Created attachment 905081 [details] build.log Trying to compile systemd-256.6 with bpf enabled but it always fails. My global system info > emerge --info Portage 3.0.66.1 (python 3.12.7-final-0, default/linux/amd64/23.0/desktop/plasma/systemd, gcc-14, glibc-2.40-r4, 6.10.10-zen1 x86_64) ================================================================= System uname: Linux-6.10.10-zen1-x86_64-AMD_Ryzen_7_1700X_Eight-Core_Processor-with-glibc2.40 KiB Mem: 16290048 total, 2887568 free KiB Swap: 12582908 total, 10554356 free Timestamp of repository gentoo: Sun, 06 Oct 2024 16:00:01 +0000 Head commit of repository gentoo: 89de13ab4bad1ae327baf8624d1890d497434e58 Head commit of repository brave-overlay: cd7938f6c0be52656b3e1902a16bc7cc7ad2d27e Timestamp of repository calculate: Fri, 04 Oct 2024 10:33:24 +0000 Head commit of repository calculate: 4f7cacee392509cdfb28c4c326dbccd55c443bea Timestamp of repository java: Wed, 02 Oct 2024 09:19:05 +0000 Head commit of repository java: 53021b4b02a61d1b8d60c80944f1997bd89fb91c Timestamp of repository kde: Sat, 05 Oct 2024 21:48:20 +0000 Head commit of repository kde: 2bf4cd79b3e594c7b5fd77f7d2f3ca7519aa5d09 Head commit of repository kubler: f27332ead5b440c6fdddc24ca19407189a8701fb Timestamp of repository qt: Sun, 08 Sep 2024 18:36:41 +0000 Head commit of repository qt: 11a7cd8e7447586b6106f02bf6f9ac4934f9375c Timestamp of repository steam-overlay: Tue, 01 Oct 2024 20:48:55 +0000 Head commit of repository steam-overlay: b299cf5b58600d0c055253a5e590189aa414c3a0 Timestamp of repository wayland-desktop: Tue, 01 Oct 2024 20:49:00 +0000 Head commit of repository wayland-desktop: 93fb915253acbeff328f87c50de8ff881fce7c8e Timestamp of repository guru: Fri, 04 Oct 2024 10:33:25 +0000 Head commit of repository guru: 7dc7e51ed084621d9b0378d75adf0724a4677826 sh bash 5.2_p37 ld GNU ld (Gentoo 2.43 p2) 2.43.1 app-misc/pax-utils: 1.3.8::gentoo app-shells/bash: 5.2_p37::gentoo dev-build/autoconf: 2.13-r8::gentoo, 2.72-r1::gentoo dev-build/automake: 1.17-r1::gentoo dev-build/cmake: 3.30.4::gentoo dev-build/libtool: 2.5.3::gentoo dev-build/make: 4.4.1-r100::gentoo dev-build/meson: 1.5.2::gentoo dev-java/java-config: 2.3.4::gentoo dev-lang/perl: 5.40.0::gentoo dev-lang/python: 3.11.10_p1::gentoo, 3.12.7_p1::gentoo, 3.13.0_rc3::gentoo dev-lang/rust: 1.81.0::gentoo sys-apps/baselayout: 2.15::gentoo sys-apps/sandbox: 2.39::gentoo sys-apps/systemd: 256.6::gentoo sys-devel/binutils: 2.43-r1::gentoo sys-devel/binutils-config: 5.5.2::gentoo sys-devel/clang: 18.1.8::gentoo, 19.1.1::gentoo sys-devel/gcc: 14.2.1_p20240921::gentoo sys-devel/gcc-config: 2.11::gentoo sys-devel/lld: 18.1.8::gentoo, 19.1.1::gentoo sys-devel/llvm: 18.1.8-r4::gentoo, 19.1.1::gentoo sys-kernel/linux-headers: 6.10::gentoo (virtual/os-headers) sys-libs/glibc: 2.40-r4::gentoo Repositories: gentoo location: /var/db/repos/gentoo sync-type: rsync sync-uri: rsync://rsync.gentoo.org/gentoo-portage priority: -1000 volatile: False sync-rsync-verify-max-age: 24 sync-rsync-extra-opts: --new-compress sync-rsync-verify-jobs: 16 sync-rsync-verify-metamanifest: yes brave-overlay location: /var/db/repos/brave-overlay sync-type: git sync-uri: https://gitlab.com/jason.oliveira/brave-overlay.git masters: gentoo volatile: False calculate location: /var/db/repos/calculate sync-type: git sync-uri: https://github.com/gentoo-mirror/calculate.git masters: gentoo volatile: False java location: /var/db/repos/java sync-type: git sync-uri: https://github.com/gentoo-mirror/java.git masters: gentoo volatile: False kde location: /var/db/repos/kde sync-type: git sync-uri: https://github.com/gentoo-mirror/kde.git masters: gentoo volatile: False kubler location: /var/db/repos/kubler sync-type: git sync-uri: https://github.com/edannenberg/kubler-overlay/ masters: gentoo volatile: False qt location: /var/db/repos/qt sync-type: git sync-uri: https://github.com/gentoo-mirror/qt.git masters: gentoo volatile: False shaumux location: /var/db/repos/shaumux masters: gentoo volatile: False steam-overlay location: /var/db/repos/steam-overlay sync-type: git sync-uri: https://github.com/gentoo-mirror/steam-overlay.git masters: gentoo volatile: False wayland-desktop location: /var/db/repos/wayland-desktop sync-type: git sync-uri: https://github.com/gentoo-mirror/wayland-desktop.git masters: gentoo volatile: False guru location: /var/db/repos/guru sync-type: git sync-uri: https://github.com/gentoo-mirror/guru.git masters: gentoo priority: 100 volatile: False ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="*" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=native -ftree-vectorize -fomit-frame-pointer -ftree-loop-distribution -fgraphite-identity -floop-nest-optimize -O2 -pipe -flto=7 -Werror=odr -Werror=lto-type-mismatch -Werror=strict-aliasing" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/lib64/libreoffice/program/sofficerc /usr/share/config /usr/share/gnupg/qualified.txt" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d" CXXFLAGS="-march=native -ftree-vectorize -fomit-frame-pointer -ftree-loop-distribution -fgraphite-identity -floop-nest-optimize -O2 -pipe -flto=7 -Werror=odr -Werror=lto-type-mismatch -Werror=strict-aliasing" DISTDIR="/var/cache/distfiles" ENV_UNSET="CARGO_HOME DBUS_SESSION_BUS_ADDRESS DISPLAY GDK_PIXBUF_MODULE_FILE GOBIN GOPATH PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR XDG_STATE_HOME" FCFLAGS="-march=native -ftree-vectorize -fomit-frame-pointer -ftree-loop-distribution -fgraphite-identity -floop-nest-optimize -O2 -pipe -flto=7 -Werror=odr -Werror=lto-type-mismatch -Werror=strict-aliasing" FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs binpkg-multi-instance buildpkg-live config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync merge-wait multilib-strict network-sandbox news parallel-fetch pid-sandbox pkgdir-index-trusted preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-march=native -ftree-vectorize -fomit-frame-pointer -ftree-loop-distribution -fgraphite-identity -floop-nest-optimize -O2 -pipe -flto=7 -Werror=odr -Werror=lto-type-mismatch -Werror=strict-aliasing" GENTOO_MIRRORS="http://distfiles.gentoo.org" LANG="en_IE.UTF-8" LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,-z,pack-relative-relocs -fuse-ld=mold" LEX="flex" MAKEOPTS="-j10" PKGDIR="/var/cache/binpkgs" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_EXTRA_OPTS="--new-compress" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git" PORTAGE_TMPDIR="/var/tmp" SHELL="/bin/zsh" USE="X a52 aac acl acpi activities alsa amd64 apparmor appstream avif bluetooth branding bzip2 cairo cdda cdr cet colord crypt cups dbus declarative dri dts dvd dvdr encode exif flac flatpak gdbm gif gpm gtk gtk4 gui heif ibus iconv icu ipv6 jit jpeg kde keyring kf6compat kwallet lcms libnotify libtirpc lm_sensors lto mad mmx mng modules-compress modules-sign mp3 mp4 mpeg mtp multilib ncurses networkmanager nls ogg opengl openmp pam pango pcre pdf pipewire plasma png policykit postgres ppds pulseaudio qml qt6 readline samba screencast sdl seccomp semantic-desktop sound spell sse sse2 ssl startup-notification svg systemd test-rust tiff tpm truetype udev udisks unicode upnp upower usb vaapi vorbis vulkan wayland webp widgets wxwidgets x264 xattr xcb xft xml xvid zlib zsh-completion" ABI_X86="32 64" ADA_TARGET="gcc_12" AMDGPU_TARGETS="gfx1031" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_anon authn_dbm authn_file authz_dbm authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir env expires ext_filter file_cache filter headers include info log_config logio mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx avx2 f16c fma3 mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3 pclmul sha" CURL_QUIC="openssl" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 ntrip navcom oceanserver oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 tsip tripmate tnt ublox" GUILE_SINGLE_TARGET="3-0" GUILE_TARGETS="3-0" INPUT_DEVICES="libinput" KERNEL="linux" L10N="en en-US en-GB" LCD_DEVICES="bayrad cfontz glk hd44780 lb216 lcdm001 mtxorb text" LLVM_TARGETS="AMDGPU" LUA_SINGLE_TARGET="lua5-1" LUA_TARGETS="lua5-1" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php8-2" POSTGRES_TARGETS="postgres16" PYTHON_SINGLE_TARGET="python3_12" PYTHON_TARGETS="python3_12" QEMU_SOFTMMU_TARGETS="x86_64 aarch64" QEMU_USER_TARGETS="x86_64 aarch64" RUBY_TARGETS="ruby32" VIDEO_CARDS="vesa radeonsi amdgpu fbdev" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipp2p iface geoip fuzzy condition tarpit sysrq proto logmark ipmark dhcpmac delude chaos account" Unset: ADDR2LINE, AR, ARFLAGS, AS, ASFLAGS, CC, CCLD, CONFIG_SHELL, CPP, CPPFLAGS, CTARGET, CXX, CXXFILT, ELFEDIT, EMERGE_DEFAULT_OPTS, EXTRA_ECONF, F77FLAGS, FC, GCOV, GPROF, INSTALL_MASK, LC_ALL, LD, LFLAGS, LIBTOOL, LINGUAS, MAKE, MAKEFLAGS, NM, OBJCOPY, OBJDUMP, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PYTHONPATH, RANLIB, READELF, RUSTFLAGS, SIZE, STRINGS, STRIP, YACC, YFLAGS I tried with base cflags as well, still have the same error
Using libbpf-1.4.5 (https://forums.gentoo.org/viewtopic-p-8842383.html#8842383): FAILED: src/nsresourced/bpf/userns_restrict/userns-restrict.bpf.unstripped.o /usr/bin/bpf-unknown-none-gcc -std=gnu11 -fno-stack-protector -fno-ssa-phiopt -O2 -mcpu=v3 -mco-re -gbtf -c -D__x86_64__ -mlittle-endian -I. -isystem /usr/include/x86_64-pc-linux-gnu -idirafter /usr/include ../systemd-256.6/src/nsresourced/bpf/userns_restrict/userns-restrict.bpf.c -o src/nsresourced/bpf/userns_restrict/userns-restrict.bpf.unstripped.o -I/var/tmp/portage/sys-apps/systemd-256.6/work/systemd-256.6-abi_x86_64.amd64 ../systemd-256.6/src/nsresourced/bpf/userns_restrict/userns-restrict.bpf.c: In function 'validate_inode_on_mount': ../systemd-256.6/src/nsresourced/bpf/userns_restrict/userns-restrict.bpf.c:81: error: assignment to 'struct user_namespace *' from incompatible pointer type 'struct user_namespace___9 *' [-Wincompatible-pointer-types] 81 | mount_userns = m->mnt_ns->user_ns; ../systemd-256.6/src/nsresourced/bpf/userns_restrict/userns-restrict.bpf.c:85: error: assignment to 'struct user_namespace *' from incompatible pointer type 'struct user_namespace___162 *' [-Wincompatible-pointer-types] 85 | task_userns = task->cred->user_ns; ../systemd-256.6/src/nsresourced/bpf/userns_restrict/userns-restrict.bpf.c: In function 'validate_path': ../systemd-256.6/src/nsresourced/bpf/userns_restrict/userns-restrict.bpf.c:127: error: assignment to 'struct inode *' from incompatible pointer type 'struct inode___16 *' [-Wincompatible-pointer-types] 127 | inode = path->dentry->d_inode;
The code is kind of new: https://github.com/systemd/systemd/commit/7a5edb07956841492b23a8a39a36f9286efd51ef#diff-0498e3d4fdb1b5cd3eb9e1ed388f125eb8275e339a0f8595654c0da70e783930R66 (in 256).
In the build directory (/var/tmp/portage/sys-apps/systemd-256.6/work/systemd-256.6-abi_x86_64.amd64), can you run: /usr/bin/bpf-unknown-none-gcc -std=gnu11 -fno-stack-protector -fno-ssa-phiopt -O2 -mcpu=v3 -mco-re -gbtf -c -D__x86_64__ -mlittle-endian -I. -isystem /usr/include/x86_64-pc-linux-gnu -idirafter /usr/include ../systemd-256.6/src/nsresourced/bpf/userns_restrict/userns-restrict.bpf.c -o src/nsresourced/bpf/userns_restrict/userns-restrict.bpf.unstripped.o -I/var/tmp/portage/sys-apps/systemd-256.6/work/systemd-256.6-abi_x86_64.amd64 -save-temps and then upload ./src/nsresourced/bpf/userns_restrict/userns-restrict.bpf.unstripped.i Thanks. I can't yet reproduce it.
Couldn't upload here, since it's too big so here's the link - https://file.io/ABdhwM2gjr72 But also got the following errors trying to generate the file ../systemd-256.6/src/nsresourced/bpf/userns_restrict/userns-restrict.bpf.c: In function 'validate_inode_on_mount': ../systemd-256.6/src/nsresourced/bpf/userns_restrict/userns-restrict.bpf.c:81: error: assignment to 'struct user_namespace *' from incompatible pointer type 'struct user_namespace___9 *' [-Wincompatible-pointer-types] 81 | mount_userns = m->mnt_ns->user_ns; ../systemd-256.6/src/nsresourced/bpf/userns_restrict/userns-restrict.bpf.c:85: error: assignment to 'struct user_namespace *' from incompatible pointer type 'struct user_namespace___162 *' [-Wincompatible-pointer-types] 85 | task_userns = task->cred->user_ns; ../systemd-256.6/src/nsresourced/bpf/userns_restrict/userns-restrict.bpf.c: In function 'validate_path': ../systemd-256.6/src/nsresourced/bpf/userns_restrict/userns-restrict.bpf.c:127: error: assignment to 'struct inode *' from incompatible pointer type 'struct inode___16 *' [-Wincompatible-pointer-types] 127 | inode = path->dentry->d_inode;
That link doesn't work for me ("The transfer you requested has been deleted.") -- can you upload it compressed here?
Sorry, tried uploading compressed and too big. Here's a dropbox link - https://www.dropbox.com/scl/fi/qhjjh3z82crwqque0q6p4/userns-restrict.bpf.unstripped.i.zst?rlkey=v1kqgnxnxtflfu3bm33kfp4nl&st=rxbig6b7&dl=0 Hopefully this time it works
Thanks, got it. Ours are surprisingly different! For example (RHS is mine)... ``` -typedef int fs_param_type___25(struct p_log *, const struct fs_parameter_spec *, struct fs_parameter___6 *, struct fs_parse_result *); +typedef void (*btf_trace_xfs_buf_submit)(void *, struct xfs_buf *, long unsigned int); ``` I wonder what happens if you rebuild bpftool? (Maybe try with your normal flags, then if systemd fails still, try the basic ones)?
The difference wrt. the function prototypes makes me think that maybe the kernel BTF is missing or broken?
Would it depend on the running kernel? I was under the impression that the `linux-headers` were the only requirement to compile. I can upload my kernel config if that's helpful
At runtime, bpftool (which is used while building systemd) needs access to BPF from the running kernel. Yes, please upload the current kernel config, thanks
Created attachment 905106 [details] Kernel config Added the kernel config, also compiled bpftool with the base flags and tried again the last step, here's the output - https://www.dropbox.com/scl/fi/x08qj62xkzu91iogkc0py/base-flags-userns-restrict.bpf.unstripped.i.zst?rlkey=3fiixi2x3bxw6v4g6ansqinh2&st=9ug0brzo&dl=0
(In reply to Shaumyadeep Chaudhuri from comment #11) > Created attachment 905106 [details] > Kernel config CONFIG_DEBUG_INFO_BTF=y so that's good...or not, since it should work. :/ Really no idea why the symbols are botched.
Would the compile also depend on `DWARF` info? If it makes any difference, the pahole version i have is dev-util/pahole-1.27-r1::gentoo
(In reply to Shaumyadeep Chaudhuri from comment #13) > Would the compile also depend on `DWARF` info? I see you do not have CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT set, but instead only CONFIG_DEBUG_INFO_DWARF5. I don't know if that could be the reason, maybe Sam can share his config. Unfortunately I cannot really help reproduce this either since I only have split-usr systems and the systemd ebuild refuses to build - sorry. > If it makes any difference, the pahole version i have is > dev-util/pahole-1.27-r1::gentoo That's OK and should work.
So I tried with `gentoo-kernel-bin` and was able to successfully compile, so it's definitely related to the kernel. Could it be the kernel config or could it be becasue i'm compiling the kernel with gcc-14?
I edited the ebuild to pass -Dbpf-compiler=clang instead of -Dbpf-compiler=gcc and rebuilt with clang as the active toolchain. It installed fine, though it emitted the QA warning > ../systemd-256.7/src/nsresourced/bpf/userns_restrict/userns-restrict.bpf.c:81:22: warning: > incompatible pointer types assigning to 'struct user_namespace *' from > 'struct user_namespace___44 *' [-Wincompatible-pointer-types]" So clang treats it as a warning while gcc treats it as an error. Furthermore, according to https://nakryiko.com/posts/bpf-core-reference-guide/#handling-incompatible-field-and-type-changes > For any type, field, enum, or enumerator, if the entity's name contains > a suffix of the form ___something (three underscores plus some text after > it), such name suffix is ignored for the purposes of CO-RE relocation as > if it was never there. > > This means that if you were to define a struct task_struct___my_own_copy and > use it in your BPF application, as far as BPF CO-RE is concerned, that struct > is equivalent to the kernel struct task_struct and will be matched and > relocated accordingly. Though I haven't tested it, this seems to imply that such a conversion is benign.
(In reply to Peter Levine from comment #16) > So clang treats it as a warning while gcc treats it as an error. > Clang intends to promote it to an error: https://github.com/llvm/llvm-project/issues/74605.
