Source: linux-signed-amd64
X-Debbugs-Cc: martin.ke...@crowdstrike.com
Version: 6.11.2+1
Severity: important
Tags: upstream
Some BPF fentry hooks in the 6.11.2-cloud-amd64 kernel successfully
load
but then are ignored when they should fire. This can be seen with the
following bpftrace command:
bpftrace -e 'kfunc:acct_process { printf("acct_process called\n"); }'
Which normally should trigger when running some short-lived process,
but
instead doesn't show output on the 6.11.2-cloud-amd64 kernel. The same
command works fine as a kprobe, showing this issue is unique to fentry.
So the below command shows output as expected:
bpftrace -e 'kprobe:acct_process { printf("acct_process called\n"); }'
Further, other related hooks in the same code path work fine, such as
this one:
bpftrace -e 'kfunc:acct_collect { printf("acct_collect called\n"); }'
Which shows that the issue has to do with only *some* fentry hooks.
This issue exists in upstream 6.11.2 as well and appears to be fixed in
upstream master. My git bisect pointed at commit 98f7e32f20d2 ("mm/x86:
implement arch_check_zapped_pud()"). I'm not sure why that commit fixes
it, but I manually cherry-picked that commit on top of 6.11.2 and it
indeed fixed the issue.
A few other things to note:
- This issue exists in 6.11.2-cloud-amd64 kernel but not 6.11.2-amd64,
so it presumably depends on some collection of CONFIG options.
- There is an issue with identical symptoms on some kernels with
CONFIG_X86_X32_ABI=y set (6.11.2-cloud-amd64 does *not* have x32 ABI
set). I reported this upstream [1] but haven't gotten a response.
- This x32 ABI issue reproduces on Debian's 6.10.9-amd64 kernel and
on upstream master but not the
6.10.11-amd64 or 6.11.2-amd64 kernels, so it appears to be coming and
going semi-randomly. Technically there is currently no latest Debian
kernel hitting the x32 ABI issue, but since the issue is coming and
going, it may come back in a later release.
[1]
https://lore.kernel.org/bpf/7136605d24de9b1fc62d02a355ef11c950a94153.ca...@crowdstrike.com/T/#u
-- System Information:
Debian Release: 12.7
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500,
'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.11.2-cloud-amd64 (SMP w/20 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
