From 0d4a97e17d8d4d6020061dddc03c975e5f64ecb0 Mon Sep 17 00:00:00 2001 From: Kevin Sheldrake Date: Thu, 22 Feb 2024 18:08:01 +0000 Subject: [PATCH] Loading: Check if probe type is registered The loadInstance() function loads a BPF program. It checks its type against the list of registered types and calls the appropriate handler if there is a match. Otherwise it tries to match against some known types. If that fails, it attempts to load the program as a kprobe. If a new probe type is created but isn't registered (due to a typo, bug, or some other error), then the program will silently attempt to load as a kprobe, instead of using the supplied handler. This commit makes a list of inbuilt probe types, and checks the program type against it (calling the appropriate handler if it is in the list), then checks the program type against the registered probe types (again, calling the appropriate handler if it exists). If both of these fail, it returns an error instead of silently attempting a kprobe load. This will catch bugs where program types are accidentally specified with an invalid type, or where probes are registered with incorrect names. Signed-off-by: Kevin Sheldrake --- pkg/sensors/load.go | 30 +++++++++++------------------- pkg/sensors/sensors.go | 8 ++++++++ 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/pkg/sensors/load.go b/pkg/sensors/load.go index 0570b506ac4..ee931ae76d4 100644 --- a/pkg/sensors/load.go +++ b/pkg/sensors/load.go @@ -16,7 +16,6 @@ import ( "github.com/cilium/tetragon/pkg/logger" "github.com/cilium/tetragon/pkg/option" "github.com/cilium/tetragon/pkg/sensors/program" - "github.com/cilium/tetragon/pkg/sensors/program/cgroup" "github.com/sirupsen/logrus" ) @@ -319,31 +318,24 @@ func observerLoadInstance(bpfDir string, load *program.Program) error { } func loadInstance(bpfDir string, load *program.Program, version, verbose int) error { - version = kernels.FixKernelVersion(version) - probe, ok := registeredProbeLoad[load.Type] + // Check if the load.type is a standard program type. If so, use the standard loader. + loadFn, ok := standardTypes[load.Type] if ok { logger.GetLogger().WithField("Program", load.Name). WithField("Type", load.Type). WithField("Attach", load.Attach). - Info("Loading registered BPF probe") - } else { + Info("Loading BPF program") + return loadFn(bpfDir, load, verbose) + } + // Otherwise, check for a registered probe type. If one exists, use that. + probe, ok := registeredProbeLoad[load.Type] + if ok { logger.GetLogger().WithField("Program", load.Name). WithField("Type", load.Type). WithField("Attach", load.Attach). - Info("Loading BPF program") - } - - switch load.Type { - case "tracepoint": - return program.LoadTracepointProgram(bpfDir, load, verbose) - case "raw_tracepoint", "raw_tp": - return program.LoadRawTracepointProgram(bpfDir, load, verbose) - case "cgrp_socket": - return cgroup.LoadCgroupProgram(bpfDir, load, verbose) - } - - if probe != nil { + Info("Loading registered BPF probe") // Registered probes need extra setup + version = kernels.FixKernelVersion(version) return probe.LoadProbe(LoadProbeArgs{ BPFDir: bpfDir, Load: load, @@ -352,7 +344,7 @@ func loadInstance(bpfDir string, load *program.Program, version, verbose int) er }) } - return program.LoadKprobeProgram(bpfDir, load, verbose) + return fmt.Errorf("program %s has unregistered type '%s'", load.Label, load.Type) } func observerMinReqs() (bool, error) { diff --git a/pkg/sensors/sensors.go b/pkg/sensors/sensors.go index 19d96443458..ba6dd352f7b 100644 --- a/pkg/sensors/sensors.go +++ b/pkg/sensors/sensors.go @@ -9,6 +9,7 @@ import ( "github.com/cilium/tetragon/pkg/logger" "github.com/cilium/tetragon/pkg/policyfilter" "github.com/cilium/tetragon/pkg/sensors/program" + "github.com/cilium/tetragon/pkg/sensors/program/cgroup" "github.com/cilium/tetragon/pkg/tracingpolicy" // load rthooks for policy filter @@ -95,6 +96,13 @@ var ( registeredPolicyHandlers = map[string]policyHandler{} // list of registers loaders, see registerProbeType() registeredProbeLoad = map[string]probeLoader{} + standardTypes = map[string]func(string, *program.Program, int) error{ + "tracepoint": program.LoadTracepointProgram, + "raw_tracepoint": program.LoadRawTracepointProgram, + "raw_tp": program.LoadRawTracepointProgram, + "cgrp_socket": cgroup.LoadCgroupProgram, + "kprobe": program.LoadKprobeProgram, + } ) // RegisterPolicyHandlerAtInit registers a handler for a tracing policy.