gadgets/run: Support eBPF parameters

[burak-ok]

Gadgets usually define different constants in the eBPF code to change
its behaviour. This commit implements the logic allow users setting
these flags from the CLI.

The gadget information to carry the different parameters exposed by the
bpf programs. This is gathered from the list provided in the gadget
definition and by using the BTF information of the gadget.

This PR replaces #2058

How to test

0. (Optional) Build your gadget image

$ cd gadgets/trace/exec
$ sudo -E ig image build -t ghcr.io/burak-ok/trace_exec:latest .
INFO[0000] Experimental features enabled                
Successfully built ghcr.io/burak-ok/trace_exec:latest@sha256:fe644cdbf0f175c36727d4bc4e55d60b27f28d756f96f426e1e4313fa8c742e

1. Execute the gadget using different flags (events are generated with setuidgid 1000:1000 cat /dev/null in a container)

$ go run -exec 'sudo -E' ./cmd/ig/... run ghcr.io/burak-ok/trace_exec:latest
INFO[0000] Experimental features enabled                
RUNTIME.CONTAINERNAME                               PID     COMM             UID      GID      RET       FNAME                                                
mycontainer                                         363944  setuidgid        0        0        -2        /etc/ld.so.cache                                     
mycontainer                                         363944  setuidgid        0        0        -2        /lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v3/libm.so.
mycontainer                                         363944  setuidgid        0        0        -2        /lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v2/libm.so.
mycontainer                                         363944  setuidgid        0        0        -2        /lib/x86_64-linux-gnu/tls/x86_64/x86_64/libm.so.6    
mycontainer                                         363944  setuidgid        0        0        -2        /lib/x86_64-linux-gnu/tls/x86_64/libm.so.6           
mycontainer                                         363944  setuidgid        0        0        -2        /lib/x86_64-linux-gnu/tls/x86_64/libm.so.6           
mycontainer                                         363944  setuidgid        0        0        -2        /lib/x86_64-linux-gnu/tls/libm.so.6                  
...
mycontainer                                         363944  cat              1000     1000     3         /lib/libc.so.6                                       
mycontainer                                         363944  cat              1000     1000     3         /dev/nul

Both, events with 0 and 1000 uid are captured

Capture only events from 1000

$ go run -exec 'sudo -E' ./cmd/ig/... run ghcr.io/burak-ok/trace_exec:latest --uid 1000
INFO[0000] Experimental features enabled                
RUNTIME.CONTAINERNAME                               PID     COMM             UID      GID      RET       FNAME                                                
mycontainer                                         364336  cat              1000     1000     -2        /etc/ld.so.cache                                     
mycontainer                                         364336  cat              1000     1000     -2        /lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v3/libm.so.
mycontainer                                         364336  cat              1000     1000     -2        /lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v2/libm.so.
mycontainer                                         364336  cat              1000     1000     -2        /lib/x86_64-linux-gnu/tls/x86_64/x86_64/libm.so.6    
mycontainer                                         364336  cat              1000     1000     -2        /lib/x86_64-linux-gnu/tls/x86_64/libm.so.6
...
mycontainer                                         364336  cat              1000     1000     3         /lib/libc.so.6                                       
mycontainer                                         364336  cat              1000     1000     3         /dev/null

Fixes #1927

[burak-ok]

Currently the compilation errors are resulting from the branch this PR is based on

[alban]

I think it's better to have generic CLI flags:

# ig run ghcr.io/burak-ok/trace_exec:latest --param uid=1000 --param gid=1000

Or in the short form:

# ig run ghcr.io/burak-ok/trace_exec:latest -p uid=1000 -p gid=1000

This is similar to systemd-run --property=NAME=VALUE

This would avoid conflicts with other flags such as --authfile, --filter, --output etc.

cobra should support repeated flags with https://pkg.go.dev/github.com/spf13/pflag#StringSlice

[mauriciovasquezbernal]

I think it's better to have generic CLI flags:

The advantage of explicitly exposing the flags is that the user can understand which ones are available and their documentation.

This would avoid conflicts with other flags such as --authfile, --filter, --output etc.

If this is really a concern we could try to namespace the gadget flags or to print a warning when a flag overlaps.

[alban]

The advantage of explicitly exposing the flags is that the user can understand which ones are available and their documentation.

Do you mean by using --help? But the documentation can also describe the parameters available even with a generic flag, like --output is doing for the columns.

If this is really a concern we could try to namespace the gadget flags or to print a warning when a flag overlaps.

Do you mean namespacing like this?

# ig run ghcr.io/burak-ok/trace_exec:latest --param-uid=1000 --param-gid=1000

That would work for me, although it is longer to type than -p uid=1000.

The advantage of a generic flag is that it is clearer that the flag comes from the specific gadget.

[mauriciovasquezbernal]

Do you mean by using --help? But the documentation can also describe the parameters available even with a generic flag, like --output is doing for the columns.

Yes, that's right. But I think they're more discoverable if exposed directly as flags on the CLI instead of being under a -p // --params flag. Let's ping @blixtra about this.

[burak-ok]

I added a GADGET_PARAM macro to indicate a parameter which should be configurable through userspace. Additionally now the validation and generation of the gadget param metadata is added.

As seen in trace_exec/program.bpf.c the GADGET_PARAM macro is optional. If the metadata has the correct definition of the parameter it is not needed. Therefore optional. It indeed increases readability for users and developoers looking only in the eBPF code

For a test builder image please use mine:

go run --exec "sudo -E" ./cmd/ig/... image build ./gadgets/trace_exec/ -t trace_exec --update-metadata --builder-image ghcr.io/burak-ok/ebpf-builder-burak:latest -v

A rebase will happen once #2107 is merged or there were larger changes in that PR. Then I can polish all little details

[eiffel-fl]

I have some comments but it is looking good!
I will thoroughly review and test it once #2107 is merged.

[eiffel-fl]

In C, I would say OK for this code as there is no other mean.
But in golang, you can definitely use strings.Split() to get all the arguments as an array (["foo", "--bar=corge", "-c", "--quux"]), you can also use strings.HasPrefix() to check if argument begins with --.

[burak-ok]

But in golang, you can definitely use strings.Split() to get all the arguments as an array (["foo", "--bar=corge", "-c", "--quux"])

The args variable is already such a slice

you can also use strings.HasPrefix() to check if argument begins with --.

You brought up an idea and then I just used .TrimLeft to remove the dashes (Be it 1 or 2)

[mauriciovasquezbernal]

I like how it's going, some initial comments.

Are you planning to add tests for Validate() and Populate() as done in #2107 and #1866?

[mauriciovasquezbernal]

I think it's fine to use params.ParamDesc as base, however I want to check @flyth's opinion.

[mauriciovasquezbernal]

btw, I extracted some commits to https://github.com/inspektor-gadget/inspektor-gadget/pull/2152/commits in order to make the review of this easier.

[burak-ok]

I like how it's going, some initial comments.

Are you planning to add tests for Validate() and Populate() as done in #2107 and #1866?

Thanks for reminding me. Planned and forgot :D

btw, I extracted some commits to https://github.com/inspektor-gadget/inspektor-gadget/pull/2152/commits in order to make the review of this easier.

Nice, thank you :) I will remove the commits once the metadata branch is rebased/merged

[eiffel-fl]

It is looking good, I am nonetheless wondering about the macro as it would be really helpful for users to not need it and only consider parameters regarding their elf locations.

[eiffel-fl]

I am really wondering about this one.
The parameters are volatile which should already prevent the compiler to remove them.
Moreover, I think we can basically states that everything in data which is const is a parameter?

[burak-ok]

I think the idea here is to have the metadata as the single source of truth.

Additionally if we would "mark" every global const volatile variable as a parameter all variables from the includes will be also shown for the gadget.
For example we include the mntns_filter.h header which would in turn expose the gadget_filter_by_mntns variable directly to the user. For that variable we have another specific flag since we need to do more for filtering by mntns than setting the variable to true.
But on the other hand we could just filter out all global const volatile variables which have a gadget_ prefix.

In the end for me the GADGET_PARAM macro is more useful.

Other thoughts?

[eiffel-fl]

The GADGET_PARAM macro is fine and we can perfectly go with this in a first version.
But removing this would remove some work needed by the users (i.e. not forget using the macro).

Additionally if we would "mark" every global const volatile variable as a parameter all variables from the includes will be also shown for the gadget.
For example we include the mntns_filter.h header which would in turn expose the gadget_filter_by_mntns variable directly to the user. For that variable we have another specific flag since we need to do more for filtering by mntns than setting the variable to true.

This is indeed a problem...

Note that, the metadata would still be used to set the parameters even if we do not use macro.

[burak-ok]

Note that, the metadata would still be used to set the parameters even if we do not use macro.

Correct and this is intended and what I also like

[eiffel-fl]

I guess so, otherwise the compiler would just replace all the occurrence of the variable by its value (i.e. 0).

[eiffel-fl]

I tested it but it does not recognize the given arguments:

$ sudo -E ./ig image build --local -t ghcr.io/burak-ok/trace_exec:latest .
INFO[0000] Experimental features enabled                
Successfully built ghcr.io/burak-ok/trace_exec:latest@sha256:4ab6510a958b81728bab0e23ac79fb52d7dc29387c06dcf5aec62771fedf70de
$ sudo -E ./ig image list                               burak/mauro/gadget-params % u=
INFO[0000] Experimental features enabled                
REPOSITORY                                                     TAG                                                           DIGEST      
ghcr.io/burak-ok/trace_exec                                    latest                                                        4ab6510a958b
$ sudo -E ./ig run ghcr.io/burak-ok/trace_exec:latest --uid 100   
INFO[0000] Experimental features enabled                
WARN[0000] GadgetMetadata.EBPFParams: map[]             
Error: unknown flag: --uid

[mauriciovasquezbernal]

Looks great!

I left some comments. I'll do a final pass later on.

[mauriciovasquezbernal]

IMO it's ready to go. I tried rebasing #1866 on top of this and everything seems to be working fine. The UX will be much better once we have #935 in place.

Thanks a lot for handling this.

However, as I wrote some of the code in this PR, I'll like somebody else to check this before merging. @alban do you think it's fine to continue with the CLI flags and then explore the possibility of having a general -p flag? (#2119 (comment))

[eiffel-fl]

I tested it and it works perfectly:

$ sudo -E ./ig run ghcr.io/inspektor-gadget/gadget/trace_exec:test --ignore-failed=false
INFO[0000] Experimental features enabled                
RUNTIME.CONTAINERNAME            PID               PPID              COMM              UID              GID              RETVAL          
flamboyant_hoover                45139             45102             bash              0                0                -2              
^C%                                                                                                                                      $ sudo -E ./ig run ghcr.io/inspektor-gadget/gadget/trace_open:test --failed
INFO[0000] Experimental features enabled                
RUNTIME.CONTAINERNAME          PID              COMM             UID              GID              RET   FNAME                           
flamboyant_hoover              45309            cat              0                0                -2    /tmp/foobar

This is really a cool feature to have!

[eiffel-fl]

Can you please take another look at the commit message, I do not understand the first sentence of the second paragraph.

[burak-ok]

I hope it is better now

[burak-ok]

Will wait for #2174 to be reviewed and merged first. This PR triggeres the bug that is getting fixed in #2174 very often when using the flags

[burak-ok]

Will wait for #2174 to be reviewed and merged first. This PR triggeres the bug that is getting fixed in #2174 very often when using the flags

The bug is fixed and I also tested the failing integration test locally - it works :)