Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tetragon: Refactor program/map loader to use directory hierarchy #2128

Merged
merged 21 commits into from
Sep 10, 2024
Merged

tetragon: Refactor program/map loader to use directory hierarchy #2128

merged 21 commits into from
Sep 10, 2024

Conversation

olsajiri
Copy link
Contributor

@olsajiri olsajiri commented Feb 21, 2024
edited by kkourt
Loading

Adding hierarchy to tetragon's program and maps, like (with kprobe multi):

root@ubuntu-22:/sys/fs/bpf# find tetragon/
tetragon/
tetragon/syswritefollowfdpsswd
tetragon/syswritefollowfdpsswd/generic_kprobe
tetragon/syswritefollowfdpsswd/generic_kprobe/socktrack_map
tetragon/syswritefollowfdpsswd/generic_kprobe/process_call_heap
tetragon/syswritefollowfdpsswd/generic_kprobe/retprobe_map
tetragon/syswritefollowfdpsswd/generic_kprobe/fdinstall_map
tetragon/syswritefollowfdpsswd/generic_kprobe/multi_kprobe
tetragon/syswritefollowfdpsswd/generic_kprobe/multi_kprobe/prog
tetragon/syswritefollowfdpsswd/generic_kprobe/multi_kprobe/stack_trace_map
tetragon/syswritefollowfdpsswd/generic_kprobe/multi_kprobe/tg_mb_paths
tetragon/syswritefollowfdpsswd/generic_kprobe/multi_kprobe/tg_mb_sel_opts
tetragon/syswritefollowfdpsswd/generic_kprobe/multi_kprobe/string_postfix_maps
tetragon/syswritefollowfdpsswd/generic_kprobe/multi_kprobe/string_prefix_maps
tetragon/syswritefollowfdpsswd/generic_kprobe/multi_kprobe/string_maps_10
tetragon/syswritefollowfdpsswd/generic_kprobe/multi_kprobe/string_maps_9
tetragon/syswritefollowfdpsswd/generic_kprobe/multi_kprobe/string_maps_8
tetragon/syswritefollowfdpsswd/generic_kprobe/multi_kprobe/string_maps_7
tetragon/syswritefollowfdpsswd/generic_kprobe/multi_kprobe/string_maps_6
tetragon/syswritefollowfdpsswd/generic_kprobe/multi_kprobe/string_maps_5
tetragon/syswritefollowfdpsswd/generic_kprobe/multi_kprobe/string_maps_4
tetragon/syswritefollowfdpsswd/generic_kprobe/multi_kprobe/string_maps_3
tetragon/syswritefollowfdpsswd/generic_kprobe/multi_kprobe/string_maps_2
tetragon/syswritefollowfdpsswd/generic_kprobe/multi_kprobe/string_maps_1
tetragon/syswritefollowfdpsswd/generic_kprobe/multi_kprobe/string_maps_0
tetragon/syswritefollowfdpsswd/generic_kprobe/multi_kprobe/addr6lpm_maps
tetragon/syswritefollowfdpsswd/generic_kprobe/multi_kprobe/addr4lpm_maps
tetragon/syswritefollowfdpsswd/generic_kprobe/multi_kprobe/argfilter_maps
tetragon/syswritefollowfdpsswd/generic_kprobe/multi_kprobe/filter_map
tetragon/syswritefollowfdpsswd/generic_kprobe/multi_kprobe/kprobe_calls
tetragon/syswritefollowfdpsswd/generic_kprobe/multi_kprobe/config_map
tetragon/tg_stats_map
tetragon/tcpmon_map
tetragon/tg_execve_joined_info_map_stats
tetragon/execve_map_stats
tetragon/tg_execve_joined_info_map
tetragon/execve_map
tetragon/__base__
tetragon/__base__/tg_kp_bprm_committing_creds
tetragon/__base__/tg_kp_bprm_committing_creds/prog
tetragon/__base__/event_execve
tetragon/__base__/event_execve/prog
tetragon/__base__/event_execve/execve_calls
tetragon/__base__/kprobe_pid_clear
tetragon/__base__/kprobe_pid_clear/prog
tetragon/__base__/event_exit
tetragon/__base__/event_exit/prog
tetragon/tg_conf_map

or with standard kprobes:

root@ubuntu-22:/sys/fs/bpf# find tetragon/
tetragon/
tetragon/syswritefollowfdpsswd
tetragon/syswritefollowfdpsswd/generic_kprobe
tetragon/syswritefollowfdpsswd/generic_kprobe/socktrack_map
tetragon/syswritefollowfdpsswd/generic_kprobe/process_call_heap
tetragon/syswritefollowfdpsswd/generic_kprobe/retprobe_map
tetragon/syswritefollowfdpsswd/generic_kprobe/fdinstall_map
tetragon/syswritefollowfdpsswd/generic_kprobe/__x64_sys_write
tetragon/syswritefollowfdpsswd/generic_kprobe/__x64_sys_write/prog
tetragon/syswritefollowfdpsswd/generic_kprobe/__x64_sys_write/stack_trace_map
tetragon/syswritefollowfdpsswd/generic_kprobe/__x64_sys_write/tg_mb_paths
tetragon/syswritefollowfdpsswd/generic_kprobe/__x64_sys_write/tg_mb_sel_opts
tetragon/syswritefollowfdpsswd/generic_kprobe/__x64_sys_write/string_postfix_maps
tetragon/syswritefollowfdpsswd/generic_kprobe/__x64_sys_write/string_prefix_maps
tetragon/syswritefollowfdpsswd/generic_kprobe/__x64_sys_write/string_maps_10
tetragon/syswritefollowfdpsswd/generic_kprobe/__x64_sys_write/string_maps_9
tetragon/syswritefollowfdpsswd/generic_kprobe/__x64_sys_write/string_maps_8
tetragon/syswritefollowfdpsswd/generic_kprobe/__x64_sys_write/string_maps_7
tetragon/syswritefollowfdpsswd/generic_kprobe/__x64_sys_write/string_maps_6
tetragon/syswritefollowfdpsswd/generic_kprobe/__x64_sys_write/string_maps_5
tetragon/syswritefollowfdpsswd/generic_kprobe/__x64_sys_write/string_maps_4
tetragon/syswritefollowfdpsswd/generic_kprobe/__x64_sys_write/string_maps_3
tetragon/syswritefollowfdpsswd/generic_kprobe/__x64_sys_write/string_maps_2
tetragon/syswritefollowfdpsswd/generic_kprobe/__x64_sys_write/string_maps_1
tetragon/syswritefollowfdpsswd/generic_kprobe/__x64_sys_write/string_maps_0
tetragon/syswritefollowfdpsswd/generic_kprobe/__x64_sys_write/addr6lpm_maps
tetragon/syswritefollowfdpsswd/generic_kprobe/__x64_sys_write/addr4lpm_maps
tetragon/syswritefollowfdpsswd/generic_kprobe/__x64_sys_write/argfilter_maps
tetragon/syswritefollowfdpsswd/generic_kprobe/__x64_sys_write/filter_map
tetragon/syswritefollowfdpsswd/generic_kprobe/__x64_sys_write/kprobe_calls
tetragon/syswritefollowfdpsswd/generic_kprobe/__x64_sys_write/config_map
tetragon/syswritefollowfdpsswd/generic_kprobe/__x64_sys_close
tetragon/syswritefollowfdpsswd/generic_kprobe/__x64_sys_close/prog
tetragon/syswritefollowfdpsswd/generic_kprobe/__x64_sys_close/stack_trace_map
tetragon/syswritefollowfdpsswd/generic_kprobe/__x64_sys_close/tg_mb_paths
tetragon/syswritefollowfdpsswd/generic_kprobe/__x64_sys_close/tg_mb_sel_opts
tetragon/syswritefollowfdpsswd/generic_kprobe/__x64_sys_close/string_postfix_maps
tetragon/syswritefollowfdpsswd/generic_kprobe/__x64_sys_close/string_prefix_maps
tetragon/syswritefollowfdpsswd/generic_kprobe/__x64_sys_close/string_maps_10
tetragon/syswritefollowfdpsswd/generic_kprobe/__x64_sys_close/string_maps_9
tetragon/syswritefollowfdpsswd/generic_kprobe/__x64_sys_close/string_maps_8
tetragon/syswritefollowfdpsswd/generic_kprobe/__x64_sys_close/string_maps_7
tetragon/syswritefollowfdpsswd/generic_kprobe/__x64_sys_close/string_maps_6
tetragon/syswritefollowfdpsswd/generic_kprobe/__x64_sys_close/string_maps_5
tetragon/syswritefollowfdpsswd/generic_kprobe/__x64_sys_close/string_maps_4
tetragon/syswritefollowfdpsswd/generic_kprobe/__x64_sys_close/string_maps_3
tetragon/syswritefollowfdpsswd/generic_kprobe/__x64_sys_close/string_maps_2
tetragon/syswritefollowfdpsswd/generic_kprobe/__x64_sys_close/string_maps_1
tetragon/syswritefollowfdpsswd/generic_kprobe/__x64_sys_close/string_maps_0
tetragon/syswritefollowfdpsswd/generic_kprobe/__x64_sys_close/addr6lpm_maps
tetragon/syswritefollowfdpsswd/generic_kprobe/__x64_sys_close/addr4lpm_maps
tetragon/syswritefollowfdpsswd/generic_kprobe/__x64_sys_close/argfilter_maps
tetragon/syswritefollowfdpsswd/generic_kprobe/__x64_sys_close/filter_map
tetragon/syswritefollowfdpsswd/generic_kprobe/__x64_sys_close/kprobe_calls
tetragon/syswritefollowfdpsswd/generic_kprobe/__x64_sys_close/config_map
tetragon/syswritefollowfdpsswd/generic_kprobe/fd_install
tetragon/syswritefollowfdpsswd/generic_kprobe/fd_install/prog
tetragon/syswritefollowfdpsswd/generic_kprobe/fd_install/stack_trace_map
tetragon/syswritefollowfdpsswd/generic_kprobe/fd_install/tg_mb_paths
tetragon/syswritefollowfdpsswd/generic_kprobe/fd_install/tg_mb_sel_opts
tetragon/syswritefollowfdpsswd/generic_kprobe/fd_install/string_postfix_maps
tetragon/syswritefollowfdpsswd/generic_kprobe/fd_install/string_prefix_maps
tetragon/syswritefollowfdpsswd/generic_kprobe/fd_install/string_maps_10
tetragon/syswritefollowfdpsswd/generic_kprobe/fd_install/string_maps_9
tetragon/syswritefollowfdpsswd/generic_kprobe/fd_install/string_maps_8
tetragon/syswritefollowfdpsswd/generic_kprobe/fd_install/string_maps_7
tetragon/syswritefollowfdpsswd/generic_kprobe/fd_install/string_maps_6
tetragon/syswritefollowfdpsswd/generic_kprobe/fd_install/string_maps_5
tetragon/syswritefollowfdpsswd/generic_kprobe/fd_install/string_maps_4
tetragon/syswritefollowfdpsswd/generic_kprobe/fd_install/string_maps_3
tetragon/syswritefollowfdpsswd/generic_kprobe/fd_install/string_maps_2
tetragon/syswritefollowfdpsswd/generic_kprobe/fd_install/string_maps_1
tetragon/syswritefollowfdpsswd/generic_kprobe/fd_install/string_maps_0
tetragon/syswritefollowfdpsswd/generic_kprobe/fd_install/addr6lpm_maps
tetragon/syswritefollowfdpsswd/generic_kprobe/fd_install/addr4lpm_maps
tetragon/syswritefollowfdpsswd/generic_kprobe/fd_install/argfilter_maps
tetragon/syswritefollowfdpsswd/generic_kprobe/fd_install/filter_map
tetragon/syswritefollowfdpsswd/generic_kprobe/fd_install/kprobe_calls
tetragon/syswritefollowfdpsswd/generic_kprobe/fd_install/config_map
tetragon/tg_stats_map
tetragon/tcpmon_map
tetragon/tg_execve_joined_info_map_stats
tetragon/execve_map_stats
tetragon/tg_execve_joined_info_map
tetragon/execve_map
tetragon/__base__
tetragon/__base__/tg_kp_bprm_committing_creds
tetragon/__base__/tg_kp_bprm_committing_creds/prog
tetragon/__base__/event_execve
tetragon/__base__/event_execve/prog
tetragon/__base__/event_execve/execve_calls
tetragon/__base__/kprobe_pid_clear
tetragon/__base__/kprobe_pid_clear/prog
tetragon/__base__/event_exit
tetragon/__base__/event_exit/prog
tetragon/tg_conf_map

bpf: improve the bpffs layout of tetragon objects

@olsajiri olsajiri added the release-note/minor This PR introduces a minor user-visible change label Feb 21, 2024
@olsajiri olsajiri force-pushed the pr/olsajiri/loader branch 12 times, most recently from 0fc52d1 to e251358 Compare February 26, 2024 13:15
@olsajiri olsajiri changed the title Pr/olsajiri/loader tetragon: Refactor program/map loader to use directory hierarchy May 23, 2024
@olsajiri olsajiri force-pushed the pr/olsajiri/loader branch 7 times, most recently from d21f442 to be2c18c Compare May 30, 2024 13:22
@olsajiri olsajiri force-pushed the pr/olsajiri/loader branch 6 times, most recently from 89df5dc to ac89f80 Compare June 5, 2024 10:38
@olsajiri
tetragon: Add PinPath to Map object
72ee92e 
Adding PinPath to Map object to carry path relative to the sysfs
bpf root tetragon tree.

At the moment we have map's Name as a real (bpf object) name and
PinName when we need to pin map under different name.

The PinName will be removed once we move to new hierarchy structure,
but we still need to keep the relative pinned path of the map.

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Use map pin path for MapLoad interface
7750be4 
We provide sysfs bpf tetragon root path as pinPathPrefix to the
MapLoad's Load function, so we can provide pin path to possible
inner maps that get loaded.

We are going to introduce new sysfs hierarchy in following changes,
where each map can be placed in specific directory, so the sysfs
root is no longer enough.

Passing map's PinPath through Load's function directly.

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Add shared map type fields
8796e47 
Adding map type fields that specify how the map is shared and when
it's placed in the sysfs hierarchy.

  MapTypeGlobal  - under sysfs root, shared with everyone
  MapTypePolicy  - under policy dir, shared within policy
  MapTypeSensor  - under sensor dir, shared within sensor
  MapTypeProgram - under program dir, program specific

  MapTypeGlobal  -> /sys/fs/bpf/tetragon/map-1
  MapTypePolicy  -> /sys/fs/bpf/tetragon/policy-name/map-2
  MapTypeSensor  -> /sys/fs/bpf/tetragon/policy-name/sensor-1/map-3
  MapTypeProgram -> /sys/fs/bpf/tetragon/policy-name/sensor-1/prog-1/map-4

Adding just types at the moment, implementation is coming in
following changes.

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Create sensor directory hierarchy
d76c5d2 
Creating sensor directory hierarchy on sensor loading.

When sensor is loading we:
  - create directory sysfs hierarchy for each program in the sensor
  - assign PinPath for each pinned map in the sensor

Adding PinName to Program object to hold sysfs program name, at the moment
it's initialized same way as the PinPath, but PinPath is changed when the
sensor is loaded to be relative program path from sysfs tetragon root.

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Move base sensor maps under new hierarchy
e80c9c9 
Moving execve_calls map under execve program directory, because
it's specific to the program.

The rest of the base sensor maps are kept as global, because they
are shared by all the other sensors.

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Move generickprobe sensor maps under new hierarchy
d7a30b3 
Moving generickprobe sensor maps under new hierarchy:

per program maps:

  argfilter_maps
  addr4lpm_maps
  addr6lpm_maps
  string_prefix_maps
  string_postfix_maps
  kprobe_calls
  filter_map
  tg_mb_sel_opts
  tg_mb_paths
  stack_trace_map
  config_map
  retkprobe_calls
  override_tasks

per sensor maps:

  fdinstall_map
  retprobe_map
  process_call_heap
  socktrack_map
  ratelimit_map

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Move generictracepoint sensor maps under new hierarchy
08dfece 
Moving generictracepoint sensor maps under new hierarchy.

per program maps:

  tp_calls
  filter_map
  argfilter_maps
  addr4lpm_maps
  addr6lpm_maps
  string_prefix_maps
  string_postfix_maps
  tg_mb_paths
  tg_mb_sel_opts

per sensor maps:

  fdinstall_map

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Move genericuprobe sensor maps under new hierarchy
31bbcc0 
Moving genericuprobe sensor maps under new hierarchy.

per program maps:

  config_map
  uprobe_calls
  filter_map
  tg_mb_sel_opts

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Move genericlsm sensor maps under new hierarchy
75269c7 
Moving genericlsm sensor maps under new hierarchy:

per program maps:

  config_map
  lsm_calls
  filter_map
  tg_mb_sel_opts
  tg_mb_paths
  argfilter_maps
  addr4lpm_maps
  addr6lpm_maps
  string_maps_%d
  string_prefix_maps
  string_postfix_maps
  process_call_heap

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Change generickprobe sensor pin path
06f15fd 
Change the generickprobe sensor pin path for programs
under sysfs hierarchy.

Now the program pin looks like below,
for multi kprobes:

  sigkilltest/gkp-sensor-1/multi_kprobe/prog
  sigkilltest/gkp-sensor-1/multi_retkprobe/prog

for regular kprobes:

  sigkilltest/gkp-sensor-1/__x64_sys_lseek/prog
  sigkilltest/gkp-sensor-1/__x64_sys_lseek_return/prog

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Change generictracepoint sensor pin path
367c645 
Change the generictracepoint sensor pin path for programs
under sysfs hierarchy.

Now the program pin looks like below:

  raw-syscalls/gtp-sensor-1/raw_syscalls:sys_enter/prog

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Change genericuprobe sensor pin path
edd45bb 
Change the genericuprobe sensor pin path for programs
under sysfs hierarchy.

Now the program pin looks like below:

  uprobe/gup-sensor-1/0-readline/prog
  uprobe/gup-sensor-1/1-main/prog

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Change genericlsm sensor pin path
951c90a 
Change the genericlsm sensor pin path for programs
under sysfs hierarchy.

Now the program pin looks like below:
  lsm-file-open/glsm-sensor-1/file_open/prog

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Move enforcer sensor maps under new hierarchy
b9fa81b 
Moving enforcer sensor maps under new hierarchy.

per policy maps:

  enforcer_data

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Get rid of MapBuilderPin functions
8716b8a 
Removing MapBuilderPin, because it's no longer needed and
removing the pin argument from mapBuilder function.

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Sanitize policy name before using it in path
c1f2185 
Policy name is provided by tracing-policy/user. It already has some
restrictions, but let's add at least substitute for '/' characters
for '_' to ensure the path is not mangled.

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Adjust linkPinPath for new hierarchy
4609398 
Adjusting linkPinPath for new hierarchy to use program's PinPath directory
with 'link' file name. Plus '_override' suffix for override link.

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Add policy argument to SensorBuilder function
1a69192 
Adding policy argument to SensorBuilder function so it's
passed to the Sensor object.

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Add tests for map builders
8f102dc 
Add tests for the map builders, will be likely extended.

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Add tests for map max entries setup
76544da 
Adding tests for map max entries setup.

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri
tetragon: Add documentation for maps usage
d0da915 
Adding some notes in map.go header about maps usage.

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@olsajiri olsajiri marked this pull request as ready for review August 29, 2024 07:05
@kkourt kkourt self-requested a review September 2, 2024 09:03
tpapagian
tpapagian approved these changes Sep 10, 2024
View reviewed changes
Copy link
Member

@tpapagian tpapagian left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

@olsajiri olsajiri merged commit 88036cd into main Sep 10, 2024
50 checks passed
@olsajiri olsajiri deleted the pr/olsajiri/loader branch September 10, 2024 19:22
@kkourt kkourt mentioned this pull request Sep 23, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tpapagian tpapagian tpapagian approved these changes

@kkourt kkourt kkourt approved these changes

@jrfastab jrfastab Awaiting requested review from jrfastab

Assignees
No one assigned
Labels
release-note/minor This PR introduces a minor user-visible change
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@olsajiri @mtardy @kkourt @tpapagian