Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

build(deps): bump github.com/cilium/ebpf from 0.16.0 to 0.17.0 #4563

Merged
merged 1 commit into from
Dec 20, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 19, 2024

Bumps github.com/cilium/ebpf from 0.16.0 to 0.17.0.

Release notes

Sourced from github.com/cilium/ebpf's releases.

Global Variables, Decl Tags, and package pin

As we close the door on the year 2024, we're also wrapping up the ebpf-go v0.17 development cycle. This release represents a large body of work and is our largest feature release since BTF.

Users are, as always, highly encouraged to upgrade, and we're looking forward to hearing your feedback on the new Global Variables API. We've been putting this interface trough its paces internally, along with a few eager community members, and we're ready to let the wider community make use of it.

This release also marks the end of our Go 1.21 support; Go 1.22 is required going forward.

Breaking Changes

Before we get to the fun stuff, we need to call out a few breaking changes:

  • Global variables with a static qualifier can no longer be rewritten using CollectionSpec.RewriteConstants()! See the section on global variables under major features below.

  • program: remove LogSize and VerifierError.Truncated by @​lmb in cilium/ebpf#1526

  • prog: add ProgramOptions.LogSizeStart to obtain full log after verifier bug by @​ti-mo in cilium/ebpf#1630

    The ProgramOptions.LogSize field was deprecated and a no-op since 0.16 and has now been removed completely. In its place, a new field was added to obtain full verifier logs when the verifier hits an internal bug. The ProgramOptions.LogSizeStart field controls the starting size of the log buffer. Use this if you have a good understanding of the log size you're expecting, or if you're trying to pull out the full log when the verifier hits an internal bug. The error string now also contains some hints about what happened and how to handle this situation.

  • map: remove MapSpec.Freeze field by @​ti-mo in cilium/ebpf#1558

  • elf_reader: don't use BPF_F_RDONLY_PROG flag to trigger map freezing by @​ti-mo in cilium/ebpf#1568

    The Freeze field was ambiguous from the start, and has been a source of subtle bugs over the years. Automatic map freezing is now done based solely on map name (.(ro)data prefix). If you were manually setting this flag, consider using a conventional map name instead.

  • info: expose ksym info and func info by ProgramInfo by @​Asphaltt in cilium/ebpf#1576

  • info: expose more prog jited info by @​Asphaltt in cilium/ebpf#1598

    Some ext_info types in package btf were redefined to enable pulling raw func and line infos out of Program.Info(). These were all types without methods and all unexported fields, but calling them out regardless in case someone's doing unintended advanced things with BTF.

  • kallsyms: change Modules caching strategy, cache address lookups by @​ti-mo in cilium/ebpf#1590

    Users attaching bpf programs to kernel symbols should see a marked decrease in allocations made in the library during program creation in the general case. Only used entries are now cached, making kallsyms lookups on subsequent program loads free. In the pathological case (new kernel symbols on every load), scanning is repeated, resulting in more CPU time being used instead of holding on to all kallsyms symbols indefinitely. ProgramSpec.KernelModule() was unexported until further notice.

    Also, bpf2go users should now be able to generate Go bindings as unprivileged users once again. Oops!

Major Features

Easy global variables: introducing ebpf.VariableSpec and ebpf.Variable

This has been a frequent ask in the community for years, so we finally bit the bullet and committed to an API to interact with global bpf variables through CollectionSpec.Variables and CollectionSpec.Variables. We've published a small guide over on ebpf-go.dev/concepts/global-variables that details how to use them, so we're not going to reiterate here.

See the documentation on the use of the static qualifier! These are no longer considered global variables, and can't be modified at runtime.

bpf2go now also generates objects to be used with CollectionSpec.Assign and .LoadAndAssign(), and also emits Go type declarations for C types used as bpf C variables. Our test coverage was somewhat lacking for the latter, please drop something on the issue tracker if you're noticing surprising bpf2go output.

Note that it's currently not possible to manually create a VariableSpec and wire it up to a CollectionSpec, so if you were previously relying on e.g. manually assembling a CollectionSpec and using RewriteConstants() in tests, this will no longer work. This may land as the API crystallizes and we settle on a good mechanism to enable this. Please reach out on the Cilium Slack if you'd like to see this happen.

... (truncated)

Commits
  • 228bb4e examples: tcx: use Variable API
  • 580ff21 bpf2go: generate Go types used in global variables
  • 1e8f079 bpf2go: generate assignment structs for Variables and VariableSpecs
  • c37b7af bpf2go: test: remove unused typesEqualComparer function
  • 97cfce5 map: automatically set CPUMap MaxEntries based on possible CPUs
  • e8b05c5 prog: add ProgramOptions.LogSizeStart to obtain full log after verifier bug
  • f283106 internal: add Between function for clamping a value between min and max
  • 6546014 README.md: add pin package to the overview
  • 60405bb examples: annotate ringbuf and perf event arrays with value type information
  • e9bcebb elf_reader: support value BTF on ringbuf and perf array maps
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Dec 19, 2024
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/cilium/ebpf-0.17.0 branch from 85fe9fc to 2002ec8 Compare December 19, 2024 04:15
@lifubang
Copy link
Member

Flaky unit test:

=== RUN   TestSeccompPermitWriteConditional
    seccomp_test.go:153: unexpected error: unable to start container process: error during container init: invalid character 'ÿ' looking for beginning of object key string
--- FAIL: TestSeccompPermitWriteConditional (0.14s)
=== RUN   TestSeccompDenyWriteConditional
    seccomp_test.go:205: unexpected error: unable to start container process: error during container init: invalid character 'ÿ' looking for beginning of object key string
--- FAIL: TestSeccompDenyWriteConditional (0.14s)
=== RUN   TestSeccompPermitWriteMultipleConditions
    seccomp_test.go:251: |: unable to start container process: error during container init: invalid character 'ÿ' looking for beginning of object key string
--- FAIL: TestSeccompPermitWriteMultipleConditions (0.15s)
=== RUN   TestSeccompDenyWriteMultipleConditions
--- PASS: TestSeccompDenyWriteMultipleConditions (0.15s)
=== RUN   TestSeccompMultipleConditionSameArgDeniesStdout
    seccomp_test.go:338: |: unable to start container process: error during container init: invalid character 'ÿ' looking for beginning of object key string
--- FAIL: TestSeccompMultipleConditionSameArgDeniesStdout (0.16s)

Copy link
Contributor

@kolyshkin kolyshkin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@kolyshkin
Copy link
Contributor

@dependabot rebase

@kolyshkin kolyshkin enabled auto-merge December 20, 2024 00:06
Bumps [github.com/cilium/ebpf](https://github.com/cilium/ebpf) from 0.16.0 to 0.17.0.
- [Release notes](https://github.com/cilium/ebpf/releases)
- [Commits](cilium/ebpf@v0.16.0...v0.17.0)

---
updated-dependencies:
- dependency-name: github.com/cilium/ebpf
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/cilium/ebpf-0.17.0 branch from 2002ec8 to e809db8 Compare December 20, 2024 00:07
@kolyshkin kolyshkin merged commit ae994af into main Dec 20, 2024
39 of 40 checks passed
@dependabot dependabot bot deleted the dependabot/go_modules/github.com/cilium/ebpf-0.17.0 branch December 20, 2024 00:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants