From bc5bcbbe0f4b6f20960aeba3cad9cefbf022efc9 Mon Sep 17 00:00:00 2001 From: Leonardo Di Donato Date: Mon, 30 Sep 2019 13:57:22 +0000 Subject: [PATCH 1/2] fix(userspace/falco): guard lua state for falco outputs Co-authored-by: Lorenzo Fontana Signed-off-by: Leonardo Di Donato --- userspace/falco/falco_outputs.cpp | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/userspace/falco/falco_outputs.cpp b/userspace/falco/falco_outputs.cpp index 581ec587a74..955d4a99ad4 100644 --- a/userspace/falco/falco_outputs.cpp +++ b/userspace/falco/falco_outputs.cpp @@ -57,7 +57,6 @@ falco_outputs::~falco_outputs() if(m_initialized) { lua_getglobal(m_ls, m_lua_output_cleanup.c_str()); - if(!lua_isfunction(m_ls, -1)) { falco_logger::log(LOG_ERR, std::string("No function ") + m_lua_output_cleanup + " found. "); @@ -148,8 +147,8 @@ void falco_outputs::handle_event(gen_event *ev, string &rule, string &source, return; } + std::lock_guard guard(m_ls_semaphore); lua_getglobal(m_ls, m_lua_output_event.c_str()); - if(lua_isfunction(m_ls, -1)) { lua_pushlightuserdata(m_ls, ev); @@ -170,7 +169,6 @@ void falco_outputs::handle_event(gen_event *ev, string &rule, string &source, { throw falco_exception("No function " + m_lua_output_event + " found in lua compiler module"); } - } void falco_outputs::handle_msg(uint64_t now, @@ -226,8 +224,8 @@ void falco_outputs::handle_msg(uint64_t now, full_msg += ")"; } + std::lock_guard guard(m_ls_semaphore); lua_getglobal(m_ls, m_lua_output_msg.c_str()); - if(lua_isfunction(m_ls, -1)) { lua_pushstring(m_ls, full_msg.c_str()); @@ -251,7 +249,6 @@ void falco_outputs::handle_msg(uint64_t now, void falco_outputs::reopen_outputs() { lua_getglobal(m_ls, m_lua_output_reopen.c_str()); - if(!lua_isfunction(m_ls, -1)) { throw falco_exception("No function " + m_lua_output_reopen + " found. "); @@ -271,8 +268,8 @@ int falco_outputs::handle_http(lua_State *ls) struct curl_slist *slist1; slist1 = NULL; - if (!lua_isstring(ls, -1) || - !lua_isstring(ls, -2)) + if(!lua_isstring(ls, -1) || + !lua_isstring(ls, -2)) { lua_pushstring(ls, "Invalid arguments passed to handle_http()"); lua_error(ls); @@ -298,7 +295,7 @@ int falco_outputs::handle_http(lua_State *ls) curl_easy_cleanup(curl); curl = NULL; curl_slist_free_all(slist1); - slist1 = NULL; + slist1 = NULL; } return 1; } From 705d2530f8e3f4c72785cafd85daa632681114dd Mon Sep 17 00:00:00 2001 From: Leonardo Di Donato Date: Mon, 30 Sep 2019 13:58:02 +0000 Subject: [PATCH 2/2] fix(userspace/engine): guard lua state into falco engine Co-authored-by: Lorenzo Fontana Signed-off-by: Leonardo Di Donato --- userspace/engine/falco_common.h | 8 ++++---- userspace/engine/falco_engine.cpp | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/userspace/engine/falco_common.h b/userspace/engine/falco_common.h index f304b6e5720..646591868cf 100644 --- a/userspace/engine/falco_common.h +++ b/userspace/engine/falco_common.h @@ -21,6 +21,7 @@ limitations under the License. #include #include +#include extern "C" { #include "lua.h" @@ -94,11 +95,10 @@ class falco_common protected: lua_State *m_ls; + std::mutex m_ls_semaphore; + sinsp *m_inspector; private: void add_lua_path(std::string &path); -}; - - - +}; \ No newline at end of file diff --git a/userspace/engine/falco_engine.cpp b/userspace/engine/falco_engine.cpp index e3e8327b5f6..98971be6258 100644 --- a/userspace/engine/falco_engine.cpp +++ b/userspace/engine/falco_engine.cpp @@ -287,8 +287,8 @@ unique_ptr falco_engine::process_sinsp_event(sinsp_ev unique_ptr res(new rule_result()); + std::lock_guard guard(m_ls_semaphore); lua_getglobal(m_ls, lua_on_event.c_str()); - if(lua_isfunction(m_ls, -1)) { lua_pushnumber(m_ls, ev->get_check_id()); @@ -335,8 +335,8 @@ unique_ptr falco_engine::process_k8s_audit_event(json unique_ptr res(new rule_result()); + std::lock_guard guard(m_ls_semaphore); lua_getglobal(m_ls, lua_on_event.c_str()); - if(lua_isfunction(m_ls, -1)) { lua_pushnumber(m_ls, ev->get_check_id());