tetragon: Enable fentry objects in generic kprobe sensor

Signed-off-by: Jiri Olsa <[email protected]>

Author: olsajiri

pkg/sensors/tracing/generickprobe.go

@@ -932,7 +932,15 @@ func createKprobeSensorFromEntry(polInfo *policyInfo, kprobeEntry *genericKprobe
 	loadProgName, loadProgRetName := config.GenericKprobeObjs(false)
 	isSecurityFunc := strings.HasPrefix(kprobeEntry.funcName, "security_")
 
-	useFentry := false
+	// We can use trampoline (fentry/fexit) in case:
+	// 1) it's not disabled (disable-kprobe-fentry option)
+	// 2) we do not do override or enforcer (FIXME)
+	// 3) we have fentry program support
+	// 4) fexit needs bpf_get_func_ret helper
+	useFentry := !polInfo.specOpts.DisableKprobeFentry && // 1
+		!kprobeEntry.hasOverride && !has.enforcer && // 2
+		bpf.HasFentryProgram() && // 3
+		bpf.HasGetFuncRetHelper() // 4
 
 	pinProg := kprobeEntry.funcName
 	if kprobeEntry.instance != 0 {

pkg/sensors/tracing/kprobe_test.go

@@ -4323,8 +4323,8 @@ spec:
 		WithArgs(ec.NewKprobeArgumentListMatcher().
 			WithValues(
 				ec.NewKprobeArgumentChecker().WithBpfAttrArg(ec.NewKprobeBpfAttrChecker().
-					WithProgName(sm.Full("generic_kprobe_")).
-					WithProgType(sm.Full("BPF_PROG_TYPE_KPROBE")),
+					WithProgName(sm.Regex("generic_kprobe_|generic_fentry_")).
+					WithProgType(sm.Regex("BPF_PROG_TYPE_KPROBE|BPF_PROG_TYPE_TRACING")),
 				),
 			))
 
@@ -4459,6 +4459,9 @@ kind: TracingPolicy
 metadata:
   name: "sys-read"
 spec:
+  options:
+  - name: "disable-kprobe-fentry"
+    value: "1"
   kprobes:
   - call: "sys_read"
     syscall: true

pkg/sensors/tracing/options.go

@@ -41,10 +41,11 @@ func overrideMethodParse(s string) OverrideMethod {
 }
 
 type specOptions struct {
-	DisableKprobeMulti bool
-	DisableUprobeMulti bool
-	OverrideMethod     OverrideMethod
-	policyMode         policyconf.Mode
+	DisableKprobeFentry bool
+	DisableKprobeMulti  bool
+	DisableUprobeMulti  bool
+	OverrideMethod      OverrideMethod
+	policyMode          policyconf.Mode
 }
 
 type opt struct {
@@ -92,6 +93,12 @@ var opts = map[string]opt{
 			return nil
 		},
 	},
+	"disable-kprobe-fentry": {
+		set: func(str string, options *specOptions) (err error) {
+			options.DisableKprobeFentry, err = strconv.ParseBool(str)
+			return err
+		},
+	},
 }
 
 func getSpecOptions(specs []v1alpha1.OptionSpec) (*specOptions, error) {