bytehound icon indicating copy to clipboard operation
bytehound copied to clipboard

Published 20 hours ago verified publisher icon koute

getting `PR_SET_VMA_ANON_NAME is not supported` even though Linux 5.17+

Open dlyongemallo opened this issue 9 months ago • 5 comments

OS (uname -r): 6.1.0-30-amd64

Running the following:

$ export MEMORY_PROFILER_LOG=warn
$ LD_PRELOAD=./libbytehound.so ./your_application

This results in the error: bytehound: 15ad0e 15ad0e WRN PR_SET_VMA_ANON_NAME is not supported (Linux 5.17+ required); will try to emulate in userspace

Note: bytebound was working on the same machine a few months ago. In the meantime, the kernel version was updated. I needed to run it again, and noticed it no longer works.

dlyongemallo avatar Feb 05 '25 08:02 dlyongemallo

I guess this may be the same issue as #127, except that the Linux version in my case actually meets the stated requirement.

dlyongemallo avatar Feb 05 '25 08:02 dlyongemallo

My guess is that your kernel has CONFIG_ANON_VMA_NAME config knob disabled, in which case you'd have to recompile it (or switch to a better Linux distribution).

koute avatar Feb 05 '25 08:02 koute

The error can be worked around by simply commenting out these lines:

        let is_supported = crate::syscall::pr_set_vma_anon_name( pointer, 4096, b"test\0" );
        crate::syscall::munmap( pointer, 4096 );

        if !is_supported {
            warn!( "PR_SET_VMA_ANON_NAME is not supported (Linux 5.17+ required); will try to emulate in userspace" );
            PR_SET_VMA_ANON_NAME_SUPPORTED = false;
        }

I'm not sure if there are any ill effects, but the program seems to work as before otherwise.

dlyongemallo avatar Feb 05 '25 09:02 dlyongemallo

My guess is that your kernel has CONFIG_ANON_VMA_NAME config knob disabled, in which case you'd have to recompile it (or switch to a better Linux distribution).

How can I tell if this config is enabled or not on my kernel?

Also, bytehound was working on the same machine a few months ago, and the only thing I've done is update the kernel using apt upgrade. Could that config have changed between kernel versions?

dlyongemallo avatar Feb 05 '25 09:02 dlyongemallo

How can I tell if this config is enabled or not on my kernel?

Often there's a config file in /boot, but in general this is distro-specific so you need to consult your distro docs.

Could that config have changed between kernel versions?

Yes, it's possible they disabled it (maybe because they thought no one needs it).

koute avatar Feb 05 '25 10:02 koute

According to my research, distro support for CONFIG_ANON_VMA_NAME is currently spotty:

  • Debian 12 & 13 has it disabled
  • Ubuntu 24.04 has it enabled
  • WSL Ubuntu 24.04 has it disabled (and the kernel is too old to support it too)
  • Fedora 42 has it disabled
  • Arch Linux has it enabled
  • Void Linux has it enabled
  • Raspberry Pi OS has it disabled
  • Google's Container-Optimized OS has it disabled
  • Android has it enabled

DCNick3 avatar Aug 20 '25 21:08 DCNick3