gui774ume / krie Goto Github PK

View Code? Open in Web Editor NEW

165.0 165.0 20.0 29.4 MB

Linux Kernel Runtime Integrity with eBPF

License: Apache License 2.0

Makefile 0.06% Go 10.43% C 89.51%

krie's People

Contributors

Stargazers

Watchers

krie's Issues

make build-ebpf fails with go error

Hey! :)

The make target make build-ebpf currently fails with this error:

[root@b10c54e6b85c krie]# make build-ebpf
mkdir -p ebpf/bin
clang-14 -D__KERNEL__ -DCONFIG_64BIT -D__ASM_SYSREG_H -D__x86_64__ -D__BPF_TRACING__ -DKBUILD_MODNAME=\"krie\" \
	-Wno-unused-value \
	-Wno-pointer-sign \
	-Wno-compare-distinct-pointer-types \
	-Wunused \
	-Wall \
	-Werror \
	-I/lib/modules/$(uname -r)/build/include \
	-I/lib/modules/$(uname -r)/build/include/uapi \
	-I/lib/modules/$(uname -r)/build/include/generated/uapi \
	-I/lib/modules/$(uname -r)/build/arch/x86/include \
	-I/lib/modules/$(uname -r)/build/arch/x86/include/uapi \
	-I/lib/modules/$(uname -r)/build/arch/x86/include/generated \
	-c -O2 -g -target bpf \
	ebpf/main.c \
	-o ebpf/bin/probe.o
mkdir -p ebpf/bin
clang-14 -D__KERNEL__ -DCONFIG_64BIT -D__ASM_SYSREG_H -D__x86_64__ -DUSE_SYSCALL_WRAPPER=1 -D__BPF_TRACING__ -DKBUILD_MODNAME=\"krie\" \
	-Wno-unused-value \
	-Wno-pointer-sign \
	-Wno-compare-distinct-pointer-types \
	-Wunused \
	-Wall \
	-Werror \
	-I/lib/modules/$(uname -r)/build/include \
	-I/lib/modules/$(uname -r)/build/include/uapi \
	-I/lib/modules/$(uname -r)/build/include/generated/uapi \
	-I/lib/modules/$(uname -r)/build/arch/x86/include \
	-I/lib/modules/$(uname -r)/build/arch/x86/include/uapi \
	-I/lib/modules/$(uname -r)/build/arch/x86/include/generated \
	-c -O2 -g -target bpf \
	ebpf/main.c \
	-o ebpf/bin/probe_syscall_wrapper.o
go run github.com/shuLhan/go-bindata/cmd/go-bindata -pkg assets -prefix "ebpf/bin" -o "pkg/assets/probe.go" "ebpf/bin/probe_syscall_wrapper.o" "ebpf/bin/probe.o"
go: downloading github.com/shuLhan/go-bindata v4.0.0+incompatible
go generate ./...
go: downloading github.com/DataDog/ebpf-manager v0.0.0-20220725144023-e4b26003498c
go: downloading github.com/DataDog/gopsutil v1.1.0
go: downloading github.com/mailru/easyjson v0.7.7
go: downloading github.com/sirupsen/logrus v1.8.1
go: downloading github.com/pkg/errors v0.9.1
go: downloading golang.org/x/sys v0.5.0
go: downloading github.com/google/gopacket v1.1.19
go: downloading github.com/DataDog/btf-internals v0.0.0-20220510090419-14c22a91224c
go: downloading gopkg.in/yaml.v3 v3.0.1
go: downloading github.com/acobaugh/osrelease v0.1.0
go: downloading github.com/cilium/ebpf v0.9.0
go: downloading github.com/spf13/cobra v1.5.0
go: downloading github.com/lorenzosaino/go-sysctl v0.3.1
go: downloading github.com/smira/go-xz v0.0.0-20220607140411-c2a07d4bedda
go: downloading kernel.org/pub/linux/libs/security/libcap/cap v1.2.65
go: downloading golang.org/x/net v0.7.0
go: downloading github.com/josharian/intern v1.0.0
go: downloading github.com/spf13/pflag v1.0.5
go: downloading github.com/avast/retry-go v3.0.0+incompatible
go: downloading github.com/hashicorp/go-multierror v1.1.1
go: downloading github.com/vishvananda/netlink v1.2.0-beta.0.20220404152918-5e915e014938
go: downloading github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74
go: downloading github.com/cihub/seelog v0.0.0-20170130134532-f561c5e57575
go: downloading kernel.org/pub/linux/libs/security/libcap/psx v1.2.65
go: downloading github.com/hashicorp/errwrap v1.1.0
go: downloading golang.org/x/tools v0.1.11
go: downloading golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4
stringer: internal error: package "fmt" without types was imported from "github.com/Gui774ume/krie/pkg/krie/events"
exit status 1
pkg/krie/events/ia32_syscalls.go:17: running "go": exit status 1
make: *** [Makefile:45: generate] Error 1

Is this an error in KRIE's code or a stringer problem?

Thanks!

BTF parsing leads to errors "can't read types: type id 5215: unknown kind: Unknown (19)"

Hey @Gui774ume 👋

I tried to run KRIE on different Linux distributions with different kernels. Sometimes there occur errors like:

Error: couldn't start: couldn't load kernel BTF specs, please try to provide one in the configuration: couldn't load /tmp/6.6.2-arch1-1.btf.tar.xz: can't read types: type id 5215: unknown kind: Unknown (19)

Error: couldn't start: couldn't load kernel BTF specs, please try to provide one in the configuration: couldn't load /tmp/6.5.12-200.fc38.x86_64.btf.tar.xz: can't read types: type id 1927: unknown kind: Unknown (19)

Error: couldn't start: couldn't load kernel BTF specs, please try to provide one in the configuration: couldn't load /tmp/6.5.12-300.fc39.x86_64.btf.tar.xz: can't read types: type id 1973: unknown kind: Unknown (19)

Error: couldn't start: couldn't load kernel BTF specs, please try to provide one in the configuration: couldn't load /tmp/6.5.0-kali3-amd64.btf.tar.xz: can't read types: type id 7392: unknown kind: Unknown (19)

Error: couldn't start: couldn't load kernel BTF specs, please try to provide one in the configuration: couldn't load /tmp/6.6.2-1-default.btf.tar.xz: can't read types: type id 6568: unknown kind: Unknown (19)

Error: couldn't start: couldn't load kernel BTF specs, please try to provide one in the configuration: couldn't load /tmp/5.14.0-386.el9.x86_64.btf.tar.xz: can't read types: type id 2747: unknown kind: Unknown (19)

Error: couldn't start: couldn't load kernel BTF specs, please try to provide one in the configuration: couldn't load /tmp/6.1.0-13-amd64.btf.tar.xz: can't read types: type id 8989: unknown kind: Unknown (19)

Error: couldn't start: couldn't load kernel BTF specs, please try to provide one in the configuration: couldn't load /tmp/5.14.0-362.8.1.el9_3.x86_64.btf.tar.xz: can't read types: type id 3058: unknown kind: Unknown (19)

I attached the BTF files for reproduction.

Maybe you find the time to have a look :)

Thanks!
btf.zip

EDIT: torvalds/linux@6089fb3 BTF_KIND_ENUM64 = 19 was added there...

EDIT 2: probably, this should be fixed here: https://github.com/DataDog/btf-internals/blob/main/btf/btf_types.go#L15
Here is already a fixed version: https://github.com/cilium/ebpf/blob/0247b789ad7ebf30d36854658e12fbe020ca527b/btf/btf_types.go#L44

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.

Jobs

Jooble