Photon OS

  • 1.  Running eBPF programs on PhotonOS - cannot run on all kernel versions

    Posted Oct 11, 2023 10:02 AM

    Hi,

    [Little Background]

    eBPF programs can run in sandbox env within Kernel. It's event driven and runs based on hookpoints like kprobe, tracepoint, uprobe etc..  It's highly dependent on host kernel and need correct knowledge of underlying kernel's data structures/types.

    The type information comes usually with the kernel (newer) and is present at location /sys/kernel/btf/vmlinux (only if the kernel was compiled with config option CONFIG_DEBUG_INFO_BTF=true)

    In case the kernel does not have BTF support (i.e. above file is not present), we can try and generate it using the kernel's debuginfo package. Which makes the eBPF program portable.

     

    [Query]

    1. Does Photon OS kernel support running eBPF programs usually? Reason for asking is - I see Vmware has solved service mesh usecase using eBPF but there is no mention of OS or kernel. Link: https://blogs.vmware.com/networkvirtualization/2022/08/tanzu-service-mesh-acceleration-using-ebpf.ht...

    2. In case of other mainstream linux distros like ubuntu, centos, fedora, oracle linux etc., the kernel's debuginfo package/rpms for each and every kernel version are published in their respective package urls but for PhotonOS I do/can not find linux-*-debuginfo<version>.rpm files. Which helps in portability of eBPF program across kernels.

    I am looking at https://packages.vmware.com/photon/ for the packages but finding very few (ex: in 3.0 no such packages found) linux debuginfo packages. In case I am not looking correctly, please point me to the place where I can find this rpm for all kernel versions.

    If it is not published, is there a plan to publish the missing kernel's linux debuginfo rpms?



  • 2.  RE: Running eBPF programs on PhotonOS - cannot run on all kernel versions

    Posted Oct 12, 2023 03:33 AM

    Hi,

     

    CONFIG_DEBUG_INFO_BTF does not seem to be set by default in the Photon OS kernel. I think you need to rebuild the kernel.

    https://github.com/vmware/photon/blob/master/SPECS/linux/config_x86_64#L6419

     

    Photon OS's debuginfo RPM is located below. Examples are Photon 3.0 and 5.0(latest release).

     



  • 3.  RE: Running eBPF programs on PhotonOS - cannot run on all kernel versions

    Posted Oct 12, 2023 04:43 AM

    Thank you for responding.

    - The nodes where I am trying to run eBPF program are managed by Tanzu (and so is the kernel).

    - Thanks for providing the package location. The package locations do not have "linux-*-debuginfo" (kernel package) for all kernel versions. 

    Why I am looking for all kernel versions?
    > So that the eBPF program is portable completely and able to run on any given x.y.z kernel version.

    Is there a plan/way (like github issue..) to publish the debugInfo for linux* package for all kernel versions?



  • 4.  RE: Running eBPF programs on PhotonOS - cannot run on all kernel versions

    Posted Oct 15, 2023 05:57 AM

    Hi,

    beside the enthusiasm about eBPF benefits, there are security concerns as well.

    (wikipedia) […] unprivileged use has ultimately been disabled by the kernel community by default to protect from use against future hardware vulnerabilities.

    See exploited eBPF vulnerabilities e.g. cve-2023-39191.

    Portability is not a primary goal of the CIA triad confidentiality, integrity and authentication.

    I prefer compiling the kernel source as mentioned from . There is a Photon OS docs chapter https://vmware.github.io/photon/docs-v5/installation-guide/building-images/ .