Skip to content

Commit

Permalink
fix
Browse files Browse the repository at this point in the history 
Signed-off-by: Jiri Olsa <[email protected]>
  • Loading branch information
@olsajiri
olsajiri committed Aug 16, 2024
1 parent c2f3dbd commit 74db29a
Show file tree
Hide file tree
Showing 5 changed files with 104 additions and 105 deletions.
2 changes: 1 addition & 1 deletion cmd/tetra/dump/dump.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ func New() *cobra.Command {
}

func execveMapCmd() *cobra.Command {
mapFname := filepath.Join(defaults.DefaultMapRoot, defaults.DefaultMapPrefix, base.ExecveMap.Name)
mapFname := filepath.Join(defaults.DefaultMapRoot, defaults.DefaultMapPrefix, base.GetExecveMap().Name)
ret := &cobra.Command{
Use: "execve",
Short: "dump execve map",
Expand Down
4 changes: 2 additions & 2 deletions cmd/tetragon/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -484,8 +484,8 @@ func tetragonExecute() error {
initialSensor.Unload()
}()

cgrouprate.NewCgroupRate(ctx, pm, base.CgroupRateMap, &option.Config.CgroupRate)
cgrouprate.Config(base.CgroupRateOptionsMap)
cgrouprate.NewCgroupRate(ctx, pm, base.GetCgroupRateMap(), &option.Config.CgroupRate)
cgrouprate.Config(base.GetCgroupRateOptionsMap())

// now that the base sensor was loaded, we can start the sensor manager
close(sensorMgWait)
Expand Down
10 changes: 5 additions & 5 deletions pkg/observer/observertesthelper/observer_test_helper.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -224,7 +224,7 @@ func getDefaultObserver(tb testing.TB, ctx context.Context, initialSensor *senso
return nil, err
}

cgrouprate.Config(base.CgroupRateOptionsMap)
cgrouprate.Config(base.GetCgroupRateOptionsMap())

exportFname, err := testutils.GetExportFilename(tb)
if err != nil {
Expand Down Expand Up @@ -280,7 +280,7 @@ func GetDefaultObserverWithFile(tb testing.TB, ctx context.Context, file, lib st
opts = append(opts, WithConfig(file))
opts = append(opts, WithLib(lib))

b := base.GetInitialSensor()
b := base.GetInitialSensorTest()
return GetDefaultObserverWithWatchers(tb, ctx, b, opts...)
}

Expand Down Expand Up @@ -327,7 +327,7 @@ func GetDefaultSensorsWithFile(tb testing.TB, file, lib string, opts ...TestOpti
}
}

base := base.GetInitialSensor()
base := base.GetInitialSensorTest()

if err = loadSensors(tb, base, sens); err != nil {
return nil, err
Expand Down Expand Up @@ -413,7 +413,7 @@ func loadExporter(tb testing.TB, ctx context.Context, obs *observer.Observer, op
obs.RemoveListener(processManager)
})

cgrouprate.NewCgroupRate(ctx, processManager, base.CgroupRateMap, &option.Config.CgroupRate)
cgrouprate.NewCgroupRate(ctx, processManager, base.GetCgroupRateMap(), &option.Config.CgroupRate)
return nil
}

Expand Down Expand Up @@ -611,7 +611,7 @@ func GetDefaultObserver(tb testing.TB, ctx context.Context, lib string, opts ...
}

func GetDefaultObserverWithConfig(tb testing.TB, ctx context.Context, config, lib string, opts ...TestOption) (*observer.Observer, error) {
b := base.GetInitialSensor()
b := base.GetInitialSensorTest()

opts = append(opts, WithConfig(config))
opts = append(opts, WithLib(lib))
Expand Down
191 changes: 95 additions & 96 deletions pkg/sensors/base/base.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,162 +23,161 @@ const (
var (
basePolicy = "__base__"

Execve = program.Builder(
execveMap *program.Map
execveStats *program.Map
cgroupRateMap *program.Map
cgroupRateOptionsMap *program.Map
tetragonConfMap *program.Map

sensor = sensors.Sensor{}
sensorTest = sensors.Sensor{}

sensorInit sync.Once
sensorTestInit sync.Once
)

func GetExecveMap() *program.Map {
return execveMap
}

func GetExecveMapStats() *program.Map {
return execveStats
}

func GetTetragonConfMap() *program.Map {
return tetragonConfMap
}

func GetCgroupRateMap() *program.Map {
return cgroupRateMap
}

func GetCgroupRateOptionsMap() *program.Map {
return cgroupRateOptionsMap
}

func createInitialSensor(sensor *sensors.Sensor, cgroupRate bool) {
var progs []*program.Program
var maps []*program.Map

execve := program.Builder(
config.ExecObj(),
"sched/sched_process_exec",
"tracepoint/sys_execve",
"event_execve",
"execve",
).SetPolicy(basePolicy)

ExecveBprmCommit = program.Builder(
execveBprmCommit := program.Builder(
"bpf_execve_bprm_commit_creds.o",
"security_bprm_committing_creds",
"kprobe/security_bprm_committing_creds",
"tg_kp_bprm_committing_creds",
"kprobe",
).SetPolicy(basePolicy)

Exit = program.Builder(
exit := program.Builder(
"bpf_exit.o",
"acct_process",
"kprobe/acct_process",
"event_exit",
"kprobe",
).SetPolicy(basePolicy)

Fork = program.Builder(
fork := program.Builder(
"bpf_fork.o",
"wake_up_new_task",
"kprobe/wake_up_new_task",
"kprobe_pid_clear",
"kprobe",
).SetPolicy(basePolicy)

CgroupRmdir = program.Builder(
"bpf_cgroup.o",
"cgroup/cgroup_rmdir",
"raw_tracepoint/cgroup_rmdir",
"tg_cgroup_rmdir",
"raw_tracepoint",
).SetPolicy(basePolicy)
setupExitProgram(exit)

/* Event Ring map */
TCPMonMap = program.MapBuilder("tcpmon_map", Execve)
/* Networking and Process Monitoring maps */
ExecveMap = program.MapBuilder("execve_map", Execve)
ExecveTailCallsMap = program.MapBuilderPin("execve_calls", "execve_calls", Execve)
progs = append(progs, exit, fork, execve, execveBprmCommit)

ExecveJoinMap = program.MapBuilder("tg_execve_joined_info_map", ExecveBprmCommit)
if cgroupRate {
cgroupRmdir := program.Builder(
"bpf_cgroup.o",
"cgroup/cgroup_rmdir",
"raw_tracepoint/cgroup_rmdir",
"tg_cgroup_rmdir",
"raw_tracepoint",
).SetPolicy(basePolicy)

/* Tetragon runtime configuration */
TetragonConfMap = program.MapBuilder("tg_conf_map", Execve)
progs = append(progs, cgroupRmdir)

/* Internal statistics for debugging */
ExecveStats = program.MapBuilder("execve_map_stats", Execve)
ExecveJoinMapStats = program.MapBuilder("tg_execve_joined_info_map_stats", ExecveBprmCommit)
StatsMap = program.MapBuilder("tg_stats_map", Execve)
cgroupRateMap = program.MapBuilder("cgroup_rate_map", execve, exit, fork, cgroupRmdir)
cgroupRateOptionsMap = program.MapBuilder("cgroup_rate_options_map", execve)

/* Cgroup rate data, attached to execve sensor */
CgroupRateMap = program.MapBuilder("cgroup_rate_map", Execve, Exit, Fork, CgroupRmdir)
CgroupRateOptionsMap = program.MapBuilder("cgroup_rate_options_map", Execve)
maps = append(maps, cgroupRateMap, cgroupRateOptionsMap)
}

MatchBinariesSetMap = program.MapBuilder(mbset.MapName, Execve)
tcpMonMap := program.MapBuilder("tcpmon_map", exit, fork, execve)
maps = append(maps, tcpMonMap)

sensor = sensors.Sensor{
Name: basePolicy,
}
sensorInit sync.Once
matchBinariesSetMap := program.MapBuilder(mbset.MapName, execve)
maps = append(maps, matchBinariesSetMap)

sensorTest = sensors.Sensor{
Name: basePolicy,
}
sensorTestInit sync.Once
)
execveMap = program.MapBuilder("execve_map", execve)
maps = append(maps, execveMap)

execveTailCallsMap := program.MapBuilderPin("execve_calls", "execve_calls", execve)
maps = append(maps, execveTailCallsMap)

func setupPrograms() {
// execve program tail calls details
Execve.SetTailCall("tracepoint", ExecveTailCallsMap)
execve.SetTailCall("tracepoint", execveTailCallsMap)

