Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tetragon: Keep map setup in doLoadProgram #2803

Draft
wants to merge 35 commits into
base: main
Choose a base branch
from
Draft

tetragon: Keep map setup in doLoadProgram #2803

wants to merge 35 commits into from

Conversation

olsajiri
Copy link
Contributor

wip

@olsajiri olsajiri added the release-note/minor This PR introduces a minor user-visible change label Aug 15, 2024
@olsajiri olsajiri force-pushed the pr/olsajiri/maps branch 15 times, most recently from 699b282 to be45657 Compare August 21, 2024 11:15
@netlify Netlify
Copy link

netlify bot commented Aug 21, 2024

Deploy Preview for tetragon ready!

Name Link
🔨 Latest commit 699b282
🔍 Latest deploy log https://app.netlify.com/sites/tetragon/deploys/66c5cc47e31dcb0008cf1a6c
😎 Deploy Preview https://deploy-preview-2803--tetragon.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@netlify Netlify
Copy link

netlify bot commented Aug 21, 2024
edited
Loading

Deploy Preview for tetragon ready!

Name Link
🔨 Latest commit e24f7f6
🔍 Latest deploy log https://app.netlify.com/sites/tetragon/deploys/66d17a093259660008424d45
😎 Deploy Preview https://deploy-preview-2803--tetragon.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@olsajiri
tetragon: Add PinPath to Map object
b2c0801 
Adding PinPath to Map object to carry path relative to the sysfs
bpf root tetragon tree.

At the moment we have map's Name as a real (bpf object) name and
PinName when we need to pin map under different name.

The PinName will be removed once we move to new hierarchy structure,
but we still need to keep the relative pinned path of the map.

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Use map pin path for MapLoad interface
8cb85c0 
We provide sysfs bpf tetragon root path as pinPathPrefix to the
MapLoad's Load function, so we can provide pin path to possible
inner maps that get loaded.

We are going to introduce new sysfs hierarchy in following changes,
where each map can be placed in specific directory, so the sysfs
root is no longer enough.

Passing map's PinPath through Load's function directly.

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Add shared map type fields
75f5fa9 
Adding map type fields that specify how the map is shared and when
it's placed in the sysfs hierarchy.

  MapTypeGlobal  - under sysfs root, shared with everyone
  MapTypePolicy  - under policy dir, shared within policy
  MapTypeSensor  - under sensor dir, shared within sensor
  MapTypeProgram - under program dir, program specific

  MapTypeGlobal  -> /sys/fs/bpf/tetragon/map-1
  MapTypePolicy  -> /sys/fs/bpf/tetragon/policy-name/map-2
  MapTypeSensor  -> /sys/fs/bpf/tetragon/policy-name/sensor-1/map-3
  MapTypeProgram -> /sys/fs/bpf/tetragon/policy-name/sensor-1/prog-1/map-4

Adding just types at the moment, implementation is coming in
following changes.

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Create sensor directory hierarchy
77a4f4c 
Creating sensor directory hierarchy on sensor loading.

When sensor is loading we:
  - create directory sysfs hierarchy for each program in the sensor
  - assign PinPath for each pinned map in the sensor

Adding PinName to Program object to hold sysfs program name, at the moment
it's initialized same way as the PinPath, but PinPath is changed when the
sensor is loaded to be relative program path from sysfs tetragon root.

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Move base sensor maps under new hierarchy
04a0d60 
Moving execve_calls map under execve program directory, because
it's specific to the program.

The rest of the base sensor maps are kept as global, because they
are shared by all the other sensors.

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Move generickprobe sensor maps under new hierarchy
232eca9 
Moving generickprobe sensor maps under new hierarchy:

per program maps:

  argfilter_maps
  addr4lpm_maps
  addr6lpm_maps
  string_prefix_maps
  string_postfix_maps
  kprobe_calls
  filter_map
  tg_mb_sel_opts
  tg_mb_paths
  stack_trace_map
  config_map
  retkprobe_calls
  override_tasks

per sensor maps:

  fdinstall_map
  retprobe_map
  process_call_heap
  socktrack_map
  ratelimit_map

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Move generictracepoint sensor maps under new hierarchy
4af530a 
Moving generictracepoint sensor maps under new hierarchy.

per program maps:

  tp_calls
  filter_map
  argfilter_maps
  addr4lpm_maps
  addr6lpm_maps
  string_prefix_maps
  string_postfix_maps
  tg_mb_paths
  tg_mb_sel_opts

per sensor maps:

  fdinstall_map

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Move genericuprobe sensor maps under new hierarchy
ea8f6ac 
Moving genericuprobe sensor maps under new hierarchy.

per program maps:

  config_map
  uprobe_calls
  filter_map
  tg_mb_sel_opts

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Move genericlsm sensor maps under new hierarchy
490bf57 
Moving genericlsm sensor maps under new hierarchy:

per program maps:

  config_map
  lsm_calls
  filter_map
  tg_mb_sel_opts
  tg_mb_paths
  argfilter_maps
  addr4lpm_maps
  addr6lpm_maps
  string_maps_%d
  string_prefix_maps
  string_postfix_maps
  process_call_heap

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Change generickprobe sensor pin path
c3a6b7a 
Change the generickprobe sensor pin path for programs
under sysfs hierarchy.

Now the program pin looks like below,
for multi kprobes:

  sigkilltest/gkp-sensor-1/multi_kprobe/prog
  sigkilltest/gkp-sensor-1/multi_retkprobe/prog

for regular kprobes:

  sigkilltest/gkp-sensor-1/__x64_sys_lseek/prog
  sigkilltest/gkp-sensor-1/__x64_sys_lseek_return/prog

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Change generictracepoint sensor pin path
2897210 
Change the generictracepoint sensor pin path for programs
under sysfs hierarchy.

Now the program pin looks like below:

  raw-syscalls/gtp-sensor-1/raw_syscalls:sys_enter/prog

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Change genericuprobe sensor pin path
d796c1e 
Change the genericuprobe sensor pin path for programs
under sysfs hierarchy.

Now the program pin looks like below:

  uprobe/gup-sensor-1/0-readline/prog
  uprobe/gup-sensor-1/1-main/prog

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Change genericlsm sensor pin path
830ee2c 
Change the genericlsm sensor pin path for programs
under sysfs hierarchy.

Now the program pin looks like below:
  lsm-file-open/glsm-sensor-1/file_open/prog

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Move enforcer sensor maps under new hierarchy
69b53fd 
Moving enforcer sensor maps under new hierarchy.

per policy maps:

  enforcer_data

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Get rid of MapBuilderPin functions
abca153 
Removing MapBuilderPin, because it's no longer needed and
removing the pin argument from mapBuilder function.

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Sanitize policy name before using it in path
bce8097 
Policy name is provided by tracing-policy/user. It already has some
restrictions, but let's add at least substitute for '/' characters
for '_' to ensure the path is not mangled.

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Adjust linkPinPath for new hierarchy
b2414a9 
Adjusting linkPinPath for new hierarchy to use program's PinPath directory
with 'link' file name. Plus '_override' suffix for override link.

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Add policy argument to SensorBuilder function
4af2d82 
Adding policy argument to SensorBuilder function so it's
passed to the Sensor object.

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Add tests for map builders
cbe8a47 
Add tests for the map builders, will be likely extended.

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Add tests for map max entries setup
a27381e 
Adding tests for map max entries setup.

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Add documentation for maps usage
ff00258 
Adding some notes in map.go header about maps usage.

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri olsajiri force-pushed the pr/olsajiri/maps branch 2 times, most recently from e24f7f6 to e7d3cfc Compare August 30, 2024 07:52
@olsajiri
github: Allow extern declarations in c files
d844a13 
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Add local ebpf version
fd592e1 
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
cilium fix
6307bea 
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Use strict patern in test ReadAvailFuncs calls
859a2b0 
With current pattern we can match functions with extra suffix
while the expected function is missing, which can happen on
current upstream kernel.

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Fix debug message in observerLoadInstance
19a56bc 
Adding missing spaces to the message.

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Add missing calls to DeleteTracingPolicy in kprobe tests
97dac0e 
We're missing cleanup in some kprobe tests, so we get leftovers
in the tetragon directory, like:

  time="2024-08-17T18:01:54Z" level=info msg="`gkp-sensor-3-multi_kprobe-string_maps_5` still exists after test"
  time="2024-08-17T18:01:54Z" level=info msg="`gkp-sensor-3-multi_kprobe-string_maps_6` still exists after test"
  time="2024-08-17T18:01:54Z" level=info msg="`gkp-sensor-3-multi_kprobe-string_maps_7` still exists after test"

Adding missing DeleteTracingPolicy cleanup call.

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Disable contents loading in initial map loading
c287d67 
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Load tail calls directly in execve program
a91aaef 
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Load tail calls directly in generickprobe program
b6272af 
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Load tail calls directly in generictracepoint program
506cf61 
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Load tail calls directly in genericlsm program
3e72eed 
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Load tail calls directly in genericuprobe program
4da5bc4 
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Remove install tail call machinery
a788550 
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Allow to override execve tail calls
acd4931 
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@willfindlay willfindlay Awaiting requested review from willfindlay willfindlay will be requested when the pull request is marked ready for review willfindlay is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
release-note/minor This PR introduces a minor user-visible change
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@olsajiri