This fixes a segmentation fault that occurs when /metrics endpoint is accessed during Falco shutdown. The crash happens as the webserver continues serving /metrics requests after outputs and inspectors have been destroyed.
Changes:
- Create cleanup_outputs action to handle outputs destruction
- Create print_stats action for stats printing
- Reorder teardown steps to stop webserver before destorying outputs
- Move outputs.reset() from process_events to cleanup_outputs()
This eliminates the race condition by ensuring the webserver stops accepting requests before any subsystems are destroyed. The synchronisation behaviour of output.reset() block till queue flushed is preserved.
Signed-off-by: Adnan Ali <adduali1310@hotmail.com>
The watchdog thread and stop() consume the timeout pointer with
m_timeout.exchange(nullptr, ...). That exchange was using
memory_order_release. The load part of the RMW needs acquire
semantics so it synchronizes-with the release store in
set_timeout()/cancel_timeout(); otherwise the consumer can see
the pointer value without seeing the writes that initialized
the timeout_data and payload (data race).
Use memory_order_acq_rel on the consumer exchanges so the load
synchronizes-with the producer and the pointed-to memory is
visible before use.
Signed-off-by: irozzo-1A <iacopo@sysdig.com>
Add `permissions: contents: read` at the workflow level for
bump-libs.yaml, format.yaml, master.yaml, and release.yaml to follow
the principle of least privilege. Job-level permissions that require
elevated access will override this as expected.
Signed-off-by: Gagan H R <hrgagan4@gmail.com>
- Bump default falcosecurity/libs to latest main (8f6b914) with
transformer_list_expr and field_transformer_expr (values) support
- Add visit(transformer_list_expr*) to filter_details_resolver and
filter_macro_resolver visitors
- Fix field_transformer_expr handling to use e->values instead of e->value
Signed-off-by: irozzo-1A <iacopo@sysdig.com>
The heading "Add DCO signed-off to your commits 🔏" generates a GitHub
anchor with a trailing hyphen due to the emoji. Fix both link references
to use the correct anchor.
Signed-off-by: Maxime Grenu <maxime.grenu@gmail.com>
- Replace incorrect `/libs` path reference with 'the root directory
of the project'; this file is for the falco repo, not falcosecurity/libs.
- Fix the DCO section: replace `libs` repository mention with `falco`
so it accurately refers to this repository.
- Fix broken markdown hyperlink: `[dedicated section]((#anchor))` had
double opening parentheses causing the link to render incorrectly;
corrected to `[dedicated section](#anchor)`.
Signed-off-by: Maxime Grenu <maxime.grenu@gmail.com>
Add comprehensive support for gperftools CPU profiler to enable performance
profiling of Falco. This commit introduces:
- New CMake options:
* USE_GPERFTOOLS: Enable gperftools CPU profiler support (default: OFF)
* USE_FRAME_POINTER: Enable frame pointers for accurate profiling (default: OFF)
- Automatic frame pointer enabling: When USE_GPERFTOOLS is enabled, frame
pointers are automatically enabled to ensure accurate stack traces in
profiling output.
- Support for both system and bundled gperftools:
* System gperftools: Automatically detected via find_path/find_library
* Bundled gperftools: Built from source (version 2.15) when
USE_BUNDLED_GPERFTOOLS is enabled
- Enhanced stack trace support: Automatically detects and enables libunwind
when available for better stack traces, falling back to frame pointers
otherwise.
- Proper library linking: Uses --whole-archive linker flags to ensure
profiler initialization code is linked even when ProfilerStart() is not
called directly, enabling CPUPROFILE environment variable support.
- Compile-time detection: Adds HAS_GPERFTOOLS preprocessor definition
for conditional compilation.
The profiler can be activated at runtime by setting the CPUPROFILE
environment variable to a file path where profiling data should be written.
Usage:
cmake -DUSE_GPERFTOOLS=ON ..
make
CPUPROFILE=/tmp/falco.prof ./falco
Signed-off-by: irozzo-1A <iacopo@sysdig.com>
Falco 0.43.0 deprecated the gRPC output and server supports. Drop
their supports as well as any reference to them.
BREAKING CHANGE: drop gRPC output and server support
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
Falco 0.43.0 deprecated the gVisor engine support. Drop its support as
well as any reference to it.
BREAKING CHANGE: drop gVisor engine support
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
Falco 0.43.0 deprecated the legacy eBPF probe. Drop it as well as any
reference to it.
BREAKING CHANGE: drop legacy eBPF probe
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
Starting from Falco 0.40, the `falco --help` output incorrectly showed
the source config path (e.g., /home/runner/work/falco/falco/falco.yaml)
in release packages. This path was intended only for local development.
The issue was introduced when RelWithDebInfo build type support was
added (commit 6bf33ffd). The existing code checked for BUILD_TYPE_RELEASE
to determine release behavior, but RelWithDebInfo builds defined
BUILD_TYPE_RELWITHDEBINFO instead, causing them to fall into the
debug code path.
This fix introduces BUILD_TYPE_DEBUG and changes the conditionals to
enable dev features only when CMAKE_BUILD_TYPE is explicitly "debug".
Both Release and RelWithDebInfo builds now correctly show only
/etc/falco/falco.yaml.
Fixes the regression introduced in 0.40.0
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
The previously used driver version was already the `9.1.0+driver`:
simply replace the commit SHA with the release name.
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
