Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(events): fix ftrace_hook #3896

Merged
merged 1 commit into from
Mar 6, 2024
Merged

fix(events): fix ftrace_hook #3896

merged 1 commit into from
Mar 6, 2024

Conversation

OriGlassman
Copy link
Collaborator

1. Explain what the PR does

We need to count how many ftrace based hooks will be placed on each symbol. eventsState may contain duplicate events due to dependencies. To get the real count, we consider the program name and the prob type. Furthermore, added logic that addresses the situation where there may be multiple k[ret]probes from a single probe request (due to multiple symbols at different locations).

2. Explain how to test it

./tracee -e=ftrace_hook

3. Other comments

@geyslan
Copy link
Member

geyslan commented Feb 23, 2024

@OriGlassman I have this PR #3848 related to Events States. I think it's worth taking a look just to catch on upcoming changes.

AlonZivony
AlonZivony approved these changes Feb 25, 2024
View reviewed changes
Copy link
Contributor

@AlonZivony AlonZivony left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM
Had only one comment but its out of the PR scope

pkg/ebpf/tracee.go
}

uniqueHooksMap[key] = struct{}{}

log(definition.GetName(), p.GetProgramName())
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I know this is not part of the current code, but shouldn't we use the logger.Infow here?

Copy link
Collaborator Author

@OriGlassman OriGlassman Feb 29, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a change done by a previous maintainer so not sure the about motivation

@OriGlassman @randomname21
fix(events): fix ftrace_hook
fead5f3 
We need to count how many ftrace based hooks will be placed on each symbol.
eventsState may contain duplicate events due to dependencies.
To get the real count, we consider the program name and the prob type.
Furthermore, added logic that addresses the situation where there may be multiple k[ret]probes from a single probe
request (due to multiple symbols at different locations).
@OriGlassman OriGlassman requested a review from yanivagman March 4, 2024 14:24
yanivagman
yanivagman approved these changes Mar 6, 2024
View reviewed changes
Copy link
Collaborator

@yanivagman yanivagman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@yanivagman yanivagman merged commit 9c0ae4e into aquasecurity:main Mar 6, 2024
32 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AlonZivony AlonZivony AlonZivony approved these changes

@yanivagman yanivagman yanivagman approved these changes

Assignees

@OriGlassman OriGlassman

Labels
area/ebpf area/events
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@OriGlassman @geyslan @yanivagman @AlonZivony