my experience with kernel lockdown and eBFP

I’m running Ubuntu Linux on Dell Latitude 7390 and was extremely baffled when suddenly I couldn’t run any of eBPF tools. Even running as root I received this:

Error creating map: '@curfreq': Operation not permitted
Error creating map: '@process_mhz': Operation not permitted
Error creating map: '@system_mhz': Operation not permitted
Error creating printf map: Operation not permitted
Creation of the required BPF maps has failed.
Make sure you have all the required permissions and are not confined (e.g. like
snapcraft does). `dmesg` will likely have useful output for further troubleshooting

Quick googling pointed me to the root cause – kernel lockdown, the mode which is activated by Secureboot. In the past it was still possible to disable lockdown from command line:

echo 1 > /proc/sys/kernel/sysrq
echo x > /proc/sysrq-trigger

But now this option has been disabled and it’s no longer possible to turn lockdown off through sysrq-trigger. If you try these two commands today nothing would change except for the following message in dmesg:

[Sun Mar 15 14:07:19 2020] This sysrq operation is disabled from userspace.

As far as I know there are three options left:
1. Disable secure boot in UEFI
2. Use Alt+SysRq everytime after reboot
3. sudo mokutil –disable-validation

As a dirty hack I’ve used Alt+SysRq option so far. Btw, to initiate Alt+SysRq on Dell 7390 I had to:
1. Press Fn+Esc to enable function keys
2. Press Alt+PrtScr+x to disable lockdown

Check dmesg to confirm it worked:

[Sun Mar 15 14:11:28 2020] sysrq: Disabling Secure Boot restrictions
[Sun Mar 15 14:11:28 2020] Lifting lockdown

Finally, I’d highly recommend to read Brendan Gregg’s comment regarding lockdown and it’s impact.

Stay cool and stay unlocked!

Posted on March 15, 2020 at 2:09 pm by sergeyt · Permalink · Leave a comment
In: BPF, Linux

Christmas gifts 2020 already in house

It all started with a long awaited book by Brendan Gregg “BPF Performance Tools” that I decided to purchase directly from since didn’t have it in store and it wasn’t clear at all when they would have one.

Then another day I found this in my mail box:

With a couple of cute stickers generously sent by and kindly packed by
Bryan Cantrill’s family

Time for learning and sticking out ;-)

Posted on March 1, 2020 at 1:37 pm by sergeyt · Permalink · Leave a comment
In: Life

My trivial Linux kernel module in Rust

Couple of weeks ago had a chance to participate in a small gig at work that offered a chance to try Rust as a language for wringing Linux kernel module. It was a steep learning experience which made it super fun. Huge shout out to folks behind linux-kernel-module-rust framework without whom nothing would be possible.

Below is the result:

Posted on February 12, 2020 at 10:56 am by sergeyt · Permalink · Leave a comment
In: Linux, Programming

Time to learn something OSX new

Received Volume I and II back in December 2019 and before that had been craving to own them for quite a while. The catalyst that finally motivated me to buy one was the final call or, more correctly, a tweet. I’ve quickly gleaned through the books and the depth of the material was impressive and intimidating at the same time. But for lifelong leaner like me this is the reason I bought them in the first place.

Posted on February 2, 2020 at 12:39 pm by sergeyt · Permalink · Leave a comment
In: Apple, OSX

Finished “Permanent Record”

Just turned the final page of Permanent Record and, not taking into account that I haven’t read a real physical book for quite a while, must say this one was thrillingly riveting. The world would’ve been undoubtedly a better place had we had more Snowdens among us.

Posted on February 1, 2020 at 5:25 pm by sergeyt · Permalink · Leave a comment
In: Life

python-bpfcc on Ubuntu 19.10 misses PerfEventArray due to an outdated bpfcc-tools

If you, like me, follow bcc Python Developer Tutorial, to sharpen bpf skills you might hit the same snag as I did when I was trying to implement a solution for lesson 8:

Traceback (most recent call last):
  File "_ctypes/callbacks.c", line 315, in 'calling callback function'
  File "/usr/lib/python2.7/dist-packages/bcc/", line 572, in raw_cb_
    callback(cpu, data, size)
  File "./", line 69, in print_event
    event = b["events"].event(data)
AttributeError: 'PerfEventArray' object has no attribute 'event'

Lesson 7 doesn’t work and fails with the same error.
Originally, one had to use ctypes to define the event data structure in Python but this PR changed that. So now perf event data structure in Python is auto-generated. The code for leasson 8 has been updated accordingly as well

However bpf which is shipped with Ubuntu 19.10 is outdated, version 0.8.0-4 versus 0.12.0 as of this writing, and the only way around is to keep using ctypes, or build the tool chain from source due to a known bug

Posted on January 13, 2020 at 4:35 pm by sergeyt · Permalink · Leave a comment
In: BPF, Linux

Thumbs up to creators of

First of all – I’m not a shill but just an ordinary satisfied user of the service. Wonder if all stoogy sponsored testimonial starts like this ;-)
Anyway, recently, I’ve been trying to improve my coding skills and found that just doing exercises on was not enough for me. I was definitely missing some bigger picture and had unstructured way of thinking.
Luckily for me I came across that, to be honest, hasn’t solved all my problems and hasn’t yet helped to land my dream job but nevertheless has greatly improved my overall apprehension and allowed to improve self-confidence. What attracts me the most is that with algoexpert you don’t only have the questions and the answers but also the concise and at the same time highly details conceptual explanation of every problem. That helps to build fundamental knowledge which is essential for the coding interview.
I’d highly encourage to check out some free questions on their website to see it for yourself.
Good luck!

Posted on January 4, 2020 at 4:12 pm by sergeyt · Permalink · Leave a comment
In: Life

Checkout a single file from Git repo

This one going to be quick and putting here just for future reference.

Checkout a single file from Git without cloning whole repo


git archive --prefix=config/ HEAD:app/config/ config.yaml | (cd /usr/local/app && tar xf -)
Posted on September 6, 2019 at 7:20 am by sergeyt · Permalink · Leave a comment
In: Git

Clawfinger memories 2018

This is from 25 years DDB show in Alkmaar, Netherlands.

Posted on December 25, 2018 at 8:57 pm by sergeyt · Permalink · Leave a comment
In: Life

ROP interactive guide for beginners by Vetle Økland

Just yesterday came on a post on reddit that pointed me to an amazing “Interactive Beginner’s Guide to ROP”. It’s nicely worded and has a couple of puzzles which I, as a total newbie, found very exciting. Leaving the solutions below for a later me…

Posted on December 19, 2018 at 10:44 am by sergeyt · Permalink · Leave a comment
In: Security