Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feat: Support for pidfd_getfd syscall #1145

Merged
merged 5 commits into from
Jun 22, 2023

Conversation

Rohith-Raju
Copy link
Contributor

@Rohith-Raju Rohith-Raju commented Jun 7, 2023

What type of PR is this?

Uncomment one (or more) /kind <> lines:

/kind bug

/kind cleanup

/kind design

/kind documentation

/kind failing-test

kind feature

Any specific area of the project related to this PR?

Uncomment one (or more) /area <> lines:

/area API-version

/area build

/area CI

area driver-kmod

area driver-bpf

area driver-modern-bpf

/area libscap-engine-bpf

/area libscap-engine-gvisor

/area libscap-engine-kmod

/area libscap-engine-modern-bpf

/area libscap-engine-nodriver

/area libscap-engine-noop

/area libscap-engine-source-plugin

/area libscap-engine-savefile

/area libscap-engine-udig

area libscap

/area libpman

/area libsinsp

area tests

/area proposals

Does this PR require a change in the driver versions?

/version driver-API-version-major

version driver-API-version-minor

/version driver-API-version-patch

/version driver-SCHEMA-version-major

/version driver-SCHEMA-version-minor

/version driver-SCHEMA-version-patch

What this PR does / why we need it:

This PR adds support to pidfd_getfd syscall.

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

new: support for pidfd_getfd syscall

@github-actions
Copy link

github-actions bot commented Jun 7, 2023

Please double check driver/API_VERSION file. See versioning.

@jasondellaluce
Copy link
Contributor

/milestone 0.12.0

@poiana poiana added this to the 0.12.0 milestone Jun 7, 2023
@@ -174,7 +174,6 @@ TEST(SyscallExit, execveatX_correct_exit)
/* Prepare the execve args */
int dirfd = 0;
const char *pathname = "/usr/bin/echo";
const char *comm = "echo";
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This line should not be removed as this is required below for the __s390x__ block. However, I have corrected this with PR #1150. Thanks.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

uhm probably now we should remove it otherwise we will have it defined twice on s390x 🤔

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On master this line is already removed and I have added it again for s390x with PR #1150 . I think this hunk above will go away with rebasing to latest master.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oh, bad trip hahaha! thank you for the hint

Copy link
Member

@Andreagit97 Andreagit97 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Amazing work, thank you!

driver/bpf/fillers.h Outdated Show resolved Hide resolved
driver/bpf/fillers.h Outdated Show resolved Hide resolved
driver/bpf/fillers.h Outdated Show resolved Hide resolved
@@ -453,6 +453,8 @@ const struct ppm_event_info g_event_info[] = {
[PPME_SYSCALL_PRCTL_X] = {"prctl", EC_PROCESS | EC_SYSCALL, EF_MODIFIES_STATE, 4, {{"res", PT_ERRNO, PF_DEC}, {"option", PT_ENUMFLAGS32, PF_DEC, prctl_options}, {"arg2_str", PT_CHARBUF, PF_NA}, {"arg2_int", PT_INT64, PF_DEC} } },
[PPME_ASYNCEVENT_E] = {"asyncevent", EC_OTHER | EC_METAEVENT, EF_LARGE_PAYLOAD, 3, {{"plugin_id", PT_UINT32, PF_DEC}, {"name", PT_CHARBUF, PF_NA}, {"data", PT_BYTEBUF, PF_NA} } },
[PPME_ASYNCEVENT_X] = {"NA", EC_UNKNOWN, EF_UNUSED, 0},
[PPME_SYSCALL_PIDFD_GETFD_E] = {"pidfd_getfd", EC_PROCESS | EC_SYSCALL, EF_CREATES_FD | EF_NONE, 0},
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we don't need the EF_NONE

Suggested change
[PPME_SYSCALL_PIDFD_GETFD_E] = {"pidfd_getfd", EC_PROCESS | EC_SYSCALL, EF_CREATES_FD | EF_NONE, 0},
[PPME_SYSCALL_PIDFD_GETFD_E] = {"pidfd_getfd", EC_PROCESS | EC_SYSCALL, EF_CREATES_FD, 0},

