fsm icon indicating copy to clipboard operation
fsm copied to clipboard

Published 20 hours ago verified publisher icon flomesh-io

[backport] build(deps): Bump github.com/cilium/ebpf from 0.19.0 to 0.20.0 (#1171)

Open mergify[bot] opened this issue 1 month ago • 3 comments

Bumps github.com/cilium/ebpf from 0.19.0 to 0.20.0.

Release notes

Sourced from github.com/cilium/ebpf's releases.

v0.20.0

Performance Improvements

  • btf: Memory-map vmlinux BTF when possible instead of copying to heap (saves several megabytes)
  • btf: Decode BTF from byte slices instead of io.Reader for better performance
  • btf: Cache BTF during fixups and target search to avoid loading each blob multiple times
  • linker: Resolve kernel symbols in a single pass instead of individually
  • prog: Speed up opening pinned programs by using minimal program info
  • map: Avoid allocations during PerCPUMap batch lookups (76% faster, 99% fewer allocations)

New Features

  • btf: Added LoadSplitSpec function for easier use of split-BTF files
  • btf: Accept empty string tables in BTF data
  • link: Added Detach() method for explicitly detaching links
  • map: Preliminary support for arena maps
  • map: Parse and expose map_extra field in MapSpec (enables bloom filter configuration)
  • prog: Allow explicit ifindex specification when loading programs
  • prog: Support getting context output from syscall programs
  • prog: Allow passing extra targets for CO-RE relocations via ExtraRelocationTargets
  • bpf2go: Allow multiple commands in BPF2GO_CC environment variable (e.g., ccache clang)
  • tracefs: Allow hyphens in tracepoint group names
  • kallsyms: Return ErrRestrictedKernel when reading zero addresses due to kernel.kptr_restrict
  • info: Return ErrRestrictedKernel when program info is restricted by kernel security settings
  • prog: Tolerate ErrRestrictedKernel during ksym resolution unless ksyms are required

Bugfixes

  • ringbuf: Fixed panic when reading after close
  • btf: Fixed race condition when loading cached kernel/module specs
  • ringbuf: Fixed 32-bit compatibility by using uintptr for positions
  • memory: Set cleanup on *Memory instead of **Memory to fix resource leak
  • link: Fixed concurrent cleanup ordering for perf events and tracefs events

Windows Support Improvements

  • ringbuf: Added Windows support for ring buffer operations
  • windows: Fixed compatibility with recent eBPF for Windows changes (XDP_TEST removal, SAMPLE program type)
  • windows: Enabled Hyper-V support in test VMs
  • program: Added workaround for eBPF for Windows rejecting empty ContextOut

Breaking Changes

ProgramOptions.KernelModuleTypes removed

The KernelModuleTypes field in ProgramOptions has been removed. In 99% of cases this field should not be necessary anymore. Module BTF should be merged into the vmlinux BTF, as tools like btfhub do.

For advanced use cases that still require passing additional BTF specs for CO-RE relocations, use the new ExtraRelocationTargets field:

Before:

... (truncated)

Commits
  • c64ffee struct_ops: skip copy for zeroed nested structs and fail on non-zeroed
  • 843f326 docs: document how to build parts of efW
  • 8f23ed6 map, program: add StructOpsMap support
  • e6e4707 ci: install sample_ebpf_ext to provide BPF_PROG_TYPE_SAMPLE
  • e5c623f windows: deal with removal of XDP_TEST from efW
  • c41a50a program: work around efW rejecting an empty ContextOut
  • 9a014ef kallsyms: return ErrRestrictedKernel when reading zero address
  • 1bfe0bc info: return ErrRestrictedKernel when program info is restricted
  • c27ff92 staticcheck.conf: temporarily disable SA4003
  • e653f17 *: convert "go:generate go run ..." to "go:generate go tool ..."
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
This is an automatic backport of pull request #1171 done by [Mergify](https://mergify.com).

mergify[bot] avatar Nov 03 '25 07:11 mergify[bot]

Cherry-pick of 39a40ac180142eeceba209beee1ef41e3cf6f5a0 has failed:

On branch mergify/bp/release/v1.5/pr-1171
Your branch is up to date with 'origin/release/v1.5'.

You are currently cherry-picking commit 39a40ac.
  (fix conflicts and run "git cherry-pick --continue")
  (use "git cherry-pick --skip" to skip this patch)
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

Changes to be committed:
	modified:   go.sum

Unmerged paths:
  (use "git add <file>..." to mark resolution)
	both modified:   go.mod

To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally

mergify[bot] avatar Nov 03 '25 07:11 mergify[bot]

❗❗❗ All commits in this PR must be signed off. Please sign all commits by:

git rebase HEAD~1 --signoff
git push --force-with-lease origin mergify/bp/release/v1.5/pr-1171

mergify[bot] avatar Nov 03 '25 07:11 mergify[bot]

Merge Protections

Your pull request matches the following merge protections and will not be merged until they are valid.

🔴 Enforce verified commits

This rule is failing.

Make sure that we have verified commits

  • [ ] #commits-unverified = 0

🟢 Enforce conventional commit

Wonderful, this rule succeeded.

Make sure that we follow https://www.conventionalcommits.org/en/v1.0.0/

  • [X] title ~= ^(\[wip\]|\[backport\]|\[cherry-pick\])?( )?(fix|feat|docs|style|refactor|perf|test|build|ci|chore|revert)(?:\(.+\))?:

🟢 Enforce linear history

Wonderful, this rule succeeded.

Make sure that we have a linear history, no merge commits are allowed

  • [X] linear-history

mergify[bot] avatar Nov 03 '25 07:11 mergify[bot]