-
-
Save MarioHewardt/5759641727aae880b29c8f715ba4d30f to your computer and use it in GitHub Desktop.
| By default, EBPF programs will not run on WSL2 due to required kernel modules missing. The following example error is an | |
| indication of this problem: | |
| modprobe: ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file '/lib/modules/4.19.84-microso | |
| ft-standard/modules.dep.bin' | |
| modprobe: FATAL: Module kheaders not found in directory /lib/modules/4.19.84-microsoft-standard | |
| chdir(/lib/modules/4.19.84-microsoft-standard/build): No such file or directory | |
| To fix this you need to rebuild the WSL2 kernel with the missing kernel modules. The below instructions are for Ubuntu 18.04 WSL2. | |
| 1. git clone https://github.com/microsoft/WSL2-Linux-Kernel.git | |
| 2. cd WSL2-Linux-Kernel | |
| 3. sudo apt install flex bison build-essential libelf-dev libncurses-dev libssl-dev | |
| 4. cp Microsoft/config-wsl .config | |
| 5. Add the kernel flags specified in https://github.com/iovisor/bcc/blob/master/INSTALL.md#kernel-configuration to .config | |
| 6. export KERNELRELEASE=4.19.84-microsoft-standard | |
| NOTE: Make sure the version corresponds to the version of WSL2. Run: uname -a | |
| 7. make KERNELRELEASE=$KERNELRELEASE -j 4 | |
| 8. make KERNELRELEASE=$KERNELRELEASE modules -j 4 | |
| 9. sudo make KERNELRELEASE=$KERNELRELEASE modules_install | |
| 10. (confirm you can see files under /lib/modules/$(uname -r)) | |
| 11. sudo mount -t debugfs debugfs /sys/kernel/debug (for any apps that uses it since its not mounted by default) |
I still encountered such problem after rebuilding the kernel.
modprobe: FATAL: Module kheaders not found in directory /lib/modules/5.10.102.1-microsoft-standard-WSL2
I still encountered such problem after rebuilding the kernel.
modprobe: FATAL: Module kheaders not found in directory /lib/modules/5.10.102.1-microsoft-standard-WSL2
I have exact same issue also did what they said to do here https://gist.github.com/cerebrate/d40c89d3fa89594e1b1538b2ce9d2720
and I get the same error of modules not found.
tried configuring CONFIG_IKHEADERS=m and also CONFIG_IKHEADERS=y both didn't work
just running make, or the commands listed in steps 7-9 also did not change anything.
I will note that in all trials I did not see anything under /lib/modules/$(uname -r) per step 10
step 11 I do not understand doesn't seem to make a difference either.
also I am sure I am running the custom built kernel as I changed CONFIG_LOCALVERSION to make sure.
Unable to find kernel headers. Try rebuilding kernel with CONFIG_IKHEADERS=m (module) or installing the kernel development package for your running kernel version.
chdir(/lib/modules/5.10.102.1-microsoft-ebpf-WSL2+/build): No such file or directory
This gist was written quite a while ago. If you are still having problems enabling eBPF on WSL2 I would recommend filing an issue in their repo. If I end up trying it again in the future I'll update this gist with any changes that may be needed.
Can anyone give one hello-world demo to verify that bpf program can run on WSL2? In this way, we can troubleshoot that the issue is in bpf program aspect or wsl2 aspect?
Hi @baoqger,
I have a mistake:
FAILED: load BTF from vmlinux: Unknown error -2make: *** [Makefile:1179: vmlinux] Error 255
Has that ever happened to you?
Thank you for the nice and well structured guide, worked without any issues for me. 😃
Hi, @MetaT1an @satanshiro,
Have you tried using the following command
export KERNELRELEASE=$(uname -r)to replace the original one in https://gist.github.com/MarioHewardt/5759641727aae880b29c8f715ba4d30f#file-enable_ebpf_on_wsl2-L15
For me, I can see the new content in /lib/modules/$(uname -r) after rebuilding the kernel.
