Fix check for context propagation support (#600)

While the lockdown check for the 'bpf_probe_write_user()' helper was indeed introduced on 5.14[1], it was also backported to the 5.10 tree[2] as well. [1]: torvalds/linux@51e1bb9 [2]: https://elixir.bootlin.com/linux/v5.10.59/A/ident/LOCKDOWN_BPF_WRITE_USER
grafana · Feb 2, 2024 · 96c774a · 96c774a
1 parent 447c8b9
commit 96c774a
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/docs/sources/distributed-traces.md b/docs/sources/distributed-traces.md
@@ -25,7 +25,7 @@ Beyla will read any incoming trace context header values, track the Go program e
 
 ### Kernel integrity mode limitations
 
-In order to write the `traceparent` value in outgoing HTTP/gRPC request headers, Beyla needs to write to the process memory using the [bpf_probe_write_user](https://www.man7.org/linux/man-pages/man7/bpf-helpers.7.html) eBPF helper. Since kernel 5.15 this helper is protected (and unavailable to BPF programs) if the Linux Kernel is running in `integrity` lockdown mode. Kernel integrity mode is typically enabled by default if the Kernel has [Secure Boot](https://wiki.debian.org/SecureBoot) enabled, but it can also be enabled manually.
+In order to write the `traceparent` value in outgoing HTTP/gRPC request headers, Beyla needs to write to the process memory using the [bpf_probe_write_user](https://www.man7.org/linux/man-pages/man7/bpf-helpers.7.html) eBPF helper. Since kernel 5.14 (with fixes backported to the 5.10 series) this helper is protected (and unavailable to BPF programs) if the Linux Kernel is running in `integrity` lockdown mode. Kernel integrity mode is typically enabled by default if the Kernel has [Secure Boot](https://wiki.debian.org/SecureBoot) enabled, but it can also be enabled manually.
 
 Beyla will automatically check if it can use the `bpf_probe_write_user` helper, and enable context propagation only if it's allowed by the kernel configuration. Verify the Linux Kernel lockdown mode by running the following command:
 

diff --git a/pkg/internal/ebpf/common/common.go b/pkg/internal/ebpf/common/common.go
@@ -121,8 +121,8 @@ func SupportsContextPropagation(log *slog.Logger) bool {
 	kernelMajor, kernelMinor := KernelVersion()
 	log.Debug("Linux kernel version", "major", kernelMajor, "minor", kernelMinor)
 
-	if kernelMajor < 5 || (kernelMajor == 5 && kernelMinor < 14) {
-		log.Debug("Found Linux kernel earlier than 5.14, trace context propagation is supported", "major", kernelMajor, "minor", kernelMinor)
+	if kernelMajor < 5 || (kernelMajor == 5 && kernelMinor < 10) {
+		log.Debug("Found Linux kernel earlier than 5.10, trace context propagation is supported", "major", kernelMajor, "minor", kernelMinor)
 		return true
 	}