Skip to content

fix(driver): fixed build of old bpf probe against linux 6.15-rc1 [0.20.x cherry-pick] #2713

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 11 commits into
base: release/0.20.x
Choose a base branch
from
Draft

fix(driver): fixed build of old bpf probe against linux 6.15-rc1 [0.20.x cherry-pick] #2713

wants to merge 11 commits into from
+288 −296

Conversation

@irozzo-1A
Copy link
Contributor

@irozzo-1A irozzo-1A commented Nov 7, 2025

What type of PR is this?

Uncomment one (or more) /kind <> lines:

/kind bug

/kind cleanup

/kind design

/kind documentation

/kind failing-test

/kind test

/kind feature

/kind sync

Any specific area of the project related to this PR?

Uncomment one (or more) /area <> lines:

/area API-version

/area build

/area CI

/area driver-kmod

/area driver-bpf

/area driver-modern-bpf

/area libscap-engine-bpf

/area libscap-engine-gvisor

/area libscap-engine-kmod

/area libscap-engine-modern-bpf

/area libscap-engine-nodriver

/area libscap-engine-noop

/area libscap-engine-source-plugin

/area libscap-engine-savefile

/area libscap

/area libpman

/area libsinsp

/area tests

/area proposals

Does this PR require a change in the driver versions?

/version driver-API-version-major

/version driver-API-version-minor

/version driver-API-version-patch

/version driver-SCHEMA-version-major

/version driver-SCHEMA-version-minor

/version driver-SCHEMA-version-patch

What this PR does / why we need it:

Cherry-pick #2341 into release 0.20.x

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

NONE

@FedeDP @irozzo-1A
fix(driver): fixed build of old bpf probe against linux 6.15-rc1.
65dabc9 
Also, fixed modern_ebpf running against the new kernel version.

Signed-off-by: Federico Di Pierro <[email protected]>
@github-actions
Copy link

github-actions bot commented Nov 7, 2025

Please double check driver/SCHEMA_VERSION file. See versioning.

/hold

@codecov
Copy link

codecov bot commented Nov 7, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 71.73913% with 26 lines in your changes missing coverage. Please review.
⚠️ Please upload report for BASE (release/0.20.x@22be249). Learn more about missing BASE report.

Files with missing lines Patch % Lines
...bsinsp/container_engine/container_async_source.tpp 7.69% 24 Missing ⚠️
...serspace/libsinsp/async/async_key_value_source.tpp 96.96% 2 Missing ⚠️
Additional details and impacted files 
@@                Coverage Diff                @@
##             release/0.20.x    #2713   +/-   ##
=================================================
  Coverage                  ?   74.40%           
=================================================
  Files                     ?      276           
  Lines                     ?    33268           
  Branches                  ?     5888           
=================================================
  Hits                      ?    24752           
  Misses                    ?     8516           
  Partials                  ?        0
Flag Coverage Δ
libsinsp 74.40% <71.73%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@poiana
Copy link
Contributor

poiana commented Nov 10, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: irozzo-1A
Once this PR has been reviewed and has the lgtm label, please assign molter73 for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ekoops @irozzo-1A
ci: switch debian:buster apt debian repository URL to snapshot URL
7694fb6 
As buster reached its EOL, the official debian repo URL doesn't
host anymore buster packages info. For this reason, change the URLs
to point to the `20250630T203427Z` snapshot, which still contains
them.

Signed-off-by: Leonardo Di Giovanna <[email protected]>
@irozzo-1A irozzo-1A force-pushed the cherry-pick-615-bpf-fix branch from 6fc756b to 7694fb6 Compare November 10, 2025 19:33
FedeDP and others added 7 commits November 10, 2025 14:49
@FedeDP @irozzo-1A
chore(ci): bump actions/cache version to latest.
084ad7f 
Signed-off-by: Federico Di Pierro <[email protected]>
@FedeDP @irozzo-1A
chore(ci): bump zig version.
50e3302 
Signed-off-by: Federico Di Pierro <[email protected]>
@FedeDP @irozzo-1A
update(ci): bump zig to official 0.14.0 and drop caching
e1c0e34 
Signed-off-by: Federico Di Pierro <[email protected]>
@ekoops @irozzo-1A
fix(ci): fix zig download link
0d5a395 
Signed-off-by: Leonardo Di Giovanna <[email protected]>
@FedeDP @irozzo-1A
update(ci): update zig to 0.14.1.
065da37 
Signed-off-by: Federico Di Pierro <[email protected]>
@irozzo-1A
chore(ci): retry download of zig binary in case of failure
fa368ed 
Add retries to the command used to download the Zig toolchain tarball.
It recently started flaking, indicating the connection is being reset by the
server.

```
curl: (56) OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 104
```

Signed-off-by: Iacopo Rozzo <[email protected]>
@ekoops @irozzo-1A
fix(test/drivers): ignore SO_REUSEPORT setsockopt syscall error
4c98368 
Commit https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=5b0af621c3f6
restricts `SO_REUSEPORT` socket option to inet sockets: this means
that calls to `setsockopt` setting `SO_REUSEPORT` on unix sockets are
not permitted anymore and will fail on any version backporting the
change. For this reason, still perform the call (to account for socket
belonging to inet families) but ignore its return value and hope any
subsequent call to bind is going to succeed.

Signed-off-by: Leonardo Di Giovanna <[email protected]>
@poiana poiana added size/L and removed size/M labels Nov 10, 2025
ekoops and others added 2 commits November 10, 2025 15:24
@ekoops @irozzo-1A
test(drivers/syscall_exit/execveat_x): fix comm assertion
f5ef50c 
`SyscallExit.execveatX_execve_exit_comm_equal_to_fd` test asserts the
`comm` parameter value among the others. For kernel versions lower
than 6.14, if the `AT_EMPTY_PATH` flag is specified while invoking
execveat, the comm value is expected to be set to the dirfd numeric
value. Starting from 6.14 (
torvalds/linux@543841d
), this strange behaviour has been fixed, and the exact same execveat
invocation results in the comm value to be correctly set to the
dentry's filename value. For this reason, account for both scenarios
while testing for the `comm` parameter to match the expectation.

Signed-off-by: Leonardo Di Giovanna <[email protected]>
@irozzo-1A
chore(sinsp): fix formatting of template files
ac0f9de 
Signed-off-by: Iacopo Rozzo <[email protected]>
@poiana poiana added size/XXL and removed size/L labels Nov 10, 2025
@irozzo-1A irozzo-1A marked this pull request as ready for review November 10, 2025 23:46
@poiana poiana requested a review from gnosek November 10, 2025 23:46
@irozzo-1A irozzo-1A requested review from ekoops and leogr November 10, 2025 23:46
@irozzo-1A irozzo-1A mentioned this pull request Nov 11, 2025
Open
@irozzo-1A irozzo-1A marked this pull request as draft November 17, 2025 14:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hbrueckner hbrueckner Awaiting requested review from hbrueckner

@jasondellaluce jasondellaluce Awaiting requested review from jasondellaluce

@gnosek gnosek Awaiting requested review from gnosek

@ekoops ekoops Awaiting requested review from ekoops

@leogr leogr Awaiting requested review from leogr

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

dco-signoff: yes do-not-merge/hold do-not-merge/work-in-progress release-note-none size/XXL

Projects

Falco Roadmap
Status: Todo

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@irozzo-1A @poiana @FedeDP @ekoops