// exit program function
execveJoinMap := program.MapBuilder("tg_execve_joined_info_map", execveBprmCommit)
maps = append(maps, execveJoinMap)

tetragonConfMap = program.MapBuilder("tg_conf_map", execve)
maps = append(maps, tetragonConfMap)

execveStats = program.MapBuilder("execve_map_stats", execve)
maps = append(maps, execveStats)

execveJoinMapStats := program.MapBuilder("tg_execve_joined_info_map_stats", execveBprmCommit)
maps = append(maps, execveJoinMapStats)

statsMap := program.MapBuilder("tg_stats_map", execve)
maps = append(maps, statsMap)

sensor.Progs = progs
sensor.Maps = maps
sensor.Name = basePolicy
}

func setupExitProgram(exit *program.Program) {
ks, err := ksyms.KernelSymbols()
if err == nil {
has_acct_process := ks.IsAvailable("acct_process")
has_disassociate_ctty := ks.IsAvailable("disassociate_ctty")

/* Preffer acct_process over disassociate_ctty */
if has_acct_process {
Exit.Attach = "acct_process"
Exit.Label = "kprobe/acct_process"
exit.Attach = "acct_process"
exit.Label = "kprobe/acct_process"
} else if has_disassociate_ctty {
Exit.Attach = "disassociate_ctty"
Exit.Label = "kprobe/disassociate_ctty"
exit.Attach = "disassociate_ctty"
exit.Label = "kprobe/disassociate_ctty"
} else {
log.Fatal("Failed to detect exit probe symbol.")
}
}
logger.GetLogger().Infof("Exit probe on %s", Exit.Attach)
}

func GetExecveMap() *program.Map {
return ExecveMap
}

func GetExecveMapStats() *program.Map {
return ExecveStats
}

func GetTetragonConfMap() *program.Map {
return TetragonConfMap
}

func GetDefaultPrograms(cgroupRate bool) []*program.Program {
progs := []*program.Program{
Exit,
Fork,
Execve,
ExecveBprmCommit,
}
if cgroupRate {
progs = append(progs, CgroupRmdir)
}
return progs
}

func GetDefaultMaps(cgroupRate bool) []*program.Map {
maps := []*program.Map{
ExecveMap,
ExecveJoinMap,
ExecveStats,
ExecveJoinMapStats,
ExecveTailCallsMap,
TCPMonMap,
TetragonConfMap,
StatsMap,
MatchBinariesSetMap,
}
if cgroupRate {
maps = append(maps, CgroupRateMap, CgroupRateOptionsMap)
}
return maps

logger.GetLogger().Infof("Exit probe on %s", exit.Attach)
}

// GetInitialSensor returns the base sensor
func GetInitialSensor() *sensors.Sensor {
sensorInit.Do(func() {
setupPrograms()
sensor.Progs = GetDefaultPrograms(option.CgroupRateEnabled())
sensor.Maps = GetDefaultMaps(option.CgroupRateEnabled())
createInitialSensor(&sensor, option.CgroupRateEnabled())
})
return &sensor
}

func GetInitialSensorTest() *sensors.Sensor {
sensorTestInit.Do(func() {
setupPrograms()
sensorTest.Progs = GetDefaultPrograms(true)
sensorTest.Maps = GetDefaultMaps(true)
createInitialSensor(&sensorTest, true)
})
return &sensorTest
}
Expand All @@ -188,5 +187,5 @@ func ConfigCgroupRate(opts *option.CgroupRate) {
return
}

CgroupRateMap.SetMaxEntries(cgroupRateMaxEntries)
cgroupRateMap.SetMaxEntries(cgroupRateMaxEntries)
}
2 changes: 1 addition & 1 deletion pkg/sensors/tracing/kprobe_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6159,7 +6159,7 @@ func TestLinuxBinprmExtractPath(t *testing.T) {

// Test module loading/unloading on Ubuntu
func TestTraceKernelModule(t *testing.T) {
_, err := ftrace.ReadAvailFuncs("find_module_sections")
_, err := ftrace.ReadAvailFuncs("^find_module_sections$")
if err != nil {
t.Skip("Skipping test: could not find find_module_sections")
}
Expand Down

0 comments on commit 74db29a

Please sign in to comment.