View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0001378 | channel: kernel/el7 | --kernel--request-for-enhancement-- | public | 2023-08-09 16:28 | 2023-08-25 04:24 |
| Reporter | youve_got_don | Assigned To | toracat | ||
| Priority | high | Severity | feature | Reproducibility | always |
| Status | resolved | Resolution | not fixable | ||
| Summary | 0001378: Enable support for CONFIG_DEBUG_INFO_BTF in kernels | ||||
| Description | Modern security tooling is rapidly starting to build upon and utilize BPF filtering to gather data about a host to evaluate processes and actions on a host for malicious behaviors. In order to support this, most security tooling that uses the BPF system (to eliminate reliance on specific kernel versions) require the following kernels configs: CONFIG_BPF=y CONFIG_BPF_SYSCALL=y CONFIG_DEBUG_INFO_BTF=y CONFIG_BPF_EVENTS=y CONFIG_BPF_JIT=y Your kernels support all except "CONFIG_DEBUG_INFO_BTF=y" Most modern kernels from various distros natively support all of these kernel configs. Please enable these configs to better support users who need to run modern security software to protect their environments. | ||||
| Tags | kernel, kernel-ml | ||||
| related to | 0001320 | closed | burakkucat | channel: kernel/el8 | Request to enable kernel option CONFIG_DEBUG_INFO_BTF |
| related to | 0001347 | resolved | burakkucat | channel: kernel/el8 | Request BTF be enabled in kernel-lt |
|
|
It appears that el7 is too old to enable CONFIG_DEBUG_INFO_BTF. First, the config file was modified: --- config-6.4.11-x86_64.orig 2023-08-16 13:02:07.000000000 -0700 +++ config-6.4.11-x86_64 2023-08-17 14:27:18.887214392 -0700 @@ -9921,11 +9921,18 @@ # # Compile-time checks and compiler options # +CONFIG_DEBUG_INFO=y CONFIG_AS_HAS_NON_CONST_LEB128=y -CONFIG_DEBUG_INFO_NONE=y -# CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT is not set +# CONFIG_DEBUG_INFO_NONE is not set +CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT=y # CONFIG_DEBUG_INFO_DWARF4 is not set # CONFIG_DEBUG_INFO_DWARF5 is not set +# CONFIG_DEBUG_INFO_REDUCED is not set +CONFIG_DEBUG_INFO_COMPRESSED_NONE=y +# CONFIG_DEBUG_INFO_COMPRESSED_ZLIB is not set +# CONFIG_DEBUG_INFO_SPLIT is not set +CONFIG_DEBUG_INFO_BTF=y +# CONFIG_GDB_SCRIPTS is not set CONFIG_FRAME_WARN=2048 CONFIG_STRIP_ASM_SYMS=y # CONFIG_READABLE_ASM is not set Then an attempt to build the kernel produced the following error: BTF: .tmp_vmlinux.btf: pahole (pahole) is not available Failed to generate BTF for vmlinux Try to disable CONFIG_DEBUG_INFO_BTF make[2]: *** [vmlinux] Error 1 make[1]: *** [vmlinux] Error 2 make: *** [__sub-make] Error 2 To get pahole, the dwarves package was installed (from epel). The error now says: BTF: .tmp_vmlinux.btf: pahole version v1.9 is too old, need at least v1.16 Failed to generate BTF for vmlinux Try to disable CONFIG_DEBUG_INFO_BTF make[2]: *** [vmlinux] Error 1 make[1]: *** [vmlinux] Error 2 make: *** [__sub-make] Error 2 |
|
|
Thank you for the info/testing. Given that el7 is starting to be on it's way out, would it be possible to add those configs to el8 and el9? I see that there are 2 related issues, but it appears it was never implemented in el8 |
|
|
As noted in https://elrepo.org/bugs/view.php?id=1320 , we tried to implement it in el8 but it did not work out. "Unfortunately neither of the two potential configuration changes are viable as the first resulted in an non-bootable system and the second resulted in a regression in user-land." |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2023-08-09 16:28 | youve_got_don | New Issue | |
| 2023-08-09 16:28 | youve_got_don | Tag Attached: kernel | |
| 2023-08-09 16:28 | youve_got_don | Tag Attached: kernel-ml | |
| 2023-08-09 16:30 | pperry | Assigned To | => pperry |
| 2023-08-09 16:30 | pperry | Status | new => assigned |
| 2023-08-09 16:30 | pperry | Assigned To | pperry => toracat |
| 2023-08-09 16:33 | pperry | Project | channel: elrepo/el7 => channel: kernel/el7 |
| 2023-08-17 17:39 | toracat | Relationship added | related to 0001320 |
| 2023-08-17 17:39 | toracat | Relationship added | related to 0001347 |
| 2023-08-17 18:02 | toracat | Note Added: 0009320 | |
| 2023-08-18 11:58 | youve_got_don | Note Added: 0009321 | |
| 2023-08-18 13:15 | toracat | Note Added: 0009322 | |
| 2023-08-25 04:24 | toracat | Status | assigned => resolved |
| 2023-08-25 04:24 | toracat | Resolution | open => not fixable |
