Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

new(libsinsp): add debug information for corrupted (mismatched len) events #1961

Merged
merged 3 commits into from
Jul 22, 2024
Merged

new(libsinsp): add debug information for corrupted (mismatched len) events #1961

merged 3 commits into from
Jul 22, 2024

Conversation

LucaGuerra
Copy link
Contributor

What type of PR is this?

Uncomment one (or more) /kind <> lines:

/kind feature

Any specific area of the project related to this PR?

Uncomment one (or more) /area <> lines:

/area libsinsp

Does this PR require a change in the driver versions?

No

What this PR does / why we need it:

For falcosecurity/falco#3275 , one option is to add a debug print when we find this kind of issue. This can help us debug the driver in case something unexpected happen. Also, add a test for a corrupted string in an event.

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

new(libsinsp): add debug information for corrupted (mismatched len) events

@LucaGuerra
Copy link
Contributor Author

/milestone 0.18.0

but if we make a patch release it would be 0.17.x IMO

@poiana poiana added the size/L label Jul 17, 2024
@poiana poiana added this to the 0.18.0 milestone Jul 17, 2024
@poiana poiana requested review from hbrueckner and mstemm July 17, 2024 11:36
@LucaGuerra LucaGuerra force-pushed the new/corrupted-event-debug branch from b0c9449 to 1c0cc59 Compare July 17, 2024 14:05
Andreagit97
Andreagit97 previously approved these changes Jul 17, 2024
View reviewed changes
Copy link
Member

@Andreagit97 Andreagit97 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a comment about the severity but it' s almost the same in the end

@poiana poiana added the lgtm label Jul 17, 2024
@poiana
Copy link
Contributor

poiana commented Jul 17, 2024

LGTM label has been added.

Git tree hash: c3ae361bfc6448c801416c8bca7a24e5e4e04b1c

@poiana poiana removed the lgtm label Jul 19, 2024
@poiana poiana requested a review from Andreagit97 July 19, 2024 13:16
@github-actions GitHub Actions
Copy link

Perf diff from master - unit tests

     3.97%     +1.99%  [.] sinsp_evt::get_type
     4.37%     +1.06%  [.] sinsp_parser::process_event
     2.84%     +0.99%  [.] sinsp_thread_manager::get_thread_ref
     4.64%     -0.94%  [.] next
     4.56%     -0.83%  [.] std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release
     1.53%     -0.82%  [.] scap_next
     3.97%     -0.73%  [.] gzfile_read
     2.24%     -0.73%  [.] sinsp::fetch_next_event
     1.80%     -0.52%  [.] libsinsp::sinsp_suppress::process_event
     1.48%     -0.50%  [.] 0x00000000000e83b0

Perf diff from master - scap file

     7.29%     +8.54%  [.] sinsp_evt_formatter::tostring_withformat
    14.35%     -6.65%  [.] sinsp_filter_check_event::extract_single
    10.24%     -4.10%  [.] std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_construct<char*>
    14.38%     -2.65%  [.] std::_Hashtable<long, std::pair<long const, std::shared_ptr<sinsp_threadinfo> >, std::allocator<std::pair<long const, std::shared_ptr<sinsp_threadinfo> > >, std::__detail::_Select1st, std::equal_to<long>, std::hash<long>, std::__detail::_Mod_range_hashing, std::__detail::_Default_ranged_hash, std::__detail::_Prime_rehash_policy, std::__detail::_Hashtable_traits<false, false, true> >::_M_find_before_node
     7.17%     +2.42%  [.] sinsp_filter_check::extract_nocache
     3.65%     +2.34%  [.] sinsp_filter_check::tostring
     3.65%     +2.31%  [.] sinsp_filter_check::get_field_info
     3.27%     +2.14%  [.] std::_Hashtable<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::unordered_map<unsigned int, scap_userinfo, std::hash<unsigned int>, std::equal_to<unsigned int>, std::allocator<std::pair<unsigned int const, scap_userinfo> > > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::unordered_map<unsigned int, scap_userinfo, std::hash<unsigned int>, std::equal_to<unsigned int>, std::allocator<std::pair<unsigned int const, scap_userinfo> > > > >, std::__detail::_Select1st, std::equal_to<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::hash<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::__detail::_Mod_range_hashing, std::__detail::_Default_ranged_hash, std::__detail::_Prime_rehash_policy, std::__detail::_Hashtable_traits<true, false, true> >::find
    10.72%     -2.10%  [.] next
     3.62%     -0.25%  [.] std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_construct<char const*>

Heap diff from master - unit tests

total runtime: -0.09s.
calls to allocation functions: -1626 (18477/s)
temporary memory allocations: -149 (1693/s)
peak heap memory consumption: -402B
peak RSS (including heaptrack overhead): 0B
total memory leaked: 0B

Heap diff from master - scap file

total runtime: 0.01s.
calls to allocation functions: -1 (-83/s)
temporary memory allocations: 0 (0/s)
peak heap memory consumption: 0B
peak RSS (including heaptrack overhead): 0B
total memory leaked: 0B

Andreagit97
Andreagit97 approved these changes Jul 19, 2024
View reviewed changes
Copy link
Member

@Andreagit97 Andreagit97 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve

@poiana poiana added the lgtm label Jul 19, 2024
@poiana
Copy link
Contributor

poiana commented Jul 19, 2024

LGTM label has been added.

Git tree hash: dee23d70f6cccdcc2f02d5915ca0e6cc5b442fc4

FedeDP
FedeDP approved these changes Jul 22, 2024
View reviewed changes
Copy link
Contributor

@FedeDP FedeDP left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve

@poiana
Copy link
Contributor

poiana commented Jul 22, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Andreagit97, FedeDP, LucaGuerra

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [Andreagit97,FedeDP,LucaGuerra]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@poiana poiana merged commit 88a5eb7 into falcosecurity:master Jul 22, 2024
42 of 43 checks passed
@LucaGuerra LucaGuerra deleted the new/corrupted-event-debug branch July 22, 2024 09:34
@LucaGuerra LucaGuerra mentioned this pull request Jul 23, 2024
Merged
@FedeDP
Copy link
Contributor

FedeDP commented Jul 31, 2024

/milestone 0.17.3

@poiana poiana modified the milestones: 0.18.0, 0.17.3 Jul 31, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@FedeDP FedeDP FedeDP approved these changes

@Andreagit97 Andreagit97 Andreagit97 approved these changes

@hbrueckner hbrueckner Awaiting requested review from hbrueckner

@mstemm mstemm Awaiting requested review from mstemm

Assignees

@FedeDP FedeDP

@Andreagit97 Andreagit97

Labels
approved area/libsinsp dco-signoff: yes kind/feature New feature or request lgtm release-note size/L
Projects
None yet
Milestone
0.17.3
Development

Successfully merging this pull request may close these issues.
4 participants
@LucaGuerra @poiana @FedeDP @Andreagit97