chore: remove deprecated FD-tracking actions and related code#4718
chore: remove deprecated FD-tracking actions and related code#4718ariosmon wants to merge 3 commits intocilium:mainfrom
Conversation
ariosmon
force-pushed
the
ariosm/pr/remove-followFD-and-friends-from-BPF_just_bpf_code
branch
11 times, most recently
from
d63efee to
36ded74
Compare
ariosmon
force-pushed
the
ariosm/pr/remove-followFD-and-friends-from-BPF_just_bpf_code
branch
6 times, most recently
from
d3a2f7d to
1d529e7
Compare
✅ Deploy Preview for tetragon ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
ariosmon
force-pushed
the
ariosm/pr/remove-followFD-and-friends-from-BPF_just_bpf_code
branch
3 times, most recently
from
f6e73f1 to
6a57725
Compare
| probe_read(&val->file[0], size + 4 /* size */ + 4 /* flags */, | ||
| &e->args[nameoff]); | ||
|
|
||
| map_update_elem(&fdinstall_map, &key, val, BPF_ANY); |
There was a problem hiding this comment.
hum, so this effectively removes also fd type, no? also fdinstall_map should be removed?
ariosmon
force-pushed
the
ariosm/pr/remove-followFD-and-friends-from-BPF_just_bpf_code
branch
3 times, most recently
from
fd692b0 to
951b821
Compare
ariosmon
force-pushed
the
ariosm/pr/remove-followFD-and-friends-from-BPF_just_bpf_code
branch
5 times, most recently
from
f11818a to
c602feb
Compare
Remove fd_ty argument type and related ACTION_FOLLOWFD, ACTION_UNFOLLOWFD, and ACTION_COPYFD actions that were deprecated in v1.5. This includes: - Removal of fdinstall_map and associated key/value structures - Removal of installfd() and copyfd() helper functions - Removal of fd_ty handling in argument reading and filtering - Removal of heap_value structure used for fd tracking Signed-off-by: ariosmon <ariosmon@cisco.com>
ariosmon
force-pushed
the
ariosm/pr/remove-followFD-and-friends-from-BPF_just_bpf_code
branch
from
ebb1a21 to
02e5b3b
Compare
Remove GenericFdType constant and fd type handling from generic types, argument parsing, and tracepoint processing. Mark ActionTypeFollowFd, ActionTypeUnfollowFd, and ActionTypeCopyFd as deprecated with protocol compatibility comments. Add explicit rejection and warnings for deprecated FD-tracking actions in ParseMatchAction. Remove fdinstall_map creation and HasFDInstall helper. Update test expectations and test policy templates to remove fd-install kprobe sections Signed-off-by: ariosmon <ariosmon@cisco.com>
Remove test cases that relied on deprecated fd-tracking functionality including FollowFD, UnfollowFD, and CopyFD actions. This includes: - testSecurity helper and TestEnforcerSecuritySigKill/TestEnforcerSecurityNotifyEnforcer tests - TestCopyFd test and associated template files - testKprobeObjectFileWriteHook and related fd_install test cases - fdinstall_map test case from kprobe_maxentries_test.go Signed-off-by: ariosmon <ariosmon@cisco.com>
mtardy
added
the
release-note/minor
mtardy
left a comment
mtardy
left a comment
There was a problem hiding this comment.
Hey thanks for trying, for commit 2 I'd suggest maybe splitting the part that are modifying existing tests, explaining the modifications, and another commit that is strictly removing the stuff (or adding the compatibility thing you added).
Also in general, I imagine you used AI given the text in the PR body and the look of the commit description of the first commit. First I think it would have been nice to learn by just doing the removal by grepping and removing manually, this is usually quite easy since the compiler will complain and you can just search for pattern/names and remove stuff. Second I think writing a PR of ~1100 words or 10k chars for removing a feature is really too much please try to be more concise, it'll be easier on the reviewer. Thank you!
| // Warn about deprecated fields regardless of action type | ||
| if action.ArgFd != 0 { | ||
| logger.GetLogger().Warn("Deprecated field has no effect: 'argFd' is ignored as of v1.5. FD-tracking actions (FollowFD/UnfollowFD/CopyFD) have been removed from Tetragon.", "field", "argFd", "action", action.Action) | ||
| } | ||
| if action.ArgName != 0 { | ||
| logger.GetLogger().Warn("Deprecated field has no effect: 'argName' is ignored as of v1.5. FD-tracking actions (FollowFD/UnfollowFD/CopyFD) have been removed from Tetragon.", "field", "argName", "action", action.Action) | ||
| } | ||
|
|
||
| // Reject deprecated FD-tracking actions | ||
| actionLower := strings.ToLower(action.Action) | ||
| switch actionLower { | ||
| case "followfd", "unfollowfd", "copyfd": | ||
| return fmt.Errorf("action '%s' is no longer supported as of v1.5. FD-tracking has been removed from Tetragon", action.Action) | ||
| } |
There was a problem hiding this comment.
mmh this is debatable if we want to do this, I see the point from an UX perspective but it was already deprecated for a while. But that could make sense since people can still feed old TracingPolicy and be surprised. Not sure
There was a problem hiding this comment.
fine with either way, but let's put it to some function like checkDeprecates or such
| t.Skip("TestCopyFd requires at least 5.3.0 version") | ||
| t.Skip("requires at least 5.3.0 kernel") |
There was a problem hiding this comment.
can we extend the test to older kernel version now then?
| ) | ||
|
|
||
| func TestKprobeNSChanges(t *testing.T) { | ||
| t.Skip("matchNamespaceChanges BPF filter does not pass events - needs further investigation") |
olsajiri
left a comment
olsajiri
left a comment
There was a problem hiding this comment.
thanks, left some more comments, also please remove fdinstall_map from TestMaxEntries test
| // Warn about deprecated fields regardless of action type | ||
| if action.ArgFd != 0 { | ||
| logger.GetLogger().Warn("Deprecated field has no effect: 'argFd' is ignored as of v1.5. FD-tracking actions (FollowFD/UnfollowFD/CopyFD) have been removed from Tetragon.", "field", "argFd", "action", action.Action) | ||
| } | ||
| if action.ArgName != 0 { | ||
| logger.GetLogger().Warn("Deprecated field has no effect: 'argName' is ignored as of v1.5. FD-tracking actions (FollowFD/UnfollowFD/CopyFD) have been removed from Tetragon.", "field", "argName", "action", action.Action) | ||
| } | ||
|
|
||
| // Reject deprecated FD-tracking actions | ||
| actionLower := strings.ToLower(action.Action) | ||
| switch actionLower { | ||
| case "followfd", "unfollowfd", "copyfd": | ||
| return fmt.Errorf("action '%s' is no longer supported as of v1.5. FD-tracking has been removed from Tetragon", action.Action) | ||
| } |
There was a problem hiding this comment.
fine with either way, but let's put it to some function like checkDeprecates or such
| } | ||
|
|
||
| // Warn about deprecated fields regardless of action type | ||
| if action.ArgFd != 0 { |
There was a problem hiding this comment.
if we keep action.ArgFd and action.ArgName it means it will still be in the docs right? https://github.com/cilium/tetragon/blob/main/docs/content/en/docs/reference/tracing-policy.md
perhaps we should just remove it, but not sure what's the best practise @kkourt
| name: "capability-changes" | ||
| spec: | ||
| kprobes: | ||
| - call: "fd_install" |
There was a problem hiding this comment.
this should be part of the last/test commit?
| name: "namespace-changes" | ||
| spec: | ||
| kprobes: | ||
| - call: "fd_install" |
There was a problem hiding this comment.
this should be part of the last/test commit?
| } | ||
|
|
||
| func testKprobeCapChanges(t *testing.T, spec string, op string, value string) { | ||
| t.Skip("matchCapabilityChanges BPF filter does not pass events - needs further investigation") |
| matchActions: | ||
| - action: FollowFD | ||
| argFd: 0 | ||
| argName: 1 |
There was a problem hiding this comment.
I think it's too much to remove al lthe tests using follow_fd, I think we should convert it.. I think you can just remove the fd_install hook and add fd filter for sys_write .. or what's the best way to replace that, there's probably some reason/replacement why we deprecate this ;) @kkourt
3 participants
Remove the FD-tracking infrastructure deprecated in v1.5.
Removed:
installfd()/copyfd()helpers,fdinstall_map,fd_tyenum,heapmapGenericFdType,fdInstallmap tracking,HasFDInstall(),fdInstallMapMaxEntriesPolicies using
type: "fd"or FD-tracking actions (FollowFD/UnfollowFD/CopyFD) now fail at load time with a clear error.argFd/argNamefields trigger a deprecation warning on any action.The
fd_installhook itself is unaffected.Fixes #4580