Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pipe_channel not reading all data in a message #7139

Merged
merged 2 commits into from
Jun 7, 2021
Merged

pipe_channel not reading all data in a message #7139

merged 2 commits into from
Jun 7, 2021

Conversation

nabilschear
Copy link
Contributor

When reading data from a table using generateInNamespace, the pipe channel implementation would only try one read syscall to read the message from the osquery process running in the namespace. Under certain circumstances, this single read call would be insufficient to read all the data in the message and the query would fail.

Example:

# osqueryi --json "SELECT source_table.* FROM deb_packages AS source_table JOIN docker_containers AS dc ON source_table.pid_with_namespace = dc.pid WHERE source_table.pid_with_namespace in (select pid from docker_containers);"
E0604 23:00:14.790307 256479 linux_table_container_ipc.cpp:446] Table deb_packages failed to retrieve QueryData from the container: Failed to read the entire message from the pipe of table deb_packages, read only 64436/113588 bytes

This PR fixes this problem by putting the read syscall in a loop that continues to read until all data has been returned.

cc @Smjert related to this thread: https://osquery.slack.com/archives/C08V7KTJB/p1621533600027800

@nabilschear nabilschear requested review from a team as code owners June 4, 2021 23:19
Smjert
Smjert previously requested changes Jun 5, 2021
View reviewed changes
Copy link
Member

@Smjert Smjert left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the PR!

I seem to have forgotten that a read can return less bytes than requested if only some are immediately available in the pipe, even if blocking ^^'.

osquery/worker/ipc/posix/pipe_channel.cpp Show resolved Hide resolved
@theopolis theopolis merged commit aad7752 into osquery:master Jun 7, 2021
@nabilschear nabilschear deleted the pipe_channel branch June 7, 2021 17:03
aikuchin pushed a commit to aikuchin/osquery that referenced this pull request Jul 11, 2023
@mogrein
Merge pull request osquery#17 in CLOUD/osquery from sync/osquery-4.9.…
c9a72bd 
…0 to master

* commit '367b03dd1baeb99506de13a897eff0456c287791': (46 commits)
  4.9.0 Changelog (osquery#7152)
  packaging: update rendered chocolatey spec icon URL (osquery#7148)
  Add additional paths to `apps` and `launchd` (osquery#7154)
  custom curl_certificate timeouts would never be used (osquery#7151)
  Add current WMI location for dell bios info (osquery#7103)
  enable other stats on containers that don't have traditional networks (osquery#7145)
  Add Prefetch table (osquery#7076)
  Add detection/handling for updated XProtect path in macOS Big Sur (osquery#7138)
  Trigger event cleanup checks every 256 events (osquery#7143)
  pipe_channel not reading all data in a message (osquery#7139)
  libs: Update libyara to version 4.1.1 (osquery#7133)
  libs: Update librdkafka to version 1.7.0 (osquery#7134)
  Update website generators (osquery#7136)
  7118: Make generaing an extension uuid thread safe (osquery#7135)
  Alternate check for packageIdentifiers key (osquery#7099)
  Website: Note windows support for yara (osquery#7130)
  Fix crash and deadlocks in the support for recursive logging (osquery#7127)
  Implement infinite enrollment retries with tls_enrollment_max_attempts=0 (osquery#7125)
  Remove POSIX-only -fexceptions on Windows (osquery#7126)
  Minor cleanup of unused variables (osquery#7128)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@theopolis theopolis theopolis approved these changes

@Smjert Smjert Smjert left review comments

Assignees
No one assigned
Labels
bug containers virtual tables
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@nabilschear @Smjert @theopolis