Delete threadinfos that we failed to add to the thread table [SMAGENT-1161] #1260
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bryanseay
reviewed
Nov 14, 2018
| @@ -815,19 +815,23 @@ void sinsp::on_new_entry_from_proc(void* context, | |||
| // | |||
| if(fdinfo == NULL) | |||
| { | |||
| bool thread_added = false; | |||
| sinsp_threadinfo* newti = new sinsp_threadinfo(this); | |||
There was a problem hiding this comment.
I'd rather that we put the thread a unique_ptr then call release() when it is added to the thread manager.
But I am fine with this.
bryanseay
approved these changes
Nov 14, 2018
gnosek
force-pushed
the
threadinfo-leak
branch
from
e5db4c1 to
b68fc77
Compare
gnosek
added a commit
that referenced
this pull request
Nov 14, 2018
We do need the lookup after insertion (to get a smart pointer to the threadinfo, at least)
gnosek
added a commit
that referenced
this pull request
Nov 14, 2018
We do need the lookup after insertion (to get a smart pointer to the threadinfo, at least)
anoop-sysd
changed the title
gnosek
added a commit
that referenced
this pull request
Nov 14, 2018
We do need the lookup after insertion (to get a smart pointer to the threadinfo, at least)
thom-sd
pushed a commit
that referenced
this pull request
Dec 21, 2018
We do need the lookup after insertion (to get a smart pointer to the threadinfo, at least)
clrpackages
pushed a commit
to clearlinux-pkgs/sysdig
that referenced
this pull request
Dec 26, 2018
…128k
Andy Dalton (2):
Add -Wextra -Werror to agent build (#1265)
Fix snprintf placeholder for size_t/{u,}int64_t (#1279)
Davide Schiera (1):
Remove Gitter, Slack is the (current) way to go
Gianluca Borello (1):
Use curl_multi_wait()
Grzegorz Nosek (16):
getsockopt()/setsockopt() support
getsockopt() parser support
Track socket errors
Make failed connection tracking optional and disabled by default
eBPF support for getsockopt()
Support socket state tracking for IPv6 sockets
Short-circuit getsockopt() processing
SO_BPF_EXTENSIONS also needs an `#ifdef` guard
Guard all socket options with `#ifdef`
Delete threadinfos that we failed to add to the thread table
Hotfix for draios/sysdig#1260
Log threads dropped from thread table due to overflow
Increase default thread table size to 64k, max to 128k
Exclude suppressed processes during initial /proc scan
Missing free() in scap_update_suppressed() error path
Disable reading environment from /proc by default (#1272)
Loris Degioanni (2):
big snaplen port range (#1256)
make fd resolution work for getsockopt in sysdig (#1280)
Mark Stemm (5):
Build probe modules only with sysdig directory (#1244)
Only check out sysdig for initial invocation (#1251)
Fix fd.net comparisons with in operator (#1252)
Lua parser interfaces (#1254)
Better way to check for c++11 compat (#1271)
Mattia Pagnozzi (1):
Check getsockopt event before accessing it (#1284)
Michael Vittiglio (1):
Fixed a compile issue when trying to make the project using VS2017 on… (#1248)
Nathan Baker (1):
Fixed spelling and copy/pased comment errors (#1250)
balinaveen (1):
Fix Windows build in CYGWIN environment (#1270)
robbycochran
added a commit
to stackrox/collector
that referenced
this pull request
Feb 19, 2019
3ec26c4 Apply all StackRox changes from before sysdig release 0.12.1 aa82b2f make fd resolution work for getsockopt in sysdig (#1280) 7516832 Check getsockopt event before accessing it (#1284) 9722dbc big snaplen port range (#1256) 1039a5f Fix snprintf placeholder for size_t/{u,}int64_t (#1279) 3fd70e3 Disable reading environment from /proc by default (#1272) 84434e8 Missing free() in scap_update_suppressed() error path 3906508 Exclude suppressed processes during initial /proc scan 88e6b9b Fix Windows build in CYGWIN environment (#1270) 70d4988 Better way to check for c++11 compat (#1271) 2a1c504 Add -Wextra -Werror to agent build (#1265) f4ee1db Increase default thread table size to 64k, max to 128k 3e31732 Log threads dropped from thread table due to overflow 72ea571 Remove Gitter, Slack is the (current) way to go 7d968af Hotfix for draios/sysdig#1260 7859219 Delete threadinfos that we failed to add to the thread table 493f8cc Use curl_multi_wait() f27e1ca Lua parser interfaces (#1254) bde0cdb Fixed a compile issue when trying to make the project using VS2017 on… (#1248) b3a3939 Guard all socket options with `#ifdef` 9ea97a7 SO_BPF_EXTENSIONS also needs an `#ifdef` guard 569f354 Short-circuit getsockopt() processing 51e0e8a Support socket state tracking for IPv6 sockets 4d06b43 eBPF support for getsockopt() f46eec7 Make failed connection tracking optional and disabled by default 8cc58b6 Track socket errors b871059 getsockopt() parser support 124dbb9 getsockopt()/setsockopt() support fedbf16 Fix fd.net comparisons with in operator (#1252) 07f6f2c Only check out sysdig for initial invocation (#1251) af0c56d Build probe modules only with sysdig directory (#1244) a0dca2c Fixed spelling and copy/pased comment errors (#1250) 0f722a0 Fix _packed macro declaration 91576de Add a NOTICES file (#1242) a2b9dbc Fix syntax and linker errors found while building latest sysdig code … (#1240) d32e5c5 Fixes in eBPF pid support e404c50 Change license apache2 (#1233) 4f433df Sync BPF uapi headers with 4.19. 7faa204 Temporary workaround for COS. 1496f46 Support 4.14.0 - 4.14.3 kernels in eBPF. 658016a Fix unknown fds handling while writing a capture (#1234) fa093e0 Disabled boot2docker sysdig-probe builds. SMAGENT-1084 (#1232) 22ed251 Rename cmake component to `agent-kmodule` ed6f580 Add dkms+xz dependencies to sysdig container d0df85e Revert "Rename cmake component to `agent-kmodule`" 63c7848 Rename cmake component to `agent-kmodule` a336f6b Fix off-by-one error with loginuid extract (#1227) 80f2142 Clean up error return values (#1215) 69ad6dd Domain name filterchecks (#1213) 9828d6a Fix invalid access to task->loginuid. bcc4c35 Fix loginuid handling when dumping from the thread manager (#1218) fe6e99e Close loginuid file to avoid fd leak. (#1214) 94809b5 Add std:: namespace (#1212) f079a9c Complete ipv6 support (#1204) b39d7e1 Added loginuid (auid) argument to execve exit events. (#1189) 11c0a76 Add 'endswith' filter (#1209) e835d6c Add minikube support to probe-loader (#1205) 2db609b Support another way of spawning docker containers without image name (#1207) 47efcc4 Use rfind when retrieving docker repo/tag metadata from images endpoint (#1206) fa528ea Wait when an existing probe module is detected but can't be unloaded (#1201) f2ba56d Removed probe version check (#1200) 6342797 Don't drop setns events in dropping mode (#1198) b3c92bf Upgrade libcurl to 7.61.0 (#1196) 68ef484 Adjust wrong events lengths when reading older captures (#1195) c24d070 sysdig-CLA-1.0-contributing-entity: Calsoft Inc sysdig-CLA-1.0-signed-off-by: Vani Pareek <[email protected]> Sysdig fix for SMBACK-1611 for vulnerability CVE-2018-1000007 (#1193) c36421f Fix ia32 check on BPF for 4.14 and 4.15 kernels 045f129 Simple helper script to check probe compilation against a wide range of stable kernel releases 1258be8 Load .ko.xz module on hosts using xz compression e515c63 Helper functions for suppressing events by syscall name 7b209ae Support logging elapsed time on tracers (#1186) e27ec9e Misc eventmask fixes e342245 Custom container fixes (incl. support for large environment) [SMAGENT-954] (#1170) e2a9f44 Properly set the addrlist total length when reading a capture (#1185) 6437870 m_suppressed pointers need to be initialized earlier (#1184) 298fbde More flexible captures (#1163) 153e395 Downgrade binutils in docker image (#1182) 5258b20 Skip broken 4.13.x coreos alpha builds coreos/bugs#2239 af801a0 Revert "Temporarily disable 4.17.x probe builds on Fedora" d38fe7c Revert "SMAGENT-832: Temporarily disable probe builds for Ubuntu 4.15.0-14 (#1094)" 9a76908 Revert "SMAGENT-832: Fix syntax error (#1095)" 3284395 [SMAGENT-982] get fedora atomic kernel header packages (#1173) e8fefb2 [SMAGENT-981] calculate HASH of fedora atomic kernel config (#1172) 4508106 Revert "Temporary disable Probe builder for CoreOS Alpha" 1f99ebc Ensure the /lib/modules symlink to /host/lib/modules is set correctly 38a1c42 Fix wrong handling of old docker versions [SMAGENT-974] (#1175) 85128bd Fix double docker request (#1174) 44c3bf3 Allow k8s filterchecks with analyzer (#1160) 57ea297 Skip proc scan in sinsp_dumper w/ threads_from_sinsp=true (#1164) 7d7c5aa Revert prs 1167 1168 (#1171) 2084bdf Allow providing a sysdig version directly (#1166) a9529db Add support for docker images without name It's possible to run docker images by specifying only their imageID. In those cases, parse the image name metadata from the images endpoint. 8a7a8f2 Get docker image tag from images endpoint If a docker image is targeted using repo+digest, you can avoid to specify the tag. In this case, get it from the images endpoint. 8a7bf7e Temporarily disable 4.17.x probe builds on Fedora 81b761d Fix for Linux 4.17 socket ops->getname API change aa60302 http_code type should be long not int (#1159) 76017cc Revert "SMAGENT-883: Temp disable Debian builds. (#1147)" fd42d05 Add missing file package 388c5fc Fix probe builder error for 4.14 OL7 UEK changes 008171b Back to `=` as cgroup separator 4245049 gcc-7 requires <functional> to use std::function 24172de Don't skip name=(...) cgroups 678fb9c Parse addl docker container image info (#1127) 487bd16 Add glob as a lua visible operator (#1153) 85cbcd5 Sanity check ptid/comm pointers (#1151) 8654982 Copy environment from parent process f0ff482 Custom container engine support 6e3595e Add ability to subscribe to container addition/removal container_manager can now receive callbacks to call when a new container is detected or an inactive one is removed. ce78d02 travis: remove test without bundled deps 9ca69a5 SMAGENT-883: Temp disable Debian builds. (#1147) 0568b78 SMAGENT-883: Revert "Add location of newer kbuild Debian packages" 0f9c1b4 Ensure m_bpf is set to false for offline handles (#1145) 515d95a Make sinsp_threadinfo->m_main_thread a weak_ptr<> (#1143) c0746ba Scap process blacklist (#1139) 414466b SMAGENT-883: Add location of newer kbuild Debian packages (#1130) 544a8c9 SMAGENT-899: Add missing repos for AmazonLinux (#1129) 7ed3259 SMAGENT-834: Fix URL for Fedora updates (#1098) 06f27f9 Perf improvements to calculating the program hash 5ed9834 Introduce non-STL thread table API (#1142) 06f0307 Remove an assert that would now trigger because I added a test that explicitly creates a large string parameter. 76efc4e Move away from BPF_MAP_TYPE_PERCPU_ARRAY for per-cpu maps and use a traditional BPF_MAP_TYPE_ARRAY so we can have a larger buffer area. e4b8be7 Fix snaplen bug: properly set the boundaries for the maximum snaplen, since the maximum length of a parameter due to the ring protocol and eBPF limitation is 0xffff. cd1b7da Fix a bug in val_to_ring: for some parameters, especially strings, the maximum length is not checked against the maximum 0xffff, so this can result in exporting junk to userspace, including non-terminated strings. 6a67e22 Fix a bug in val_to_ring: large val_len (e.g. large read/write) were always casted to u16 so they generate a bogus value in val_to_ring, resulting in a corrupted event and potentially agent misbehavior since the snaplen would not be accurate anymore. 02f80b9 Improve state switches (#1121) 9436cf2 The asm_volatile_goto quirk is not needed anymore for 4.17, kernel has introduced a workaround macro __BPF_TRACING__. b3fe25a Check rulesets first (#1126) 18fe861 Improve the argument truncation behavior on execve failure: the original driver just reports empty arguments, whereas in eBPF make it return what we have up to the limit 3fab606 Handle fetching argv and envp from system call arguments in case of failure 45fd3d5 The previous commit didn't consider that when using non-raw tracepoints (pre 4.17) it's not possible to access system call arguments right from the bpf context, we need to use the argument stashing area, so implement the unstashing inside bpf_syscall_get_argument_from_ctx(). aaa6caa Dropping logic for bind and fcntl events 069bd3d Write trailing newlines immediately even in JSON mode (#876) 66f1a2a In dropping mode, drop events that don't change system state dd48e48 Change sinsp_container_manager::get_container to return a ptr (#1120) 74159be Use enums for eBPF filler ids 28ad381 make sure the agent compiles under cygwin 406e0c7 Fix OSX build 6f49849 sysdig-probe-loader switches to bpf via environment variable or argv1 == "bpf" 8ae4352 Automatically try to call sysdig-probe-loader when the first initialization fail, so we get an experience more similar to the current automatic modprobe 57fefad Propagate probe version in the ELF to avoid version mismatch at runtime a9df0fa Hotplug support for eBPF. In particular, handle:1) Starting sysdig with one random CPU offline2) Propagate an exception from the eBPF program whenever a CPU goes up or down 8b1d6e2 Consolidate scratch sections e259ae0 Ignore *.o.ur-safe build artifacts 2958eb1 Redefine asm_volatile_goto for kernels >= 4.17 752f420 Move version-specific behaviors to quirks.h a0b9e32 Avoid nasty dmesg warning about printk helper 15ed9ff 32bit compilation fix 19317d0 Multitail support 6da5f6f Fix OSX compilation 83c6286 Fix Travis CI fddb539 Support raw tracepoints in eBPF rather than just the perf wrappers aeefac5 Disable compilation of BPF probe by default, so travis and other developers without llvm won't run into issues 0c7a310 eBPF support for sysdig 3ae6d84 Detect tracer fds that were created before sysdig starts up 91bc5ce Move proc lookup tracer inside max lookup check aac7c45 Add tracer for proc lookups eabbcf2 Move tracer_emitter code to libsinsp 5769e05 Allow proc lookups to be disabled 85f88ab Filterchecks flags cleanup (#1109) 9abce17 edit Sysdig license info so that GitHub recognizes it 27ab8af Improve lookups logging 7e52e24 Don't consider EF_OLD_VERSION a falco skip flag (#1106) aa3b498 More ef drop falco (#1105) f36e771 Preserve order between catchall & other filters (#1103) b5ce0de Allow evttype filters to work with syscalls (#1100) 737a784 Allow fd.port to be used with in. (#1101) bba5ec1 Disable manually added debian GCE variants. fba5ebd Fix evt.abspath filter parsing (#1093) 1bb9f0b Fix in netmasks (#1091) 0333501 Enable SME on userspace mappings (#1096) 05c23e1 SMAGENT-832: Fix syntax error (#1095) ddba48f SMAGENT-832: Temporarily disable probe builds for Ubuntu 4.15.0-14 (#1094) a71b258 parsing MODULE_URL as an argument passed and env. variable (#1085) 8e3c47f m_cwd must always be accessed via the get_cwd() helper, otherwise a non main thread creating a child process will mistakenly obtain an empty cwd since we just keep file information in the main thread. (#1087) 567c2e2 Fix pgid ns (#1080) 8703445 Allow capture files with versions < software (#1084) 9c197a9 Bump capture minor version Modified unlink/unlinkat events Added mkdirat syscall 9d82cce Add support for mkdirat syscall f0937b8 Allow using 'evt.abspath' for syscalls with multiple relative paths 'evt.abspath' behaves like 'evt.abspath.src' 4befa33 Move unlink/unlinkat arguments parsing to exit event 5ba20d1 Keep the cloud-amd64 exclude from b001a9a7f8cdf41f5ff94cdea36624c1cfbf7a81 bcdef68 Revert "Update fetching kernel sources for recent Debian releases" b001a9a Update fetching kernel sources for recent Debian releases ab5c389 handle PPM_AT_FDCWD in `render_fd_json` sysdig-CLA-1.0-contributing-entity: Amir Rossert sysdig-CLA-1.0-signed-off-by: Amir Rossert <[email protected]> f370fec handle PPM_AT_FDCWD in `render_fd` sysdig-CLA-1.0-contributing-entity: Amir Rossert sysdig-CLA-1.0-signed-off-by: Amir Rossert <[email protected]> 32bd20a Describe when version numbers must be changed f7201da Use scap_open* return codes as sysdig/csysdig exit codes b2cf150 Refuse to read captures created with a newer version of sysdig The check is done using the minor/major version fields of the pcap section header block. 3289ef8 Merge branch 'master' into dev 71abdae Add verb to sentence fb6c60d Fix fd.directory filter when handling paths like "/file", and remove a bit of duplicated code. d0b8899 Remove UF_ALWAYS_DROP tag to some "meaningful" syscalls 931fa30 Fixing win build (#1069) 752e81b Set range of lengths to parsed, not string, values (#1073) 0b9e003 Extract ip address in sinsp_parser::parse_bind_exit() For ipv4 and ipv4-mapped ipv6, extract the ip address passed to bind. Also, set the role to server since they are servsock. 8995531 Use the right sockinfo in sinsp_parser::add_socket() While adding a new ipv6 socket, the m_type is correctly set to SCAP_FD_IPV6_SOCK but m_ipv4info was used to set the l4proto. 9658b52 Set EPF_FILTER_ONLY for fd.*net and update the description accordingly. a098342 Remove wrong not operators inside compare_net() As in compare_ip(), there's no need to flip the result of flt_compare since it already takes into account the operator. 11eee25 Fix typo in flt_compare_ipv4net() && used in place of bitwise and, causing every 'fd.net != ...' filter to be (almost) always true f970534 Use gcc 5 by default to compile properly on Ubuntu Xenial, remove gcc 4.9 since CentOS does not work anyway due to glibc d5a9895 Clean some unneeded friends from sinsp. fc65f00 Windows (#1063) 69c1efe Add process group id to execve events (#950) (#1035) (#1044) 1e5ab73 Lower log level for unknown docker event type 673e065 Add IS_CLONED flag to fdinfo It can be used to remember the fds copied during a clone() syscall. a3fae9b Fix wrong handling of UDP connections wrt connect syscall A UDP connection can start with a recvfrom and then do a connect to fix the packets address. When parsing a connect, if we are in one of those cases, avoid to set a wrong client role for the connection and if needed swap the sock_info retrieved from the connect tuple. 437ca60 support new amazon linux 2 distro (#1058) 92e9903 Remove unused code 47eac64 Add more validation of mesos task ids. (#1057) 7d076ac Make max-threads configurable a9a697e Return complete string tokens in eventformatter Directly use the string token to retrieve the filtercheck used in the format string instead of just using the filtercheck field info. This way indexes/arguments will be present inside the key. 57f2415 Allow sendto/recvfrom events for falco, add fd.name_changed filtercheck (#1052) 74c47ad Add filtercheck fd.connected Add support for the filtercheck fd.connected, that returns true for connected sockets. 2c99bba add s390x as platform with warning (#1029) 334ffdc SMAGENT-768: sinsp::scap_t* could be deref'd before initialization completes. (#1048) 318a6b8 Added docker derived environment vars to sinsp_container_info. Added utitlity functions to find environment variable. (#1021) 56164d1 Allow "in" operator to work with non-string values (#1049) REVERT: 50e42a7 Apply all StackRox changes from before sysdig release 0.12.1 git-subtree-dir: sysdig/src git-subtree-split: 3ec26c4c5d15cc49c4173c79f6cc38017296202b
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.