[Touch-packages] [Bug 1956954] Re: Can't load seccomp filter
My hunch is that the Puppeteer instances (which are Chromium instances) saturate the allocated memory limit for BPF, because they restart quite a lot, so maybe each time a new instance starts, it makes BPF allocate more memory, until it's full. But I have no idea: - how does JIT memory limit correlate to this? Isn't BPF pruned? - about how BPF works internally I wonder how could I tune my setup. Thanks for letting me know where is the constant computed (FYI I don't understand these heuristics at all). -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libseccomp in Ubuntu. https://bugs.launchpad.net/bugs/1956954 Title: Can't load seccomp filter Status in libseccomp package in Ubuntu: Incomplete Bug description: After migrating from Ubuntu 20 amd64 to aarch64 I started experiencing "can't load seccomp filter" when doing `apt update && apt upgrade` and "Kernel refuses to turn on BPF filters" when using Puppeteer. I wrote about it more extensively here: https://stackoverflow.com/questions/69892137/after-a-few-days-i-can- no-longer-start-puppeteer-until-i-restart-the-server lsb_release -rd --- Description: Ubuntu 20.04.3 LTS Release: 20.04 apt-cache policy seccomp --- seccomp: Installed: (none) Candidate: 2.5.1-1ubuntu1~20.04.2 Version table: 2.5.1-1ubuntu1~20.04.2 500 500 http://us-east-1.ec2.ports.ubuntu.com/ubuntu-ports focal-updates/main arm64 Packages 500 http://ports.ubuntu.com/ubuntu-ports focal-security/main arm64 Packages 2.4.3-1ubuntu1 500 500 http://us-east-1.ec2.ports.ubuntu.com/ubuntu-ports focal/main arm64 Packages To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1956954/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1956954] Re: Can't load seccomp filter
I confirmed the solution, it worked. Also, I tried to submit the patch against the linux kernel (and/or Seccomp-BPF subtree) following the official kernel guide (https://www.kernel.org/doc/html/latest/process/submitting-patches.html) but I couldn't even find the 33554432 value by doing: git clone git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git grep 33554432 -R linux Got this: linux/tools/power/x86/turbostat/turbostat.c:unsigned int irtl_time_units[] = { 1, 32, 1024, 32768, 1048576, 33554432, 0, 0 }; linux/drivers/idle/intel_idle.c:1, 32, 1024, 32768, 1048576, 33554432, 0, 0 linux/drivers/pci/pcie/aspm.c: } else if (threshold_ns < 33554432) { linux/drivers/atm/idt77252_tables.h:/* 33554432.00 => 255 */ 0xff, /* => 352768.00 */ linux/drivers/atm/idt77252_tables.h:/* 335544320.00 => 255 */ 0xff, /* => 352768.00 */ linux/drivers/atm/idt77252_tables.h:/* 3355443200.00 => 255 */ 0xff, /* => 352768.00 */ linux/drivers/platform/x86/intel/pmc/core.c: * |5 | 33554432| linux/drivers/iio/frequency/adf4371.c:#define ADF4371_MODULUS1 33554432ULL linux/arch/arm/boot/dts/imx51-apf51.dts:clock-frequency = <33554432>; linux/arch/arm/kernel/insn.c: if (unlikely(offset < -33554432 || offset > 33554428)) { linux/mm/slab_common.c: INIT_KMALLOC_INFO(33554432, 32M) linux/sound/soc/codecs/rt1305.c:r0ohm = (rhl*10) / 33554432; linux/sound/soc/codecs/rt1305.c:r0ohm = (rhl*10) / 33554432; linux/sound/soc/codecs/twl4030.c: 8388608, 16777216, 33554432, 67108864}; None of which is an arm-specific constant for Seccomp-BPF. I tried. Once again, thank you for your help Paride Legovini, I would have never found this on my own. I gotta say, I'm very curious as to why this happens. What does the bpf_jit_limit value actually mean? I what what's BPF, I know what's JIT, I just don't know how they mix. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libseccomp in Ubuntu. https://bugs.launchpad.net/bugs/1956954 Title: Can't load seccomp filter Status in libseccomp package in Ubuntu: Incomplete Bug description: After migrating from Ubuntu 20 amd64 to aarch64 I started experiencing "can't load seccomp filter" when doing `apt update && apt upgrade` and "Kernel refuses to turn on BPF filters" when using Puppeteer. I wrote about it more extensively here: https://stackoverflow.com/questions/69892137/after-a-few-days-i-can- no-longer-start-puppeteer-until-i-restart-the-server lsb_release -rd --- Description: Ubuntu 20.04.3 LTS Release: 20.04 apt-cache policy seccomp --- seccomp: Installed: (none) Candidate: 2.5.1-1ubuntu1~20.04.2 Version table: 2.5.1-1ubuntu1~20.04.2 500 500 http://us-east-1.ec2.ports.ubuntu.com/ubuntu-ports focal-updates/main arm64 Packages 500 http://ports.ubuntu.com/ubuntu-ports focal-security/main arm64 Packages 2.4.3-1ubuntu1 500 500 http://us-east-1.ec2.ports.ubuntu.com/ubuntu-ports focal/main arm64 Packages To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1956954/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1956954] Re: Can't load seccomp filter
