Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update(driver): renameat2 support #1654

Merged
merged 3 commits into from
Jul 13, 2020
Merged

update(driver): renameat2 support #1654

merged 3 commits into from
Jul 13, 2020

Conversation

fntlnz
Copy link
Contributor

@fntlnz fntlnz commented Jul 10, 2020
edited
Loading

  • Support the renameat2 syscall
  • Flags transformer for renameat2 flags

Example output:

287009 18:42:37.921613466 6 mv (37734) > renameat2
287010 18:42:37.921655483 6 mv (37734) < renameat2 res=0 olddirfd=-100(AT_FDCWD) oldpath=oldname newdirfd=-100(AT_FDCWD) newpath=newname flags=1(RENAME_NOREPLACE)

In case anyone needs to test this on a system that has the renameat2 syscall but hasn't glibc support.

#define _GNU_SOURCE
#include <unistd.h>

#include <sys/syscall.h>
#include <linux/fs.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>


int main() {
  //Open the old directories to obtain fds
  int src_fd = open("/tmp", O_PATH);
  int dest_fd = open("/tmp", O_PATH);
  const char* src_path = "old";
  const char* dest_path = "new";

  unsigned int flags = RENAME_NOREPLACE;
  syscall(SYS_renameat2, src_fd, src_path, dest_fd, dest_path, flags);
}

Then use it

gcc renameat2.c
touch /tmp/old
./a.out

Here is a simple chisel for the renameat2 syscall.

-- Chisel description
description = "log all renameat2 syscalls";
short_description = "renameat2 log";
category = "Application";
args = {}


-- Initialization callback
function on_init()
    -- The -pc or -pcontainer options was supplied on the cmd line
    print_container = sysdig.is_print_container_data()
    olddirfd = chisel.request_field("evt.arg.olddirfd")
    oldpath = chisel.request_field("evt.arg.oldpath")
    newdirfd = chisel.request_field("evt.arg.newdirfd")
    newpath = chisel.request_field("evt.arg.newpath")
    flags = chisel.request_field("evt.arg.flags")

    chisel.set_filter("evt.type=renameat2 and evt.dir=<")
    return true
end

function on_event()
  local olddirfd = evt.field(olddirfd)
  local oldpath = evt.field(oldpath)
  local newdirfd = evt.field(newdirfd)
  local newpath = evt.field(newpath)
  local flags = evt.field(flags)
  print(string.format("renameat2: %s %s %s %s %s", olddirfd, oldpath, newdirfd, newpath, flags))
end

Notes for the reviewer

We are still keeping syscall_get_arguments_deprecated in our code base so that we are compatible with older kernels. Internally, it gets conveniently converted to syscall_get_arguments - look here

Fixes #1603

Signed-off-by: Lorenzo Fontana fontanalorenz@gmail.com

@fntlnz
Copy link
Contributor Author

fntlnz commented Jul 10, 2020
edited
Loading

Please hold with merge, I still need to do some additional testing.

@fntlnz
update(driver): renameat2 support
496d1da 
* Support the renameat2 syscall
* Flags transformer for renameat2 flags

Example output:
287009 18:42:37.921613466 6 mv (37734) > renameat2
287010 18:42:37.921655483 6 mv (37734) < renameat2 res=0 olddirfd=-100(AT_FDCWD) oldpath=oldname newdirfd=-100(AT_FDCWD) newpath=newname flags=1(RENAME_NOREPLACE)

Signed-off-by: Lorenzo Fontana <fontanalorenz@gmail.com>
leodido
leodido reviewed Jul 10, 2020
View reviewed changes
Copy link
Contributor

@leodido leodido left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left a suggestion Lore

driver/syscall_table.c Outdated Show resolved Hide resolved
fntlnz and others added 2 commits July 13, 2020 08:37
@fntlnz @leodido
update(driver): __NR_ia32_renameat2 exclusion
e30f2c7 
Signed-off-by: Lorenzo Fontana <fontanalorenz@gmail.com>

Co-authored-by: Leo Di Donato <leodidonato@gmail.com>
@fntlnz
update(driver): move all the renameat2 mappings to the end of the
1ef0569 
respective tables

Signed-off-by: Lorenzo Fontana <fontanalorenz@gmail.com>
@fntlnz
Copy link
Contributor Author

fntlnz commented Jul 13, 2020

This also works very well with the BPF probe now

sudo SYSDIG_BPF_PROBE=driver/bpf/probe.o ./userspace/sysdig/sysdig evt.type=renameat2
906613 09:16:48.183137767 2 a.out (2839) > renameat2 
906614 09:16:48.183206534 2 a.out (2839) < renameat2 res=0 olddirfd=3(<f>/tmp) oldpath=old newdirfd=4(<f>/tmp) newpath=new flags=1(RENAME_NOREPLACE) 
1111389 09:17:36.831474683 0 a.out (2860) > renameat2 
1111390 09:17:36.831496745 0 a.out (2860) < renameat2 res=-2(ENOENT) olddirfd=3(<f>/tmp) oldpath=old newdirfd=4(<f>/tmp) newpath=new flags=1(RENAME_NOREPLACE)

@fntlnz fntlnz requested a review from leodido July 13, 2020 09:20
@fntlnz
Copy link
Contributor Author

fntlnz commented Jul 13, 2020

This is ready for merge!

nathan-b
nathan-b approved these changes Jul 13, 2020
View reviewed changes
Copy link
Contributor

@nathan-b nathan-b left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

driver/ppm_events_public.h Show resolved Hide resolved
@fntlnz fntlnz merged commit daa2ae6 into dev Jul 13, 2020
@leogr
Copy link
Member

leogr commented Jul 13, 2020

👏
I can't wait to add that here 😄

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@leodido leodido leodido approved these changes

@nathan-b nathan-b nathan-b approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

"renameat2" syscall support
4 participants
@fntlnz @leogr @leodido @nathan-b