux n37-049-131 5.4.0-149-generic #166-Ubuntu SMP Tue Apr 18 16:51:45 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux os: Ubuntu 20.04.6 LTS \n \l bcc version: libbcc_bpf.so.0 -> libbcc_bpf.so.0.31.0 libcc1.so.0 -> libcc1.so.0.0.0 libbcc.so.0 -> libbcc.so.0.31.0
how to reproduce
git clone https://github.com/bytedance/netcap.git
go list -m github.com/iovisor/gobpf@master
github.com/iovisor/gobpf v0.2.1-0.20221005153822-16120a1bf4d4
to require section of go.mod.make all
sudo ./netcap skb -f icmp_rcv@1
details
seems fail to load ebpf prog to kernel, verifier reject with 2024/09/26 11:16:21 Dump err: error loading BPF program: permission denied
82: (85) call bpf_probe_read#4 R0=inv(id=0) R1_w=map_value(id=0,off=40,ks=4,vs=296,imm=0) R2_w=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R3_w=inv(id=0) R6=inv(id=0) R7=map_value(id=0,off=0,ks=4,vs=296,imm=0) R8_w=inv(id=0) R9_w=inv(id=0) R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm fp-24=mmmmmmmm fp-32=mmmmmmmm fp-40=ctx fp-48=mmmmmmmm fp-56=mmmmmmmm R2 unbounded memory access, use 'var &= const' or 'if (var < const)'