Driver fails to build with kernel 5.6

[hhoffstaette]

Trying to build the driver on 5.6 is kaput due to changed time representation and/or header changes:

make[5]: Entering directory '/tmp/linux-5.6.1'
  CC [M]  /tmp/sysdig/build/driver/src/main.o
In file included from /tmp/sysdig/build/driver/src/main.c:55:
/tmp/sysdig/build/driver/src/ppm.h:54:18: error: field 'last_print_time' has incomplete type
   54 |  struct timespec last_print_time;
      |                  ^~~~~~~~~~~~~~~
/tmp/sysdig/build/driver/src/main.c: In function 'ppm_ioctl':
/tmp/sysdig/build/driver/src/main.c:833:19: error: storage size of 'ts' isn't known
  833 |   struct timespec ts;
      |                   ^~
/tmp/sysdig/build/driver/src/main.c:845:3: error: implicit declaration of function 'getnstimeofday' [-Werror=implicit-function-declaration]
  845 |   getnstimeofday(&ts);
      |   ^~~~~~~~~~~~~~
/tmp/sysdig/build/driver/src/main.c:833:19: warning: unused variable 'ts' [-Wunused-variable]
  833 |   struct timespec ts;
      |                   ^~
/tmp/sysdig/build/driver/src/main.c: In function 'drop_event':
/tmp/sysdig/build/driver/src/main.c:1521:9: error: dereferencing pointer to incomplete type 'struct timespec'
 1521 |   if (ts->tv_nsec >= consumer->sampling_interval) {
      |         ^~
/tmp/sysdig/build/driver/src/main.c: In function 'record_event_all_consumers':
/tmp/sysdig/build/driver/src/main.c:1544:18: error: storage size of 'ts' isn't known
 1544 |  struct timespec ts;
      |                  ^~
/tmp/sysdig/build/driver/src/main.c:1544:18: warning: unused variable 'ts' [-Wunused-variable]
/tmp/sysdig/build/driver/src/main.c: In function 'record_event_consumer':
/tmp/sysdig/build/driver/src/main.c:1715:13: error: implicit declaration of function 'timespec_to_ns'; did you mean 'timespec64_to_ns'? [-Werror=implicit-function-declaration]
 1715 |   hdr->ts = timespec_to_ns(ts);
      |             ^~~~~~~~~~~~~~
      |             timespec64_to_ns
cc1: some warnings being treated as errors
make[6]: *** [scripts/Makefile.build:268: /tmp/sysdig/build/driver/src/main.o] Error 1

I'm not exactly new to fixing kernel build errors, but this one has me stumped. After untangling all definitions in <linux/time.h> I don't really see why struct timespec is incomplete, or what might be missing; any clues welcome.

[hhoffstaette]

So if I read this blog correctly getnstimeofday should be changed to ktime_get(). Replacing struct timespec with struct timespec64 also helped make main.c compile more, but then the failure continues in ppm_fillers.c.
Overall this looks like a pretty messy change due to compatibility with older kernels. :(

[hhoffstaette]

ppm_fillers.c fails since struct timeval has been made invisible in commit c766d1472c70. A least-effort replacement seems to be __kernel_old_timeval.

[hhoffstaette]

So the horrible fix in my branch seems to work on x86_64. It's the "least effort" I could come up with,
but nothing crashes and traces have monotonically inreasing nanosecond timestamps. :)

[Maryse47]

Your patch doesn't work for my with Linux 5.6.2 on Arch Linux:

