Skip to content

fix(driver/bpf): fixed small verifier bug in old bpf probe. #2281

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 17, 2025
Merged

fix(driver/bpf): fixed small verifier bug in old bpf probe. #2281

merged 1 commit into from
Feb 17, 2025

Conversation

FedeDP
Copy link
Contributor

@FedeDP FedeDP commented Feb 14, 2025
edited
Loading

What type of PR is this?

/kind bug

Any specific area of the project related to this PR?

/area driver-bpf

Does this PR require a change in the driver versions?

What this PR does / why we need it:

On my machine, the currect bpf probe code caused a verifier bug:

639: (85) call bpf_perf_event_output#25
R5 min value is negative, either use unsigned or 'var &= const'
processed 603 insns (limit 1000000) max_states_per_insn 0 total_states 13 peak_states 13 mark_read 7

-- END PROG LOAD LOG --
terminate called after throwing an instance of 'scap_open_exception'
  what():  libscap: bpf_load_program() event=raw_tracepoint/filler/sys_sendmmsg_x_failure: Operation not permitted
Annullato

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

fix(driver/bpf): fixed small verifier bug in old bpf probe.

@FedeDP
fix(driver/bpf): fixed small verifier bug in old bpf probe.
22b4d1c 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
@poiana poiana requested review from gnosek and hbrueckner February 14, 2025 10:23
@github-actions GitHub Actions
Copy link

Please double check driver/SCHEMA_VERSION file. See versioning.

/hold

@FedeDP
Copy link
Contributor Author

FedeDP commented Feb 14, 2025

/milestone next-driver

@poiana poiana added this to the next-driver milestone Feb 14, 2025
@FedeDP
Copy link
Contributor Author

FedeDP commented Feb 14, 2025

/unhold
No need to bump driver schema version.

@github-actions GitHub Actions
Copy link

Perf diff from master - unit tests

     7.15%     -0.61%  [.] sinsp::next
    18.29%     +0.37%  [.] sinsp_threadinfo::get_main_thread
     4.09%     -0.28%  [.] next_event_from_file
     7.12%     -0.28%  [.] sinsp_parser::reset
     4.95%     +0.21%  [.] sinsp_evt::get_type
     1.68%     +0.19%  [.] sinsp_thread_manager::find_thread
     8.83%     +0.19%  [.] std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release
     9.48%     +0.18%  [.] sinsp_thread_manager::create_thread_dependencies
     1.36%     +0.18%  [.] is_conversion_needed
     0.55%     -0.16%  [.] sinsp_evt::get_direction

Heap diff from master - unit tests

peak heap memory consumption: 0B
peak RSS (including heaptrack overhead): 0B
total memory leaked: 0B

Heap diff from master - scap file

peak heap memory consumption: 0B
peak RSS (including heaptrack overhead): 0B
total memory leaked: 0B

Benchmarks diff from master

Comparing gbench_data.json to /root/actions-runner/_work/libs/libs/build/gbench_data.json
Benchmark                                                         Time             CPU      Time Old      Time New       CPU Old       CPU New
----------------------------------------------------------------------------------------------------------------------------------------------
BM_sinsp_split_mean                                            -0.0115         -0.0115           147           145           147           145
BM_sinsp_split_median                                          -0.0065         -0.0065           147           146           147           146
BM_sinsp_split_stddev                                          +0.9655         +0.9669             2             3             2             3
BM_sinsp_split_cv                                              +0.9884         +0.9897             0             0             0             0
BM_sinsp_concatenate_paths_relative_path_mean                  +0.0077         +0.0078            56            56            56            56
BM_sinsp_concatenate_paths_relative_path_median                +0.0036         +0.0036            56            56            56            56
BM_sinsp_concatenate_paths_relative_path_stddev                +0.8884         +0.8883             0             0             0             0
BM_sinsp_concatenate_paths_relative_path_cv                    +0.8739         +0.8737             0             0             0             0
BM_sinsp_concatenate_paths_empty_path_mean                     -0.0440         -0.0440            24            23            24            23
BM_sinsp_concatenate_paths_empty_path_median                   -0.0415         -0.0415            24            23            24            23
BM_sinsp_concatenate_paths_empty_path_stddev                   -0.7946         -0.7950             0             0             0             0
BM_sinsp_concatenate_paths_empty_path_cv                       -0.7851         -0.7856             0             0             0             0
BM_sinsp_concatenate_paths_absolute_path_mean                  -0.0161         -0.0161            57            56            57            56
BM_sinsp_concatenate_paths_absolute_path_median                -0.0133         -0.0133            57            56            57            56
BM_sinsp_concatenate_paths_absolute_path_stddev                +1.2375         +1.2376             0             1             0             1
BM_sinsp_concatenate_paths_absolute_path_cv                    +1.2740         +1.2741             0             0             0             0
BM_sinsp_split_container_image_mean                            +0.0121         +0.0121           385           390           385           390
BM_sinsp_split_container_image_median                          +0.0152         +0.0152           384           390           384           390
BM_sinsp_split_container_image_stddev                          -0.1809         -0.1796             3             2             3             2
BM_sinsp_split_container_image_cv                              -0.1907         -0.1895             0             0             0             0

@codecov Codecov
Copy link

codecov bot commented Feb 14, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 75.32%. Comparing base (c7b8dba) to head (22b4d1c).
Report is 1 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #2281      +/-   ##
==========================================
- Coverage   75.33%   75.32%   -0.01%     
==========================================
  Files         280      280              
  Lines       34556    34556              
  Branches     5901     5902       +1     
==========================================
- Hits        26032    26031       -1     
- Misses       8524     8525       +1
Flag Coverage Δ
libsinsp 75.32% <ø> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@github-actions GitHub Actions
Copy link

X64 kernel testing matrix

KERNEL CMAKE-CONFIGURE KMOD BUILD KMOD SCAP-OPEN BPF-PROBE BUILD BPF-PROBE SCAP-OPEN MODERN-BPF SCAP-OPEN
amazonlinux2-4.19 🟢 🟢 🟢 🟢 🟢 🟡
amazonlinux2-5.10 🟢 🟢 🟢 🟢 🟢
amazonlinux2-5.15 🟢 🟢 🟢 🟢 🟢
amazonlinux2-5.4 🟢 🟢 🟢 🟢 🟢 🟡
amazonlinux2022-5.15 🟢 🟢 🟢 🟢 🟢
amazonlinux2023-6.1 🟢 🟢 🟢 🟢 🟢 🟢
archlinux-6.0 🟢 🟢 🟢 🟢 🟢 🟢
archlinux-6.7 🟢 🟢 🟢 🟢 🟢 🟢
centos-3.10 🟢 🟢 🟢 🟡 🟡 🟡
centos-4.18 🟢 🟢 🟢 🟢 🟢
centos-5.14 🟢 🟢 🟢 🟢 🟢 🟢
fedora-5.17 🟢 🟢 🟢 🟢 🟢 🟢
fedora-5.8 🟢 🟢 🟢 🟢 🟢
fedora-6.2 🟢 🟢 🟢 🟢 🟢 🟢
oraclelinux-3.10 🟢 🟢 🟢 🟡 🟡 🟡
oraclelinux-4.14 🟢 🟢 🟢 🟢 🟢 🟡
oraclelinux-5.15 🟢 🟢 🟢 🟢 🟢
oraclelinux-5.4 🟢 🟢 🟢 🟢 🟢 🟡
ubuntu-4.15 🟢 🟢 🟢 🟢 🟢 🟡
ubuntu-5.8 🟢 🟢 🟢 🟢 🟢 🟡
ubuntu-6.5 🟢 🟢 🟢 🟢 🟢 🟢

ARM64 kernel testing matrix

KERNEL CMAKE-CONFIGURE KMOD BUILD KMOD SCAP-OPEN BPF-PROBE BUILD BPF-PROBE SCAP-OPEN MODERN-BPF SCAP-OPEN
amazonlinux2-5.4 🟢 🟢 🟢 🟢 🟢 🟡
amazonlinux2022-5.15 🟢 🟢 🟢 🟢 🟢
fedora-6.2 🟢 🟢 🟢 🟢 🟢 🟢
oraclelinux-4.14 🟢 🟢 🟢 🟡 🟡 🟡
oraclelinux-5.15 🟢 🟢 🟢 🟢 🟢
ubuntu-6.5 🟢 🟢 🟢 🟢 🟢 🟢

@FedeDP
Copy link
Contributor Author

FedeDP commented Feb 14, 2025

The modern bpf is broken in master too :/
I will check the failure asap!

@FedeDP
Copy link
Contributor Author

FedeDP commented Feb 14, 2025
edited
Loading

It seems like #2255 is the culprit. Will investigate it further since initially the PR did not trigger any failure (you can see the edits on the kernel testing matrix comment: #2255 (comment))

EDIT: opened #2282 to fix it.

@FedeDP
Copy link
Contributor Author

FedeDP commented Feb 14, 2025

/cc @Molter73 @Andreagit97

Andreagit97
Andreagit97 approved these changes Feb 14, 2025
View reviewed changes
Copy link
Member

@Andreagit97 Andreagit97 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

great catch
/approve

@poiana poiana added the lgtm label Feb 14, 2025
@poiana
Copy link
Contributor

poiana commented Feb 14, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Andreagit97, FedeDP

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@poiana poiana merged commit f2dcba9 into master Feb 17, 2025
59 of 60 checks passed
@poiana poiana deleted the fix/verifier_bug branch February 17, 2025 09:27
iurly pushed a commit to iurly/falcosecurity-libs that referenced this pull request Feb 17, 2025
@gnosek @poiana
new(sinsp)!: support linux_hostinfo_platform in sinsp::open_plugin
7b72eb5 
Rather than passing the mode directly, introduce a new enum that
describes both the mode and the platform to use.

Fixes: falcosecurity#2281
Signed-off-by: Grzegorz Nosek <grzegorz.nosek@sysdig.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasondellaluce jasondellaluce jasondellaluce approved these changes

@Andreagit97 Andreagit97 Andreagit97 approved these changes

@gnosek gnosek Awaiting requested review from gnosek

@hbrueckner hbrueckner Awaiting requested review from hbrueckner

@Molter73 Molter73 Awaiting requested review from Molter73

Assignees

@jasondellaluce jasondellaluce

@Andreagit97 Andreagit97

Labels
approved area/driver-bpf dco-signoff: yes kind/bug Something isn't working lgtm release-note size/XS
Projects
Falco Roadmap
Archived in project
Milestone
8.1.0+driver
Development

Successfully merging this pull request may close these issues.
4 participants
@FedeDP @poiana @jasondellaluce @Andreagit97