Loading: Check if probe type is registered

The loadInstance() function loads a BPF program. It checks its type
against the list of registered types and calls the appropriate handler
if there is a match. Otherwise it tries to match against some known
types. If that fails, it attempts to load the program as a kprobe.

If a new probe type is created but isn't registered (due to a typo, bug,
or some other error), then the program will silently attempt to load as
a kprobe, instead of using the supplied handler.

This commit makes a list of inbuilt probe types, and checks the program
type against it (calling the appropriate handler if it is in the list),
then checks the program type against the registered probe types (again,
calling the appropriate handler if it exists). If both of these fail, it
returns an error instead of silently attempting a kprobe load.

This will catch bugs where program types are accidentally specified with
an invalid type, or where probes are registered with incorrect names.

Signed-off-by: Kevin Sheldrake <kevin.sheldrake@isovalent.com>

pkg/sensors/load.go

@@ -16,7 +16,6 @@ import (
 	"github.com/cilium/tetragon/pkg/logger"
 	"github.com/cilium/tetragon/pkg/option"
 	"github.com/cilium/tetragon/pkg/sensors/program"
-	"github.com/cilium/tetragon/pkg/sensors/program/cgroup"
 
 	"github.com/sirupsen/logrus"
 )
@@ -319,31 +318,24 @@ func observerLoadInstance(bpfDir string, load *program.Program) error {
 }
 
 func loadInstance(bpfDir string, load *program.Program, version, verbose int) error {
-	version = kernels.FixKernelVersion(version)
-	probe, ok := registeredProbeLoad[load.Type]
+	// Check if the load.type is a standard program type. If so, use the standard loader.
+	loadFn, ok := standardTypes[load.Type]
 	if ok {
 		logger.GetLogger().WithField("Program", load.Name).
 			WithField("Type", load.Type).
 			WithField("Attach", load.Attach).
-			Info("Loading registered BPF probe")
-	} else {
+			Info("Loading BPF program")
+		return loadFn(bpfDir, load, verbose)
+	}
+	// Otherwise, check for a registered probe type. If one exists, use that.
+	probe, ok := registeredProbeLoad[load.Type]
+	if ok {
 		logger.GetLogger().WithField("Program", load.Name).
 			WithField("Type", load.Type).
 			WithField("Attach", load.Attach).
-			Info("Loading BPF program")
-	}
-
-	switch load.Type {
-	case "tracepoint":
-		return program.LoadTracepointProgram(bpfDir, load, verbose)
-	case "raw_tracepoint", "raw_tp":
-		return program.LoadRawTracepointProgram(bpfDir, load, verbose)
-	case "cgrp_socket":
-		return cgroup.LoadCgroupProgram(bpfDir, load, verbose)
-	}
-
-	if probe != nil {
+			Info("Loading registered BPF probe")
 		// Registered probes need extra setup
+		version = kernels.FixKernelVersion(version)
 		return probe.LoadProbe(LoadProbeArgs{
 			BPFDir:  bpfDir,
 			Load:    load,
@@ -352,7 +344,7 @@ func loadInstance(bpfDir string, load *program.Program, version, verbose int) er
 		})
 	}
 
-	return program.LoadKprobeProgram(bpfDir, load, verbose)
+	return fmt.Errorf("program %s has unregistered type '%s'", load.Label, load.Type)
 }
 
 func observerMinReqs() (bool, error) {

pkg/sensors/sensors.go

@@ -9,6 +9,7 @@ import (
 	"github.com/cilium/tetragon/pkg/logger"
 	"github.com/cilium/tetragon/pkg/policyfilter"
 	"github.com/cilium/tetragon/pkg/sensors/program"
+	"github.com/cilium/tetragon/pkg/sensors/program/cgroup"
 	"github.com/cilium/tetragon/pkg/tracingpolicy"
 
 	// load rthooks for policy filter
@@ -95,6 +96,13 @@ var (
 	registeredPolicyHandlers = map[string]policyHandler{}
 	// list of registers loaders, see registerProbeType()
 	registeredProbeLoad = map[string]probeLoader{}
+	standardTypes       = map[string]func(string, *program.Program, int) error{
+		"tracepoint":     program.LoadTracepointProgram,
+		"raw_tracepoint": program.LoadRawTracepointProgram,
+		"raw_tp":         program.LoadRawTracepointProgram,
+		"cgrp_socket":    cgroup.LoadCgroupProgram,
+		"kprobe":         program.LoadKprobeProgram,
+	}
 )
 
 // RegisterPolicyHandlerAtInit registers a handler for a tracing policy.