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we still need to address it, same for exit event

driver/flags_table.c Outdated Show resolved Hide resolved
driver/ppm_events_public.h Outdated Show resolved Hide resolved
driver/ppm_fillers.c Outdated Show resolved Hide resolved
driver/syscall_table.c Outdated Show resolved Hide resolved
@@ -174,7 +174,6 @@ TEST(SyscallExit, execveatX_correct_exit)
/* Prepare the execve args */
int dirfd = 0;
const char *pathname = "/usr/bin/echo";
const char *comm = "echo";
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

uhm probably now we should remove it otherwise we will have it defined twice on s390x 🤔

Signed-off-by: Rohith Raju <rohithraju488@gmail.com>
Signed-off-by: Rohith Raju <rohithraju488@gmail.com>
Signed-off-by: rohith-raju <rohithraju488@gmail.com>
Copy link
Member

@Andreagit97 Andreagit97 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left some really minor comments! Great job!
To bump the SCHEMA_VERSION you have to do exactly this 2f1c561
Please note that you have to change it from 2.4.1 to 2.5.1 as I've done in that commit since it is not yet merged, so you will be the first to bump it this time :)

driver/bpf/fillers.h Show resolved Hide resolved
@@ -453,6 +453,8 @@ const struct ppm_event_info g_event_info[] = {
[PPME_SYSCALL_PRCTL_X] = {"prctl", EC_PROCESS | EC_SYSCALL, EF_MODIFIES_STATE, 4, {{"res", PT_ERRNO, PF_DEC}, {"option", PT_ENUMFLAGS32, PF_DEC, prctl_options}, {"arg2_str", PT_CHARBUF, PF_NA}, {"arg2_int", PT_INT64, PF_DEC} } },
[PPME_ASYNCEVENT_E] = {"asyncevent", EC_OTHER | EC_METAEVENT, EF_LARGE_PAYLOAD, 3, {{"plugin_id", PT_UINT32, PF_DEC}, {"name", PT_CHARBUF, PF_NA}, {"data", PT_BYTEBUF, PF_NA} } },
[PPME_ASYNCEVENT_X] = {"NA", EC_UNKNOWN, EF_UNUSED, 0},
[PPME_SYSCALL_PIDFD_GETFD_E] = {"pidfd_getfd", EC_PROCESS | EC_SYSCALL, EF_CREATES_FD | EF_NONE, 0},
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we still need to address it, same for exit event

driver/flags_table.c Outdated Show resolved Hide resolved
driver/ppm_events_public.h Outdated Show resolved Hide resolved
driver/ppm_events_public.h Outdated Show resolved Hide resolved
driver/ppm_fillers.c Show resolved Hide resolved
driver/ppm_fillers.c Show resolved Hide resolved
driver/ppm_flag_helpers.h Outdated Show resolved Hide resolved
driver/ppm_flag_helpers.h Outdated Show resolved Hide resolved
driver/ppm_fillers.c Show resolved Hide resolved
driver/SCHEMA_VERSION Outdated Show resolved Hide resolved
Signed-off-by: rohith-raju <rohithraju488@gmail.com>
Andreagit97
Andreagit97 previously approved these changes Jun 22, 2023
Copy link
Member

@Andreagit97 Andreagit97 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!
/approve

@poiana
Copy link
Contributor

poiana commented Jun 22, 2023

LGTM label has been added.

Git tree hash: 7a424fee13b674ef9e5d2847d28d108537db28fe

@Andreagit97
Copy link
Member

/hold

Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
Copy link
Member

@Andreagit97 Andreagit97 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve
/unhold
sorry for the SCHEMA_VERSION dance now we should be finally ready!

@poiana
Copy link
Contributor

poiana commented Jun 22, 2023

LGTM label has been added.

Git tree hash: b72b12e6fff039dbeedd94a067095566fcd79dc4

Copy link
Contributor

@hbrueckner hbrueckner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks a lot @Rohith-Raju !

@poiana
Copy link
Contributor

poiana commented Jun 22, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Andreagit97, hbrueckner, Rohith-Raju

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@poiana poiana merged commit a65fe73 into falcosecurity:master Jun 22, 2023
@FedeDP
Copy link
Contributor

FedeDP commented Jul 28, 2023

/milestone 5.1.0+driver

@poiana poiana modified the milestones: next-driver, 5.1.0+driver Jul 28, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants