diff --git a/userspace/libscap/linux/scap_procs.c b/userspace/libscap/linux/scap_procs.c index 3deba56433..7d6d1f237c 100644 --- a/userspace/libscap/linux/scap_procs.c +++ b/userspace/libscap/linux/scap_procs.c @@ -404,7 +404,7 @@ int32_t scap_proc_fill_cgroups_pidns_start_ts(char* error, int cgroup_version, s // These are the ones we actually use in cri container engine. char default_subsys_list[] = "cpu,memory,cpuset"; char cgroup_sys_fs_dir[PPM_MAX_PATH_SIZE]; - struct stat targetstat; + struct stat targetstat = {0}; // id token = strtok_r(line, ":", &scratch); @@ -602,7 +602,7 @@ int32_t scap_proc_fill_loginuid(char* error, struct scap_threadinfo* tinfo, cons int32_t scap_proc_fill_exe_ino_ctime_mtime(char* error, struct scap_threadinfo* tinfo, const char *procdirname, const char *exetarget) { - struct stat targetstat; + struct stat targetstat = {0}; // extract ino field from executable path if it exists if(stat(exetarget, &targetstat) == 0) diff --git a/userspace/libscap/scap-int.h b/userspace/libscap/scap-int.h index 72f32418c3..d4a40d83e4 100644 --- a/userspace/libscap/scap-int.h +++ b/userspace/libscap/scap-int.h @@ -155,7 +155,7 @@ int32_t scap_fd_allocate_fdinfo(scap_fdinfo **fdi, int64_t fd, scap_fd_type type // Free a file descriptor void scap_fd_free_fdinfo(scap_fdinfo **fdi); -int32_t scap_proc_fill_cgroups(char* error, int cgroup_version, struct scap_threadinfo* tinfo, const char* procdirname); +int32_t scap_proc_fill_cgroups_pidns_start_ts(char* error, int cgroup_version, struct scap_threadinfo* tinfo, const char* procdirname); bool scap_alloc_proclist_info(struct ppm_proclist_info **proclist_p, uint32_t n_entries, char* error); diff --git a/userspace/libscap/scap.c b/userspace/libscap/scap.c index e40fa1e117..1973b54f3f 100644 --- a/userspace/libscap/scap.c +++ b/userspace/libscap/scap.c @@ -44,44 +44,21 @@ const char* scap_getlasterr(scap_t* handle) return handle ? handle->m_lasterr : "null scap handle"; } -uint64_t scap_get_current_time_ns() -{ - struct timeval tv; - gettimeofday(&tv, NULL); - - return tv.tv_sec * (uint64_t) 1000000000 + tv.tv_usec * 1000; -} - -uint64_t scap_get_host_boot_time_ns() -{ - char proc_dir[PPM_MAX_PATH_SIZE]; - struct stat targetstat; - - snprintf(proc_dir, sizeof(proc_dir), "%s/proc/1/", scap_get_host_root()); - if (stat(proc_dir, &targetstat) == 0) - { - // This approach is constant between agent re-boots - return targetstat.st_ctim.tv_sec * (uint64_t) 1000000000 + targetstat.st_ctim.tv_nsec; - } - - // Fall-back method from scap_bpf - struct timespec ts_uptime; - uint64_t now; - uint64_t uptime; - - now = scap_get_current_time_ns(); - clock_gettime(CLOCK_BOOTTIME, &ts_uptime); - uptime = ts_uptime.tv_sec * (uint64_t) 1000000000 + ts_uptime.tv_nsec; - - return (now - uptime); -} - #if defined(HAS_ENGINE_KMOD) || defined(HAS_ENGINE_BPF) || defined(HAS_ENGINE_MODERN_BPF) scap_t* scap_open_live_int(char *error, int32_t *rc, scap_open_args* oargs, const struct scap_vtable* vtable) { char filename[SCAP_MAX_PATH_SIZE] = {0}; scap_t* handle = NULL; + // + // Get boot_time + // + uint64_t boot_time = 0; + if((*rc = scap_get_boot_time(error, &boot_time)) != SCAP_SUCCESS) + { + return NULL; + } + // // Allocate the handle // @@ -115,10 +92,11 @@ scap_t* scap_open_live_int(char *error, int32_t *rc, scap_open_args* oargs, cons // // Extract machine information // + handle->m_machine_info.num_cpus = sysconf(_SC_NPROCESSORS_ONLN); handle->m_machine_info.memory_size_bytes = (uint64_t)sysconf(_SC_PHYS_PAGES) * sysconf(_SC_PAGESIZE); gethostname(handle->m_machine_info.hostname, sizeof(handle->m_machine_info.hostname) / sizeof(handle->m_machine_info.hostname[0])); - handle->m_machine_info.boot_ts_epoch = scap_get_host_boot_time_ns(); + handle->m_machine_info.boot_ts_epoch = boot_time; handle->m_machine_info.reserved2 = 0; handle->m_machine_info.reserved3 = 0; handle->m_machine_info.reserved4 = 0; @@ -201,6 +179,15 @@ scap_t* scap_open_udig_int(char *error, int32_t *rc, scap_open_args *oargs) char filename[SCAP_MAX_PATH_SIZE]; scap_t* handle = NULL; + // + // Get boot_time + // + uint64_t boot_time = 0; + if((*rc = scap_get_boot_time(error, &boot_time)) != SCAP_SUCCESS) + { + return NULL; + } + // // Allocate the handle // @@ -242,10 +229,11 @@ scap_t* scap_open_udig_int(char *error, int32_t *rc, scap_open_args *oargs) // // Extract machine information // + handle->m_machine_info.num_cpus = sysconf(_SC_NPROCESSORS_ONLN); handle->m_machine_info.memory_size_bytes = (uint64_t)sysconf(_SC_PHYS_PAGES) * sysconf(_SC_PAGESIZE); gethostname(handle->m_machine_info.hostname, sizeof(handle->m_machine_info.hostname) / sizeof(handle->m_machine_info.hostname[0])); - handle->m_machine_info.boot_ts_epoch = scap_get_host_boot_time_ns(); + handle->m_machine_info.boot_ts_epoch = boot_time; handle->m_machine_info.reserved2 = 0; handle->m_machine_info.reserved3 = 0; handle->m_machine_info.reserved4 = 0; @@ -520,6 +508,15 @@ scap_t* scap_open_nodriver_int(char *error, int32_t *rc, char filename[SCAP_MAX_PATH_SIZE]; scap_t* handle = NULL; + // + // Get boot_time + // + uint64_t boot_time = 0; + if((*rc = scap_get_boot_time(error, &boot_time)) != SCAP_SUCCESS) + { + return NULL; + } + // // Allocate the handle // @@ -553,10 +550,11 @@ scap_t* scap_open_nodriver_int(char *error, int32_t *rc, // // Extract machine information // + handle->m_machine_info.num_cpus = sysconf(_SC_NPROCESSORS_ONLN); handle->m_machine_info.memory_size_bytes = (uint64_t)sysconf(_SC_PHYS_PAGES) * sysconf(_SC_PAGESIZE); gethostname(handle->m_machine_info.hostname, sizeof(handle->m_machine_info.hostname) / sizeof(handle->m_machine_info.hostname[0])); - handle->m_machine_info.boot_ts_epoch = scap_get_host_boot_time_ns(); + handle->m_machine_info.boot_ts_epoch = boot_time; handle->m_machine_info.reserved2 = 0; handle->m_machine_info.reserved3 = 0; handle->m_machine_info.reserved4 = 0; @@ -1497,6 +1495,21 @@ int32_t scap_get_boot_time(char* last_err, uint64_t *boot_time) struct timespec tv_now = {0}; uint64_t now = 0; uint64_t uptime = 0; + char proc_dir[PPM_MAX_PATH_SIZE]; + struct stat targetstat = {0}; + + /* More reliable way to get boot time */ + snprintf(proc_dir, sizeof(proc_dir), "%s/proc/1/", scap_get_host_root()); + if (stat(proc_dir, &targetstat) == 0) + { + /* This approach is constant between agent re-boots */ + *boot_time = targetstat.st_ctim.tv_sec * (uint64_t) SECOND_TO_NS + targetstat.st_ctim.tv_nsec; + return SCAP_SUCCESS; + } + + /* + * Fall-back method + */ /* Get the actual time */ if(clock_gettime(CLOCK_REALTIME, &tv_now)) diff --git a/userspace/libscap/scap.h b/userspace/libscap/scap.h index a54d1b9aa2..f2304df5dc 100644 --- a/userspace/libscap/scap.h +++ b/userspace/libscap/scap.h @@ -598,16 +598,6 @@ scap_os_platform scap_get_os_platform(scap_t* handle); */ const char* scap_getlasterr(scap_t* handle); -/*! - \brief Return current time in nanoseconds. -*/ -uint64_t scap_get_current_time_ns(); - -/*! - \brief Return host boot ts in nanoseconds (epoch). -*/ -uint64_t scap_get_host_boot_time_ns(); - /*! * \brief returns the maximum amount of memory used by any driver queue */