Bug 941120

Summary:	sys-apps/systemd-256.6 fails with bpf useflag enabled
Product:	Gentoo Linux	Reporter:	Shaumyadeep Chaudhuri <shaumya>
Component:	Current packages	Assignee:	Gentoo systemd Team <systemd>
Status:	UNCONFIRMED ---
Severity:	normal	CC:	holger, plevine457, shaumya
Priority:	Normal
Version:	unspecified
Hardware:	AMD64
OS:	Linux
See Also:	https://bugs.gentoo.org/show_bug.cgi?id=941185
Whiteboard:
Package list:		Runtime testing required:	---
Attachments:	build.log Kernel config

Description Shaumyadeep Chaudhuri 2024-10-07 13:34:10 UTC

Created attachment 905081 [details]
build.log

Trying to compile systemd-256.6 with bpf enabled but it always fails.

My global system info

> emerge --info
Portage 3.0.66.1 (python 3.12.7-final-0, default/linux/amd64/23.0/desktop/plasma/systemd, gcc-14, glibc-2.40-r4, 6.10.10-zen1 x86_64)
=================================================================
System uname: Linux-6.10.10-zen1-x86_64-AMD_Ryzen_7_1700X_Eight-Core_Processor-with-glibc2.40
KiB Mem:    16290048 total,   2887568 free
KiB Swap:   12582908 total,  10554356 free
Timestamp of repository gentoo: Sun, 06 Oct 2024 16:00:01 +0000
Head commit of repository gentoo: 89de13ab4bad1ae327baf8624d1890d497434e58
Head commit of repository brave-overlay: cd7938f6c0be52656b3e1902a16bc7cc7ad2d27e

Timestamp of repository calculate: Fri, 04 Oct 2024 10:33:24 +0000
Head commit of repository calculate: 4f7cacee392509cdfb28c4c326dbccd55c443bea

Timestamp of repository java: Wed, 02 Oct 2024 09:19:05 +0000
Head commit of repository java: 53021b4b02a61d1b8d60c80944f1997bd89fb91c

Timestamp of repository kde: Sat, 05 Oct 2024 21:48:20 +0000
Head commit of repository kde: 2bf4cd79b3e594c7b5fd77f7d2f3ca7519aa5d09

Head commit of repository kubler: f27332ead5b440c6fdddc24ca19407189a8701fb

Timestamp of repository qt: Sun, 08 Sep 2024 18:36:41 +0000
Head commit of repository qt: 11a7cd8e7447586b6106f02bf6f9ac4934f9375c

Timestamp of repository steam-overlay: Tue, 01 Oct 2024 20:48:55 +0000
Head commit of repository steam-overlay: b299cf5b58600d0c055253a5e590189aa414c3a0

Timestamp of repository wayland-desktop: Tue, 01 Oct 2024 20:49:00 +0000
Head commit of repository wayland-desktop: 93fb915253acbeff328f87c50de8ff881fce7c8e

Timestamp of repository guru: Fri, 04 Oct 2024 10:33:25 +0000
Head commit of repository guru: 7dc7e51ed084621d9b0378d75adf0724a4677826

sh bash 5.2_p37
ld GNU ld (Gentoo 2.43 p2) 2.43.1
app-misc/pax-utils:        1.3.8::gentoo
app-shells/bash:           5.2_p37::gentoo
dev-build/autoconf:        2.13-r8::gentoo, 2.72-r1::gentoo
dev-build/automake:        1.17-r1::gentoo
dev-build/cmake:           3.30.4::gentoo
dev-build/libtool:         2.5.3::gentoo
dev-build/make:            4.4.1-r100::gentoo
dev-build/meson:           1.5.2::gentoo
dev-java/java-config:      2.3.4::gentoo
dev-lang/perl:             5.40.0::gentoo
dev-lang/python:           3.11.10_p1::gentoo, 3.12.7_p1::gentoo, 3.13.0_rc3::gentoo
dev-lang/rust:             1.81.0::gentoo
sys-apps/baselayout:       2.15::gentoo
sys-apps/sandbox:          2.39::gentoo
sys-apps/systemd:          256.6::gentoo
sys-devel/binutils:        2.43-r1::gentoo
sys-devel/binutils-config: 5.5.2::gentoo
sys-devel/clang:           18.1.8::gentoo, 19.1.1::gentoo
sys-devel/gcc:             14.2.1_p20240921::gentoo
sys-devel/gcc-config:      2.11::gentoo
sys-devel/lld:             18.1.8::gentoo, 19.1.1::gentoo
sys-devel/llvm:            18.1.8-r4::gentoo, 19.1.1::gentoo
sys-kernel/linux-headers:  6.10::gentoo (virtual/os-headers)
sys-libs/glibc:            2.40-r4::gentoo
Repositories:

gentoo
    location: /var/db/repos/gentoo
    sync-type: rsync
    sync-uri: rsync://rsync.gentoo.org/gentoo-portage
    priority: -1000
    volatile: False
    sync-rsync-verify-max-age: 24
    sync-rsync-extra-opts: --new-compress
    sync-rsync-verify-jobs: 16
    sync-rsync-verify-metamanifest: yes

brave-overlay
    location: /var/db/repos/brave-overlay
    sync-type: git
    sync-uri: https://gitlab.com/jason.oliveira/brave-overlay.git
    masters: gentoo
    volatile: False

calculate
    location: /var/db/repos/calculate
    sync-type: git
    sync-uri: https://github.com/gentoo-mirror/calculate.git
    masters: gentoo
    volatile: False

java
    location: /var/db/repos/java
    sync-type: git
    sync-uri: https://github.com/gentoo-mirror/java.git
    masters: gentoo
    volatile: False

kde
    location: /var/db/repos/kde
    sync-type: git
    sync-uri: https://github.com/gentoo-mirror/kde.git
    masters: gentoo
    volatile: False

kubler
    location: /var/db/repos/kubler
    sync-type: git
    sync-uri: https://github.com/edannenberg/kubler-overlay/
    masters: gentoo
    volatile: False

qt
    location: /var/db/repos/qt
    sync-type: git
    sync-uri: https://github.com/gentoo-mirror/qt.git
    masters: gentoo
    volatile: False

shaumux
    location: /var/db/repos/shaumux
    masters: gentoo
    volatile: False

steam-overlay
    location: /var/db/repos/steam-overlay
    sync-type: git
    sync-uri: https://github.com/gentoo-mirror/steam-overlay.git
    masters: gentoo
    volatile: False

wayland-desktop
    location: /var/db/repos/wayland-desktop
    sync-type: git
    sync-uri: https://github.com/gentoo-mirror/wayland-desktop.git
    masters: gentoo
    volatile: False

guru
    location: /var/db/repos/guru
    sync-type: git
    sync-uri: https://github.com/gentoo-mirror/guru.git
    masters: gentoo
    priority: 100
    volatile: False

ACCEPT_KEYWORDS="amd64 ~amd64"
ACCEPT_LICENSE="*"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=native -ftree-vectorize -fomit-frame-pointer -ftree-loop-distribution -fgraphite-identity -floop-nest-optimize -O2 -pipe -flto=7 -Werror=odr -Werror=lto-type-mismatch -Werror=strict-aliasing"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/lib64/libreoffice/program/sofficerc /usr/share/config /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d"
CXXFLAGS="-march=native -ftree-vectorize -fomit-frame-pointer -ftree-loop-distribution -fgraphite-identity -floop-nest-optimize -O2 -pipe -flto=7 -Werror=odr -Werror=lto-type-mismatch -Werror=strict-aliasing"
DISTDIR="/var/cache/distfiles"
ENV_UNSET="CARGO_HOME DBUS_SESSION_BUS_ADDRESS DISPLAY GDK_PIXBUF_MODULE_FILE GOBIN GOPATH PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR XDG_STATE_HOME"
FCFLAGS="-march=native -ftree-vectorize -fomit-frame-pointer -ftree-loop-distribution -fgraphite-identity -floop-nest-optimize -O2 -pipe -flto=7 -Werror=odr -Werror=lto-type-mismatch -Werror=strict-aliasing"
FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs binpkg-multi-instance buildpkg-live config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync merge-wait multilib-strict network-sandbox news parallel-fetch pid-sandbox pkgdir-index-trusted preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-march=native -ftree-vectorize -fomit-frame-pointer -ftree-loop-distribution -fgraphite-identity -floop-nest-optimize -O2 -pipe -flto=7 -Werror=odr -Werror=lto-type-mismatch -Werror=strict-aliasing"
GENTOO_MIRRORS="http://distfiles.gentoo.org"
LANG="en_IE.UTF-8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,-z,pack-relative-relocs -fuse-ld=mold"
LEX="flex"
MAKEOPTS="-j10"
PKGDIR="/var/cache/binpkgs"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_EXTRA_OPTS="--new-compress"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/var/tmp"
SHELL="/bin/zsh"
USE="X a52 aac acl acpi activities alsa amd64 apparmor appstream avif bluetooth branding bzip2 cairo cdda cdr cet colord crypt cups dbus declarative dri dts dvd dvdr encode exif flac flatpak gdbm gif gpm gtk gtk4 gui heif ibus iconv icu ipv6 jit jpeg kde keyring kf6compat kwallet lcms libnotify libtirpc lm_sensors lto mad mmx mng modules-compress modules-sign mp3 mp4 mpeg mtp multilib ncurses networkmanager nls ogg opengl openmp pam pango pcre pdf pipewire plasma png policykit postgres ppds pulseaudio qml qt6 readline samba screencast sdl seccomp semantic-desktop sound spell sse sse2 ssl startup-notification svg systemd test-rust tiff tpm truetype udev udisks unicode upnp upower usb vaapi vorbis vulkan wayland webp widgets wxwidgets x264 xattr xcb xft xml xvid zlib zsh-completion" ABI_X86="32 64" ADA_TARGET="gcc_12" AMDGPU_TARGETS="gfx1031" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_anon authn_dbm authn_file authz_dbm authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir env expires ext_filter file_cache filter headers include info log_config logio mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx avx2 f16c fma3 mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3 pclmul sha" CURL_QUIC="openssl" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 ntrip navcom oceanserver oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 tsip tripmate tnt ublox" GUILE_SINGLE_TARGET="3-0" GUILE_TARGETS="3-0" INPUT_DEVICES="libinput" KERNEL="linux" L10N="en en-US en-GB" LCD_DEVICES="bayrad cfontz glk hd44780 lb216 lcdm001 mtxorb text" LLVM_TARGETS="AMDGPU" LUA_SINGLE_TARGET="lua5-1" LUA_TARGETS="lua5-1" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php8-2" POSTGRES_TARGETS="postgres16" PYTHON_SINGLE_TARGET="python3_12" PYTHON_TARGETS="python3_12" QEMU_SOFTMMU_TARGETS="x86_64 aarch64" QEMU_USER_TARGETS="x86_64 aarch64" RUBY_TARGETS="ruby32" VIDEO_CARDS="vesa radeonsi amdgpu fbdev" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipp2p iface geoip fuzzy condition tarpit sysrq proto logmark ipmark dhcpmac delude chaos account"
Unset:  ADDR2LINE, AR, ARFLAGS, AS, ASFLAGS, CC, CCLD, CONFIG_SHELL, CPP, CPPFLAGS, CTARGET, CXX, CXXFILT, ELFEDIT, EMERGE_DEFAULT_OPTS, EXTRA_ECONF, F77FLAGS, FC, GCOV, GPROF, INSTALL_MASK, LC_ALL, LD, LFLAGS, LIBTOOL, LINGUAS, MAKE, MAKEFLAGS, NM, OBJCOPY, OBJDUMP, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PYTHONPATH, RANLIB, READELF, RUSTFLAGS, SIZE, STRINGS, STRIP, YACC, YFLAGS


I tried with base cflags as well, still have the same error

Comment 1 Sam James archtester

2024-10-08 09:35:45 UTC

Using libbpf-1.4.5 (https://forums.gentoo.org/viewtopic-p-8842383.html#8842383):

FAILED: src/nsresourced/bpf/userns_restrict/userns-restrict.bpf.unstripped.o 
/usr/bin/bpf-unknown-none-gcc -std=gnu11 -fno-stack-protector -fno-ssa-phiopt -O2 -mcpu=v3 -mco-re -gbtf -c -D__x86_64__ -mlittle-endian -I. -isystem /usr/include/x86_64-pc-linux-gnu -idirafter /usr/include ../systemd-256.6/src/nsresourced/bpf/userns_restrict/userns-restrict.bpf.c -o src/nsresourced/bpf/userns_restrict/userns-restrict.bpf.unstripped.o -I/var/tmp/portage/sys-apps/systemd-256.6/work/systemd-256.6-abi_x86_64.amd64
../systemd-256.6/src/nsresourced/bpf/userns_restrict/userns-restrict.bpf.c: In function 'validate_inode_on_mount':
../systemd-256.6/src/nsresourced/bpf/userns_restrict/userns-restrict.bpf.c:81: error: assignment to 'struct user_namespace *' from incompatible pointer type 'struct user_namespace___9 *' [-Wincompatible-pointer-types]
   81 |         mount_userns = m->mnt_ns->user_ns;
../systemd-256.6/src/nsresourced/bpf/userns_restrict/userns-restrict.bpf.c:85: error: assignment to 'struct user_namespace *' from incompatible pointer type 'struct user_namespace___162 *' [-Wincompatible-pointer-types]
   85 |         task_userns = task->cred->user_ns;
../systemd-256.6/src/nsresourced/bpf/userns_restrict/userns-restrict.bpf.c: In function 'validate_path':
../systemd-256.6/src/nsresourced/bpf/userns_restrict/userns-restrict.bpf.c:127: error: assignment to 'struct inode *' from incompatible pointer type 'struct inode___16 *' [-Wincompatible-pointer-types]
  127 |         inode = path->dentry->d_inode;

Comment 2 Sam James archtester

2024-10-08 09:40:48 UTC

The code is kind of new: https://github.com/systemd/systemd/commit/7a5edb07956841492b23a8a39a36f9286efd51ef#diff-0498e3d4fdb1b5cd3eb9e1ed388f125eb8275e339a0f8595654c0da70e783930R66 (in 256).

Comment 3 Sam James archtester

2024-10-08 10:00:38 UTC

In the build directory (/var/tmp/portage/sys-apps/systemd-256.6/work/systemd-256.6-abi_x86_64.amd64), can you run:
/usr/bin/bpf-unknown-none-gcc -std=gnu11 -fno-stack-protector -fno-ssa-phiopt -O2 -mcpu=v3 -mco-re -gbtf -c -D__x86_64__ -mlittle-endian -I. -isystem /usr/include/x86_64-pc-linux-gnu -idirafter /usr/include ../systemd-256.6/src/nsresourced/bpf/userns_restrict/userns-restrict.bpf.c -o src/nsresourced/bpf/userns_restrict/userns-restrict.bpf.unstripped.o -I/var/tmp/portage/sys-apps/systemd-256.6/work/systemd-256.6-abi_x86_64.amd64 -save-temps

and then upload
./src/nsresourced/bpf/userns_restrict/userns-restrict.bpf.unstripped.i

Thanks.

I can't yet reproduce it.

Comment 4 Shaumyadeep Chaudhuri 2024-10-08 10:19:04 UTC

Couldn't upload here, since it's too big so here's the link - https://file.io/ABdhwM2gjr72

But also got the following errors trying to generate the file 

../systemd-256.6/src/nsresourced/bpf/userns_restrict/userns-restrict.bpf.c: In function 'validate_inode_on_mount':
../systemd-256.6/src/nsresourced/bpf/userns_restrict/userns-restrict.bpf.c:81: error: assignment to 'struct user_namespace *' from incompatible pointer type 'struct user_namespace___9 *' [-Wincompatible-pointer-types]
   81 |         mount_userns = m->mnt_ns->user_ns;
../systemd-256.6/src/nsresourced/bpf/userns_restrict/userns-restrict.bpf.c:85: error: assignment to 'struct user_namespace *' from incompatible pointer type 'struct user_namespace___162 *' [-Wincompatible-pointer-types]
   85 |         task_userns = task->cred->user_ns;
../systemd-256.6/src/nsresourced/bpf/userns_restrict/userns-restrict.bpf.c: In function 'validate_path':
../systemd-256.6/src/nsresourced/bpf/userns_restrict/userns-restrict.bpf.c:127: error: assignment to 'struct inode *' from incompatible pointer type 'struct inode___16 *' [-Wincompatible-pointer-types]
  127 |         inode = path->dentry->d_inode;

Comment 5 Sam James archtester

2024-10-08 10:21:19 UTC

That link doesn't work for me ("The transfer you requested has been deleted.") -- can you upload it compressed here?

Comment 6 Shaumyadeep Chaudhuri 2024-10-08 10:26:37 UTC

Sorry, tried uploading compressed and too big.
Here's a dropbox link - https://www.dropbox.com/scl/fi/qhjjh3z82crwqque0q6p4/userns-restrict.bpf.unstripped.i.zst?rlkey=v1kqgnxnxtflfu3bm33kfp4nl&st=rxbig6b7&dl=0

Hopefully this time it works

Comment 7 Sam James archtester

2024-10-08 10:37:13 UTC

Thanks, got it.

Ours are surprisingly different!

For example (RHS is mine)...
```
-typedef int fs_param_type___25(struct p_log *, const struct fs_parameter_spec *, struct fs_parameter___6 *, struct fs_parse_result *);
+typedef void (*btf_trace_xfs_buf_submit)(void *, struct xfs_buf *, long unsigned int);
```

I wonder what happens if you rebuild bpftool? (Maybe try with your normal flags, then if systemd fails still, try the basic ones)?

Comment 8 Holger Hoffstätte 2024-10-08 10:55:44 UTC

The difference wrt. the function prototypes makes me think that maybe the kernel BTF is missing or broken?

Comment 9 Shaumyadeep Chaudhuri 2024-10-08 11:44:51 UTC

Would it depend on the running kernel? I was under the impression that the `linux-headers` were the only requirement to compile.

I can upload my kernel config if that's helpful

Comment 10 Sam James archtester

2024-10-08 11:51:21 UTC

At runtime, bpftool (which is used while building systemd) needs access to BPF from the running kernel.

Yes, please upload the current kernel config, thanks

Comment 11 Shaumyadeep Chaudhuri 2024-10-08 11:59:52 UTC

Created attachment 905106 [details]
Kernel config

Added the kernel config, also compiled bpftool with the base flags and tried again the last step, here's the output 
 - https://www.dropbox.com/scl/fi/x08qj62xkzu91iogkc0py/base-flags-userns-restrict.bpf.unstripped.i.zst?rlkey=3fiixi2x3bxw6v4g6ansqinh2&st=9ug0brzo&dl=0

Comment 12 Holger Hoffstätte 2024-10-08 12:07:47 UTC

(In reply to Shaumyadeep Chaudhuri from comment #11)
> Created attachment 905106 [details]
> Kernel config

CONFIG_DEBUG_INFO_BTF=y so that's good...or not, since it should work. :/
Really no idea why the symbols are botched.

Comment 13 Shaumyadeep Chaudhuri 2024-10-08 12:11:44 UTC

Would the compile also depend on `DWARF` info?
If it makes any difference, the pahole version i have is 
dev-util/pahole-1.27-r1::gentoo

Comment 14 Holger Hoffstätte 2024-10-08 12:18:56 UTC

(In reply to Shaumyadeep Chaudhuri from comment #13)
> Would the compile also depend on `DWARF` info?

I see you do not have CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT set, but instead
only CONFIG_DEBUG_INFO_DWARF5. I don't know if that could be the reason, maybe Sam can share his config.

Unfortunately I cannot really help reproduce this either since I only have split-usr systems and the systemd ebuild refuses to build - sorry.

> If it makes any difference, the pahole version i have is 
> dev-util/pahole-1.27-r1::gentoo

That's OK and should work.

Comment 15 Shaumyadeep Chaudhuri 2024-10-11 22:17:25 UTC

So I tried with `gentoo-kernel-bin` and was able to successfully compile, so it's definitely related to the kernel.

Could it be the kernel config or could it be becasue i'm compiling the kernel with gcc-14?

Comment 16 Peter Levine 2024-10-16 02:34:10 UTC

I edited the ebuild to pass -Dbpf-compiler=clang instead of -Dbpf-compiler=gcc and rebuilt with clang as the active toolchain.  It installed fine, though it emitted the QA warning 
> ../systemd-256.7/src/nsresourced/bpf/userns_restrict/userns-restrict.bpf.c:81:22: warning:
> incompatible pointer types assigning to 'struct user_namespace *' from
> 'struct user_namespace___44 *' [-Wincompatible-pointer-types]"

So clang treats it as a warning while gcc treats it as an error.

Furthermore, according to https://nakryiko.com/posts/bpf-core-reference-guide/#handling-incompatible-field-and-type-changes

> For any type, field, enum, or enumerator, if the entity's name contains
> a suffix of the form ___something (three underscores plus some text after
> it), such name suffix is ignored for the purposes of CO-RE relocation as
> if it was never there.
> 
> This means that if you were to define a struct task_struct___my_own_copy and
> use it in your BPF application, as far as BPF CO-RE is concerned, that struct
> is equivalent to the kernel struct task_struct and will be matched and
> relocated accordingly.

Though I haven't tested it, this seems to imply that such a conversion is benign.

Comment 17 Sam James archtester

2024-10-16 02:49:25 UTC

(In reply to Peter Levine from comment #16)
> So clang treats it as a warning while gcc treats it as an error.
> 

Clang intends to promote it to an error: https://github.com/llvm/llvm-project/issues/74605.