Tracepoints: Add support for data_loc params

Tracepoint strings are typically presented as data_loc buffers. This commit provides support for these when they hold strings. Signed-off-by: Kevin Sheldrake <[email protected]>
cilium · Feb 29, 2024 · 8e69158 · 8e69158
1 parent c4a7a97
commit 8e69158
Show file tree

Hide file tree

Showing 13 changed files with 55 additions and 10 deletions.
diff --git a/bpf/process/bpf_generic_tracepoint.c b/bpf/process/bpf_generic_tracepoint.c
@@ -68,26 +68,30 @@ static inline __attribute__((always_inline)) unsigned long get_ctx_ul(void *src,
 	case s64_ty:
 	case u64_ty: {
 		u64 ret;
+
 		probe_read(&ret, sizeof(u64), src);
 		return ret;
 	}
 
 	case size_type: {
 		size_t ret;
+
 		probe_read(&ret, sizeof(size_t), src);
 		return (unsigned long)ret;
 	}
 
 	case nop_s32_ty:
 	case s32_ty: {
 		s32 ret;
+
 		probe_read(&ret, sizeof(u32), src);
 		return ret;
 	}
 
 	case nop_u32_ty:
 	case u32_ty: {
 		u32 ret;
+
 		probe_read(&ret, sizeof(u32), src);
 		return ret;
 	}
@@ -99,6 +103,13 @@ static inline __attribute__((always_inline)) unsigned long get_ctx_ul(void *src,
 		return (unsigned long)buff;
 	}
 
+	case data_loc_type: {
+		u32 ret;
+
+		probe_read(&ret, sizeof(ret), src);
+		return ret;
+	}
+
 	case const_buf_type: {
 		return (unsigned long)src;
 	}

diff --git a/bpf/process/types/basic.h b/bpf/process/types/basic.h
@@ -75,6 +75,8 @@ enum {
 
 	linux_binprm_type = 37,
 
+	data_loc_type = 38,
+
 	nop_s64_ty = -10,
 	nop_u64_ty = -11,
 	nop_u32_ty = -12,
@@ -478,15 +480,15 @@ copy_path(char *args, const struct path *arg)
 }
 
 static inline __attribute__((always_inline)) long
-copy_strings(char *args, unsigned long arg)
+copy_strings(char *args, char *arg, int max_size)
 {
 	int *s = (int *)args;
 	long size;
 
 	// probe_read_str() always nul-terminates the string.
 	// So add one to the length to allow for it. This should
-	// result in us honouring our MAX_STRING correctly.
-	size = probe_read_str(&args[4], MAX_STRING + 1, (char *)arg);
+	// result in us honouring our max_size correctly.
+	size = probe_read_str(&args[4], max_size + 1, arg);
 	if (size <= 1)
 		return invalid_ty;
 	// Remove the nul character from end.
@@ -1801,6 +1803,7 @@ selector_arg_offset(__u8 *f, struct msg_generic_kprobe *e, __u32 selidx,
 			pass &= filter_file_buf(filter, (struct string_buf *)args);
 			break;
 		case string_type:
+		case data_loc_type:
 			/* for strings, we just encode the length */
 			pass &= filter_char_buf(filter, args, 4);
 			break;
@@ -2586,8 +2589,15 @@ read_call_arg(void *ctx, struct msg_generic_kprobe *e, int index, int type,
 	}
 		// fallthrough to copy_string
 	case string_type:
-		size = copy_strings(args, arg);
+		size = copy_strings(args, (char *)arg, MAX_STRING);
 		break;
+	case data_loc_type: {
+		// data_loc: lower 16 bits is offset from ctx; upper 16 bits is length
+		long dl_len = (arg >> 16) & 0xfff; // masked to 4095 chars
+		char *dl_loc = ctx + (arg & 0xffff);
+
+		size = copy_strings(args, dl_loc, dl_len);
+	} break;
 	case syscall64_type:
 	case size_type:
 	case s64_ty:

diff --git a/pkg/generictypes/generictypes.go b/pkg/generictypes/generictypes.go
@@ -51,6 +51,8 @@ const (
 
 	GenericLinuxBinprmType = 37
 
+	GenericDataLoc = 38
+
 	GenericNopType     = -1
 	GenericInvalidType = -2
 )
@@ -131,6 +133,8 @@ func GenericTypeFromString(arg string) int {
 		return GenericCapEffective
 	case "linux_binprm":
 		return GenericLinuxBinprmType
+	case "data_loc":
+		return GenericDataLoc
 	default:
 		return GenericInvalidType
 	}

diff --git a/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml b/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml
@@ -131,6 +131,7 @@ spec:
                             - cap_permitted
                             - cap_effective
                             - linux_binprm
+                            - data_loc
                             type: string
                         required:
                         - index
@@ -227,6 +228,7 @@ spec:
                           - cap_permitted
                           - cap_effective
                           - linux_binprm
+                          - data_loc
                           type: string
                       required:
                       - index
@@ -876,6 +878,7 @@ spec:
                             - cap_permitted
                             - cap_effective
                             - linux_binprm
+                            - data_loc
                             type: string
                         required:
                         - index
@@ -1431,6 +1434,7 @@ spec:
                             - cap_permitted
                             - cap_effective
                             - linux_binprm
+                            - data_loc
                             type: string
                         required:
                         - index

