Shipped version of bpftool is outdated
mauriciovasquezbernal opened this issue · 2 comments
mauriciovasquezbernal commented
The version of bpftool shipped with the repo doesn't support the BTF files added in aquasecurity/btfhub-archive#10.
$ INPUT=<foo>/ebpf/btfhub-archive/debian/9/x86_64/4.9.0-19-amd64.btf
$ OUTPUT=/tmp/foo.btf
# doesn't matter
$ OBJ=inspektor-gadget/pkg/gadgets/trace/bind/tracer/bindsnoop_bpfel_x86.o
# shipped bpftool doesn't work
$ ./tools/bin/bpftool.x86_64 version
./tools/bin/bpftool.x86_64 v6.7.0
using libbpf v0.7
features: libbpf_strict, skeletons
$ ./tools/bin/bpftool.x86_64 gen min_core_btf $INPUT $OUTPUT $OBJ
Error: failed parsing '<foo>/ebpf/btfhub-archive/debian/9/x86_64/4.9.0-19-amd64.btf' BTF file: Invalid argument
Error: failed to allocate info structure: Invalid argument
# problem is not related to min_core_btf
$ ./tools/bin/bpftool.x86_64 btf dump file $INPUT
Error: failed to load BTF from <foo>/ebpf/btfhub-archive/debian/9/x86_64/4.9.0-19-amd64.btf: Unknown error -22
# new bpftool works
$ bpftool version
bpftool v7.1.0
using libbpf v1.1
features: libbfd, skeletons
$ bpftool gen min_core_btf $INPUT $OUTPUT $OBJ
echo $?
0
$ bpftool btf dump file $INPUT
<lot of lines printed>eiffel-fl commented
I see there is no tests when adding new files to btfhub-archive, what about adding something like this (I did not test it, I only share the idea):
name: Check files are OK
on:
pull_request:
jobs:
check:
name: Check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Check if everything is OK
run: |
git clone https://github.com/aquasecurity/btfhub.git /tmp/btfhub
BPFTOOL=/tmp/btfhub/tools/bin/bpftool.x86_64
for btffile in $(find / -name '*.btf'); do
$BPFTOOL btf dump file $btffile &> /dev/null || exit $?
doneIf needed, I can give a hand.
rafaeldtinoco commented
Hey @mauriciovasquezbernal and @eiffel-fl thanks for this. I was off for the past 2 weeks, will check this today! Sorry for the delay!