[Touch-packages] [Bug 1956954] Re: Can't load seccomp filter
My hunch is that the Puppeteer instances (which are Chromium instances) saturate the allocated memory limit for BPF, because they restart quite a lot, so maybe each time a new instance starts, it makes BPF allocate more memory, until it's full. But I have no idea: - how does JIT memory limit correlate to this? Isn't BPF pruned? - about how BPF works internally I wonder how could I tune my setup. Thanks for letting me know where is the constant computed (FYI I don't understand these heuristics at all). -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libseccomp in Ubuntu. https://bugs.launchpad.net/bugs/1956954 Title: Can't load seccomp filter Status in libseccomp package in Ubuntu: Incomplete Bug description: After migrating from Ubuntu 20 amd64 to aarch64 I started experiencing "can't load seccomp filter" when doing `apt update && apt upgrade` and "Kernel refuses to turn on BPF filters" when using Puppeteer. I wrote about it more extensively here: https://stackoverflow.com/questions/69892137/after-a-few-days-i-can- no-longer-start-puppeteer-until-i-restart-the-server lsb_release -rd --- Description: Ubuntu 20.04.3 LTS Release: 20.04 apt-cache policy seccomp --- seccomp: Installed: (none) Candidate: 2.5.1-1ubuntu1~20.04.2 Version table: 2.5.1-1ubuntu1~20.04.2 500 500 http://us-east-1.ec2.ports.ubuntu.com/ubuntu-ports focal-updates/main arm64 Packages 500 http://ports.ubuntu.com/ubuntu-ports focal-security/main arm64 Packages 2.4.3-1ubuntu1 500 500 http://us-east-1.ec2.ports.ubuntu.com/ubuntu-ports focal/main arm64 Packages To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1956954/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1956954] Re: Can't load seccomp filter
I confirmed the solution, it worked.
Also, I tried to submit the patch against the linux kernel (and/or
Seccomp-BPF subtree) following the official kernel guide
(https://www.kernel.org/doc/html/latest/process/submitting-patches.html)
but I couldn't even find the 33554432 value by doing:
git clone git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
grep 33554432 -R linux
Got this:
linux/tools/power/x86/turbostat/turbostat.c:unsigned int irtl_time_units[] = {
1, 32, 1024, 32768, 1048576, 33554432, 0, 0 };
linux/drivers/idle/intel_idle.c:1, 32, 1024, 32768, 1048576,
33554432, 0, 0
linux/drivers/pci/pcie/aspm.c: } else if (threshold_ns < 33554432) {
linux/drivers/atm/idt77252_tables.h:/* 33554432.00 => 255 */ 0xff, /* =>
352768.00 */
linux/drivers/atm/idt77252_tables.h:/* 335544320.00 => 255 */ 0xff, /* =>
352768.00 */
linux/drivers/atm/idt77252_tables.h:/* 3355443200.00 => 255 */ 0xff, /* =>
352768.00 */
linux/drivers/platform/x86/intel/pmc/core.c: * |5 |
33554432|
linux/drivers/iio/frequency/adf4371.c:#define ADF4371_MODULUS1
33554432ULL
linux/arch/arm/boot/dts/imx51-apf51.dts:clock-frequency
= <33554432>;
linux/arch/arm/kernel/insn.c: if (unlikely(offset < -33554432 || offset >
33554428)) {
linux/mm/slab_common.c: INIT_KMALLOC_INFO(33554432, 32M)
linux/sound/soc/codecs/rt1305.c:r0ohm = (rhl*10) / 33554432;
linux/sound/soc/codecs/rt1305.c:r0ohm = (rhl*10) / 33554432;
linux/sound/soc/codecs/twl4030.c: 8388608,
16777216, 33554432, 67108864};
None of which is an arm-specific constant for Seccomp-BPF.
I tried.
Once again, thank you for your help Paride Legovini, I would have never
found this on my own.
I gotta say, I'm very curious as to why this happens.
What does the bpf_jit_limit value actually mean?
I what what's BPF, I know what's JIT, I just don't know how they mix.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1956954
Title:
Can't load seccomp filter
Status in libseccomp package in Ubuntu:
Incomplete
Bug description:
After migrating from Ubuntu 20 amd64 to aarch64 I started experiencing
"can't load seccomp filter" when doing `apt update && apt upgrade` and
"Kernel refuses to turn on BPF filters" when using Puppeteer.
