tetragon: Remove user space return filter

Signed-off-by: Jiri Olsa <[email protected]>
cilium · Nov 20, 2023 · 8f7da04 · 8f7da04
1 parent c525925
commit 8f7da04
Showing 1 changed file with 4 additions and 125 deletions.
diff --git a/pkg/sensors/tracing/generickprobe.go b/pkg/sensors/tracing/generickprobe.go
@@ -13,7 +13,6 @@ import (
 	"net"
 	"net/http"
 	"path"
-	"strconv"
 	"strings"
 
 	"github.com/cilium/ebpf"
@@ -108,11 +107,6 @@ type genericKprobe struct {
 	argReturnPrinters []argPrinters
 	funcName          string
 
-	// userReturnFilters are filter specs implemented in userspace after
-	// receiving events on the return value. We currently use this for return
-	// arg filtering.
-	userReturnFilters []v1alpha1.ArgSelector
-
 	// for kprobes that have a retprobe, we maintain the enter events in
 	// the map, so that we can merge them when the return event is
 	// generated. The events are maintained in the map below, using
@@ -525,14 +519,6 @@ func flagsString(flags uint32) string {
 	return s
 }
 
-func isGTOperator(op string) bool {
-	return op == "GT" || op == "GreaterThan"
-}
-
-func isLTOperator(op string) bool {
-	return op == "LT" || op == "LessThan"
-}
-
 type addKprobeIn struct {
 	useMulti      bool
 	sensorPath    string
@@ -787,27 +773,6 @@ func addKprobe(funcName string, f *v1alpha1.KProbeSpec, in *addKprobeIn) (id idt
 		}
 	}
 
-	// Copy over userspace return filters
-	var userReturnFilters []v1alpha1.ArgSelector
-	for _, s := range f.Selectors {
-		for _, returnArg := range s.MatchReturnArgs {
-			// we allow integer values so far
-			for _, v := range returnArg.Values {
-				if _, err := strconv.Atoi(v); err != nil {
-					return errFn(fmt.Errorf("ReturnArg value supports only integer values, got %s", v))
-				}
-			}
-			// only single value for GT,LT operators
-			if isGTOperator(returnArg.Operator) || isLTOperator(returnArg.Operator) {
-				if len(returnArg.Values) > 1 {
-					return errFn(fmt.Errorf("ReturnArg operater '%s' supports only single value, got %d",
-						returnArg.Operator, len(returnArg.Values)))
-				}
-			}
-			userReturnFilters = append(userReturnFilters, returnArg)
-		}
-	}
-
 	// Write attributes into BTF ptr for use with load
 	if !setRetprobe {
 		setRetprobe = f.Return
@@ -833,7 +798,6 @@ func addKprobe(funcName string, f *v1alpha1.KProbeSpec, in *addKprobeIn) (id idt
 		},
 		argSigPrinters:    argSigPrinters,
 		argReturnPrinters: argReturnPrinters,
-		userReturnFilters: userReturnFilters,
 		funcName:          funcName,
 		pendingEvents:     nil,
 		tableId:           idtable.UninitializedEntryID,
@@ -1600,7 +1564,6 @@ func handleMsgGenericKprobe(m *api.MsgGenericKprobe, gk *genericKprobe, r *bytes
 
 	// Cache return value on merge and run return filters below before
 	// passing up to notify hooks.
-	var retArg *api.MsgGenericKprobeArg
 
 	// there are two events for this probe (entry and return)
 	if gk.loadArgs.retprobe {
@@ -1611,7 +1574,7 @@ func handleMsgGenericKprobe(m *api.MsgGenericKprobe, gk *genericKprobe, r *bytes
 
 		if prev, exists := gk.pendingEvents.Get(key); exists {
 			gk.pendingEvents.Remove(key)
-			unix, retArg = retprobeMerge(prev, curr)
+			unix = retprobeMerge(prev, curr)
 		} else {
 			gk.pendingEvents.Add(key, curr)
 			kprobemetrics.MergePushedInc()
@@ -1627,92 +1590,10 @@ func handleMsgGenericKprobe(m *api.MsgGenericKprobe, gk *genericKprobe, r *bytes
 	// a filter we wouldn't be able to cleanup initial event from entry.
 	// Alternatively, some actions have no kernel analog, such as pause
 	// pod.
-	if filterReturnArg(gk.userReturnFilters, retArg) {
-		return []observer.Event{}, err
-	}
 
 	return []observer.Event{unix}, err
 }
 
-func filterReturnArg(userReturnFilters []v1alpha1.ArgSelector, retArg *api.MsgGenericKprobeArg) bool {
-	// Short circuit, returnFilter indicates we should eat this event.
-	if retArg == nil {
-		return false
-	}
-
-	// If no filters are specified default to allow.
-	if len(userReturnFilters) == 0 {
-		return false
-	}
-
-	// Multiple selectors will be logical OR together.
-	for _, uFilter := range userReturnFilters {
-		// MatchPIDs only supported in kernel space because we have
-		// full support back to 4.14 kernels.
-
-		// MatchArgs handlers, uFilters only necessary for return
-		// arg filters at the moment. Also we simply assume its an
-		// int which is naive, but good enough someone should devote
-		// more time to make this amazing tech(tm).
-		switch uFilter.Operator {
-		case "Equal":
-			// If retarg Equals any value in the set {Values} accept event
-			for _, v := range uFilter.Values {
-				if vint, err := strconv.Atoi(v); err == nil {
-					switch compare := (*retArg).(type) {
-					case api.MsgGenericKprobeArgInt:
-						if vint == int(compare.Value) {
-							return false
-						}
-					}
-				}
-			}
-		case "NotEqual":
-			inSet := false
-			for _, v := range uFilter.Values {
-				if vint, err := strconv.Atoi(v); err == nil {
-					switch compare := (*retArg).(type) {
-					case api.MsgGenericKprobeArgInt:
-						if vint == int(compare.Value) {
-							inSet = true
-						}
-					}
-				}
-			}
-			// If retarg was not in set {Values} accept event
-			if !inSet {
-				return false
-			}
-		}
-		if isGTOperator(uFilter.Operator) {
-			for _, v := range uFilter.Values {
-				if vint, err := strconv.Atoi(v); err == nil {
-					switch compare := (*retArg).(type) {
-					case api.MsgGenericKprobeArgInt:
-						if vint < int(compare.Value) {
-							return false
-						}
-					}
-				}
-			}
-		}
-		if isLTOperator(uFilter.Operator) {
-			for _, v := range uFilter.Values {
-				if vint, err := strconv.Atoi(v); err == nil {
-					switch compare := (*retArg).(type) {
-					case api.MsgGenericKprobeArgInt:
-						if vint > int(compare.Value) {
-							return false
-						}
-					}
-				}
-			}
-		}
-	}
-	// We walked all selectors and no selectors matched, eat the event.
-	return true
-}
-
 func reportMergeError(curr pendingEvent, prev pendingEvent) {
 	currFn := "UNKNOWN"
 	if curr.ev != nil {
@@ -1742,9 +1623,8 @@ func reportMergeError(curr pendingEvent, prev pendingEvent) {
 }
 
 // retprobeMerge merges the two events: the one from the entry probe with the one from the return probe
-func retprobeMerge(prev pendingEvent, curr pendingEvent) (*tracing.MsgGenericKprobeUnix, *api.MsgGenericKprobeArg) {
+func retprobeMerge(prev pendingEvent, curr pendingEvent) *tracing.MsgGenericKprobeUnix {
 	var retEv, enterEv *tracing.MsgGenericKprobeUnix
-	var ret *api.MsgGenericKprobeArg
 
 	if prev.returnEvent && !curr.returnEvent {
 		retEv = prev.ev
@@ -1754,7 +1634,7 @@ func retprobeMerge(prev pendingEvent, curr pendingEvent) (*tracing.MsgGenericKpr
 		enterEv = prev.ev
 	} else {
 		reportMergeError(curr, prev)
-		return nil, nil
+		return nil
 	}
 
 	kprobemetrics.MergeOkTotalInc()
@@ -1765,10 +1645,9 @@ func retprobeMerge(prev pendingEvent, curr pendingEvent) (*tracing.MsgGenericKpr
 			enterEv.Args[index] = retArg
 		} else {
 			enterEv.Args = append(enterEv.Args, retArg)
-			ret = &retArg
 		}
 	}
-	return enterEv, ret
+	return enterEv
 }
 
 func (k *observerKprobeSensor) LoadProbe(args sensors.LoadProbeArgs) error {