Skip to content

Commit

Permalink
tetragon: Add killer test for both bits
Browse files Browse the repository at this point in the history
Adding killer test that combines both 32 and 64 syscall values.

Signed-off-by: Jiri Olsa <[email protected]>
  • Loading branch information
olsajiri committed Dec 6, 2023
1 parent e2c76cc commit 99bff48
Show file tree
Hide file tree
Showing 2 changed files with 85 additions and 5 deletions.
76 changes: 74 additions & 2 deletions pkg/sensors/tracing/killer_amd64_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ spec:
}
}

testKiller(t, configHook, test, checker, checkerFunc)
testKiller(t, configHook, test, "", checker, checkerFunc)
}

func TestKillerSignal32(t *testing.T) {
Expand Down Expand Up @@ -136,5 +136,77 @@ spec:
}
}

testKiller(t, configHook, test, checker, checkerFunc)
testKiller(t, configHook, test, "", checker, checkerFunc)
}

func TestKillerOverrideBothBits(t *testing.T) {
if !bpf.HasOverrideHelper() {
t.Skip("skipping killer test, bpf_override_return helper not available")
}

test32 := testutils.RepoRootPath("contrib/tester-progs/killer-tester-32")
test64 := testutils.RepoRootPath("contrib/tester-progs/killer-tester")

configHook := `
apiVersion: cilium.io/v1alpha1
kind: TracingPolicy
metadata:
name: "kill-syscalls"
spec:
lists:
- name: "mine"
type: "syscalls"
values:
- "sys_prctl"
- "__ia32_sys_prctl"
killers:
- syscalls:
- "list:mine"
tracepoints:
- subsystem: "raw_syscalls"
event: "sys_enter"
args:
- index: 4
type: "syscall64"
selectors:
- matchArgs:
- index: 0
operator: "InMap"
values:
- "list:mine"
matchBinaries:
- operator: "In"
values:
- "` + test32 + `"
- "` + test64 + `"
matchActions:
- action: "NotifyKiller"
argError: -17 # EEXIST
`

tpChecker32 := ec.NewProcessTracepointChecker("").
WithArgs(ec.NewKprobeArgumentListMatcher().
WithOperator(lc.Ordered).
WithValues(
ec.NewKprobeArgumentChecker().WithSizeArg(i386.SYS_PRCTL),
)).
WithAction(tetragon.KprobeAction_KPROBE_ACTION_NOTIFYKILLER)

tpChecker64 := ec.NewProcessTracepointChecker("").
WithArgs(ec.NewKprobeArgumentListMatcher().
WithOperator(lc.Ordered).
WithValues(
ec.NewKprobeArgumentChecker().WithSizeArg(syscall.SYS_PRCTL),
)).
WithAction(tetragon.KprobeAction_KPROBE_ACTION_NOTIFYKILLER)

checker := ec.NewUnorderedEventChecker(tpChecker32, tpChecker64)

checkerFunc := func(err error, rc int) {
if rc != int(syscall.EEXIST) {
t.Fatalf("Wrong exit code %d expected %d", rc, int(syscall.EEXIST))
}
}

testKiller(t, configHook, test64, test32, checker, checkerFunc)
}
14 changes: 11 additions & 3 deletions pkg/sensors/tracing/killer_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,8 @@ import (
"github.com/stretchr/testify/assert"
)

func testKiller(t *testing.T, configHook string, test string,
func testKiller(t *testing.T, configHook string,
test string, test2 string,
checker *eventchecker.UnorderedEventChecker,
checkerFunc func(err error, rc int)) {

Expand All @@ -50,6 +51,13 @@ func testKiller(t *testing.T, configHook string, test string,

checkerFunc(err, cmd.ProcessState.ExitCode())

if test2 != "" {
cmd := exec.Command(test2)
err = cmd.Run()

checkerFunc(err, cmd.ProcessState.ExitCode())
}

err = jsonchecker.JsonTestCheck(t, checker)
assert.NoError(t, err)
}
Expand Down Expand Up @@ -111,7 +119,7 @@ spec:
}
}

testKiller(t, configHook, test, checker, checkerFunc)
testKiller(t, configHook, test, "", checker, checkerFunc)
}

func TestKillerSignal(t *testing.T) {
Expand Down Expand Up @@ -171,7 +179,7 @@ spec:
}
}

testKiller(t, configHook, test, checker, checkerFunc)
testKiller(t, configHook, test, "", checker, checkerFunc)
}

func TestKillerMulti(t *testing.T) {
Expand Down

0 comments on commit 99bff48

Please sign in to comment.