I wrote about it more extensively here:
https://stackoverflow.com/questions/69892137/after-a-few-days-i-can-
no-longer-start-puppeteer-until-i-restart-the-server
lsb_release -rd
---
Description: Ubuntu 20.04.3 LTS
Release: 20.04
apt-cache policy seccomp
---
seccomp:
Installed: (none)
Candidate: 2.5.1-1ubuntu1~20.04.2
Version table:
2.5.1-1ubuntu1~20.04.2 500
500 http://us-east-1.ec2.ports.ubuntu.com/ubuntu-ports
focal-updates/main arm64 Packages
500 http://ports.ubuntu.com/ubuntu-ports focal-security/main arm64
Packages
2.4.3-1ubuntu1 500
500 http://us-east-1.ec2.ports.ubuntu.com/ubuntu-ports focal/main
arm64 Packages
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1956954/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1956954] Re: Can't load seccomp filter
Dear Paride, Thank you so much I'll wait for the issue to resurface and *then* bump the value in order to have conclusive evidence. How should I do it? echo "net.core.bpf_jit_limit = 262144000" >> /etc/sysctl.conf (as sudo) Will that work without restart? Because the problem goes away after I restart. Regards, Nino -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libseccomp in Ubuntu. https://bugs.launchpad.net/bugs/1956954 Title: Can't load seccomp filter Status in libseccomp package in Ubuntu: Incomplete Bug description: After migrating from Ubuntu 20 amd64 to aarch64 I started experiencing "can't load seccomp filter" when doing `apt update && apt upgrade` and "Kernel refuses to turn on BPF filters" when using Puppeteer. I wrote about it more extensively here: https://stackoverflow.com/questions/69892137/after-a-few-days-i-can- no-longer-start-puppeteer-until-i-restart-the-server lsb_release -rd --- Description: Ubuntu 20.04.3 LTS Release: 20.04 apt-cache policy seccomp --- seccomp: Installed: (none) Candidate: 2.5.1-1ubuntu1~20.04.2 Version table: 2.5.1-1ubuntu1~20.04.2 500 500 http://us-east-1.ec2.ports.ubuntu.com/ubuntu-ports focal-updates/main arm64 Packages 500 http://ports.ubuntu.com/ubuntu-ports focal-security/main arm64 Packages 2.4.3-1ubuntu1 500 500 http://us-east-1.ec2.ports.ubuntu.com/ubuntu-ports focal/main arm64 Packages To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1956954/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1956954] Re: Can't load seccomp filter
Dear Lucas, I've mentioned in the SO post that I linked that the nature of the issue is intermittent. I would be happy to provide additional logs next time I encounter the issue. Could you please advise on how do I collect additional logs? Regards, Nino -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libseccomp in Ubuntu. https://bugs.launchpad.net/bugs/1956954 Title: Can't load seccomp filter Status in libseccomp package in Ubuntu: Incomplete Bug description: After migrating from Ubuntu 20 amd64 to aarch64 I started experiencing "can't load seccomp filter" when doing `apt update && apt upgrade` and "Kernel refuses to turn on BPF filters" when using Puppeteer. I wrote about it more extensively here: https://stackoverflow.com/questions/69892137/after-a-few-days-i-can- no-longer-start-puppeteer-until-i-restart-the-server lsb_release -rd --- Description: Ubuntu 20.04.3 LTS Release: 20.04 apt-cache policy seccomp --- seccomp: Installed: (none) Candidate: 2.5.1-1ubuntu1~20.04.2 Version table: 2.5.1-1ubuntu1~20.04.2 500 500 http://us-east-1.ec2.ports.ubuntu.com/ubuntu-ports focal-updates/main arm64 Packages 500 http://ports.ubuntu.com/ubuntu-ports focal-security/main arm64 Packages 2.4.3-1ubuntu1 500 500 http://us-east-1.ec2.ports.ubuntu.com/ubuntu-ports focal/main arm64 Packages To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1956954/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1956954] [NEW] Can't load seccomp filter
Public bug reported: After migrating from Ubuntu 20 amd64 to aarch64 I started experiencing "can't load seccomp filter" when doing `apt update && apt upgrade` and "Kernel refuses to turn on BPF filters" when using Puppeteer. I wrote about it more extensively here: https://stackoverflow.com/questions/69892137/after-a-few-days-i-can-no- longer-start-puppeteer-until-i-restart-the-server lsb_release -rd --- Description:Ubuntu 20.04.3 LTS Release:20.04 apt-cache policy seccomp --- seccomp: Installed: (none) Candidate: 2.5.1-1ubuntu1~20.04.2 Version table: 2.5.1-1ubuntu1~20.04.2 500 500 http://us-east-1.ec2.ports.ubuntu.com/ubuntu-ports focal-updates/main arm64 Packages 500 http://ports.ubuntu.com/ubuntu-ports focal-security/main arm64 Packages 2.4.3-1ubuntu1 500 500 http://us-east-1.ec2.ports.ubuntu.com/ubuntu-ports focal/main arm64 Packages ** Affects: libseccomp (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libseccomp in Ubuntu. https://bugs.launchpad.net/bugs/1956954 Title: Can't load seccomp filter Status in libseccomp package in Ubuntu: New Bug description: After migrating from Ubuntu 20 amd64 to aarch64 I started experiencing "can't load seccomp filter" when doing `apt update && apt upgrade` and "Kernel refuses to turn on BPF filters" when using Puppeteer. I wrote about it more extensively here: https://stackoverflow.com/questions/69892137/after-a-few-days-i-can- no-longer-start-puppeteer-until-i-restart-the-server lsb_release -rd --- Description: Ubuntu 20.04.3 LTS Release: 20.04 apt-cache policy seccomp --- seccomp: Installed: (none) Candidate: 2.5.1-1ubuntu1~20.04.2 Version table: 2.5.1-1ubuntu1~20.04.2 500 500 http://us-east-1.ec2.ports.ubuntu.com/ubuntu-ports focal-updates/main arm64 Packages 500 http://ports.ubuntu.com/ubuntu-ports focal-security/main arm64 Packages 2.4.3-1ubuntu1 500 500 http://us-east-1.ec2.ports.ubuntu.com/ubuntu-ports focal/main arm64 Packages To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1956954/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
