tetragon: Add support for uprobe arguments #1978
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
✅ Deploy Preview for tetragon ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
olsajiri
force-pushed
the
pr/olsajiri/uprobe_args
branch
from
ff1b59a to
dad139a
Compare
olsajiri
changed the title
olsajiri
added
the
release-note/minor
olsajiri
force-pushed
the
pr/olsajiri/uprobe_args
branch
10 times, most recently
from
a3ce6b1 to
733a127
Compare
olsajiri
requested review from
kkourt and
jrfastab
and removed request for
kkourt
mtardy
approved these changes
Jan 22, 2024
There was a problem hiding this comment.
Thanks! I think it would be nice to get another review as I mostly read pretty quickly the PR commit by commit but maybe missed stuff. But the tests and code look good.
But again, I wish I could write PR with commits clearly separated like that, I'm learning from this!
For a follow-up PR it would be good to improve the doc example by retrieving the bash readline argument to show that you can eavesdrop on someone's bash session now that it's possible.
pkg/sensors/tracing/kprobe_test.go
Outdated
There was a problem hiding this comment.
cool thanks for adding a kprobe args test!
kkourt
reviewed
Jan 22, 2024
Renaming argPrinters type to argPrinter which makes more sense to me. Signed-off-by: Jiri Olsa <[email protected]>
Moving argument helpers code to args.go to structure the code better, because it will be used from uprobe code in following changes. Signed-off-by: Jiri Olsa <[email protected]>
Moving argument processing code to args.go structure the code better, because it will be used also from uprobe code. Moving it together with two other helper functions. Signed-off-by: Jiri Olsa <[email protected]>
Moving argument grpc code to getKprobeArgument function, so it can be used from uprobe code in following changes. Signed-off-by: Jiri Olsa <[email protected]>
Adding signed long kprobe argument type, because it's missing and it will be used in uprobe test spec. We already have long_arg in KprobeArgument message and the support in spec and generictypes, we're just missing the processing code. Signed-off-by: Jiri Olsa <[email protected]>
At the moment the smallest value we can read as argument value on bpf side is 32-bit, which might be tricky if rest of the register carrying the argument value is not zeroed out. Adding support to specify 8 and 16 bit values as argument types in the spec and read just the relevant portion of the data. Signed-off-by: Jiri Olsa <[email protected]>
Adding more types to btf compatibility validation after adding and using several new types in previous changes. Signed-off-by: Jiri Olsa <[email protected]>
Adding args array to uprobe spec. Using the KProbeArg object for that, so we can re-use all the arguments code. Signed-off-by: Jiri Olsa <[email protected]>
Adding args field to ProcessUprobe message to carry out the uprobe's arguments. Using the KprobeArgument object for that, so we can re-use all the arguments code. Signed-off-by: Jiri Olsa <[email protected]>
Adding support to process uprobe arguments the same way we do that for kprobes, so we can reuse the code. Using the argPrinter objects to register argument values for uprobe and the decode their values for each event. Adding arguments retrieval code into bpf uprobe event setup code. Signed-off-by: Jiri Olsa <[email protected]>
Adding uprobe test functions for argument values that will be used in following test code. Signed-off-by: Jiri Olsa <[email protected]>
Adding test for uprobe arguments retrieval from all uprobe_test_lib_arg* functions. Signed-off-by: Jiri Olsa <[email protected]>
Adding kprobe args test by hooking bpf_fentry_test[1-5] functions, which have all needed argument types for testing. Signed-off-by: Jiri Olsa <[email protected]>
We now have multiple symbols, not just one. The rest of the documentation wrt argument processing is now correct due to the previous patches. Signed-off-by: Jiri Olsa <[email protected]>
olsajiri
force-pushed
the
pr/olsajiri/uprobe_args
branch
from
733a127 to
dd77b6f
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adding support for argument values in uprobes and factor the code a bit so we could shre the arguments code with kprobes.