support 32-bit ARM (aarch32) syscalls #2898
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kkourt
changed the title
✅ Deploy Preview for tetragon ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
kkourt
added
the
release-note/minor
kkourt
force-pushed
the
pr/kkourt/syscalls-arm32
branch
14 times, most recently
from
a69eab3
to
691603b
Compare
|
Checkpatch failure is on existing code: |
mtardy
approved these changes
Sep 17, 2024
There was a problem hiding this comment.
looks good, to be fair the first commit is tricky to review, the list code is a bit hard to read (apart from new syscall_list.go). Do we have tests that cover policies with list usage?
olsajiri
reviewed
Sep 17, 2024
olsajiri
approved these changes
Sep 17, 2024
olsajiri
reviewed
Sep 17, 2024
willfindlay
approved these changes
Sep 17, 2024
There was a problem hiding this comment.
LGTM overall. Just a couple nits, aside from the typos @mtardy already pointed out. Pre-approving now.
syscall lists are used so that we can have a common place to define: syscall ids for the tracepoint hook filtering, and syscall function symbols for the enforcer. The previous implementation of i386 syscalls in these lists was using the fact that (most) of the i386 syscalls are implemented using functions prefixed by __ia32_sys. This, however, is not true for ARM where most system calls have the same implementation for aarch32 and aarch64 and their prefix is __arm64. This means that for arm, we cannot determine the ABI of a system call from its function. Morover, x86_64 has two 32-bit abis: i386 and x32, and we might, eventually, want to add supoprt the latter. This patch reworks the code of the syscall lists. In syscall lists, users can now use the abi/ prefix (e.g., i386/) to specify system calls under a specific ABI. The commits adds a new SyscallVal type which represents values in a system call list. For this type, we imlement the two required methods: - ID(): get the id of the system call to pass in BPF - Symbol(): get the symbol that corresponds to the implementation of the syscall Signed-off-by: Kornilios Kourtis <[email protected]>
Signed-off-by: Kornilios Kourtis <[email protected]>
During a test failure, where loading a sensor failed, the next test would also fail because the base sensor existed already. Fix this by registering a cleanup function to unload the base sensor rogjt after we load it. Signed-off-by: Kornilios Kourtis <[email protected]>
Rename some of the policies to better reflect the tests. Signed-off-by: Kornilios Kourtis <[email protected]>
refactor the enforcer tester so that it can accept more than two arguments. Also, allow for having different check functions for each command. Finally, pass the test context from where the check actually happens. Signed-off-by: Kornilios Kourtis <[email protected]>
Requires arm-linux-gnuabihf-gcc cross-compiler. Signed-off-by: Kornilios Kourtis <[email protected]>
Also, do a single apt-get update. Signed-off-by: Kornilios Kourtis <[email protected]>
Also, don't constrain building i386 ids in amd64. This will be used later in tests. Signed-off-by: Kornilios Kourtis <[email protected]>
This commit adds support for 32-bit syscalls in arm64. The commit, using what was added in previous patches, adds support for an arm32 ABI. (Tecnically, I believe the ABI should have been named aarch32 ABI, but arm32 seems clearer) Most of the 32-bit system calls use the same function as their 64-bit counterparts. So for now we just add a __arm64 prefix to get the symbol. For cases where this does not work, users would have to add the specific symbol on their own. Signed-off-by: Kornilios Kourtis <[email protected]>
Previously, the 32-bit syscall enforcer tests were only done in amd64 because we did not supported 32-bit syscalls in arm64. This patch modifies these tests to also test arm64 32-bit calls. Signed-off-by: Kornilios Kourtis <[email protected]>
kkourt
force-pushed
the
pr/kkourt/syscalls-arm32
branch
from
691603b
to
051f50e
Compare
|
Thanks for the reviews! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds support for dealing with 32-bit ARM syscalls on arm64.
See patches.