-
Notifications
You must be signed in to change notification settings - Fork 380
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tetragon: Keep map setup in doLoadProgram #2803
Draft
olsajiri
wants to merge
35
commits into
main
Choose a base branch
from
pr/olsajiri/maps
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Draft
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
olsajiri
added
the
release-note/minor
This PR introduces a minor user-visible change
label
Aug 15, 2024
olsajiri
force-pushed
the
pr/olsajiri/maps
branch
15 times, most recently
from
August 21, 2024 11:15
699b282
to
be45657
Compare
✅ Deploy Preview for tetragon ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
✅ Deploy Preview for tetragon ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
Adding PinPath to Map object to carry path relative to the sysfs bpf root tetragon tree. At the moment we have map's Name as a real (bpf object) name and PinName when we need to pin map under different name. The PinName will be removed once we move to new hierarchy structure, but we still need to keep the relative pinned path of the map. Signed-off-by: Jiri Olsa <[email protected]>
We provide sysfs bpf tetragon root path as pinPathPrefix to the MapLoad's Load function, so we can provide pin path to possible inner maps that get loaded. We are going to introduce new sysfs hierarchy in following changes, where each map can be placed in specific directory, so the sysfs root is no longer enough. Passing map's PinPath through Load's function directly. Signed-off-by: Jiri Olsa <[email protected]>
Adding map type fields that specify how the map is shared and when it's placed in the sysfs hierarchy. MapTypeGlobal - under sysfs root, shared with everyone MapTypePolicy - under policy dir, shared within policy MapTypeSensor - under sensor dir, shared within sensor MapTypeProgram - under program dir, program specific MapTypeGlobal -> /sys/fs/bpf/tetragon/map-1 MapTypePolicy -> /sys/fs/bpf/tetragon/policy-name/map-2 MapTypeSensor -> /sys/fs/bpf/tetragon/policy-name/sensor-1/map-3 MapTypeProgram -> /sys/fs/bpf/tetragon/policy-name/sensor-1/prog-1/map-4 Adding just types at the moment, implementation is coming in following changes. Signed-off-by: Jiri Olsa <[email protected]>
Creating sensor directory hierarchy on sensor loading. When sensor is loading we: - create directory sysfs hierarchy for each program in the sensor - assign PinPath for each pinned map in the sensor Adding PinName to Program object to hold sysfs program name, at the moment it's initialized same way as the PinPath, but PinPath is changed when the sensor is loaded to be relative program path from sysfs tetragon root. Signed-off-by: Jiri Olsa <[email protected]>
Moving execve_calls map under execve program directory, because it's specific to the program. The rest of the base sensor maps are kept as global, because they are shared by all the other sensors. Signed-off-by: Jiri Olsa <[email protected]>
Moving generickprobe sensor maps under new hierarchy: per program maps: argfilter_maps addr4lpm_maps addr6lpm_maps string_prefix_maps string_postfix_maps kprobe_calls filter_map tg_mb_sel_opts tg_mb_paths stack_trace_map config_map retkprobe_calls override_tasks per sensor maps: fdinstall_map retprobe_map process_call_heap socktrack_map ratelimit_map Signed-off-by: Jiri Olsa <[email protected]>
Moving generictracepoint sensor maps under new hierarchy. per program maps: tp_calls filter_map argfilter_maps addr4lpm_maps addr6lpm_maps string_prefix_maps string_postfix_maps tg_mb_paths tg_mb_sel_opts per sensor maps: fdinstall_map Signed-off-by: Jiri Olsa <[email protected]>
Moving genericuprobe sensor maps under new hierarchy. per program maps: config_map uprobe_calls filter_map tg_mb_sel_opts Signed-off-by: Jiri Olsa <[email protected]>
Moving genericlsm sensor maps under new hierarchy: per program maps: config_map lsm_calls filter_map tg_mb_sel_opts tg_mb_paths argfilter_maps addr4lpm_maps addr6lpm_maps string_maps_%d string_prefix_maps string_postfix_maps process_call_heap Signed-off-by: Jiri Olsa <[email protected]>
Change the generickprobe sensor pin path for programs under sysfs hierarchy. Now the program pin looks like below, for multi kprobes: sigkilltest/gkp-sensor-1/multi_kprobe/prog sigkilltest/gkp-sensor-1/multi_retkprobe/prog for regular kprobes: sigkilltest/gkp-sensor-1/__x64_sys_lseek/prog sigkilltest/gkp-sensor-1/__x64_sys_lseek_return/prog Signed-off-by: Jiri Olsa <[email protected]>
Change the generictracepoint sensor pin path for programs under sysfs hierarchy. Now the program pin looks like below: raw-syscalls/gtp-sensor-1/raw_syscalls:sys_enter/prog Signed-off-by: Jiri Olsa <[email protected]>
Change the genericuprobe sensor pin path for programs under sysfs hierarchy. Now the program pin looks like below: uprobe/gup-sensor-1/0-readline/prog uprobe/gup-sensor-1/1-main/prog Signed-off-by: Jiri Olsa <[email protected]>
Change the genericlsm sensor pin path for programs under sysfs hierarchy. Now the program pin looks like below: lsm-file-open/glsm-sensor-1/file_open/prog Signed-off-by: Jiri Olsa <[email protected]>
Moving enforcer sensor maps under new hierarchy. per policy maps: enforcer_data Signed-off-by: Jiri Olsa <[email protected]>
Removing MapBuilderPin, because it's no longer needed and removing the pin argument from mapBuilder function. Signed-off-by: Jiri Olsa <[email protected]>
Policy name is provided by tracing-policy/user. It already has some restrictions, but let's add at least substitute for '/' characters for '_' to ensure the path is not mangled. Signed-off-by: Jiri Olsa <[email protected]>
Adjusting linkPinPath for new hierarchy to use program's PinPath directory with 'link' file name. Plus '_override' suffix for override link. Signed-off-by: Jiri Olsa <[email protected]>
Adding policy argument to SensorBuilder function so it's passed to the Sensor object. Signed-off-by: Jiri Olsa <[email protected]>
Add tests for the map builders, will be likely extended. Signed-off-by: Jiri Olsa <[email protected]>
Adding tests for map max entries setup. Signed-off-by: Jiri Olsa <[email protected]>
Adding some notes in map.go header about maps usage. Signed-off-by: Jiri Olsa <[email protected]>
olsajiri
force-pushed
the
pr/olsajiri/maps
branch
2 times, most recently
from
August 30, 2024 07:52
e24f7f6
to
e7d3cfc
Compare
Signed-off-by: Jiri Olsa <[email protected]>
Signed-off-by: Jiri Olsa <[email protected]>
Signed-off-by: Jiri Olsa <[email protected]>
With current pattern we can match functions with extra suffix while the expected function is missing, which can happen on current upstream kernel. Signed-off-by: Jiri Olsa <[email protected]>
Adding missing spaces to the message. Signed-off-by: Jiri Olsa <[email protected]>
We're missing cleanup in some kprobe tests, so we get leftovers in the tetragon directory, like: time="2024-08-17T18:01:54Z" level=info msg="`gkp-sensor-3-multi_kprobe-string_maps_5` still exists after test" time="2024-08-17T18:01:54Z" level=info msg="`gkp-sensor-3-multi_kprobe-string_maps_6` still exists after test" time="2024-08-17T18:01:54Z" level=info msg="`gkp-sensor-3-multi_kprobe-string_maps_7` still exists after test" Adding missing DeleteTracingPolicy cleanup call. Signed-off-by: Jiri Olsa <[email protected]>
Signed-off-by: Jiri Olsa <[email protected]>
Signed-off-by: Jiri Olsa <[email protected]>
Signed-off-by: Jiri Olsa <[email protected]>
Signed-off-by: Jiri Olsa <[email protected]>
Signed-off-by: Jiri Olsa <[email protected]>
Signed-off-by: Jiri Olsa <[email protected]>
Signed-off-by: Jiri Olsa <[email protected]>
Signed-off-by: Jiri Olsa <[email protected]>
olsajiri
force-pushed
the
pr/olsajiri/maps
branch
from
August 30, 2024 07:54
e7d3cfc
to
acd4931
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
wip