aya-rs/book

Permission error in trying to run example from book

Closed this issue · 4 comments

ratnadeepb commented

Issue Description

I can build the first example from the book but can't run it.

My code is here if anyone wants to refer to it

System

$ uname -rs
Linux 5.11.0-38-generic

$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 21.04
Release:        21.04
Codename:       hirsute

Background

I am following the Aya book and have reached till the logging packet example.

Changes

  • My project is called loadbalancer instead of myapp
  • I also changed this line to #[xdp(name = "loadbalancer")]

Issue

$ sudo ./target/debug/loadbalancer ./target/bpfel-unknown-none/debug/loadbalancer enp1s0f0
Error: the BPF_PROG_LOAD syscall failed. Verifier output: func#0 @0
0: R1=ctx(id=0,off=0,imm=0) R10=fp0
0: (b7) r6 = 0
1: R1=ctx(id=0,off=0,imm=0) R6_w=inv0 R10=fp0
1: (61) r3 = *(u32 *)(r1 +4)
2: R1=ctx(id=0,off=0,imm=0) R3_w=pkt_end(id=0,off=0,imm=0) R6_w=inv0 R10=fp0
2: (61) r2 = *(u32 *)(r1 +0)
3: R1=ctx(id=0,off=0,imm=0) R2_w=pkt(id=0,off=0,r=0,imm=0) R3_w=pkt_end(id=0,off=0,imm=0) R6_w=inv0 R10=fp0
3: (bf) r4 = r2
4: R1=ctx(id=0,off=0,imm=0) R2_w=pkt(id=0,off=0,r=0,imm=0) R3_w=pkt_end(id=0,off=0,imm=0) R4_w=pkt(id=0,off=0,r=0,imm=0) R6_w=inv0 R10=fp0
4: (07) r4 += 2
5: R1=ctx(id=0,off=0,imm=0) R2_w=pkt(id=0,off=0,r=0,imm=0) R3_w=pkt_end(id=0,off=0,imm=0) R4_w=pkt(id=0,off=2,r=0,imm=0) R6_w=inv0 R10=fp0
5: (2d) if r4 > r3 goto pc+20
 R1=ctx(id=0,off=0,imm=0) R2_w=pkt(id=0,off=0,r=2,imm=0) R3_w=pkt_end(id=0,off=0,imm=0) R4_w=pkt(id=0,off=2,r=2,imm=0) R6_w=inv0 R10=fp0
6: R1=ctx(id=0,off=0,imm=0) R2_w=pkt(id=0,off=0,r=2,imm=0) R3_w=pkt_end(id=0,off=0,imm=0) R4_w=pkt(id=0,off=2,r=2,imm=0) R6_w=inv0 R10=fp0
6: (b7) r6 = 2
7: R1=ctx(id=0,off=0,imm=0) R2_w=pkt(id=0,off=0,r=2,imm=0) R3_w=pkt_end(id=0,off=0,imm=0) R4_w=pkt(id=0,off=2,r=2,imm=0) R6_w=inv2 R10=fp0
7: (69) r4 = *(u16 *)(r2 +12)
invalid access to packet, off=12 size=2, R2(id=0,off=12,r=2)
R2 offset is outside of the packet
verification time 49 usec
stack depth 0
processed 8 insns (limit 1000000) max_states_per_insn 0 total_states 0 peak_states 0 mark_read 0


Caused by:
    Permission denied (os error 13)

Expectation

Logging like the ones shown in the book

dave-tucker commented

@ratnadeepb did you try this?

book/src/start/hello-xdp.md

Line 126 in f71b588

> If you get an error loading the program, try changing `XdpFlags::default()` to `XdpFlags::SKB_MODE`

dave-tucker commented

Oh wait, that's a proper verifier error. Let me try it again on my machine and see what's up

dave-tucker commented

Here's your problem:

https://github.com/ratnadeepb/ebpf_examples/blob/master/loadbalancer/loadbalancer-ebpf/src/main.rs#L35

It should be:

if start + offset + len > end {
    return Err(());
}

The offset needs to be included in the bounds check to make the verifier happy:
From: https://aya-rs.github.io/book/start/logging-packets.html#getting-packet-data-from-the-context

  • 👍1
dave-tucker commented

I'll close this as it isn't a book issue and after I made that change your example compiled and ran on my machine. Feel free to re-open if you are still having issues or come and join us on Discord (link in README of https://github.com/aya-rs/aya)

  • 👍1