Add driver for new hwe ubuntu generic kernel

[gbittenbender]

Was receiving 404 errors from attempting to use a ubuntu-generic HWE kernel. Similar kernel drivers appear to have been built for previous versions, so opening this pull request to create one for my desired kernel

[poiana]

Hi @gbittenbender. Thanks for your PR.

I'm waiting for a falcosecurity member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[poiana]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: gbittenbender
Once this PR has been reviewed and has the lgtm label, please assign maxgio92 for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[FedeDP]

Hi! Thanks for opening this PR! Your commit is missing DCO.

Also, that's weird: we only crawl https://falcosecurity.github.io/kernel-crawler/?arch=x86_64&target=ubuntu&search=5.15.0-124-generic, but cannot find the 134~20.01.1 one. Can you share the ubuntu release?

[gbittenbender]

Hi! Thanks for opening this PR! Your commit is missing DCO.

Also, that's weird: we only crawl https://falcosecurity.github.io/kernel-crawler/?arch=x86_64&target=ubuntu&search=5.15.0-124-generic, but cannot find the 134~20.01.1 one. Can you share the ubuntu release?

Added the DCO.

And yeah, it should be a pretty standard Ubuntu desktop.

[FedeDP]

/ok-to-test

[FedeDP]

Mmmh from your screenshot, i'd expect the added kernel to be:

5.15.0-130-generic
140~20.04.1

[gbittenbender]

Mmmh from your screenshot, i'd expect the added kernel to be:

5.15.0-130-generic
140~20.04.1

Oh good catch! We found this while working on updating a new image, so I must have added the info just from the past version. I'll update since I expect we'll need both.

[FedeDP]

Thanks! Also, can you share your /etc/apt/sources.list file? I would love to understand where is this kernel coming from to fix the ubuntu crawler at https://github.com/falcosecurity/kernel-crawler/blob/main/kernel_crawler/ubuntu.py#L23

[FedeDP]

Isn't this 134~20.04.1 ?
I found this one: https://ubuntu.pkgs.org/20.04/ubuntu-updates-main-amd64/linux-image-5.15.0-130-generic_5.15.0-130.140~20.04.1_amd64.deb.html

[FedeDP]

Oh i opened falcosecurity/kernel-crawler#209; with this fix, i was able to discover the kernel :)
Snippet from the crawled json:

{
      "kernelversion": "140~20.04.1",
      "kernelrelease": "5.15.0-130-hwe",
      "target": "ubuntu-hwe",
      "headers": [
        "http://archive.ubuntu.com/ubuntu/pool/main/l/linux-hwe-5.15/linux-headers-5.15.0-130-generic_5.15.0-130.140~20.04.1_amd64.deb",
        "http://archive.ubuntu.com/ubuntu/pool/main/l/linux-hwe-5.15/linux-hwe-5.15-headers-5.15.0-130_5.15.0-130.140~20.04.1_all.deb"
      ]
    },

[FedeDP]

If that's ok for you, i'd let the other PR get merged and tomorrow morning our automated workflow will crawl the new kernels and then build drivers against them and publish them.

[FedeDP]

/hold

[gbittenbender]

If that's ok for you, i'd let the other PR get merged and tomorrow morning our automated workflow will crawl the new kernels and then build drivers against them and publish them.

Yup, that works for me. Thanks!

[FedeDP]

Hey, I Just merged #1739 with the latest crawled kernels.
The drivers should be up in a couple of hours (time to build and publish them!)

Thanks again for reporting the missing driver!
/close

[poiana]

@FedeDP: Closed this PR.

In response to this:

Hey, I Just merged #1739 with the latest crawled kernels.
The drivers should be up in a couple of hours (time to build and publish them!)

Thanks again for reporting the missing driver!
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[FedeDP]

Oh i forgot that we don't support ubuntu-hwe prebuilt drivers :/
We only support:

• ubuntu-aws
• ubuntu-gke
• ubuntu-azure
• ubuntu-generic
• ubuntu-gcp

After all, if you are on 5.15, you can use the modern ebpf driver that does not require any external driver download since it is embedded in the Falco binary itself (indeed, latest Falco should already default at it).