DKMS make.log for sysdig-0.26.6 for kernel 5.6.2-arch1-2 (x86_64)
make: Entering directory '/usr/lib/modules/5.6.2-arch1-2/build'
  AR      /var/lib/dkms/sysdig/0.26.6/build/built-in.a
  CC [M]  /var/lib/dkms/sysdig/0.26.6/build/main.o
  CC [M]  /var/lib/dkms/sysdig/0.26.6/build/dynamic_params_table.o
  CC [M]  /var/lib/dkms/sysdig/0.26.6/build/fillers_table.o
  CC [M]  /var/lib/dkms/sysdig/0.26.6/build/flags_table.o
  CC [M]  /var/lib/dkms/sysdig/0.26.6/build/ppm_events.o
  CC [M]  /var/lib/dkms/sysdig/0.26.6/build/ppm_fillers.o
  CC [M]  /var/lib/dkms/sysdig/0.26.6/build/event_table.o
  CC [M]  /var/lib/dkms/sysdig/0.26.6/build/syscall_table.o
/var/lib/dkms/sysdig/0.26.6/build/ppm_fillers.c: In function ‘timespec_parse’:
/var/lib/dkms/sysdig/0.26.6/build/ppm_fillers.c:2717:86: error: invalid application of ‘sizeof’ to incomplete type ‘struct compat_timespec’
 2717 |   cfulen = (int)ppm_copy_from_user(targetbuf, (void __user *)compat_ptr(val), sizeof(struct compat_timespec));
      |                                                                                      ^~~~~~
/var/lib/dkms/sysdig/0.26.6/build/ppm_fillers.c:2721:35: error: dereferencing pointer to incomplete type ‘struct compat_timespec’
 2721 |   longtime = ((uint64_t)compat_tts->tv_sec) * 1000000000 + compat_tts->tv_nsec;
      |                                   ^~
make[1]: *** [scripts/Makefile.build:268: /var/lib/dkms/sysdig/0.26.6/build/ppm_fillers.o] Error 1
make[1]: *** Waiting for unfinished jobs....
make: *** [Makefile:1683: /var/lib/dkms/sysdig/0.26.6/build] Error 2
make: Leaving directory '/usr/lib/modules/5.6.2-arch1-2/build'

[hhoffstaette]

Interesting since I developed it on 5.6.2. Just to make sure I tried to reproduce with today's
5.6.3-rc1 and it still works:
``
holger>git clone [email protected]:hhoffstaette/sysdig.git
holger>cd sysdig
holger>patch -p1 < /etc/portage/patches/dev-util/sysdig-kmod/driver.patch
patching file driver/ppm.h
holger>mkdir build && cd build && cmake ..
-- The C compiler identification is GNU 9.3.0
-- The CXX compiler identification is GNU 9.3.0
-- Check for working C compiler: /usr/bin/cc
-- Check for working C compiler: /usr/bin/cc - works
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Detecting C compile features
-- Detecting C compile features - done
-- Check for working CXX compiler: /usr/bin/c++
-- Check for working CXX compiler: /usr/bin/c++ - works
-- Detecting CXX compiler ABI info
-- Detecting CXX compiler ABI info - done
-- Detecting CXX compile features
-- Detecting CXX compile features - done
-- Using bundled LuaJIT in '/tmp/sysdig/build/luajit-prefix/src/luajit/src'
-- Using bundled jsoncpp in '/tmp/sysdig/userspace/libsinsp/third-party/jsoncpp'
-- Using bundled zlib in '/tmp/sysdig/build/zlib-prefix/src/zlib'
-- Using bundled tbb in '/tmp/sysdig/build/tbb-prefix/src/tbb'
-- Using bundled jq in '/tmp/sysdig/build/jq-prefix/src/jq'
-- Using bundled ncurses in '/tmp/sysdig/build/ncurses-prefix/src/ncurses'
-- Using bundled b64 in '/tmp/sysdig/build/b64-prefix/src/b64'
-- Using bundled openssl in '/tmp/sysdig/build/openssl-prefix/src/openssl'
-- Using bundled curl in '/tmp/sysdig/build/curl-prefix/src/curl'
-- Using SSL for curl in '--with-ssl=/tmp/sysdig/build/openssl-prefix/src/openssl/target'
-- Using bundled c-ares in '/tmp/sysdig/build/c-ares-prefix/src/c-ares'
-- Using bundled protobuf in '/tmp/sysdig/build/protobuf-prefix/src/protobuf'
-- Found PkgConfig: /usr/bin/pkg-config (found version "0.29.2")
-- Found pkg-config executable: /usr/bin/pkg-config
-- Using bundled grpc in '/tmp/sysdig/build/grpc-prefix/src/grpc'
-- Configuring done
-- Generating done
-- Build files have been written to: /tmp/sysdig/build/googletest-download
gmake[1]: Entering directory '/tmp/sysdig/build/googletest-download'
gmake[2]: Entering directory '/tmp/sysdig/build/googletest-download'
Scanning dependencies of target googletest
gmake[2]: Leaving directory '/tmp/sysdig/build/googletest-download'
gmake[2]: Entering directory '/tmp/sysdig/build/googletest-download'
[ 11%] Creating directories for 'googletest'
[ 22%] Performing download step (git clone) for 'googletest'
Cloning into 'googletest-src'...
Already on 'master'
Your branch is up to date with 'origin/master'.
[ 33%] No patch step for 'googletest'
[ 44%] Performing update step for 'googletest'
Current branch master is up to date.
[ 55%] No configure step for 'googletest'
[ 66%] No build step for 'googletest'
[ 77%] No install step for 'googletest'
[ 88%] No test step for 'googletest'
[100%] Completed 'googletest'
gmake[2]: Leaving directory '/tmp/sysdig/build/googletest-download'
[100%] Built target googletest
gmake[1]: Leaving directory '/tmp/sysdig/build/googletest-download'
-- Found PythonInterp: /usr/bin/python (found version "3.7.7")
-- Looking for pthread.h
-- Looking for pthread.h - found
-- Performing Test CMAKE_HAVE_LIBC_PTHREAD
-- Performing Test CMAKE_HAVE_LIBC_PTHREAD - Failed
-- Looking for pthread_create in pthreads
-- Looking for pthread_create in pthreads - not found
-- Looking for pthread_create in pthread
-- Looking for pthread_create in pthread - found
-- Found Threads: TRUE
-- Looking for sys/mkdev.h
-- Looking for sys/mkdev.h - not found
-- Looking for sys/sysmacros.h
-- Looking for sys/sysmacros.h - found
-- Configuring done
-- Generating done
-- Build files have been written to: /tmp/sysdig/build
holger>make -j4 driver
make[1]: Entering directory '/tmp/sysdig/build'
make[2]: Entering directory '/tmp/sysdig/build'
make[3]: Entering directory '/tmp/sysdig/build'
Scanning dependencies of target driver
make[3]: Leaving directory '/tmp/sysdig/build'
make[3]: Entering directory '/tmp/sysdig/build'
make[4]: Entering directory '/tmp/sysdig/build/driver/src'
make -C /lib/modules/5.6.3/build M=/tmp/sysdig/build/driver/src modules
make[5]: Entering directory '/tmp/linux-5.6.3'

