Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] scap bpf engine requires API VERSION major bumps when it shouldn't #1283

Open
Andreagit97 opened this issue Aug 7, 2023 · 6 comments
Open

[BUG] scap bpf engine requires API VERSION major bumps when it shouldn't #1283

Andreagit97 opened this issue Aug 7, 2023 · 6 comments
Labels
kind/bug Something isn't working
Milestone
TBD

Comments

@Andreagit97
Copy link
Member

Andreagit97 commented Aug 7, 2023
edited
Loading

Describe the bug

When the scap bpf engine loads the .o file it scans all elf sections. Right now when the engine finds a new filler section it expects to have the corresponding enum in userspace tables

libs/userspace/libscap/engine/bpf/scap_bpf.c

Line 596 in dc4ab16

if(prog_id == -1)

but this is not always true. Consider this example:

Let's imagine SCAP_MINIMUM_DRIVER_SCHEMA_VERSION is like today:

#define SCAP_MINIMUM_DRIVER_SCHEMA_VERSION PPM_API_VERSION(2, 0, 0)

and we have a driver with SCHEMA VERSION 2.0.0. Now we add a new filler like in this PR #1256 sys_listen_e and we bump the driver SCHEMA VERSION to 2.1.0. When libscap tries to load the new .o with SCHEMA_VERSION 2.1.0 it will fail because it will find a sys_listen_e section not known and will print invalid filler name. For this reason, when we add a new filler we need to bump also a major for the API VERSION until we fix this issue

int prog_id = lookup_filler_id(event);
if(prog_id == -1)
{
	return scap_errprintf(handle->m_lasterr, 0, "invalid filler name: %s", event);
}

this issue happens when we use an old libscap version and a driver with at least one new filler, not a very common case but BTW it is a bug.

How to reproduce it

Build libscap with the commit before this PR and build the bpf probe over this PR, you will see the invalid filler name error when you load the bpf probe
@Andreagit97 Andreagit97 added the kind/bug Something isn't working label Aug 7, 2023
@Andreagit97 Andreagit97 added this to the 0.13.0 milestone Aug 7, 2023
@Andreagit97 Andreagit97 modified the milestones: 0.13.0, 0.14.0 Aug 23, 2023
@Andreagit97 Andreagit97 modified the milestones: 0.14.0, TBD Sep 4, 2023
@Andreagit97 Andreagit97 changed the title [BUG] scap bpf engine requires SCHEMA VERSION major bumps when it shouldn't [BUG] scap bpf engine requires API VERSION major bumps when it shouldn't Nov 21, 2023
@Andreagit97 Andreagit97 mentioned this issue Nov 21, 2023
Merged
@poiana
Copy link
Contributor

poiana commented Feb 19, 2024

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

@Andreagit97
Copy link
Member Author

/remove-lifecycle stale

@poiana
Copy link
Contributor

poiana commented May 26, 2024

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

@Andreagit97
Copy link
Member Author

/remove-lifecycle stale

@poiana
Copy link
Contributor

poiana commented Aug 25, 2024

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

@Andreagit97
Copy link
Member Author

/remove-lifecycle stale

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Something isn't working
Projects
None yet
Milestone
TBD
Development

No branches or pull requests
2 participants
@poiana @Andreagit97