github.com/metacubex/gvisor@v0.0.0-20240320004321-933faba989ec/pkg/sentry/seccheck/sinks/remote/remote.go (about) 1 // Copyright 2021 The gVisor Authors. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 // Package remote defines a seccheck.Sink that serializes points to a remote 16 // process. Points are serialized using the protobuf format, asynchronously. 17 package remote 18 19 import ( 20 "errors" 21 "fmt" 22 "io" 23 "os" 24 "time" 25 26 "golang.org/x/sys/unix" 27 "google.golang.org/protobuf/proto" 28 "github.com/metacubex/gvisor/pkg/atomicbitops" 29 "github.com/metacubex/gvisor/pkg/cleanup" 30 "github.com/metacubex/gvisor/pkg/context" 31 "github.com/metacubex/gvisor/pkg/fd" 32 "github.com/metacubex/gvisor/pkg/log" 33 "github.com/metacubex/gvisor/pkg/sentry/seccheck" 34 pb "github.com/metacubex/gvisor/pkg/sentry/seccheck/points/points_go_proto" 35 "github.com/metacubex/gvisor/pkg/sentry/seccheck/sinks/remote/wire" 36 ) 37 38 const name = "remote" 39 40 func init() { 41 seccheck.RegisterSink(seccheck.SinkDesc{ 42 Name: name, 43 Setup: setupSink, 44 New: new, 45 }) 46 } 47 48 // remote sends a serialized point to a remote process asynchronously over a 49 // SOCK_SEQPACKET Unix-domain socket. Each message corresponds to a single 50 // serialized point proto, preceded by a standard header. If the point cannot 51 // be sent, e.g. buffer full, the point is dropped on the floor to avoid 52 // delaying/hanging indefinitely the application. 53 type remote struct { 54 endpoint *fd.FD 55 56 droppedCount atomicbitops.Uint32 57 58 retries int 59 initialBackoff time.Duration 60 maxBackoff time.Duration 61 } 62 63 var _ seccheck.Sink = (*remote)(nil) 64 65 // setupSink starts the connection to the remote process and returns a file that 66 // can be used to communicate with it. The caller is responsible to close to 67 // file. 68 func setupSink(config map[string]any) (*os.File, error) { 69 addrOpaque, ok := config["endpoint"] 70 if !ok { 71 return nil, fmt.Errorf("endpoint not present in configuration") 72 } 73 addr, ok := addrOpaque.(string) 74 if !ok { 75 return nil, fmt.Errorf("endpoint %q is not a string", addrOpaque) 76 } 77 return setup(addr) 78 } 79 80 func setup(path string) (*os.File, error) { 81 log.Debugf("Remote sink connecting to %q", path) 82 socket, err := unix.Socket(unix.AF_UNIX, unix.SOCK_SEQPACKET, 0) 83 if err != nil { 84 return nil, fmt.Errorf("socket(AF_UNIX, SOCK_SEQPACKET, 0): %w", err) 85 } 86 f := os.NewFile(uintptr(socket), path) 87 cu := cleanup.Make(func() { 88 _ = f.Close() 89 }) 90 defer cu.Clean() 91 92 addr := unix.SockaddrUnix{Name: path} 93 if err := unix.Connect(int(f.Fd()), &addr); err != nil { 94 return nil, fmt.Errorf("connect(%q): %w", path, err) 95 } 96 97 // Perform handshake. See common.proto for details about the protocol. 98 hsOut := pb.Handshake{Version: wire.CurrentVersion} 99 out, err := proto.Marshal(&hsOut) 100 if err != nil { 101 return nil, fmt.Errorf("marshalling handshake message: %w", err) 102 } 103 if _, err := f.Write(out); err != nil { 104 return nil, fmt.Errorf("sending handshake message: %w", err) 105 } 106 107 in := make([]byte, 10240) 108 read, err := f.Read(in) 109 if err != nil && !errors.Is(err, io.EOF) { 110 return nil, fmt.Errorf("reading handshake message: %w", err) 111 } 112 // Protect against the handshake becoming larger than the buffer allocated 113 // for it. 114 if read == len(in) { 115 return nil, fmt.Errorf("handshake message too big") 116 } 117 hsIn := pb.Handshake{} 118 if err := proto.Unmarshal(in[:read], &hsIn); err != nil { 119 return nil, fmt.Errorf("unmarshalling handshake message: %w", err) 120 } 121 122 // Check that remote version can be supported. 123 const minSupportedVersion = 1 124 if hsIn.Version < minSupportedVersion { 125 return nil, fmt.Errorf("remote version (%d) is smaller than minimum supported (%d)", hsIn.Version, minSupportedVersion) 126 } 127 128 if err := unix.SetNonblock(int(f.Fd()), true); err != nil { 129 return nil, err 130 } 131 132 cu.Release() 133 return f, nil 134 } 135 136 func parseDuration(config map[string]any, name string) (bool, time.Duration, error) { 137 opaque, ok := config[name] 138 if !ok { 139 return false, 0, nil 140 } 141 duration, ok := opaque.(string) 142 if !ok { 143 return false, 0, fmt.Errorf("%s %v is not an string", name, opaque) 144 } 145 rv, err := time.ParseDuration(duration) 146 if err != nil { 147 return false, 0, err 148 } 149 return true, rv, nil 150 } 151 152 // new creates a new Remote sink. 153 func new(config map[string]any, endpoint *fd.FD) (seccheck.Sink, error) { 154 if endpoint == nil { 155 return nil, fmt.Errorf("remote sink requires an endpoint") 156 } 157 r := &remote{ 158 endpoint: endpoint, 159 initialBackoff: 25 * time.Microsecond, 160 maxBackoff: 10 * time.Millisecond, 161 } 162 if retriesOpaque, ok := config["retries"]; ok { 163 retries, ok := retriesOpaque.(float64) 164 if !ok { 165 return nil, fmt.Errorf("retries %q is not an int", retriesOpaque) 166 } 167 r.retries = int(retries) 168 if float64(r.retries) != retries { 169 return nil, fmt.Errorf("retries %q is not an int", retriesOpaque) 170 } 171 } 172 if ok, backoff, err := parseDuration(config, "backoff"); err != nil { 173 return nil, err 174 } else if ok { 175 r.initialBackoff = backoff 176 } 177 if ok, backoff, err := parseDuration(config, "backoff_max"); err != nil { 178 return nil, err 179 } else if ok { 180 r.maxBackoff = backoff 181 } 182 if r.initialBackoff > r.maxBackoff { 183 return nil, fmt.Errorf("initial backoff (%v) cannot be larger than max backoff (%v)", r.initialBackoff, r.maxBackoff) 184 } 185 186 log.Debugf("Remote sink created, endpoint FD: %d, %+v", r.endpoint.FD(), r) 187 return r, nil 188 } 189 190 func (*remote) Name() string { 191 return name 192 } 193 194 func (r *remote) Status() seccheck.SinkStatus { 195 return seccheck.SinkStatus{ 196 DroppedCount: uint64(r.droppedCount.Load()), 197 } 198 } 199 200 // Stop implements seccheck.Sink. 201 func (r *remote) Stop() { 202 if r.endpoint != nil { 203 // It's possible to race with Point firing, but in the worst case they will 204 // simply fail to be delivered. 205 r.endpoint.Close() 206 } 207 } 208 209 func (r *remote) write(msg proto.Message, msgType pb.MessageType) { 210 out, err := proto.Marshal(msg) 211 if err != nil { 212 log.Debugf("Marshal(%+v): %v", msg, err) 213 return 214 } 215 hdr := wire.Header{ 216 HeaderSize: uint16(wire.HeaderStructSize), 217 DroppedCount: r.droppedCount.Load(), 218 MessageType: uint16(msgType), 219 } 220 var hdrOut [wire.HeaderStructSize]byte 221 hdr.MarshalUnsafe(hdrOut[:]) 222 223 backoff := r.initialBackoff 224 for i := 0; ; i++ { 225 _, err := unix.Writev(r.endpoint.FD(), [][]byte{hdrOut[:], out}) 226 if err == nil { 227 // Write succeeded, we're done! 228 return 229 } 230 if !errors.Is(err, unix.EAGAIN) || i >= r.retries { 231 log.Debugf("Write failed, dropping point: %v", err) 232 r.droppedCount.Add(1) 233 return 234 } 235 log.Debugf("Write failed, retrying (%d/%d) in %v: %v", i+1, r.retries, backoff, err) 236 time.Sleep(backoff) 237 backoff *= 2 238 if r.maxBackoff > 0 && backoff > r.maxBackoff { 239 backoff = r.maxBackoff 240 } 241 } 242 } 243 244 // Clone implements seccheck.Sink. 245 func (r *remote) Clone(_ context.Context, _ seccheck.FieldSet, info *pb.CloneInfo) error { 246 r.write(info, pb.MessageType_MESSAGE_SENTRY_CLONE) 247 return nil 248 } 249 250 // Execve implements seccheck.Sink. 251 func (r *remote) Execve(_ context.Context, _ seccheck.FieldSet, info *pb.ExecveInfo) error { 252 r.write(info, pb.MessageType_MESSAGE_SENTRY_EXEC) 253 return nil 254 } 255 256 // ExitNotifyParent implements seccheck.Sink. 257 func (r *remote) ExitNotifyParent(_ context.Context, _ seccheck.FieldSet, info *pb.ExitNotifyParentInfo) error { 258 r.write(info, pb.MessageType_MESSAGE_SENTRY_EXIT_NOTIFY_PARENT) 259 return nil 260 } 261 262 // TaskExit implements seccheck.Sink. 263 func (r *remote) TaskExit(_ context.Context, _ seccheck.FieldSet, info *pb.TaskExit) error { 264 r.write(info, pb.MessageType_MESSAGE_SENTRY_TASK_EXIT) 265 return nil 266 } 267 268 // ContainerStart implements seccheck.Sink. 269 func (r *remote) ContainerStart(_ context.Context, _ seccheck.FieldSet, info *pb.Start) error { 270 r.write(info, pb.MessageType_MESSAGE_CONTAINER_START) 271 return nil 272 } 273 274 // RawSyscall implements seccheck.Sink. 275 func (r *remote) RawSyscall(_ context.Context, _ seccheck.FieldSet, info *pb.Syscall) error { 276 r.write(info, pb.MessageType_MESSAGE_SYSCALL_RAW) 277 return nil 278 } 279 280 // Syscall implements seccheck.Sink. 281 func (r *remote) Syscall(ctx context.Context, fields seccheck.FieldSet, ctxData *pb.ContextData, msgType pb.MessageType, msg proto.Message) error { 282 r.write(msg, msgType) 283 return nil 284 }