Dear Paride, Thank you so much I'll wait for the issue to resurface and *then* bump the value in order to have conclusive evidence. How should I do it? echo "net.core.bpf_jit_limit = 262144000" >> /etc/sysctl.conf (as sudo) Will that work without restart? Because the problem goes away after I restart. Regards, Nino -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libseccomp in Ubuntu. https://bugs.launchpad.net/bugs/1956954 Title: Can't load seccomp filter Status in libseccomp package in Ubuntu: Incomplete Bug description: After migrating from Ubuntu 20 amd64 to aarch64 I started experiencing "can't load seccomp filter" when doing `apt update && apt upgrade` and "Kernel refuses to turn on BPF filters" when using Puppeteer. I wrote about it more extensively here: https://stackoverflow.com/questions/69892137/after-a-few-days-i-can- no-longer-start-puppeteer-until-i-restart-the-server lsb_release -rd --- Description: Ubuntu 20.04.3 LTS Release: 20.04 apt-cache policy seccomp --- seccomp: Installed: (none) Candidate: 2.5.1-1ubuntu1~20.04.2 Version table: 2.5.1-1ubuntu1~20.04.2 500 500 http://us-east-1.ec2.ports.ubuntu.com/ubuntu-ports focal-updates/main arm64 Packages 500 http://ports.ubuntu.com/ubuntu-ports focal-security/main arm64 Packages 2.4.3-1ubuntu1 500 500 http://us-east-1.ec2.ports.ubuntu.com/ubuntu-ports focal/main arm64 Packages To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1956954/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1956954] Re: Can't load seccomp filter
Dear Lucas, I've mentioned in the SO post that I linked that the nature of the issue is intermittent. I would be happy to provide additional logs next time I encounter the issue. Could you please advise on how do I collect additional logs? Regards, Nino -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libseccomp in Ubuntu. https://bugs.launchpad.net/bugs/1956954 Title: Can't load seccomp filter Status in libseccomp package in Ubuntu: Incomplete Bug description: After migrating from Ubuntu 20 amd64 to aarch64 I started experiencing "can't load seccomp filter" when doing `apt update && apt upgrade` and "Kernel refuses to turn on BPF filters" when using Puppeteer. I wrote about it more extensively here: https://stackoverflow.com/questions/69892137/after-a-few-days-i-can- no-longer-start-puppeteer-until-i-restart-the-server lsb_release -rd --- Description: Ubuntu 20.04.3 LTS Release: 20.04 apt-cache policy seccomp --- seccomp: Installed: (none) Candidate: 2.5.1-1ubuntu1~20.04.2 Version table: 2.5.1-1ubuntu1~20.04.2 500 500 http://us-east-1.ec2.ports.ubuntu.com/ubuntu-ports focal-updates/main arm64 Packages 500 http://ports.ubuntu.com/ubuntu-ports focal-security/main arm64 Packages 2.4.3-1ubuntu1 500 500 http://us-east-1.ec2.ports.ubuntu.com/ubuntu-ports focal/main arm64 Packages To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1956954/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1956954] [NEW] Can't load seccomp filter
Public bug reported: After migrating from Ubuntu 20 amd64 to aarch64 I started experiencing "can't load seccomp filter" when doing `apt update && apt upgrade` and "Kernel refuses to turn on BPF filters" when using Puppeteer. I wrote about it more extensively here: https://stackoverflow.com/questions/69892137/after-a-few-days-i-can-no- longer-start-puppeteer-until-i-restart-the-server lsb_release -rd --- Description:Ubuntu 20.04.3 LTS Release:20.04 apt-cache policy seccomp --- seccomp: Installed: (none) Candidate: 2.5.1-1ubuntu1~20.04.2 Version table: 2.5.1-1ubuntu1~20.04.2 500 500 http://us-east-1.ec2.ports.ubuntu.com/ubuntu-ports focal-updates/main arm64 Packages 500 http://ports.ubuntu.com/ubuntu-ports focal-security/main arm64 Packages 2.4.3-1ubuntu1 500 500 http://us-east-1.ec2.ports.ubuntu.com/ubuntu-ports focal/main arm64 Packages ** Affects: libseccomp (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libseccomp in Ubuntu. https://bugs.launchpad.net/bugs/1956954 Title: Can't load seccomp filter Status in libseccomp package in Ubuntu: New Bug description: After migrating from Ubuntu 20 amd64 to aarch64 I started experiencing "can't load seccomp filter" when doing `apt update && apt upgrade` and "Kernel refuses to turn on BPF filters" when using Puppeteer. I wrote about it more extensively here: https://stackoverflow.com/questions/69892137/after-a-few-days-i-can- no-longer-start-puppeteer-until-i-restart-the-server lsb_release -rd --- Description: Ubuntu 20.04.3 LTS Release: 20.04 apt-cache policy seccomp --- seccomp: Installed: (none) Candidate: 2.5.1-1ubuntu1~20.04.2 Version table: 2.5.1-1ubuntu1~20.04.2 500 500 http://us-east-1.ec2.ports.ubuntu.com/ubuntu-ports focal-updates/main arm64 Packages 500 http://ports.ubuntu.com/ubuntu-ports focal-security/main arm64 Packages 2.4.3-1ubuntu1 500 500 http://us-east-1.ec2.ports.ubuntu.com/ubuntu-ports focal/main arm64 Packages To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1956954/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp