[SMAGENT-1783] Don't check the signal info if it's not valid #1493

nathan-b · 2019-08-21T19:42:52Z

This is the eBPF half of pull request #1460

bertocci · 2019-08-22T17:07:04Z

driver/bpf/fillers.h

 	sig = ctx->sig;
-	if (sig == SIGKILL) {
+
+	if (info == SEND_SIG_NOINFO || info == SEND_SIG_PRIV || info == SEND_SIG_FORCED) {


I missed SEND_SIG_FORCED in my change. I think it should be in both the regular+bpf drivers, but both places need to add a version check. It's been removed in later kernel versions according to https://lore.kernel.org/patchwork/patch/981479/.

Have you tried building with a recent kernel? If we have compilation problems and add version checks, let's also update the regular driver code.

Ooh, good catch, thanks! Definitely doesn't build on a 5.2 kernel!

It's just a macro, so I think a simple #ifdef might be more straightforward than a version check. I'll update both the kmod and the bpf driver accordingly!

bertocci · 2019-08-22T17:40:41Z

driver/bpf/fillers.h

+#ifdef SEND_SIG_FORCED
+#define SIGINFO_NOT_A_POINTER(_info) ((_info) <= SEND_SIG_FORCED)
+#else
+#define SIGINFO_NOT_A_POINTER(_info) ((struct kernel_siginfo*)(_info) <= SEND_SIG_PRIV)


Why cast for this one and not the other #define? We should use a function and get a little bit of type-checking safety.

bertocci · 2019-08-22T17:41:37Z

driver/bpf/fillers.h

@@ -3518,6 +3518,12 @@ FILLER(sys_pagefault_e, false)
 	return res;
 }

+#ifdef SEND_SIG_FORCED
+#define SIGINFO_NOT_A_POINTER(_info) ((_info) <= SEND_SIG_FORCED)


I don't think <= is defined behavior for pointers, and also we're relying on the implementation of SEND_SIG_*. We should explicitly check for each SEND_SIG_* type.

In the patch that you helpfully sent me, look at is_sig_special. Looks like that's what the kernel itself uses (would be helpful if they just exported that dang function and saved us some trouble...).

If you'd rather me explicitly check each type though I can do so.

Let's check explicitly. I would love to use the kernel implementation, and I doubt it will ever change, but there's nothing to guarantee that.

[SMAGENT-1783] Don't check the signal info if it's not valid

28518d9

This is the eBPF half of pull request #1460

nathan-b requested a review from bertocci August 21, 2019 19:42

bertocci reviewed Aug 22, 2019

View reviewed changes

Fixed build issue on more recent kernels

c5f27b6

bertocci suggested changes Aug 22, 2019

View reviewed changes

Addressed review comments

a57b63a

bertocci approved these changes Aug 22, 2019

View reviewed changes

nathan-b merged commit fd30d12 into dev Aug 22, 2019

nathan-b deleted the siginfo_reading branch August 22, 2019 19:20

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[SMAGENT-1783] Don't check the signal info if it's not valid #1493

[SMAGENT-1783] Don't check the signal info if it's not valid #1493

Uh oh!

nathan-b commented Aug 21, 2019

Uh oh!

bertocci Aug 22, 2019

Uh oh!

nathan-b Aug 22, 2019

Uh oh!

bertocci Aug 22, 2019

Uh oh!

bertocci Aug 22, 2019

Uh oh!

nathan-b Aug 22, 2019

Uh oh!

bertocci Aug 22, 2019

Uh oh!

Uh oh!

[SMAGENT-1783] Don't check the signal info if it's not valid #1493

[SMAGENT-1783] Don't check the signal info if it's not valid #1493

Uh oh!

Conversation

nathan-b commented Aug 21, 2019

Uh oh!

bertocci Aug 22, 2019

Choose a reason for hiding this comment

Uh oh!

nathan-b Aug 22, 2019

Choose a reason for hiding this comment

Uh oh!

bertocci Aug 22, 2019

Choose a reason for hiding this comment

Uh oh!

bertocci Aug 22, 2019

Choose a reason for hiding this comment

Uh oh!

nathan-b Aug 22, 2019

Choose a reason for hiding this comment

Uh oh!

bertocci Aug 22, 2019

Choose a reason for hiding this comment

Uh oh!

Uh oh!