From 90e7b919ad017c84f751b2dbb8ea1d2b5e4ebe0b Mon Sep 17 00:00:00 2001 From: Guy Arbitman Date: Tue, 10 Dec 2024 19:56:18 +0200 Subject: [PATCH] usm: sowatcher: Extend paths support up to 220 characters (#31975) --- pkg/network/ebpf/c/shared-libraries/types.h | 2 +- .../usm/sharedlibraries/types_linux.go | 4 +- .../usm/sharedlibraries/watcher_test.go | 47 +++++++++++++++++++ 3 files changed, 50 insertions(+), 3 deletions(-) diff --git a/pkg/network/ebpf/c/shared-libraries/types.h b/pkg/network/ebpf/c/shared-libraries/types.h index 3a4fe97bbc88e..ea2159d5d07eb 100644 --- a/pkg/network/ebpf/c/shared-libraries/types.h +++ b/pkg/network/ebpf/c/shared-libraries/types.h @@ -4,7 +4,7 @@ #include "ktypes.h" #define LIB_SO_SUFFIX_SIZE 9 -#define LIB_PATH_MAX_SIZE 120 +#define LIB_PATH_MAX_SIZE 220 typedef struct { __u32 pid; diff --git a/pkg/network/usm/sharedlibraries/types_linux.go b/pkg/network/usm/sharedlibraries/types_linux.go index 3240185a07632..6b52394ef4c37 100644 --- a/pkg/network/usm/sharedlibraries/types_linux.go +++ b/pkg/network/usm/sharedlibraries/types_linux.go @@ -6,9 +6,9 @@ package sharedlibraries type LibPath struct { Pid uint32 Len uint32 - Buf [120]byte + Buf [220]byte } const ( - LibPathMaxSize = 0x78 + LibPathMaxSize = 0xdc ) diff --git a/pkg/network/usm/sharedlibraries/watcher_test.go b/pkg/network/usm/sharedlibraries/watcher_test.go index 7af5b82782fe3..8c9864a91af8f 100644 --- a/pkg/network/usm/sharedlibraries/watcher_test.go +++ b/pkg/network/usm/sharedlibraries/watcher_test.go @@ -104,6 +104,53 @@ func (s *SharedLibrarySuite) TestSharedLibraryDetection() { }, time.Second*10, 100*time.Millisecond) } +func (s *SharedLibrarySuite) TestLongPath() { + t := s.T() + + const ( + fileName = "foo-libssl.so" + nullTerminatorLength = len("\x00") + ) + padLength := LibPathMaxSize - len(fileName) - len(t.TempDir()) - len("_") - len(string(filepath.Separator)) - nullTerminatorLength + fooPath1, fooPathID1 := createTempTestFile(t, strings.Repeat("a", padLength)+"_"+fileName) + // fooPath2 is longer than the limit we have, thus it will be ignored. + fooPath2, fooPathID2 := createTempTestFile(t, strings.Repeat("a", padLength+1)+"_"+fileName) + + registerRecorder := new(utils.CallbackRecorder) + unregisterRecorder := new(utils.CallbackRecorder) + + watcher, err := NewWatcher(utils.NewUSMEmptyConfig(), LibsetCrypto, + Rule{ + Re: regexp.MustCompile(`foo-libssl.so`), + RegisterCB: registerRecorder.Callback(), + UnregisterCB: unregisterRecorder.Callback(), + }, + ) + require.NoError(t, err) + watcher.Start() + t.Cleanup(watcher.Stop) + + // create files + command1, err := fileopener.OpenFromAnotherProcess(t, fooPath1) + require.NoError(t, err) + + command2, err := fileopener.OpenFromAnotherProcess(t, fooPath2) + require.NoError(t, err) + + require.Eventuallyf(t, func() bool { + return registerRecorder.CallsForPathID(fooPathID1) == 1 && + registerRecorder.CallsForPathID(fooPathID2) == 0 + }, time.Second*10, 100*time.Millisecond, "") + + require.NoError(t, command1.Process.Kill()) + require.NoError(t, command2.Process.Kill()) + + require.Eventually(t, func() bool { + return unregisterRecorder.CallsForPathID(fooPathID1) == 1 && + unregisterRecorder.CallsForPathID(fooPathID2) == 0 + }, time.Second*10, 100*time.Millisecond) +} + func (s *SharedLibrarySuite) TestSharedLibraryDetectionWithPIDAndRootNamespace() { t := s.T() _, err := os.Stat("/usr/bin/busybox")