WARNING: Symbol version dump ./Module.symvers
is missing; modules will have no dependencies and modversions.

CC [M] /tmp/sysdig/build/driver/src/main.o
CC [M] /tmp/sysdig/build/driver/src/dynamic_params_table.o
CC [M] /tmp/sysdig/build/driver/src/fillers_table.o
CC [M] /tmp/sysdig/build/driver/src/flags_table.o
CC [M] /tmp/sysdig/build/driver/src/ppm_events.o
CC [M] /tmp/sysdig/build/driver/src/ppm_fillers.o
CC [M] /tmp/sysdig/build/driver/src/event_table.o
CC [M] /tmp/sysdig/build/driver/src/syscall_table.o
CC [M] /tmp/sysdig/build/driver/src/ppm_cputime.o
LD [M] /tmp/sysdig/build/driver/src/sysdig-probe.o
MODPOST 1 modules
CC [M] /tmp/sysdig/build/driver/src/sysdig-probe.mod.o
LD [M] /tmp/sysdig/build/driver/src/sysdig-probe.ko
make[5]: Leaving directory '/tmp/linux-5.6.3'
make[4]: Leaving directory '/tmp/sysdig/build/driver/src'
make[3]: Leaving directory '/tmp/sysdig/build'
Built target driver
make[2]: Leaving directory '/tmp/sysdig/build'
make[1]: Leaving directory '/tmp/sysdig/build'
holger>ll driver/sysdig-probe.ko
-rw-r--r-- 1 holger users 694K Apr 7 23:02 driver/sysdig-probe.ko
``

Not sure what I'm doing wrong. ;)
In your case it seems you have CONFIG_COMPAT enabled and that triggers a path that I've disabled (no longer 32bit stuff here). However compat_timespec no longer exists in 5.6 headers or the entire kernel at all, so it's gone too. Let me try to repeat with CONFIG_COMPAT enabled.
Again I'm not saying my #ifdeffery is a good idea, just that it can serve as a starting point
without touching the code in too many places.

[hhoffstaette]

Yeah, I get the same error with CONFIG_COMPAT enabled, so that was an oversight. Let me try and find a fix..

[hhoffstaette]

So as expected compat_timespec was removed in this commit, so I just pushed an update (one additional #ifdef) to my branch and it now builds for me when CONFIG_COMPAT is enabled. Give it a try. :)

[Maryse47]

It works now, than you.

[hhoffstaette]

So for #ad6939d I've now reversed the direction of the changes, i.e. forward-ported the source and added backwards-compatible #defines which I will try to test later. Quick test suggests that the module still works, i.e. scap output looks correct.

[leodido]

This has been fixed by #1621