Skip to content

bug: fix assign vfsmnt correctly #3261

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
olsajiri merged 1 commit into from
Jan 9, 2025
Merged

bug: fix assign vfsmnt correctly #3261

olsajiri merged 1 commit into from
Jan 9, 2025

Conversation

@arthur-zhang
Copy link
Contributor

@arthur-zhang arthur-zhang commented Dec 27, 2024
edited
Loading

Fixes

Description

cwd_read do not assign data->vfsmnt correctly.

reproduce:

sudo mount -t nfs  x.x.x.x:/data/dev/nfs_dir /home/arthur/my_run

$ mount -t
x.x.x.x:/data/dev/nfs_dir on /home/arthur/my_run
/dev/nvme0n1p5 on /home type ext4 (rw,relatime)

and cat a file in my_run dir

cat /home/arthur/my_run/a.txt

in tetragon side, it will get a path : /home/home/arthur/my_run/a.txt, but it should be /home/arthur/my_run/a.txt

cat-2152134 [003] d...1 3725192.671779: bpf_trace_printk: copy path: /home/home/arthur/my_run/a.txt

and in another production env, i found it will get path more than expected when i cat /tmp/tetragon. the prefix /scon/containers/01J6HEV7R29R4WXXS1N2CS9ATP/rootfs/ should not be obtained.

/scon/containers/01J6HEV7R29R4WXXS1N2CS9ATP/rootfs/tmp/tetragon

in the old code, mnt is pointer to the old data->mnt, which is not correct.

struct mount *mnt = data->mnt;
...
if (data->mnt != parent) {
    probe_read(&data->dentry, sizeof(data->dentry),
			    _(&mnt->mnt_mountpoint));
    data->mnt = parent;
    probe_read(&data->vfsmnt, sizeof(data->vfsmnt),
			    _(&mnt->mnt));
    return 0;
}

Changelog

Fix vfsmnt assign bug in bpf/process/bpf_process_event.h

@arthur-zhang arthur-zhang requested a review from a team as a code owner December 27, 2024 04:01
@arthur-zhang arthur-zhang changed the title fix: update cwd_read to assign vfsmnt correctly bug: fix assign vfsmnt correctly Jan 3, 2025
@olsajiri
Copy link
Contributor

olsajiri commented Jan 3, 2025

Fixes

Description

cwd_read do not assign data->vfsmnt correctly.

reproduce:

sudo mount -t nfs  x.x.x.x:/data/dev/nfs_dir /home/arthur/my_run

$ mount -t
x.x.x.x:/data/dev/nfs_dir on /home/arthur/my_run
/dev/nvme0n1p5 on /home type ext4 (rw,relatime)

and cat a file in my_run dir

cat /home/arthur/my_run/a.txt

in tetragon side, it will get a path : /home/home/arthur/my_run/a.txt, but it should be /home/arthur/my_run/a.txt

cat-2152134 [003] d...1 3725192.671779: bpf_trace_printk: copy path: /home/home/arthur/my_run/a.txt

and in another production env, i found it will get path more than expected when i cat /tmp/tetragon. the prefix /scon/containers/01J6HEV7R29R4WXXS1N2CS9ATP/rootfs/ should not be obtained.

/scon/containers/01J6HEV7R29R4WXXS1N2CS9ATP/rootfs/tmp/tetragon

in the old code, mnt is pointer to the old data->mnt, which is not correct.

struct mount *mnt = data->mnt;
...
if (data->mnt != parent) {
    probe_read(&data->dentry, sizeof(data->dentry),
			    _(&mnt->mnt_mountpoint));
    data->mnt = parent;
    probe_read(&data->vfsmnt, sizeof(data->vfsmnt),
			    _(&mnt->mnt));
    return 0;
}

Changelog

Fix vfsmnt assign bug in bpf/process/bpf_process_event.h

@arthur-zhang please put all this in the commit changelog, also any chance you could add test the issue? thanks

olsajiri
olsajiri reviewed Jan 3, 2025
View reviewed changes
bpf/process/bpf_process_event.h Outdated
data->mnt = parent;
probe_read(&data->vfsmnt, sizeof(data->vfsmnt),
_(&mnt->mnt));
data->vfsmnt = &parent->mnt;
Copy link
Contributor

@olsajiri olsajiri Jan 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok, parent->mnt is not pointer but actual vfsmnt object embedded in mount struct,
so we can just take the address from parent.. but I think you still need to use _() to get CORE involved

Copy link
Contributor Author

@arthur-zhang arthur-zhang Jan 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK, i will fix it

@netlify
Copy link

netlify bot commented Jan 6, 2025

Deploy Preview for tetragon ready!

Name Link
🔨 Latest commit b32361f
🔍 Latest deploy log https://app.netlify.com/sites/tetragon/deploys/677b42c18107ed0008525bb8
😎 Deploy Preview https://deploy-preview-3261--tetragon.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@arthur-zhang arthur-zhang requested a review from olsajiri January 6, 2025 02:41
@kkourt kkourt self-requested a review January 6, 2025 12:09
@olsajiri olsajiri added the release-note/minor This PR introduces a minor user-visible change label Jan 8, 2025
olsajiri
olsajiri requested changes Jan 8, 2025
View reviewed changes
Copy link
Contributor

@olsajiri olsajiri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please add missing changelog and it's good to go, thanks

@arthur-zhang arthur-zhang requested a review from olsajiri January 9, 2025 07:44
@arthur-zhang
fix: update cwd_read to assign vfsmnt correctly
49fd07b 
The current code incorrectly assigns vfsmnt during path resolution, causing duplicate or unexpected path prefixes. This commit ensures correct path resolution across different mount types and environments.

Signed-off-by: arthur-zhang <happyzhangya@gmail.com>
@olsajiri olsajiri merged commit 0073b43 into cilium:main Jan 9, 2025
39 of 40 checks passed
@BrewTestBot BrewTestBot mentioned this pull request Mar 21, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@olsajiri olsajiri olsajiri approved these changes

@kkourt kkourt Awaiting requested review from kkourt

Assignees

No one assigned

Labels

release-note/minor This PR introduces a minor user-visible change

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@arthur-zhang @olsajiri