Fix check for context propagation support #600
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hi. I was investigating the issue #390, based on the report that it doesn't work on Debian 11 (Bullseye), which should have a supported kernel:
I managed to start Beyla after recompiling it and was able to trace C programs, like the Apache HTTP Server. The problem is that Go binaries like the testserver weren't working:
After debugging for a while, trying to understand what
uprobe_http2FramerWriteHeaders_returns
had different than other BPF programs, I realized that the VM was running with Secure Boot enabled (which is the default on LXD/Incus). This, in turn, enables the kernel integrity mode:As documented, in cases like that the context propagation might not work. What made it a bit more interesting is the fact that while yes, the lockdown check for the
bpf_probe_write_user()
helper was indeed introduced on kernel 5.14, it was also backported to the 5.10 tree as well.Based on these findings, I'm proposing a fix for the context propagation support check.
P.s.: I also checked 5.4 (the previous LTS) and 5.9 versions and didn't find the patch in their trees.