Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add file content and owner modification probes #180

Merged
merged 2 commits into from
Jan 15, 2024
Merged

Conversation

mmat11
Copy link
Contributor

@mmat11 mmat11 commented Jan 5, 2024

File              Program                              Verdict  Duration (us)  Insns  States  Peak states
----------------  -----------------------------------  -------  -------------  -----  ------  -----------
EventProbe.bpf.o  fentry__commit_creds                 success           1899    740      35           35
EventProbe.bpf.o  fentry__do_renameat2                 success            218     68       4            4
EventProbe.bpf.o  fentry__do_unlinkat                  success            155     50       2            2
EventProbe.bpf.o  fentry__mnt_want_write               success            133     37       3            3
EventProbe.bpf.o  fentry__taskstats_exit               success          86209  26453    1397           78
EventProbe.bpf.o  fentry__tcp_close                    success           1358    474      26           26
EventProbe.bpf.o  fentry__tty_write                    success           1585    561      25           25
EventProbe.bpf.o  fentry__vfs_rename                   success         203489  79651    3119          405
EventProbe.bpf.o  fentry__vfs_unlink                   success            174     37       3            3
EventProbe.bpf.o  fexit__chmod_common                  success         102471  39551    1559          242
EventProbe.bpf.o  fexit__chown_common                  success         105521  39551    1559          242
EventProbe.bpf.o  fexit__do_filp_open                  success         107216  40449    1573          244
EventProbe.bpf.o  fexit__do_truncate                   success         105723  39583    1561          244
EventProbe.bpf.o  fexit__inet_csk_accept               success           1173    419      25           25
EventProbe.bpf.o  fexit__tcp_v4_connect                success           1214    422      25           25
EventProbe.bpf.o  fexit__tcp_v6_connect                success           1196    422      25           25
EventProbe.bpf.o  fexit__vfs_rename                    success           3423   1309      42           42
EventProbe.bpf.o  fexit__vfs_unlink                    success         106861  40420    1571          243
EventProbe.bpf.o  fexit__vfs_write                     success         104344  39562    1560          243
EventProbe.bpf.o  kprobe__chmod_common                 success            128     43       1            1
EventProbe.bpf.o  kprobe__chown_common                 success            119     41       1            1
EventProbe.bpf.o  kprobe__commit_creds                 success           1922    740      35           35
EventProbe.bpf.o  kprobe__do_renameat2                 success            208     68       4            4
EventProbe.bpf.o  kprobe__do_truncate                  success            192     63       3            3
EventProbe.bpf.o  kprobe__do_unlinkat                  success            158     50       2            2
EventProbe.bpf.o  kprobe__mnt_want_write               success            132     37       3            3
EventProbe.bpf.o  kprobe__taskstats_exit               success          86878  26453    1397           78
EventProbe.bpf.o  kprobe__tcp_close                    success           1430    474      26           26
EventProbe.bpf.o  kprobe__tcp_v4_connect               success            154     50       2            2
EventProbe.bpf.o  kprobe__tcp_v6_connect               success            145     50       2            2
EventProbe.bpf.o  kprobe__tty_write                    success           1565    561      25           25
EventProbe.bpf.o  kprobe__vfs_rename                   success         210256  79648    3120          406
EventProbe.bpf.o  kprobe__vfs_unlink                   success            133     39       4            4
EventProbe.bpf.o  kprobe__vfs_write                    success            282     54       1            1
EventProbe.bpf.o  kretprobe__chmod_common              success         105099  39561    1560          243
EventProbe.bpf.o  kretprobe__chown_common              success         106245  39561    1560          243
EventProbe.bpf.o  kretprobe__do_filp_open              success         108032  40449    1573          244
EventProbe.bpf.o  kretprobe__do_truncate               success         105759  39561    1560          243
EventProbe.bpf.o  kretprobe__inet_csk_accept           success           1214    419      25           25
EventProbe.bpf.o  kretprobe__tcp_v4_connect            success           1188    432      26           26
EventProbe.bpf.o  kretprobe__tcp_v6_connect            success           1189    432      26           26
EventProbe.bpf.o  kretprobe__vfs_rename                success           3378   1298      41           41
EventProbe.bpf.o  kretprobe__vfs_unlink                success         106097  40409    1570          242
EventProbe.bpf.o  kretprobe__vfs_write                 success         107164  39561    1560          243
EventProbe.bpf.o  sched_process_exec                   success         200834  67486    2987          292
EventProbe.bpf.o  sched_process_fork                   success          83060  26868    1416           99
EventProbe.bpf.o  tracepoint_syscalls_sys_exit_setsid  success            704    262      14           14
----------------  -----------------------------------  -------  -------------  -----  ------  -----------
Done. Processed 1 files, 0 programs. Skipped 47 files, 0 programs.

@mmat11 mmat11 requested a review from a team as a code owner January 5, 2024 15:03
Copy link

@pkoutsovasilis pkoutsovasilis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

don't we need vfs_writev as well?

@mmat11
Copy link
Contributor Author

mmat11 commented Jan 5, 2024

don't we need vfs_writev as well?

yes, I think so, good catch!

there are also some kernels failing in CI, for the kprobe version, I'll fix that

GPL/Events/File/Probe.bpf.c Outdated Show resolved Hide resolved
GPL/Events/File/Probe.bpf.c Show resolved Hide resolved
GPL/Events/File/Probe.bpf.c Show resolved Hide resolved
GPL/Events/File/Probe.bpf.c Outdated Show resolved Hide resolved
GPL/Events/File/Probe.bpf.c Show resolved Hide resolved
@mmat11 mmat11 force-pushed the matt/write-truncate branch 14 times, most recently from a63ec9c to fb151a6 Compare January 10, 2024 19:28
@mmat11 mmat11 force-pushed the matt/write-truncate branch 11 times, most recently from 1d176ea to b12ace4 Compare January 11, 2024 18:32
@mmat11 mmat11 force-pushed the matt/write-truncate branch 5 times, most recently from ab65046 to 6624f00 Compare January 11, 2024 21:26
@mmat11 mmat11 force-pushed the matt/write-truncate branch 10 times, most recently from 9f80d85 to 849e890 Compare January 14, 2024 23:20
Copy link

@pkoutsovasilis pkoutsovasilis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Copy link
Contributor

@Tacklebox Tacklebox left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM :shipit:

@mmat11 mmat11 merged commit 4fc88dc into main Jan 15, 2024
26 checks passed
@mmat11 mmat11 deleted the matt/write-truncate branch January 15, 2024 13:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants