-
Notifications
You must be signed in to change notification settings - Fork 381
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tetragon: Refactor program/map loader to use directory hierarchy #2128
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
olsajiri
added
the
release-note/minor
This PR introduces a minor user-visible change
label
Feb 21, 2024
olsajiri
force-pushed
the
pr/olsajiri/loader
branch
12 times, most recently
from
February 26, 2024 13:15
0fc52d1
to
e251358
Compare
olsajiri
force-pushed
the
pr/olsajiri/loader
branch
from
February 29, 2024 10:43
e251358
to
2c60092
Compare
olsajiri
force-pushed
the
pr/olsajiri/loader
branch
from
May 7, 2024 14:46
2c60092
to
9c5a321
Compare
olsajiri
force-pushed
the
pr/olsajiri/loader
branch
from
May 23, 2024 14:00
9c5a321
to
f19f8da
Compare
olsajiri
changed the title
Pr/olsajiri/loader
tetragon: Refactor program/map loader to use directory hierarchy
May 23, 2024
olsajiri
force-pushed
the
pr/olsajiri/loader
branch
7 times, most recently
from
May 30, 2024 13:22
d21f442
to
be2c18c
Compare
olsajiri
force-pushed
the
pr/olsajiri/loader
branch
6 times, most recently
from
June 5, 2024 10:38
89df5dc
to
ac89f80
Compare
We provide sysfs bpf tetragon root path as pinPathPrefix to the MapLoad's Load function, so we can provide pin path to possible inner maps that get loaded. We are going to introduce new sysfs hierarchy in following changes, where each map can be placed in specific directory, so the sysfs root is no longer enough. Passing map's PinPath through Load's function directly. Signed-off-by: Jiri Olsa <[email protected]>
Adding map type fields that specify how the map is shared and when it's placed in the sysfs hierarchy. MapTypeGlobal - under sysfs root, shared with everyone MapTypePolicy - under policy dir, shared within policy MapTypeSensor - under sensor dir, shared within sensor MapTypeProgram - under program dir, program specific MapTypeGlobal -> /sys/fs/bpf/tetragon/map-1 MapTypePolicy -> /sys/fs/bpf/tetragon/policy-name/map-2 MapTypeSensor -> /sys/fs/bpf/tetragon/policy-name/sensor-1/map-3 MapTypeProgram -> /sys/fs/bpf/tetragon/policy-name/sensor-1/prog-1/map-4 Adding just types at the moment, implementation is coming in following changes. Signed-off-by: Jiri Olsa <[email protected]>
Creating sensor directory hierarchy on sensor loading. When sensor is loading we: - create directory sysfs hierarchy for each program in the sensor - assign PinPath for each pinned map in the sensor Adding PinName to Program object to hold sysfs program name, at the moment it's initialized same way as the PinPath, but PinPath is changed when the sensor is loaded to be relative program path from sysfs tetragon root. Signed-off-by: Jiri Olsa <[email protected]>
Moving execve_calls map under execve program directory, because it's specific to the program. The rest of the base sensor maps are kept as global, because they are shared by all the other sensors. Signed-off-by: Jiri Olsa <[email protected]>
Moving generickprobe sensor maps under new hierarchy: per program maps: argfilter_maps addr4lpm_maps addr6lpm_maps string_prefix_maps string_postfix_maps kprobe_calls filter_map tg_mb_sel_opts tg_mb_paths stack_trace_map config_map retkprobe_calls override_tasks per sensor maps: fdinstall_map retprobe_map process_call_heap socktrack_map ratelimit_map Signed-off-by: Jiri Olsa <[email protected]>
Moving generictracepoint sensor maps under new hierarchy. per program maps: tp_calls filter_map argfilter_maps addr4lpm_maps addr6lpm_maps string_prefix_maps string_postfix_maps tg_mb_paths tg_mb_sel_opts per sensor maps: fdinstall_map Signed-off-by: Jiri Olsa <[email protected]>
Moving genericuprobe sensor maps under new hierarchy. per program maps: config_map uprobe_calls filter_map tg_mb_sel_opts Signed-off-by: Jiri Olsa <[email protected]>
Moving genericlsm sensor maps under new hierarchy: per program maps: config_map lsm_calls filter_map tg_mb_sel_opts tg_mb_paths argfilter_maps addr4lpm_maps addr6lpm_maps string_maps_%d string_prefix_maps string_postfix_maps process_call_heap Signed-off-by: Jiri Olsa <[email protected]>
Change the generickprobe sensor pin path for programs under sysfs hierarchy. Now the program pin looks like below, for multi kprobes: sigkilltest/gkp-sensor-1/multi_kprobe/prog sigkilltest/gkp-sensor-1/multi_retkprobe/prog for regular kprobes: sigkilltest/gkp-sensor-1/__x64_sys_lseek/prog sigkilltest/gkp-sensor-1/__x64_sys_lseek_return/prog Signed-off-by: Jiri Olsa <[email protected]>
Change the generictracepoint sensor pin path for programs under sysfs hierarchy. Now the program pin looks like below: raw-syscalls/gtp-sensor-1/raw_syscalls:sys_enter/prog Signed-off-by: Jiri Olsa <[email protected]>
Change the genericuprobe sensor pin path for programs under sysfs hierarchy. Now the program pin looks like below: uprobe/gup-sensor-1/0-readline/prog uprobe/gup-sensor-1/1-main/prog Signed-off-by: Jiri Olsa <[email protected]>
Change the genericlsm sensor pin path for programs under sysfs hierarchy. Now the program pin looks like below: lsm-file-open/glsm-sensor-1/file_open/prog Signed-off-by: Jiri Olsa <[email protected]>
Moving enforcer sensor maps under new hierarchy. per policy maps: enforcer_data Signed-off-by: Jiri Olsa <[email protected]>
Removing MapBuilderPin, because it's no longer needed and removing the pin argument from mapBuilder function. Signed-off-by: Jiri Olsa <[email protected]>
Policy name is provided by tracing-policy/user. It already has some restrictions, but let's add at least substitute for '/' characters for '_' to ensure the path is not mangled. Signed-off-by: Jiri Olsa <[email protected]>
Adjusting linkPinPath for new hierarchy to use program's PinPath directory with 'link' file name. Plus '_override' suffix for override link. Signed-off-by: Jiri Olsa <[email protected]>
Adding policy argument to SensorBuilder function so it's passed to the Sensor object. Signed-off-by: Jiri Olsa <[email protected]>
Add tests for the map builders, will be likely extended. Signed-off-by: Jiri Olsa <[email protected]>
Adding tests for map max entries setup. Signed-off-by: Jiri Olsa <[email protected]>
Adding some notes in map.go header about maps usage. Signed-off-by: Jiri Olsa <[email protected]>
olsajiri
force-pushed
the
pr/olsajiri/loader
branch
from
August 26, 2024 11:06
fd3e477
to
d0da915
Compare
tpapagian
approved these changes
Sep 10, 2024
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thanks!
kkourt
approved these changes
Sep 10, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adding hierarchy to tetragon's program and maps, like (with kprobe multi):
or with standard kprobes: