Skip to content

pkg/ksyms: add more context to kallsyms read errors #3891

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jul 15, 2025
Merged

pkg/ksyms: add more context to kallsyms read errors #3891

merged 3 commits into from
Jul 15, 2025

Conversation

mtardy
Copy link
Member

@mtardy mtardy commented Jul 15, 2025
edited
Loading

Fixes #3819.

Users are sometimes bumping against errors when tetragon is trying to
read the kallsyms file, let's add more context there so that it's easier
to figure what could have gone wrong. For example, recently a user had
to figure out that they had 'kernel.kptr_restrict = 2', so the symbols
were still given with zero address while still having sufficient
permissions which might be confusing. Let's add some hints and guidance.

We were previously, most of the time, overwriting the error from the
parsing steps with "no symbols found", let's reinject the error here to
output more details.

Improve error messages from reading kallsyms.

@mtardy mtardy requested a review from a team as a code owner July 15, 2025 14:07
@mtardy mtardy added the release-note/misc This PR makes changes that have no direct user impact. label Jul 15, 2025
@mtardy mtardy requested a review from tixxdz July 15, 2025 14:07
@mtardy mtardy mentioned this pull request Jul 15, 2025
Closed
@mtardy mtardy requested review from kevsecurity and kkourt and removed request for tixxdz July 15, 2025 14:09
@mtardy mtardy force-pushed the pr/mtardy/no-symbol-error branch from 26b1bd5 to ffee1cc Compare July 15, 2025 14:12
kevsecurity
kevsecurity reviewed Jul 15, 2025
View reviewed changes
kevsecurity
kevsecurity requested changes Jul 15, 2025
View reviewed changes
Copy link
Contributor

@kevsecurity kevsecurity left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just the one comment

@mtardy
pkg/ksyms: add more context to kallsyms read errors
2bd1623 
Users are sometimes bumping against errors when tetragon is trying to
read the kallsyms file, let's add more context there so that it's easier
to figure what could have gone wrong. For example, recently a user had
to figure out that they had 'kernel.kptr_restrict = 2', so the symbols
were still given with zero address while still having sufficient
permissions which might be confusing. Let's add some hints and guidance.

We were previously, most of the time, overwriting the error from the
parsing steps with "no symbols found", let's reinject the error here to
output more details.

Signed-off-by: Mahe Tardy <[email protected]>
@mtardy mtardy force-pushed the pr/mtardy/no-symbol-error branch from ffee1cc to 2bd1623 Compare July 15, 2025 14:17
@mtardy mtardy requested a review from kevsecurity July 15, 2025 14:17
@mtardy mtardy merged commit d6b8ef6 into main Jul 15, 2025
47 checks passed
@mtardy mtardy deleted the pr/mtardy/no-symbol-error branch July 15, 2025 15:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kevsecurity kevsecurity kevsecurity approved these changes

@kkourt kkourt Awaiting requested review from kkourt

Assignees
No one assigned
Labels
release-note/misc This PR makes changes that have no direct user impact.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Upgrading from Tetragon v1.3.0 to v1.4.0 results in a validation failed: validateKprobeSpec: ksyms.KernelSymbols: no symbols found error
2 participants
@mtardy @kevsecurity