diff --git a/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml b/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml
@@ -131,6 +131,7 @@ spec:
                             - cap_permitted
                             - cap_effective
                             - linux_binprm
+                            - data_loc
                             type: string
                         required:
                         - index
@@ -227,6 +228,7 @@ spec:
                           - cap_permitted
                           - cap_effective
                           - linux_binprm
+                          - data_loc
                           type: string
                       required:
                       - index
@@ -876,6 +878,7 @@ spec:
                             - cap_permitted
                             - cap_effective
                             - linux_binprm
+                            - data_loc
                             type: string
                         required:
                         - index
@@ -1431,6 +1434,7 @@ spec:
                             - cap_permitted
                             - cap_effective
                             - linux_binprm
+                            - data_loc
                             type: string
                         required:
                         - index

diff --git a/pkg/k8s/apis/cilium.io/v1alpha1/types.go b/pkg/k8s/apis/cilium.io/v1alpha1/types.go
@@ -55,7 +55,7 @@ type KProbeArg struct {
 	// +kubebuilder:validation:Minimum=0
 	// Position of the argument.
 	Index uint32 `json:"index"`
-	// +kubebuilder:validation:Enum=auto;int;int8;uint8;int16;uint16;uint32;int32;uint64;int64;char_buf;char_iovec;size_t;skb;sock;string;fd;file;filename;path;nop;bpf_attr;perf_event;bpf_map;user_namespace;capability;kiocb;iov_iter;cred;load_info;module;syscall64;kernel_cap_t;cap_inheritable;cap_permitted;cap_effective;linux_binprm
+	// +kubebuilder:validation:Enum=auto;int;int8;uint8;int16;uint16;uint32;int32;uint64;int64;char_buf;char_iovec;size_t;skb;sock;string;fd;file;filename;path;nop;bpf_attr;perf_event;bpf_map;user_namespace;capability;kiocb;iov_iter;cred;load_info;module;syscall64;kernel_cap_t;cap_inheritable;cap_permitted;cap_effective;linux_binprm;data_loc
 	// +kubebuilder:default=auto
 	// Argument type.
 	Type string `json:"type"`

diff --git a/pkg/k8s/apis/cilium.io/v1alpha1/version.go b/pkg/k8s/apis/cilium.io/v1alpha1/version.go
@@ -7,4 +7,4 @@ package v1alpha1
 // Used to determine if CRD needs to be updated in cluster
 //
 // Developers: Bump patch for each change in the CRD schema.
-const CustomResourceDefinitionSchemaVersion = "1.1.6"
+const CustomResourceDefinitionSchemaVersion = "1.1.7"
diff --git a/pkg/selectors/kernel.go b/pkg/selectors/kernel.go
@@ -178,6 +178,8 @@ const (
 	argTypeSyscall64 = 28
 
 	argTypeLinuxBinprm = 29
+
+	argTypeDataLoc = 38
 )
 
 var argTypeTable = map[string]uint32{
@@ -199,6 +201,7 @@ var argTypeTable = map[string]uint32{
 	"fqdn":         argTypeFqdn,
 	"syscall64":    argTypeSyscall64,
 	"linux_binprm": argTypeLinuxBinprm,
+	"data_loc":     argTypeDataLoc,
 }
 
 var argTypeStringTable = map[uint32]string{
@@ -220,6 +223,7 @@ var argTypeStringTable = map[uint32]string{
 	argTypeFqdn:        "fqdn",
 	argTypeSyscall64:   "syscall64",
 	argTypeLinuxBinprm: "linux_binprm",
+	argTypeDataLoc:     "data_loc",
 }
 
 const (
@@ -849,7 +853,7 @@ func ParseMatchArg(k *KernelSelectorState, arg *v1alpha1.ArgSelector, sig []v1al
 		}
 	case SelectorOpEQ, SelectorOpNEQ:
 		switch ty {
-		case argTypeFd, argTypeFile, argTypePath, argTypeString, argTypeCharBuf, argTypeLinuxBinprm:
+		case argTypeFd, argTypeFile, argTypePath, argTypeString, argTypeCharBuf, argTypeLinuxBinprm, argTypeDataLoc:
 			err := writeMatchStrings(k, arg.Values, ty)
 			if err != nil {
 				return fmt.Errorf("writeMatchStrings error: %w", err)

diff --git a/pkg/sensors/tracing/generictracepoint.go b/pkg/sensors/tracing/generictracepoint.go
@@ -745,7 +745,7 @@ func handleMsgGenericTracepoint(
 					logger.GetLogger().Warnf("failed to read array argument: unexpected base type: %w", intTy.Base)
 				}
 			}
-		case gt.GenericStringType:
+		case gt.GenericStringType, gt.GenericDataLoc:
 			if arg, err := parseString(r); err != nil {
 				logger.GetLogger().WithError(err).Warn("error parsing arg type string")
 			} else {

diff --git a/...ilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml b/...ilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml
diff --git a/...agon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml b/...agon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml
diff --git a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1/types.go b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1/types.go
diff --git a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1/version.go b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1/version.go