tetragon: Rename killer to enforcer

api/v1/tetragon/tetragon.proto

@@ -436,8 +436,8 @@ enum KprobeAction {
 	KPROBE_ACTION_TRACKSOCK   = 11;
     // UntrackSock action un-tracks socket.
 	KPROBE_ACTION_UNTRACKSOCK = 12;
-    // NotifyKiller action notifies killer sensor.
-	KPROBE_ACTION_NOTIFYKILLER = 13;
+    // NotifyEnforcer action notifies killer sensor.
+	KPROBE_ACTION_NOTIFYENFORCER = 13;
 }
 
 message ProcessKprobe {

bpf/Makefile

@@ -26,7 +26,7 @@ PROCESS = bpf_execve_event.o bpf_execve_event_v53.o bpf_fork.o bpf_exit.o bpf_ge
 	  bpf_multi_kprobe_v511.o bpf_multi_retkprobe_v511.o \
 	  bpf_generic_uprobe_v511.o \
 	  bpf_loader.o \
-	  bpf_killer.o bpf_multi_killer.o bpf_fmodret_killer.o
+	  bpf_enforcer.o bpf_multi_enforcer.o bpf_fmodret_enforcer.o
 
 CGROUP = bpf_cgroup_mkdir.o bpf_cgroup_rmdir.o bpf_cgroup_release.o
 BPFTEST = bpf_lseek.o bpf_globals.o
@@ -82,27 +82,27 @@ $(DEPSDIR)%.d: $(ALIGNCHECKERDIR)%.c
 	$(CLANG) $(CLANG_FLAGS) -MM -MP -MT $(patsubst $(DEPSDIR)%.d, $(OBJSDIR)%.ll, $@)   $< > $@
 
 
-# Killer programs: bpf_killer, bpf_multi_killer, bpf_fmodret_killer
+# Enforcer programs: bpf_enforcer, bpf_multi_enforcer, bpf_fmodret_enforcer
 
-## bpf_killer: __BPF_OVERRIDE_RETURN, but no __MULTI_KPROBE
-objs/bpf_killer.ll: process/bpf_killer.c
+## bpf_enforcer: __BPF_OVERRIDE_RETURN, but no __MULTI_KPROBE
+objs/bpf_enforcer.ll: process/bpf_enforcer.c
 	$(CLANG) $(CLANG_FLAGS) -D__BPF_OVERRIDE_RETURN -c $< -o $@
 
-$(DEPSDIR)bpf_killer.d: process/bpf_killer.c
+$(DEPSDIR)bpf_enforcer.d: process/bpf_enforcer.c
 	$(CLANG) $(CLANG_FLAGS) -D__BPF_OVERRIDE_RETURN -MM -MP -MT $(patsubst $(DEPSDIR)%.d, $(OBJSDIR)%.ll, $@) $< > $@
 
-## bpf_multi_killer: __BPF_OVERRIDE_RETURN and __MULTI_KPROBE
-objs/bpf_multi_killer.ll: process/bpf_killer.c
+## bpf_multi_enforcer: __BPF_OVERRIDE_RETURN and __MULTI_KPROBE
+objs/bpf_multi_enforcer.ll: process/bpf_enforcer.c
 	$(CLANG) $(CLANG_FLAGS) -D__BPF_OVERRIDE_RETURN -D__MULTI_KPROBE -c $< -o $@
 
-$(DEPSDIR)/bpf_multi_killer.d: process/bpf_killer.c
+$(DEPSDIR)/bpf_multi_enforcer.d: process/bpf_enforcer.c
 	$(CLANG) $(CLANG_FLAGS) -D__BPF_OVERRIDE_RETURN -D__MULTI_KPROBE -MM -MP -MT $(patsubst $(DEPSDIR)%.d, $(OBJSDIR)%.ll, $@) $< > $@
 
-## bpf_fmodret_killer no bpf_override_return: we need fmod_ret
-objs/bpf_fmodret_killer.ll: process/bpf_killer.c
+## bpf_fmodret_enforcer no bpf_override_return: we need fmod_ret
+objs/bpf_fmodret_enforcer.ll: process/bpf_enforcer.c
 	$(CLANG) $(CLANG_FLAGS) -c $< -o $@
 
-$(DEPSDIR)/bpf_fmodret_killer.d: process/bpf_killer.c
+$(DEPSDIR)/bpf_fmodret_enforcer.d: process/bpf_enforcer.c
 	$(CLANG) $(CLANG_FLAGS) -MM -MP -MT $(patsubst $(DEPSDIR)%.d, $(OBJSDIR)%.ll, $@) $< > $@
 
 # PROCESSDIR

bpf/process/bpf_killer.c → bpf/process/bpf_enforcer.c

@@ -1,40 +1,40 @@
-#include "bpf_killer.h"
+#include "bpf_enforcer.h"
 
 char _license[] __attribute__((section("license"), used)) = "Dual BSD/GPL";
 
 static inline __attribute__((always_inline)) int
-do_killer(void *ctx)
+do_enforcer(void *ctx)
 {
 	__u64 id = get_current_pid_tgid();
-	struct killer_data *data;
+	struct enforcer_data *data;
 
-	data = map_lookup_elem(&killer_data, &id);
+	data = map_lookup_elem(&enforcer_data, &id);
 	if (!data)
 		return 0;
 
 	if (data->signal)
 		send_signal(data->signal);
 
-	map_delete_elem(&killer_data, &id);
+	map_delete_elem(&enforcer_data, &id);
 	return data->error;
 }
 
 #if defined(__BPF_OVERRIDE_RETURN)
 
 #ifdef __MULTI_KPROBE
-#define MAIN "kprobe.multi/killer"
-#define FUNC kprobe_multi_killer
+#define MAIN "kprobe.multi/enforcer"
+#define FUNC kprobe_multi_enforcer
 #else
-#define MAIN "kprobe/killer"
-#define FUNC kprobe_killer
+#define MAIN "kprobe/enforcer"
+#define FUNC kprobe_enforcer
 #endif
 
 __attribute__((section(MAIN), used)) int
 FUNC(void *ctx)
 {
 	long ret;
 
-	ret = do_killer(ctx);
+	ret = do_enforcer(ctx);
 	if (ret)
 		override_return(ctx, ret);
 
@@ -47,9 +47,9 @@ FUNC(void *ctx)
  * in normal run the function is set by tetragon dynamically.
  */
 __attribute__((section("fmod_ret/security_task_prctl"), used)) long
-fmodret_killer(void *ctx)
+fmodret_enforcer(void *ctx)
 {
-	return do_killer(ctx);
+	return do_enforcer(ctx);
 }
 
 #endif

bpf/process/bpf_killer.h → bpf/process/bpf_enforcer.h

@@ -1,13 +1,13 @@
 // SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
 /* Copyright Authors of Cilium */
 
-#ifndef __KILLER_H__
-#define __KILLER_H__
+#ifndef __ENFORCER_H__
+#define __ENFORCER_H__
 
 #include "vmlinux.h"
 #include "bpf_helpers.h"
 
-struct killer_data {
+struct enforcer_data {
 	__s16 error;
 	__s16 signal;
 };
@@ -16,25 +16,25 @@ struct {
 	__uint(type, BPF_MAP_TYPE_HASH);
 	__uint(max_entries, 32768);
 	__type(key, __u64);
-	__type(value, struct killer_data);
-} killer_data SEC(".maps");
+	__type(value, struct enforcer_data);
+} enforcer_data SEC(".maps");
 
 static inline __attribute__((always_inline)) void
-do_killer_action(int error, int signal)
+do_enforcer_action(int error, int signal)
 {
 	__u64 id = get_current_pid_tgid();
-	struct killer_data *ptr, data = {
+	struct enforcer_data *ptr, data = {
 		.error = (__s16)error,
 		.signal = (__s16)signal,
 	};
 
-	ptr = map_lookup_elem(&killer_data, &id);
+	ptr = map_lookup_elem(&enforcer_data, &id);
 	if (ptr) {
 		ptr->error = (__s16)error;
 		ptr->signal = (__s16)signal;
 	} else {
-		map_update_elem(&killer_data, &id, &data, BPF_ANY);
+		map_update_elem(&enforcer_data, &id, &data, BPF_ANY);
 	}
 }
 
-#endif /* __KILLER_H__ */
+#endif /* __ENFORCER_H__ */

bpf/process/types/basic.h

@@ -20,7 +20,7 @@
 #include "../string_maps.h"
 #include "common.h"
 #include "process/data_event.h"
-#include "process/bpf_killer.h"
+#include "process/bpf_enforcer.h"
 
 /* Type IDs form API with user space generickprobe.go */
 enum {
@@ -2218,12 +2218,12 @@ struct {
 
 #if defined GENERIC_TRACEPOINT || defined GENERIC_KPROBE
 static inline __attribute__((always_inline)) void
-do_action_notify_killer(int error, int signal)
+do_action_notify_enforcer(int error, int signal)
 {
-	do_killer_action(error, signal);
+	do_enforcer_action(error, signal);
 }
 #else
-#define do_action_notify_killer(error, signal)
+#define do_action_notify_enforcer(error, signal)
 #endif
 
 static inline __attribute__((always_inline)) __u32
@@ -2312,7 +2312,7 @@ do_action(void *ctx, __u32 i, struct msg_generic_kprobe *e,
 	case ACTION_NOTIFY_KILLER:
 		error = actions->act[++i];
 		signal = actions->act[++i];
-		do_action_notify_killer(error, signal);
+		do_action_notify_enforcer(error, signal);
 		break;
 	default:
 		break;

contrib/tester-progs/Makefile

@@ -18,16 +18,16 @@ PROGS = sigkill-tester \
 	threads-tester \
 	bench-reader \
 	threads-exit \
-	killer-tester \
+	enforcer-tester \
 	drop-privileges \
 	getcpu \
 	direct-write-tester \
 	change-capabilities
 
-# For now killer-tester is compiled to 32-bit only on x86_64 as we want
+# For now enforcer-tester is compiled to 32-bit only on x86_64 as we want
 # to test 32-bit binaries and system calls compatibility layer.
 ifeq ($(shell uname -m),x86_64)
-	PROGS += killer-tester-32
+	PROGS += enforcer-tester-32
 endif
 
 all: $(PROGS)
@@ -79,7 +79,7 @@ uprobe-test-2: uprobe-test-1
 
 # -m32 is an x86_64 flag.
 # NB(kkourt) we compile this as static to avoid the need for ia32 libs in VMs
-killer-tester-32: killer-tester.c
+enforcer-tester-32: enforcer-tester.c
 	$(GCC) -Wall -m32 -static $< -o $@
 
 lseek-pipe: FORCE