fix: print_mem_dump fails on missing symbol #3384
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The events group refactor (commit aa3fd66) changed the semantics of ksymbols dependency so that kernel symbols would only be loaded if a specific list was set. This broke several events which require kernel symbols in general, but not any specifically (being set through argument "parameter" lists). Fix this by bringing back previous semantics.
print_mem_dump trigger currently fails when failing to query a symbol. However print_mem_dump can potentially include many symbols in its parameters, and shouldn't fail the whole trigger based on one symbol. Skip the error return when a symbol query fails and log a WARN level message instead.
NDStrahilevitz
requested review from
rafaeldtinoco,
yanivagman,
AsafEitani and
AlonZivony
NDStrahilevitz
commented
Aug 13, 2023
| @@ -1700,7 +1700,8 @@ func (t *Tracee) triggerMemDump(event trace.Event) error { | |||
| } | |||
| } | |||
| if err != nil { | |||
| return errfmt.WrapError(err) | |||
| logger.Warnw("print_mem_dump: failed to get symbol info", "symbol", name) | |||
There was a problem hiding this comment.
Maybe this should be DEBUG level instead?
NDStrahilevitz
changed the title
geyslan
added a commit
to geyslan/tracee
that referenced
this pull request
Sep 4, 2023
This reverts commit 1a47a4e.
AlonZivony
added a commit
to AlonZivony/tracee
that referenced
this pull request
Sep 5, 2023
This reverts commit 1a47a4e. This is done because the commit cause the "symbols_loaded" event to file and also cause many error messages that weren't seen before.
AlonZivony
added a commit
to AlonZivony/tracee
that referenced
this pull request
Sep 5, 2023
This reverts commit 1a47a4e. This is done because the commit cause the "symbols_loaded" event to fail and also cause many error messages that weren't seen before.
rafaeldtinoco
added a commit
to rafaeldtinoco/tracee
that referenced
this pull request
Sep 5, 2023
Commit 1a47a4e ("fix: print_mem_dump fails on missing symbol (aquasecurity#3384)") tried to fix the changes made in event definitions, specifically in the ksymbol dependencies, but that caused regressions in e2e testing. This commit deals with the corner case event PrintMemDump by adding a dummy ksymbol just so the ksymbol logic can be activated if that is the only event being traced.
rafaeldtinoco
added a commit
to rafaeldtinoco/tracee
that referenced
this pull request
Sep 5, 2023
This reverts commit 1a47a4e.
rafaeldtinoco
added a commit
to rafaeldtinoco/tracee
that referenced
this pull request
Sep 5, 2023
This reverts commit 1a47a4e.
rafaeldtinoco
pushed a commit
that referenced
this pull request
Sep 5, 2023
This reverts commit 1a47a4e. This is done because the commit cause the "symbols_loaded" event to fail and also cause many error messages that weren't seen before.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fix #3382
commit cbac404
Fix #3383
commit b573317