Quentin Monnet
Quentin Monnet
This should now be fixed by https://github.com/cilium/cilium/pull/20549 (and its v1.12 backport).
So I could reproduce this locally, but I haven't found the cause for the issue so far. ``` $ K8S_VERSION=1.16 NO_CILIUM_ON_NODES=k8s1 KERNEL=49 ginkgo --tags=integration_tests --focus "K8sVerifier Runs the kernel verifier...
Still investigating, still uncertain what's going on. The `bpf()` syscall is here (we don't get `-ENOSYS`, and the related sysctl knob are present - and I can't imagine CONFIG_BPF_SYSCALL being...
I've been playing with the following program: ```c #include #include #include #include #include #include #include #include #include int main(__attribute__((unused))int argc, __attribute__((unused))char **argv) { union bpf_attr attr; struct rlimit rlim; if...
More considerations: - First visible in the CI on 15th June this year. - 99.9% sure it comes from `bpf_map_charge_memlock()` in the case above. I could not trace that particular...
> I thought we did change bpftool not long before Jibi's report? My bad, the bpftool image was updated on June 15th, but is not involved in the failing test...
So I've got a minimal-ish reproducer (tried to shrink it further but didn't manage). When the VM boots, everything works fine. Once the test-verifier pod is up, I can trigger...
The change of state (`-EPERM`) occurs when we remove all the maps as well as the cilium-probe interface (and with it the attached programs) used for testing (this is why...
Quick note while looking at reproducing with a custom kernel: It's not necessary to deploy everything with ginkgo or to install K8s/Cilium, I could quickly reproduce using the base image...
Got it!! This is an underflow on the rlimit counter indeed. Adding `printk()`s to the kernel, I can observe four program loads charged for 6 pages, but then uncharged for...