Create separate build tags for different arch (#21086)

Test ARM64 assets build Use all available cores when building Clang Add test trigger Update assets buildbox name Build all dependencies on ARM64 including BPF
2024-10-19 08:43:58 +00:00 · 2023-02-23 12:11:50 -05:00 · 2023-02-23 12:11:50 -05:00 · 1b0b30e447
parent 91eb3c6bbc
commit 1b0b30e447
6 changed files with 223192 additions and 121052 deletions
--- a/14
+++ b/14
@ -82,14 +82,15 @@ BPF_MESSAGE := without-BPF-support
 # have compilation issues that require fixing.
 with_bpf := no
 ifeq ("$(OS)","linux")
-ifeq ("$(ARCH)","amd64")
+# True if $ARCH == amd64 || $ARCH == arm64
+ifneq (,$(filter "$(ARCH)","amd64" "arm64"))
 ifneq ("$(wildcard /usr/libbpf-${LIBBPF_VER}/include/bpf/bpf.h)","")
 with_bpf := yes
 BPF_TAG := bpf
 BPF_MESSAGE := with-BPF-support
 CLANG ?= $(shell which clang || which clang-10)
 LLVM_STRIP ?= $(shell which llvm-strip || which llvm-strip-10)
-KERNEL_ARCH := $(shell uname -m | sed 's/x86_64/x86/')
+KERNEL_ARCH := $(shell uname -m | sed 's/x86_64/x86/g; s/aarch64/arm64/g')
 INCLUDES :=
 ER_BPF_BUILDDIR := lib/bpf/bytecode
 RS_BPF_BUILDDIR := lib/restrictedsession/bytecode
@ -241,7 +242,8 @@ IS_NATIVE_BUILD ?= $(if $(filter $(ARCH), $(shell go env GOARCH)),"yes","no")

 # Set CGOFLAG and BUILDFLAGS as needed for the OS/ARCH.
 ifeq ("$(OS)","linux")
-ifeq ("$(ARCH)","amd64")
+# True if $ARCH == amd64 || $ARCH == arm64
+ifneq (,$(filter "$(ARCH)","amd64" "arm64"))
 # Link static version of libraries required by Teleport (bpf, pcsc) to reduce system dependencies. Avoid dependencies on dynamic libraries if we already link the static version using --as-needed.
 CGOFLAG = CGO_ENABLED=1 CGO_CFLAGS="-I/usr/libbpf-${LIBBPF_VER}/include" CGO_LDFLAGS="-Wl,-Bstatic $(STATIC_LIBS) -Wl,-Bdynamic -Wl,--as-needed"
 CGOFLAG_TSH = CGO_ENABLED=1 CGO_LDFLAGS="-Wl,-Bstatic $(STATIC_LIBS_TSH) -Wl,-Bdynamic -Wl,--as-needed"
@ -250,12 +252,6 @@ else ifeq ("$(ARCH)","arm")
 CGOFLAG = CGO_ENABLED=1 CC=arm-linux-gnueabihf-gcc
 # Add -debugtramp=2 to work around 24 bit CALL/JMP instruction offset.
 BUILDFLAGS = $(ADDFLAGS) -ldflags '-w -s -debugtramp=2' -trimpath
-else ifeq ("$(ARCH)","arm64")
-# ARM64 requires CGO but does not need to do any special linkage due to its reduced featureset
-CGOFLAG = CGO_ENABLED=1
-
-# If we 're not guaranteed to be building natively on an arm64 system, then we'll
-# need to configure the cross compiler.
 ifeq ($(IS_NATIVE_BUILD),"no")
 CGOFLAG += CC=aarch64-linux-gnu-gcc
 endif
--- a/bpf/arm64/vmlinux.h
+++ b/bpf/arm64/vmlinux.h
--- a/bpf/enhancedrecording/disk.bpf.c
+++ b/bpf/enhancedrecording/disk.bpf.c
@ -111,6 +111,9 @@ int tracepoint__syscalls__sys_exit_creat(struct trace_event_raw_sys_exit *tp)
    return exit_open(tp->ret);
 }

+// ARM64 does not implement sys_enter_open only sys_enter_openat. x86 implements it for legacy reasons.
+#ifndef __TARGET_ARCH_arm64
+
 SEC("tp/syscalls/sys_enter_open")
 int tracepoint__syscalls__sys_enter_open(struct trace_event_raw_sys_enter *tp)
 {
@ -120,6 +123,8 @@ int tracepoint__syscalls__sys_enter_open(struct trace_event_raw_sys_enter *tp)
    return enter_open(filename, flags);
 };

+#endif // __aarch64__
+
 SEC("tp/syscalls/sys_exit_open")
 int tracepoint__syscalls__sys_exit_open(struct trace_event_raw_sys_exit *tp)
 {
--- a/bpf/vmlinux.h
+++ b/bpf/vmlinux.h
--- a/bpf/x86/vmlinux.h
+++ b/bpf/x86/vmlinux.h
--- a/lib/bpf/disk.go
+++ b/lib/bpf/disk.go
@ -21,6 +21,7 @@ package bpf

 import (
 	_ "embed"
+	"runtime"
 	"unsafe"

 	"github.com/aquasecurity/libbpfgo"
@ -110,7 +111,12 @@ func startOpen(bufferSize int) (*open, error) {
 		return nil, trace.Wrap(err)
 	}

-	syscalls := []string{"open", "openat", "openat2"}
+	syscalls := []string{"openat", "openat2"}
+
+	if runtime.GOARCH != "arm64" {
+		// open is not implemented on arm64.
+		syscalls = append(syscalls, "open")
+	}

 	for _, syscall := range syscalls {
 		if err = AttachSyscallTracepoint(o.module, syscall); err != nil {