Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[v1.2] bpf: fix path truncation in cwd and copying path arguments #3435

Draft
wants to merge 5 commits into
base: v1.2
Choose a base branch
from
Draft

[v1.2] bpf: fix path truncation in cwd and copying path arguments #3435

wants to merge 5 commits into from
+87 −28

Conversation

mtardy
Copy link
Member

@mtardy mtardy commented Feb 24, 2025

Backport of #3427

We bumped the size of the underlying prepend_name buffer to 4096 #2764 but many users were still truncating the returned size to 255.

Fix path truncations in event values for cwd and path/file function arguments. The function responsible for reading dentry was upgraded to 4096 but some users were still using the previous limitation of 256.

@mtardy
pkg/sensors/tracing: fix string parsing on old kernels
e09cd51 
Commit 834b5fe ("String: Support longer exact match strings") added
limitations on the size of strings parsed in userspace from the kernel
which ended up creating a bug: longer strings can technically be passed
in the event args and truncating ended up parsing incorrect flag and
i_mode values. Since the size is a security measure, I don't see the
point of limiting the value based on kernel value.

Signed-off-by: Mahe Tardy <mahe.tardy@gmail.com>
@mtardy
bpf: simplify inline asm in copy_path
f75e41c 
The asm was maybe no longer necessary and was restricting the maximum
size to be 1188.

Signed-off-by: Mahe Tardy <mahe.tardy@gmail.com>
@mtardy
pkg/sensors: add a regression test on long args
fa2bf7f 
This test make sure that we don't have a regression on the bug fixed in
the previous commit about truncating long args.

Signed-off-by: Mahe Tardy <mahe.tardy@gmail.com>
@mtardy
bpf: fix path truncation in reading cwd
0b5e8b4 
The current working directory was truncated to 256 while the underlying
buffer read into a buffer of 4096. This patch is raising the truncation
to 4096, making it complete as it's the max on linux.

Signed-off-by: Mahe Tardy <mahe.tardy@gmail.com>
@mtardy
pkg/sensors: test long cwd in process exec
89009a8 
Add a checker for a long cwd. Maybe this should be split into two
different tests but in a way it tests the same thing, reuse the same
directory structure, and we end up not having to restart tetragon twice.

Signed-off-by: Mahe Tardy <mahe.tardy@gmail.com>
@mtardy mtardy added the release-note/bug This PR fixes an issue in a previous release of Tetragon. label Feb 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
release-note/bug This PR fixes an issue in a previous release of Tetragon.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@mtardy