Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tetragon: Keep map setup in doLoadProgram #2803

Draft
wants to merge 35 commits into
base: main
Choose a base branch
from
Draft

tetragon: Keep map setup in doLoadProgram #2803

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
35 commits
Select commit Hold shift + click to select a range
b2c0801
tetragon: Add PinPath to Map object
olsajiri Jun 16, 2024
8cb85c0
tetragon: Use map pin path for MapLoad interface
olsajiri Feb 24, 2024
75f5fa9
tetragon: Add shared map type fields
olsajiri Feb 21, 2024
77a4f4c
tetragon: Create sensor directory hierarchy
olsajiri Feb 23, 2024
04a0d60
tetragon: Move base sensor maps under new hierarchy
olsajiri Feb 23, 2024
232eca9
tetragon: Move generickprobe sensor maps under new hierarchy
olsajiri Feb 23, 2024
4af530a
tetragon: Move generictracepoint sensor maps under new hierarchy
olsajiri Feb 25, 2024
ea8f6ac
tetragon: Move genericuprobe sensor maps under new hierarchy
olsajiri Feb 25, 2024
490bf57
tetragon: Move genericlsm sensor maps under new hierarchy
olsajiri Jul 19, 2024
c3a6b7a
tetragon: Change generickprobe sensor pin path
olsajiri Feb 24, 2024
2897210
tetragon: Change generictracepoint sensor pin path
olsajiri Feb 25, 2024
d796c1e
tetragon: Change genericuprobe sensor pin path
olsajiri Feb 25, 2024
830ee2c
tetragon: Change genericlsm sensor pin path
olsajiri Jul 19, 2024
69b53fd
tetragon: Move enforcer sensor maps under new hierarchy
olsajiri Feb 25, 2024
abca153
tetragon: Get rid of MapBuilderPin functions
olsajiri Jun 16, 2024
bce8097
tetragon: Sanitize policy name before using it in path
olsajiri Jun 13, 2024
b2414a9
tetragon: Adjust linkPinPath for new hierarchy
olsajiri Jul 9, 2024
4af2d82
tetragon: Add policy argument to SensorBuilder function
olsajiri May 24, 2024
cbe8a47
tetragon: Add tests for map builders
olsajiri Jun 18, 2024
a27381e
tetragon: Add tests for map max entries setup
olsajiri Jun 18, 2024
ff00258
tetragon: Add documentation for maps usage
olsajiri Jun 18, 2024
d844a13
github: Allow extern declarations in c files
olsajiri Aug 19, 2024
fd592e1
tetragon: Add local ebpf version
olsajiri Aug 30, 2024
6307bea
cilium fix
olsajiri Aug 30, 2024
859a2b0
tetragon: Use strict patern in test ReadAvailFuncs calls
olsajiri Aug 16, 2024
19a56bc
tetragon: Fix debug message in observerLoadInstance
olsajiri Aug 17, 2024
97dac0e
tetragon: Add missing calls to DeleteTracingPolicy in kprobe tests
olsajiri Aug 17, 2024
c287d67
tetragon: Disable contents loading in initial map loading
olsajiri Aug 30, 2024
a91aaef
tetragon: Load tail calls directly in execve program
olsajiri Aug 17, 2024
b6272af
tetragon: Load tail calls directly in generickprobe program
olsajiri Aug 19, 2024
506cf61
tetragon: Load tail calls directly in generictracepoint program
olsajiri Aug 19, 2024
3e72eed
tetragon: Load tail calls directly in genericlsm program
olsajiri Aug 19, 2024
4da5bc4
tetragon: Load tail calls directly in genericuprobe program
olsajiri Aug 19, 2024
a788550
tetragon: Remove install tail call machinery
olsajiri Aug 20, 2024
acd4931
tetragon: Allow to override execve tail calls
olsajiri Aug 21, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/checkpatch.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,4 +19,4 @@ jobs:
- name: Run checkpatch.pl
uses: docker://quay.io/cilium/cilium-checkpatch:2f0f4f512e795d5668ea4e7ef0ba85abc75eb225@sha256:f307bf0315954e8b8c31edc1864d949bf211b0c6522346359317d757b5a6cea0
with:
args: "-- --ignore PREFER_DEFINED_ATTRIBUTE_MACRO,C99_COMMENTS,OPEN_ENDED_LINE,PREFER_KERNEL_TYPES,REPEATED_WORD,SPDX_LICENSE_TAG,LONG_LINE,LONG_LINE_STRING,LONG_LINE_COMMENT,TRACE_PRINTK"
args: "-- --ignore PREFER_DEFINED_ATTRIBUTE_MACRO,C99_COMMENTS,OPEN_ENDED_LINE,PREFER_KERNEL_TYPES,REPEATED_WORD,SPDX_LICENSE_TAG,LONG_LINE,LONG_LINE_STRING,LONG_LINE_COMMENT,TRACE_PRINTK,AVOID_EXTERNS"
3 changes: 2 additions & 1 deletion bpf/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,8 @@ PROCESS = bpf_execve_event.o bpf_execve_event_v53.o bpf_fork.o bpf_exit.o bpf_ge
bpf_generic_lsm_v61.o \
bpf_loader.o \
bpf_cgroup.o \
bpf_enforcer.o bpf_multi_enforcer.o bpf_fmodret_enforcer.o
bpf_enforcer.o bpf_multi_enforcer.o bpf_fmodret_enforcer.o \
bpf_map_test_p1.o bpf_map_test_p2.o

CGROUP = bpf_cgroup_mkdir.o bpf_cgroup_rmdir.o bpf_cgroup_release.o
BPFTEST = bpf_lseek.o
Expand Down
18 changes: 14 additions & 4 deletions bpf/process/bpf_execve_event.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,12 +15,22 @@

char _license[] __attribute__((section("license"), used)) = "Dual BSD/GPL";

#ifndef OVERRIDE_TAILCALL
int execve_rate(void *ctx);
int execve_send(void *ctx);

struct {
__uint(type, BPF_MAP_TYPE_PROG_ARRAY);
__uint(max_entries, 2);
__uint(key_size, sizeof(__u32));
__uint(value_size, sizeof(__u32));
} execve_calls SEC(".maps");
__array(values, int(void *));
} execve_calls SEC(".maps") = {
.values = {
[0] = (void *)&execve_rate,
[1] = (void *)&execve_send,
},
};
#endif

#include "data_event.h"

Expand Down Expand Up @@ -273,7 +283,7 @@ event_execve(struct trace_event_raw_sched_process_exec *ctx)
return 0;
}

__attribute__((section("tracepoint/0"), used)) int
__attribute__((section("tracepoint"), used)) int
execve_rate(void *ctx)
{
struct msg_execve_event *msg;
Expand Down Expand Up @@ -318,7 +328,7 @@ void update_mb_bitset(struct binary *bin)
* is to update the pid execve_map entry to reflect the new execve event that
* has already been collected, then send it to the perf buffer.
*/
__attribute__((section("tracepoint/1"), used)) int
__attribute__((section("tracepoint"), used)) int
execve_send(void *ctx)
{
struct msg_execve_event *event;
Expand Down
32 changes: 24 additions & 8 deletions bpf/process/bpf_generic_kprobe.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,12 +25,28 @@ struct {
__type(value, struct msg_generic_kprobe);
} process_call_heap SEC(".maps");

int generic_kprobe_setup_event(void *ctx);
int generic_kprobe_process_event(void *ctx);
int generic_kprobe_process_filter(void *ctx);
int generic_kprobe_filter_arg(void *ctx);
int generic_kprobe_actions(void *ctx);
int generic_kprobe_output(void *ctx);

struct {
__uint(type, BPF_MAP_TYPE_PROG_ARRAY);
__uint(max_entries, 13);
__uint(key_size, sizeof(__u32));
__uint(value_size, sizeof(__u32));
} kprobe_calls SEC(".maps");
__array(values, int(void *));
} kprobe_calls SEC(".maps") = {
.values = {
[0] = (void *)&generic_kprobe_setup_event,
[1] = (void *)&generic_kprobe_process_event,
[2] = (void *)&generic_kprobe_process_filter,
[3] = (void *)&generic_kprobe_filter_arg,
[4] = (void *)&generic_kprobe_actions,
[5] = (void *)&generic_kprobe_output,
},
};

struct {
__uint(type, BPF_MAP_TYPE_HASH);
Expand Down Expand Up @@ -115,7 +131,7 @@ generic_kprobe_event(struct pt_regs *ctx)
return generic_start_process_filter(ctx, &maps);
}

__attribute__((section("kprobe/0"), used)) int
__attribute__((section("kprobe"), used)) int
generic_kprobe_setup_event(void *ctx)
{
return generic_process_event_and_setup(
Expand All @@ -125,7 +141,7 @@ generic_kprobe_setup_event(void *ctx)
(struct bpf_map_def *)data_heap_ptr);
}

__attribute__((section("kprobe/1"), used)) int
__attribute__((section("kprobe"), used)) int
generic_kprobe_process_event(void *ctx)
{
return generic_process_event(ctx,
Expand All @@ -135,7 +151,7 @@ generic_kprobe_process_event(void *ctx)
(struct bpf_map_def *)data_heap_ptr);
}

__attribute__((section("kprobe/2"), used)) int
__attribute__((section("kprobe"), used)) int
generic_kprobe_process_filter(void *ctx)
{
int ret;
Expand All @@ -152,7 +168,7 @@ generic_kprobe_process_filter(void *ctx)
return PFILTER_REJECT;
}

__attribute__((section("kprobe/3"), used)) int
__attribute__((section("kprobe"), used)) int
generic_kprobe_filter_arg(void *ctx)
{
return filter_read_arg(ctx, (struct bpf_map_def *)&process_call_heap,
Expand All @@ -162,13 +178,13 @@ generic_kprobe_filter_arg(void *ctx)
true);
}

__attribute__((section("kprobe/4"), used)) int
__attribute__((section("kprobe"), used)) int
generic_kprobe_actions(void *ctx)
{
return generic_actions(ctx, &maps);
}

__attribute__((section("kprobe/5"), used)) int
__attribute__((section("kprobe"), used)) int
generic_kprobe_output(void *ctx)
{
return generic_output(ctx, (struct bpf_map_def *)&process_call_heap, MSG_OP_GENERIC_KPROBE);
Expand Down
32 changes: 24 additions & 8 deletions bpf/process/bpf_generic_lsm.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,12 +23,28 @@ struct {
__type(value, struct msg_generic_kprobe);
} process_call_heap SEC(".maps");

int generic_lsm_setup_event(void *ctx);
int generic_lsm_process_event(void *ctx);
int generic_lsm_process_filter(void *ctx);
int generic_lsm_filter_arg(void *ctx);
int generic_lsm_actions(void *ctx);
int generic_lsm_output(void *ctx);

struct {
__uint(type, BPF_MAP_TYPE_PROG_ARRAY);
__uint(max_entries, 13);
__uint(key_size, sizeof(__u32));
__uint(value_size, sizeof(__u32));
} lsm_calls SEC(".maps");
__array(values, int(void *));
} lsm_calls SEC(".maps") = {
.values = {
[0] = (void *)&generic_lsm_setup_event,
[1] = (void *)&generic_lsm_process_event,
[2] = (void *)&generic_lsm_process_filter,
[3] = (void *)&generic_lsm_filter_arg,
[4] = (void *)&generic_lsm_actions,
[5] = (void *)&generic_lsm_output,
},
};

struct {
__uint(type, BPF_MAP_TYPE_HASH);
Expand Down Expand Up @@ -97,7 +113,7 @@ generic_lsm_event(struct pt_regs *ctx)
return generic_start_process_filter(ctx, &maps);
}

__attribute__((section("lsm/0"), used)) int
__attribute__((section("lsm"), used)) int
generic_lsm_setup_event(void *ctx)
{
return generic_process_event_and_setup(
Expand All @@ -107,7 +123,7 @@ generic_lsm_setup_event(void *ctx)
(struct bpf_map_def *)data_heap_ptr);
}

__attribute__((section("lsm/1"), used)) int
__attribute__((section("lsm"), used)) int
generic_lsm_process_event(void *ctx)
{
return generic_process_event(ctx,
Expand All @@ -117,7 +133,7 @@ generic_lsm_process_event(void *ctx)
(struct bpf_map_def *)data_heap_ptr);
}

__attribute__((section("lsm/2"), used)) int
__attribute__((section("lsm"), used)) int
generic_lsm_process_filter(void *ctx)
{
int ret;
Expand All @@ -131,7 +147,7 @@ generic_lsm_process_filter(void *ctx)
return PFILTER_REJECT;
}

__attribute__((section("lsm/3"), used)) int
__attribute__((section("lsm"), used)) int
generic_lsm_filter_arg(void *ctx)
{
return filter_read_arg(ctx, (struct bpf_map_def *)&process_call_heap,
Expand All @@ -141,7 +157,7 @@ generic_lsm_filter_arg(void *ctx)
true);
}

__attribute__((section("lsm/4"), used)) int
__attribute__((section("lsm"), used)) int
generic_lsm_actions(void *ctx)
{
generic_actions(ctx, &maps);
Expand All @@ -150,7 +166,7 @@ generic_lsm_actions(void *ctx)
return try_override(ctx);
}

__attribute__((section("lsm/5"), used)) int
__attribute__((section("lsm"), used)) int
generic_lsm_output(void *ctx)
{
generic_output(ctx, (struct bpf_map_def *)&process_call_heap, MSG_OP_GENERIC_LSM);
Expand Down
20 changes: 15 additions & 5 deletions bpf/process/bpf_generic_retkprobe.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,12 +24,22 @@ struct {
__type(value, struct msg_generic_kprobe);
} process_call_heap SEC(".maps");

int generic_retkprobe_filter_arg(struct pt_regs *ctx);
int generic_retkprobe_actions(struct pt_regs *ctx);
int generic_retkprobe_output(struct pt_regs *ctx);

struct {
__uint(type, BPF_MAP_TYPE_PROG_ARRAY);
__uint(max_entries, 6);
__uint(key_size, sizeof(__u32));
__uint(value_size, sizeof(__u32));
} retkprobe_calls SEC(".maps");
__array(values, int(struct pt_regs *));
} retkprobe_calls SEC(".maps") = {
.values = {
[3] = (void *)&generic_retkprobe_filter_arg,
[4] = (void *)&generic_retkprobe_actions,
[5] = (void *)&generic_retkprobe_output,
},
};

struct filter_map_value {
unsigned char buf[FILTER_SIZE];
Expand Down Expand Up @@ -171,7 +181,7 @@ BPF_KRETPROBE(generic_retkprobe_event, unsigned long ret)
return 1;
}

__attribute__((section("kprobe/3"), used)) int
__attribute__((section("kprobe"), used)) int
BPF_KRETPROBE(generic_retkprobe_filter_arg)
{
return filter_read_arg(ctx, (struct bpf_map_def *)&process_call_heap,
Expand All @@ -181,13 +191,13 @@ BPF_KRETPROBE(generic_retkprobe_filter_arg)
false);
}

__attribute__((section("kprobe/4"), used)) int
__attribute__((section("kprobe"), used)) int
BPF_KRETPROBE(generic_retkprobe_actions)
{
return generic_actions(ctx, &maps);
}

__attribute__((section("kprobe/5"), used)) int
__attribute__((section("kprobe"), used)) int
BPF_KRETPROBE(generic_retkprobe_output)
{
return generic_output(ctx, (struct bpf_map_def *)&process_call_heap, MSG_OP_GENERIC_KPROBE);
Expand Down
28 changes: 21 additions & 7 deletions bpf/process/bpf_generic_tracepoint.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,12 +17,26 @@
#include "pfilter.h"
#include "policy_filter.h"

int generic_tracepoint_process_event(void *ctx);
int generic_tracepoint_filter(void *ctx);
int generic_tracepoint_arg(void *ctx);
int generic_tracepoint_actions(void *ctx);
int generic_tracepoint_output(void *ctx);

struct {
__uint(type, BPF_MAP_TYPE_PROG_ARRAY);
__uint(max_entries, 13);
__uint(key_size, sizeof(__u32));
__uint(value_size, sizeof(__u32));
} tp_calls SEC(".maps");
__array(values, int(void *));
} tp_calls SEC(".maps") = {
.values = {
[1] = (void *)&generic_tracepoint_process_event,
[2] = (void *)&generic_tracepoint_filter,
[3] = (void *)&generic_tracepoint_arg,
[4] = (void *)&generic_tracepoint_actions,
[5] = (void *)&generic_tracepoint_output,
},
};

struct {
__uint(type, BPF_MAP_TYPE_PERCPU_ARRAY);
Expand Down Expand Up @@ -230,15 +244,15 @@ generic_tracepoint_event(struct generic_tracepoint_event_arg *ctx)
return 0;
}

__attribute__((section("tracepoint/1"), used)) int
__attribute__((section("tracepoint"), used)) int
generic_tracepoint_process_event(void *ctx)
{
return generic_process_event(ctx, (struct bpf_map_def *)&tp_heap,
(struct bpf_map_def *)&tp_calls,
(struct bpf_map_def *)&config_map, 0);
}

__attribute__((section("tracepoint/2"), used)) int
__attribute__((section("tracepoint"), used)) int
generic_tracepoint_filter(void *ctx)
{
int ret;
Expand All @@ -255,7 +269,7 @@ generic_tracepoint_filter(void *ctx)
return PFILTER_REJECT;
}

__attribute__((section("tracepoint/3"), used)) int
__attribute__((section("tracepoint"), used)) int
generic_tracepoint_arg(void *ctx)
{
return filter_read_arg(ctx, (struct bpf_map_def *)&tp_heap,
Expand All @@ -265,13 +279,13 @@ generic_tracepoint_arg(void *ctx)
true);
}

__attribute__((section("tracepoint/4"), used)) int
__attribute__((section("tracepoint"), used)) int
generic_tracepoint_actions(void *ctx)
{
return generic_actions(ctx, &maps);
}

__attribute__((section("tracepoint/5"), used)) int
__attribute__((section("tracepoint"), used)) int
generic_tracepoint_output(void *ctx)
{
return generic_output(ctx, (struct bpf_map_def *)&tp_heap, MSG_OP_GENERIC_TRACEPOINT);
Expand Down
Loading
Loading