-
Notifications
You must be signed in to change notification settings - Fork 1.2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
USM: ssl: Ignore ELF files for other architectures (#25505)
* USM: ssl: Ignore ELF files for other architectures Ignore ELF files which are not for the architecture we're running on. Without this, we could end up installing a uprobe on, for example, an arm64 binary on an amd64 machine, thus corrupting the arm64 instruction and leading to segmentation faults. * Use blockList in test * Use OpenFromAnotherProcess instead of libmmap * Remove unused libmmap * Simplify testArch * Skip test on unsupported platforms * Format fakessl.c with clang-format * Add shebang link to script * Move libs to testdata So that kmt will copy it to the VMs. (cherry picked from commit a6c060e) Conflicts: pkg/network/usm/utils/debugger.go
- Loading branch information
Showing
8 changed files
with
144 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
// Unless explicitly stated otherwise all files in this repository are licensed | ||
// under the Apache License Version 2.0. | ||
// This product includes software developed at Datadog (https://www.datadoghq.com/). | ||
// Copyright 2016-present Datadog, Inc. | ||
|
||
//go:build linux_bpf | ||
|
||
package usm | ||
|
||
import ( | ||
"fmt" | ||
"path/filepath" | ||
"runtime" | ||
"testing" | ||
|
||
"github.com/DataDog/datadog-agent/pkg/network/config" | ||
"github.com/DataDog/datadog-agent/pkg/network/protocols/http" | ||
"github.com/DataDog/datadog-agent/pkg/network/protocols/http/testutil" | ||
fileopener "github.com/DataDog/datadog-agent/pkg/network/usm/sharedlibraries/testutil" | ||
"github.com/DataDog/datadog-agent/pkg/network/usm/utils" | ||
"github.com/stretchr/testify/require" | ||
) | ||
|
||
func testArch(t *testing.T, arch string) { | ||
cfg := config.New() | ||
cfg.EnableNativeTLSMonitoring = true | ||
|
||
if !http.TLSSupported(cfg) { | ||
t.Skip("shared library tracing not supported for this platform") | ||
} | ||
|
||
curDir, err := testutil.CurDir() | ||
require.NoError(t, err) | ||
|
||
libmmap := filepath.Join(curDir, "testdata", "libmmap") | ||
lib := filepath.Join(libmmap, fmt.Sprintf("libssl.so.%s", arch)) | ||
|
||
monitor := setupUSMTLSMonitor(t, cfg) | ||
require.NotNil(t, monitor) | ||
|
||
cmd, err := fileopener.OpenFromAnotherProcess(t, lib) | ||
require.NoError(t, err) | ||
|
||
if arch == runtime.GOARCH { | ||
utils.WaitForProgramsToBeTraced(t, "shared_libraries", cmd.Process.Pid) | ||
} else { | ||
utils.WaitForPathToBeBlocked(t, "shared_libraries", lib) | ||
} | ||
} | ||
|
||
func TestArchAmd64(t *testing.T) { | ||
testArch(t, "amd64") | ||
} | ||
|
||
func TestArchArm64(t *testing.T) { | ||
testArch(t, "arm64") | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
#!/bin/sh | ||
|
||
clang -shared -fpic fakessl.c -target aarch64-linux-gnu -nostdlib -fuse-ld=lld -Wl,-s -o libssl.so.arm64 | ||
clang -shared -fpic fakessl.c -target x86_64 -nostdlib -fuse-ld=lld -Wl,-s -o libssl.so.amd64 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
// Unless explicitly stated otherwise all files in this repository are licensed | ||
// under the Apache License Version 2.0. | ||
// This product includes software developed at Datadog (https://www.datadoghq.com/). | ||
// Copyright 2024-present Datadog, Inc. | ||
|
||
//go:build ignore | ||
|
||
// Dummy library with same functions as OpenSSL. | ||
|
||
void SSL_read_ex(void) { | ||
} | ||
void SSL_write_ex(void) { | ||
} | ||
void SSL_do_handshake(void) { | ||
} | ||
void SSL_connect(void) { | ||
} | ||
void SSL_set_bio(void) { | ||
} | ||
void SSL_set_fd(void) { | ||
} | ||
void SSL_read(void) { | ||
} | ||
void SSL_write(void) { | ||
} | ||
void SSL_shutdown(void) { | ||
} |
Binary file not shown.
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters