fix: handle unshare_setns_x missing thread_info, chore: thread_info check cleanups #841
Conversation
Signed-off-by: Adnan Ali <adduali1310@hotmail.com>
Signed-off-by: Adnan Ali <adduali1310@hotmail.com>
poiana
added
release-note-none
kind/bug
|
Apologies for the delay in sending this out. |
|
No problem sir :) /milestone 0.11.0 |
I am fine with either release....personally not a problem for me as I have applied an internal patch to resolve this issue, if that is what you are referring to. |
|
LGTM label has been added. Git tree hash: cf9957462c281f36be2ceccbc22aad4ab6008e7a
|
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: adduali1310, FedeDP, LucaGuerra The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
Manually rebased & merge because it had 2 approvals but poiana was 💀 |
|
/milestone 0.10.2 |
Signed-off-by: Adnan Ali [adduali1310@hotmail.com]
What type of PR is this?
/kind bug
/kind cleanup
Any specific area of the project related to this PR?
/area libsinsp
Does this PR require a change in the driver versions?
no
What this PR does / why we need it:
This PR is made of 2 commits:
Commit1: (fix)
Adds a safety check to validate if thread information is available before trying to dereference it when parsing the unshare_setns_exit event. Follows #818 to avoid further segfaults I encountered in specific parsers.
Commit2: (chore)
Performs a cleanup and follows a consistent method of thread information validation rather than having multiple different ways to check the same condition within a file making it very confusing and inconsistent.
For More Details , please refer to #817 (comment) where I have provided code examples of the issue.
Which issue(s) this PR fixes:
Continuation from #817
See #817 (comment) as well.
Special notes for your reviewer:
I have gone through the whole parsers.cpp file and specifically taken a look at the different parsers to see where we need to perform fixes and cleanups. Most parsers already have both - the thread information check as well as the comparison to nullptr as a consistent means of comparison.
I would also like to point out the below parsers where m_tinfo is dereferenced directly without a check, but I personally have not faced any segfaults due to the same. I have only seen segfaults due to the parsers I have mentioned(the same ones for which I have created PRs), which makes me believe that either the below parsers are fine or my rules do not make use of the parsers which is why segfaults have not yet been observed. I will leave it to the maintainers to decide on the best course of action for these parsers and will be happy to create follow up PR's if needed for the same.
As an example:
parse_rw_exit: https://github.com/falcosecurity/libs/blob/master/userspace/libsinsp/parsers.cpp#L4336
fcntl_exit: https://github.com/falcosecurity/libs/blob/master/userspace/libsinsp/parsers.cpp#L4960
eventfd_exit: https://github.com/falcosecurity/libs/blob/master/userspace/libsinsp/parsers.cpp#L4448
Does this PR introduce a user-facing change?: