From 04110b0f4cf379c8ac3d4f7f74d61812daaba7e8 Mon Sep 17 00:00:00 2001 From: Leonardo Di Donato Date: Thu, 8 Apr 2021 15:19:02 +0000 Subject: [PATCH] chore(scripts): restore mount of debugfs (notes below) This is needed in systems where raw tracepoints are not available. Anyways, since this is needed when the inspector open (and actually loads) the eBPF probe, ideally the mount should not be done by this script but rather from Falco, or from Falco libs. Otherwise, users building the eBPF probe theirseleves and not using this script (and having a kernel without raw tracepoints) may need to mount this fs theirselves. Signed-off-by: Leonardo Di Donato --- scripts/falco-driver-loader | 60 ++++++++++++++++++++----------------- 1 file changed, 33 insertions(+), 27 deletions(-) diff --git a/scripts/falco-driver-loader b/scripts/falco-driver-loader index 37d0ec38..a9395bc9 100755 --- a/scripts/falco-driver-loader +++ b/scripts/falco-driver-loader @@ -16,7 +16,7 @@ # limitations under the License. # # Simple script that desperately tries to load the kernel instrumentation by -# looking for it in a bunch of ways. Convenient when running falco inside +# looking for it in a bunch of ways. Convenient when running Falco inside # a container or in other weird environments. # @@ -155,20 +155,20 @@ load_kernel_module_compile() { # Try to compile using all the available gcc versions for CURRENT_GCC in $(which gcc) $(ls "$(dirname "$(which gcc)")"/gcc-* | grep 'gcc-[0-9]\+' | sort -r); do - echo "* Trying to dkms install the Falco module with GCC ${CURRENT_GCC}" + echo "* Trying to dkms install ${DRIVER_NAME} module with GCC ${CURRENT_GCC}" echo "#!/usr/bin/env bash" > /tmp/falco-dkms-make echo "make CC=${CURRENT_GCC} \$@" >> /tmp/falco-dkms-make chmod +x /tmp/falco-dkms-make if dkms install --directive="MAKE='/tmp/falco-dkms-make'" -m "${DRIVER_NAME}" -v "${DRIVER_VERSION}" -k "${KERNEL_RELEASE}" 2>/dev/null; then - echo "* Falco module installed in dkms, trying to insmod" + echo "* ${DRIVER_NAME} module installed in dkms, trying to insmod" if insmod "/var/lib/dkms/${DRIVER_NAME}/${DRIVER_VERSION}/${KERNEL_RELEASE}/${ARCH}/module/${DRIVER_NAME}.ko" > /dev/null 2>&1; then - echo "* Success: Falco module found and loaded in dkms" + echo "* Success: ${DRIVER_NAME} module found and loaded in dkms" exit 0 elif insmod "/var/lib/dkms/${DRIVER_NAME}/${DRIVER_VERSION}/${KERNEL_RELEASE}/${ARCH}/module/${DRIVER_NAME}.ko.xz" > /dev/null 2>&1; then - echo "* Success: Falco module found and loaded in dkms (xz)" + echo "* Success: ${DRIVER_NAME} module found and loaded in dkms (xz)" exit 0 else - echo "* Unable to insmod the Falco module" + echo "* Unable to insmod ${DRIVER_NAME} module" fi else DKMS_LOG="/var/lib/dkms/${DRIVER_NAME}/${DRIVER_VERSION}/build/make.log" @@ -190,13 +190,13 @@ load_kernel_module_download() { local URL URL=$(echo "${DRIVERS_REPO}/${DRIVER_VERSION}/${FALCO_KERNEL_MODULE_FILENAME}" | sed s/+/%2B/g) - echo "* Trying to download a prebuilt Falco module from ${URL}" + echo "* Trying to download a prebuilt ${DRIVER_NAME} module from ${URL}" if curl -L --create-dirs "${FALCO_DRIVER_CURL_OPTIONS}" -o "${HOME}/.falco/${FALCO_KERNEL_MODULE_FILENAME}" "${URL}"; then echo "* Download succeeded" - insmod "${HOME}/.falco/${FALCO_KERNEL_MODULE_FILENAME}" && echo "* Success: Falco module found and inserted" + insmod "${HOME}/.falco/${FALCO_KERNEL_MODULE_FILENAME}" && echo "* Success: ${DRIVER_NAME} module found and inserted" exit $? else - >&2 echo "Unable to find a prebuilt Falco module" + >&2 echo "Unable to find a prebuilt ${DRIVER_NAME} module" return fi } @@ -217,42 +217,42 @@ load_kernel_module() { exit 1 fi - echo "* Unloading the Falco module, if present" + echo "* Unloading ${DRIVER_NAME} module, if present" rmmod "${DRIVER_NAME}" 2>/dev/null WAIT_TIME=0 KMOD_NAME=$(echo "${DRIVER_NAME}" | tr "-" "_") while lsmod | cut -d' ' -f1 | grep -qx "${KMOD_NAME}" && [ $WAIT_TIME -lt "${MAX_RMMOD_WAIT}" ]; do if rmmod "${DRIVER_NAME}" 2>/dev/null; then - echo "* Unloading the Falco module succeeded after ${WAIT_TIME}s" + echo "* Unloading ${DRIVER_NAME} module succeeded after ${WAIT_TIME}s" break fi ((++WAIT_TIME)) if (( WAIT_TIME % 5 == 0 )); then - echo "* Falco module still loaded, waited ${WAIT_TIME}s (max wait ${MAX_RMMOD_WAIT}s)" + echo "* ${DRIVER_NAME} module still loaded, waited ${WAIT_TIME}s (max wait ${MAX_RMMOD_WAIT}s)" fi sleep 1 done if lsmod | cut -d' ' -f1 | grep -qx "${KMOD_NAME}" > /dev/null 2>&1; then - echo "* Falco module seems to still be loaded, hoping the best" + echo "* ${DRIVER_NAME} module seems to still be loaded, hoping the best" exit 0 fi - echo "* Trying to load a system Falco module, if present" + echo "* Trying to load a system ${DRIVER_NAME} module, if present" if modprobe "${DRIVER_NAME}" > /dev/null 2>&1; then - echo "* Success: Falco module found and loaded with modprobe" + echo "* Success: ${DRIVER_NAME} module found and loaded with modprobe" exit 0 fi - echo "* Looking for a Falco module locally (kernel ${KERNEL_RELEASE})" + echo "* Looking for a ${DRIVER_NAME} module locally (kernel ${KERNEL_RELEASE})" get_target_id local FALCO_KERNEL_MODULE_FILENAME="${DRIVER_NAME}_${TARGET_ID}_${KERNEL_RELEASE}_${KERNEL_VERSION}.ko" if [ -f "${HOME}/.falco/${FALCO_KERNEL_MODULE_FILENAME}" ]; then - echo "* Found a prebuilt Falco module at ${HOME}/.falco/${FALCO_KERNEL_MODULE_FILENAME}, loading it" - insmod "${HOME}/.falco/${FALCO_KERNEL_MODULE_FILENAME}" && echo "* Success: Falco module found and inserted" + echo "* Found a prebuilt ${DRIVER_NAME} module at ${HOME}/.falco/${FALCO_KERNEL_MODULE_FILENAME}, loading it" + insmod "${HOME}/.falco/${FALCO_KERNEL_MODULE_FILENAME}" && echo "* Success: ${DRIVER_NAME} module found and inserted" exit $? fi @@ -265,7 +265,7 @@ load_kernel_module() { fi # Not able to download a prebuilt module nor to compile one on-the-fly - >&2 echo "Consider compiling your own Falco driver and loading it or getting in touch with the Falco community" + >&2 echo "Consider compiling your own ${DRIVER_NAME} driver and loading it or getting in touch with the Falco community" exit 1 } @@ -283,12 +283,12 @@ clean_kernel_module() { KMOD_NAME=$(echo "${DRIVER_NAME}" | tr "-" "_") if lsmod | cut -d' ' -f1 | grep -qx "${KMOD_NAME}"; then if rmmod "${DRIVER_NAME}" 2>/dev/null; then - echo "* Unloading the Falco module succeeded" + echo "* Unloading ${DRIVER_NAME} module succeeded" else - echo "* Unloading the Falco module failed" + echo "* Unloading ${DRIVER_NAME} module failed" fi else - echo "* There is no Falco module loaded" + echo "* There is no ${DRIVER_NAME} module loaded" fi if ! hash dkms >/dev/null 2>&1; then @@ -298,14 +298,14 @@ clean_kernel_module() { DRIVER_VERSIONS=$(dkms status -m "${DRIVER_NAME}" | cut -d',' -f2 | sed -e 's/^[[:space:]]*//') if [ -z "${DRIVER_VERSIONS}" ]; then - echo "* There is no Falco module in dkms" + echo "* There is no ${DRIVER_NAME} module in dkms" return fi for CURRENT_VER in ${DRIVER_VERSIONS}; do if dkms remove -m "${DRIVER_NAME}" -v "${CURRENT_VER}" --all 2>/dev/null; then - echo "* Removing the Falco module (version ${CURRENT_VER}) succeeded" + echo "* Removing ${DRIVER_NAME}/${CURRENT_VER} succeeded" else - echo "* Removing the Falco module (version ${CURRENT_VER}) failed" + echo "* Removing ${DRIVER_NAME}/${CURRENT_VER} failed" exit 1 fi done @@ -432,12 +432,18 @@ load_bpf_probe_download() { echo "* Trying to download a prebuilt eBPF probe from ${URL}" if ! curl -L --create-dirs "${FALCO_DRIVER_CURL_OPTIONS}" -o "${HOME}/.falco/${BPF_PROBE_FILENAME}" "${URL}"; then - >&2 echo "Unable to find a prebuilt Falco eBPF probe" + >&2 echo "Unable to find a prebuilt ${DRIVER_NAME} eBPF probe" return fi } load_bpf_probe() { + echo "* Mounting debugfs" + + if [ ! -d /sys/kernel/debug/tracing ]; then + mount -t debugfs nodev /sys/kernel/debug + fi + get_target_id BPF_PROBE_FILENAME="${DRIVER_NAME}_${TARGET_ID}_${KERNEL_RELEASE}_${KERNEL_VERSION}.o" @@ -465,7 +471,7 @@ load_bpf_probe() { && echo "* Success: eBPF probe symlinked to ${HOME}/.falco/${DRIVER_NAME}-bpf.o" exit $? else - >&2 echo "Unable to load the Falco eBPF probe" + >&2 echo "Unable to load the ${DRIVER_NAME} eBPF probe" exit 1 fi }