-
-
Save MarioHewardt/5759641727aae880b29c8f715ba4d30f to your computer and use it in GitHub Desktop.
By default, EBPF programs will not run on WSL2 due to required kernel modules missing. The following example error is an | |
indication of this problem: | |
modprobe: ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file '/lib/modules/4.19.84-microso | |
ft-standard/modules.dep.bin' | |
modprobe: FATAL: Module kheaders not found in directory /lib/modules/4.19.84-microsoft-standard | |
chdir(/lib/modules/4.19.84-microsoft-standard/build): No such file or directory | |
To fix this you need to rebuild the WSL2 kernel with the missing kernel modules. The below instructions are for Ubuntu 18.04 WSL2. | |
1. git clone https://github.com/microsoft/WSL2-Linux-Kernel.git | |
2. cd WSL2-Linux-Kernel | |
3. sudo apt install flex bison build-essential libelf-dev libncurses-dev libssl-dev | |
4. cp Microsoft/config-wsl .config | |
5. Add the kernel flags specified in https://github.com/iovisor/bcc/blob/master/INSTALL.md#kernel-configuration to .config | |
6. export KERNELRELEASE=4.19.84-microsoft-standard | |
NOTE: Make sure the version corresponds to the version of WSL2. Run: uname -a | |
7. make KERNELRELEASE=$KERNELRELEASE -j 4 | |
8. make KERNELRELEASE=$KERNELRELEASE modules -j 4 | |
9. sudo make KERNELRELEASE=$KERNELRELEASE modules_install | |
10. (confirm you can see files under /lib/modules/$(uname -r)) | |
11. sudo mount -t debugfs debugfs /sys/kernel/debug (for any apps that uses it since its not mounted by default) |
I still encountered such problem after rebuilding the kernel.
modprobe: FATAL: Module kheaders not found in directory /lib/modules/5.10.102.1-microsoft-standard-WSL2
I still encountered such problem after rebuilding the kernel.
modprobe: FATAL: Module kheaders not found in directory /lib/modules/5.10.102.1-microsoft-standard-WSL2
I have exact same issue also did what they said to do here https://gist.github.com/cerebrate/d40c89d3fa89594e1b1538b2ce9d2720
and I get the same error of modules not found.
tried configuring CONFIG_IKHEADERS=m and also CONFIG_IKHEADERS=y both didn't work
just running make, or the commands listed in steps 7-9 also did not change anything.
I will note that in all trials I did not see anything under /lib/modules/$(uname -r) per step 10
step 11 I do not understand doesn't seem to make a difference either.
also I am sure I am running the custom built kernel as I changed CONFIG_LOCALVERSION to make sure.
Unable to find kernel headers. Try rebuilding kernel with CONFIG_IKHEADERS=m (module) or installing the kernel development package for your running kernel version.
chdir(/lib/modules/5.10.102.1-microsoft-ebpf-WSL2+/build): No such file or directory
This gist was written quite a while ago. If you are still having problems enabling eBPF on WSL2 I would recommend filing an issue in their repo. If I end up trying it again in the future I'll update this gist with any changes that may be needed.
Can anyone give one hello-world demo to verify that bpf program can run on WSL2? In this way, we can troubleshoot that the issue is in bpf program aspect or wsl2 aspect?
Hi @baoqger,
I have a mistake:
FAILED: load BTF from vmlinux: Unknown error -2make: *** [Makefile:1179: vmlinux] Error 255
Has that ever happened to you?
Thank you for the nice and well structured guide, worked without any issues for me. 😃
Hi, @MetaT1an @satanshiro,
Have you tried using the following command
export KERNELRELEASE=$(uname -r)
to replace the original one in https://gist.github.com/MarioHewardt/5759641727aae880b29c8f715ba4d30f#file-enable_ebpf_on_wsl2-L15
For me, I can see the new content in /lib/modules/$(uname -r)
after rebuilding the kernel.
The kernel KERNELRELEASE
should have -WSL2
as the suffix.
@baoqger here is a hello-world i used, and it worked.
#!/usr/bin/python3 from bcc import BPF from time import sleep program = """ BPF_HASH(clones); int hello_world(void *ctx) { u64 uid; u64 counter = 0; u64 *p; uid = bpf_get_current_uid_gid() & 0xFFFFFFFF; p = clones.lookup(&uid); if (p != 0){ counter = *p; } counter++; clones.update(&uid, &counter); return 0; } """ b = BPF(text=program) clone = b.get_syscall_fnname("clone") b.attach_kprobe(event=clone, fn_name="hello_world") b.trace_print() sleep(1000) while True: sleep(2) s = "" if len(b["clones"].items()): for k,v in b["clones"].items(): s += "ID {}: {}\t".format(k.value, v.value) print(s) else: print("No entries yet")
Here is a simpler one:
#!/usr/bin/python3
from bcc import BPF
program = r"""
int hello(void *ctx) {
bpf_trace_printk("Hello World!");
return 0;
}
"""
b = BPF(text=program)
syscall = b.get_syscall_fnname("execve")
b.attach_kprobe(event=syscall, fn_name="hello")
b.trace_print()
then open a second terminal and run any linux command (ls, echo...etc) and you should see in the trace output Hello World
Can anyone give one hello-world demo to verify that bpf program can run on WSL2? In this way, we can troubleshoot that the issue is in bpf program aspect or wsl2 aspect?
Hi @baoqger, I have a mistake:
FAILED: load BTF from vmlinux: Unknown error -2make: *** [Makefile:1179: vmlinux] Error 255
Has that ever happened to you?
Hey, have you ever found a solution to this? I am having the same issue
Can anyone give one hello-world demo to verify that bpf program can run on WSL2? In this way, we can troubleshoot that the issue is in bpf program aspect or wsl2 aspect?
Hi @baoqger, I have a mistake:
FAILED: load BTF from vmlinux: Unknown error -2make: *** [Makefile:1179: vmlinux] Error 255
Has that ever happened to you?
Hey, habe you ever found a solution to this? I am having the same issue
Same :(
I have been trying to unfuck this for several days. This is a tough son of a bitch to solve. I have followed several guides and still FAILED: load BTF from vmlinux: Unknown error -22make: *** [Makefile:1179: vmlinux] Error 255
I successfully launched eBPF following the guide at https://learn.microsoft.com/en-us/community/content/wsl-user-msft-kernel-v6. However, I used Debian which required the installation of the following packages:
sudo apt install git python3 bc dwarves rsync
Additionally, to run the example Python code provided above, I had to install:
sudo apt install bpfcc-tools python3-bpfcc
Running it initially failed, but I managed to fix it by mounting debugfs with the command:
sudo mount -t debugfs debugfs /sys/kernel/debug
Finally, after opening a new Debian terminal, it printed the following:
b' <...>-275 [004] d...1 91.948441: bpf_trace_printk: Hello World!'
b' bash-276 [007] d...1 91.950385: bpf_trace_printk: Hello World!'
b' <...>-277 [007] d...1 94.875099: bpf_trace_printk: Hello World!'
@deadash thank you!
It finally worked even after I tried several guides and got errors every time. I typed usbip and the menu appeared. I got my device to forward to the VM but I cant connect it to WSL1. I can only get WSL1 to work on the VM so im thinking about trying this with rasberrypi instead
Hi, @MetaT1an @satanshiro,
Have you tried using the following command
export KERNELRELEASE=$(uname -r)to replace the original one in https://gist.github.com/MarioHewardt/5759641727aae880b29c8f715ba4d30f#file-enable_ebpf_on_wsl2-L15
For me, I can see the new content in
/lib/modules/$(uname -r)
after rebuilding the kernel.The kernel
KERNELRELEASE
should have-WSL2
as the suffix.
Thank you! It works!
I wrote complete guide in my blog
https://massoudasadiblog.blogspot.com/2024/07/ebpf-on-wsl2-kernel-version-6x-ubuntu.html?m=1
@baoqger here is a hello-world i used, and it worked.