Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tetragon: Harden loader sensor #2024

Merged
merged 2 commits into from
Jan 26, 2024
Merged

tetragon: Harden loader sensor #2024

merged 2 commits into from
Jan 26, 2024

Conversation

olsajiri
Copy link
Contributor

@olsajiri olsajiri commented Jan 26, 2024
edited
Loading

Making the loader sensor to send data for non excutable mmaps as well
to increase the chance that we might be able to read build id for the
binary at least from one of them.

As we can't sleep at the current loader probed function, we depend on
the page with build id being swapped-in, which might not be always the
case. By allowing to send build id data for mmap non executable mmap
events we increase the chance of getting the build id data for binary.

@olsajiri olsajiri force-pushed the pr/olsajiri/loader_fix branch from f4fcb6b to 3f78506 Compare January 26, 2024 07:45
@olsajiri olsajiri added the release-note/minor This PR introduces a minor user-visible change label Jan 26, 2024
@olsajiri olsajiri force-pushed the pr/olsajiri/loader_fix branch from 3f78506 to c66766f Compare January 26, 2024 11:59
@olsajiri
tetragon: Harden loader sensor
1a6824a 
Making the loader sensor to send data for non excutable mmaps as well
to increase the chance that we might be able to read build id for the
binary at least from one of them.

As we can't sleep at the current loader probed function, we depend on
the page with build id being swapped-in, which might not be always the
case. By allowing to send build id data for mmap non executable mmap
events we increase the chance of getting the build id data for binary.

Signed-off-by: Jiri Olsa <[email protected]>
@olsajiri olsajiri force-pushed the pr/olsajiri/loader_fix branch from c66766f to 1a6824a Compare January 26, 2024 13:43
@olsajiri olsajiri marked this pull request as ready for review January 26, 2024 15:14
@olsajiri olsajiri requested a review from a team as a code owner January 26, 2024 15:14
@olsajiri olsajiri requested a review from kevsecurity January 26, 2024 15:14
willfindlay
willfindlay approved these changes Jan 26, 2024
View reviewed changes
Copy link
Contributor

@willfindlay willfindlay left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Makes sense to me

@willfindlay @kkourt
vmtests: add 6.6 kernel source
b47cafe 
Signed-off-by: William Findlay <[email protected]>
@willfindlay willfindlay merged commit f9188de into main Jan 26, 2024
36 checks passed
@willfindlay willfindlay deleted the pr/olsajiri/loader_fix branch January 26, 2024 18:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kkourt kkourt kkourt approved these changes

@willfindlay willfindlay willfindlay approved these changes

@kevsecurity kevsecurity Awaiting requested review from kevsecurity kevsecurity is a code owner automatically assigned from cilium/tetragon

Assignees
No one assigned
Labels
release-note/minor This PR introduces a minor user-visible change
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@olsajiri @kkourt @willfindlay