Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

new(driver): support for prctl syscall #1015

Merged
merged 22 commits into from
Apr 13, 2023
Merged

new(driver): support for prctl syscall #1015

merged 22 commits into from
Apr 13, 2023

Conversation

therealbobo
Copy link
Contributor

@therealbobo therealbobo commented Mar 29, 2023
edited
Loading

What type of PR is this?

Uncomment one (or more) /kind <> lines:

/kind bug

/kind cleanup

/kind design

/kind documentation

/kind failing-test

/kind feature

Any specific area of the project related to this PR?

Uncomment one (or more) /area <> lines:

/area API-version

/area build

/area CI

/area driver-kmod

/area driver-bpf

/area driver-modern-bpf

/area libscap-engine-bpf

/area libscap-engine-gvisor

/area libscap-engine-kmod

/area libscap-engine-modern-bpf

/area libscap-engine-nodriver

/area libscap-engine-noop

/area libscap-engine-source-plugin

/area libscap-engine-savefile

/area libscap-engine-udig

/area libscap

/area libpman

/area libsinsp

/area tests

/area proposals

Does this PR require a change in the driver versions?

/version driver-API-version-major

/version driver-API-version-minor

/version driver-API-version-patch

/version driver-SCHEMA-version-major

/version driver-SCHEMA-version-minor

/version driver-SCHEMA-version-patch

What this PR does / why we need it:

This adds the support for the prctl sys call.

Which issue(s) this PR fixes:

Fixes #1013

Special notes for your reviewer:

This is still a WIP.

Does this PR introduce a user-facing change?:

NONE

@poiana poiana added the size/M label Mar 29, 2023
@github-actions
Copy link

github-actions bot commented Mar 29, 2023
edited
Loading

Please double check driver/SCHEMA_VERSION file. See versioning.

@poiana poiana added size/L and removed size/M labels Mar 30, 2023
@therealbobo therealbobo force-pushed the new/add-prctl-syscall branch 2 times, most recently from a7f6d1f to 134146c Compare March 30, 2023 14:16
@poiana poiana added size/XL and removed size/L labels Apr 1, 2023
@Andreagit97 Andreagit97 added this to the 0.12.0 milestone Apr 4, 2023
FedeDP
FedeDP reviewed Apr 5, 2023
View reviewed changes
driver/syscall_table.c Outdated Show resolved Hide resolved
Andreagit97
Andreagit97 reviewed Apr 5, 2023
View reviewed changes
driver/bpf/fillers.h Outdated Show resolved Hide resolved
@therealbobo therealbobo force-pushed the new/add-prctl-syscall branch 5 times, most recently from a73cced to 714a0d8 Compare April 5, 2023 13:52
@therealbobo therealbobo changed the title [WIP] support for prctl syscall [FEATURE] support for prctl syscall Apr 5, 2023
@incertum
Copy link
Contributor

incertum commented Apr 5, 2023

@therealbobo since we discussed that this is important for keeping the state in the thread table up to date, I am assuming you would do that in the libsinsp parser after we merge this? Once we get there could you add PPME_SYSCALL_PRCTL_X to repaired_sinsp_state_sc_set base definition as well? Much appreciated!

@poiana poiana added size/XXL and removed size/XL labels Apr 5, 2023
Andreagit97
Andreagit97 reviewed Apr 12, 2023
View reviewed changes
Copy link
Member

@Andreagit97 Andreagit97 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

really just 2 minor things and we are ready!
i will investigate more on the verifier issue 🤔

driver/bpf/fillers.h Show resolved Hide resolved
driver/ppm_fillers.c Outdated Show resolved Hide resolved
driver/ppm_fillers.c Outdated Show resolved Hide resolved
@Andreagit97
Copy link
Member

and you need to bump this to 356

libs/driver/event_stats.h

Line 4 in 169c4d9

#define SYSCALL_EVENTS_NUM 354
since you added 2 new syscalls events

@FedeDP
Copy link
Contributor

FedeDP commented Apr 13, 2023

/milestone next-driver

@poiana poiana modified the milestones: 0.12.0, next-driver Apr 13, 2023
@therealbobo @FedeDP
fix(driver/bpf): fix ebpf verifier issue
7515045 
Co-authored-by: Federico Di Pierro <[email protected]>
Signed-off-by: Roberto Scolaro <[email protected]>
FedeDP
FedeDP approved these changes Apr 13, 2023
View reviewed changes
Copy link
Contributor

@FedeDP FedeDP left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve
Great job!

@poiana poiana added the lgtm label Apr 13, 2023
@poiana
Copy link
Contributor

poiana commented Apr 13, 2023

LGTM label has been added.

Git tree hash: c0e41b3643542df13ed27109a6ff7379de402c4c

Andreagit97
Andreagit97 approved these changes Apr 13, 2023
View reviewed changes
Copy link
Member

@Andreagit97 Andreagit97 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for this!
/approve

@poiana
Copy link
Contributor

poiana commented Apr 13, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Andreagit97, FedeDP, therealbobo

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@Andreagit97 Andreagit97 changed the title [FEATURE] support for prctl syscall new(driver): support for prctl syscall Apr 13, 2023
@poiana poiana merged commit 510c00d into falcosecurity:master Apr 13, 2023
@FedeDP FedeDP mentioned this pull request Apr 13, 2023
Closed
@incertum incertum mentioned this pull request Aug 23, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Andreagit97 Andreagit97 Andreagit97 approved these changes

@FedeDP FedeDP FedeDP approved these changes

@hbrueckner hbrueckner Awaiting requested review from hbrueckner

@Molter73 Molter73 Awaiting requested review from Molter73

Assignees

@FedeDP FedeDP

@Andreagit97 Andreagit97

Labels
approved area/driver-kmod area/libscap dco-signoff: yes kind/feature New feature or request lgtm release-note-none size/XXL
Projects
None yet
Milestone
5.0.0+driver
Development

Successfully merging this pull request may close these issues.

[FEATURE] Adding support for prctl Syscall
5 participants
@therealbobo @incertum @Andreagit97 @FedeDP @poiana