Readme example bpf code fails verifier on debian 11 with 5.10.0 kernel

Question

Readme example bpf code fails verifier on debian 11 with 5.10.0 kernel

Closed this issue a year ago · 2 comments

https://github.com/deepfence/ebpfguard/tree/3bcc2e8250cae04cf9863896229b0578ad9a8092/examples/readme_mount

Error: attach_sb_mount

Caused by:
    0: Failed to load BPF program: the BPF_PROG_LOAD syscall failed. Verifier output: 0: (bf) r6 = r1
       1: (85) call unknown#158
       invalid func unknown#158
       verification time 783 usec
       stack depth 0
       processed 2 insns (limit 1000000) max_states_per_insn 0 total_states 0 peak_states 0 mark_read 0
       
    1: the BPF_PROG_LOAD syscall failed. Verifier output: 0: (bf) r6 = r1
       1: (85) call unknown#158
       invalid func unknown#158
       verification time 783 usec
       stack depth 0
       processed 2 insns (limit 1000000) max_states_per_insn 0 total_states 0 peak_states 0 mark_read 0
       
    2: Invalid argument (os error 22)

Answer 1 · 2023-05-04T10:29:07.000Z

Problem stems from usage of bpf_get_current_task_btf which was introduced in 5.15. Fix pending, should be possible to rewrite with the use of bpf_get_current_task instead.

Answer 2 · 2023-05-08T13:28:57.000Z

Fixed by #38