The kernel KERNELRELEASE should have -WSL2 as the suffix.
@baoqger here is a hello-world i used, and it worked.
#!/usr/bin/python3 from bcc import BPF from time import sleep program = """ BPF_HASH(clones); int hello_world(void *ctx) { u64 uid; u64 counter = 0; u64 *p; uid = bpf_get_current_uid_gid() & 0xFFFFFFFF; p = clones.lookup(&uid); if (p != 0){ counter = *p; } counter++; clones.update(&uid, &counter); return 0; } """ b = BPF(text=program) clone = b.get_syscall_fnname("clone") b.attach_kprobe(event=clone, fn_name="hello_world") b.trace_print() sleep(1000) while True: sleep(2) s = "" if len(b["clones"].items()): for k,v in b["clones"].items(): s += "ID {}: {}\t".format(k.value, v.value) print(s) else: print("No entries yet")
Here is a simpler one:
#!/usr/bin/python3
from bcc import BPF
program = r"""
int hello(void *ctx) {
bpf_trace_printk("Hello World!");
return 0;
}
"""
b = BPF(text=program)
syscall = b.get_syscall_fnname("execve")
b.attach_kprobe(event=syscall, fn_name="hello")
b.trace_print()
then open a second terminal and run any linux command (ls, echo...etc) and you should see in the trace output Hello World
Can anyone give one hello-world demo to verify that bpf program can run on WSL2? In this way, we can troubleshoot that the issue is in bpf program aspect or wsl2 aspect?
Hi @baoqger, I have a mistake:
FAILED: load BTF from vmlinux: Unknown error -2make: *** [Makefile:1179: vmlinux] Error 255
Has that ever happened to you?
Hey, have you ever found a solution to this? I am having the same issue
Can anyone give one hello-world demo to verify that bpf program can run on WSL2? In this way, we can troubleshoot that the issue is in bpf program aspect or wsl2 aspect?
Hi @baoqger, I have a mistake:
FAILED: load BTF from vmlinux: Unknown error -2make: *** [Makefile:1179: vmlinux] Error 255
Has that ever happened to you?
Hey, habe you ever found a solution to this? I am having the same issue
Same :(
I have been trying to unfuck this for several days. This is a tough son of a bitch to solve. I have followed several guides and still FAILED: load BTF from vmlinux: Unknown error -22make: *** [Makefile:1179: vmlinux] Error 255
I successfully launched eBPF following the guide at https://learn.microsoft.com/en-us/community/content/wsl-user-msft-kernel-v6. However, I used Debian which required the installation of the following packages:
sudo apt install git python3 bc dwarves rsync
Additionally, to run the example Python code provided above, I had to install:
sudo apt install bpfcc-tools python3-bpfcc
Running it initially failed, but I managed to fix it by mounting debugfs with the command:
sudo mount -t debugfs debugfs /sys/kernel/debug
Finally, after opening a new Debian terminal, it printed the following:
b' <...>-275 [004] d...1 91.948441: bpf_trace_printk: Hello World!'
b' bash-276 [007] d...1 91.950385: bpf_trace_printk: Hello World!'
b' <...>-277 [007] d...1 94.875099: bpf_trace_printk: Hello World!'
@deadash thank you!
It finally worked even after I tried several guides and got errors every time. I typed usbip and the menu appeared. I got my device to forward to the VM but I cant connect it to WSL1. I can only get WSL1 to work on the VM so im thinking about trying this with rasberrypi instead
Hi, @MetaT1an @satanshiro,
Have you tried using the following command
export KERNELRELEASE=$(uname -r)to replace the original one in https://gist.github.com/MarioHewardt/5759641727aae880b29c8f715ba4d30f#file-enable_ebpf_on_wsl2-L15
For me, I can see the new content in
/lib/modules/$(uname -r)after rebuilding the kernel.The kernel
KERNELRELEASEshould have-WSL2as the suffix.
Thank you! It works!
@baoqger here is a hello-world i used, and it worked.