Remove cwd parsing from the driver because the function became sleepa…

…ble in 4.8 (torvalds/linux@47be618).

When forking a new process, inherit the cwd from the parent.

driver/ppm_events.c

@@ -705,61 +705,6 @@ int val_to_ring(struct event_filler_arguments *args, uint64_t val, u16 val_len,
 	return PPM_SUCCESS;
 }
 
-/*
- * Get the current working directory for the current process.
- * Returns the pointer to the string, which is NOT going to be at the beginning
- * of buf.
- * Buf must be at least 1 page in size.
- */
-#if LINUX_VERSION_CODE > KERNEL_VERSION(2, 6, 20)
-char *npm_getcwd(char *buf, unsigned long bufsize)
-{
-	struct path pwd;
-	char *res;
-
-	ASSERT(bufsize >= PAGE_SIZE - 1);
-
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 36) || defined CONFIG_VE
-	get_fs_pwd(current->fs, &pwd);
-#else
-	read_lock(&current->fs->lock);
-	pwd = current->fs->pwd;
-	path_get(&pwd);
-	read_unlock(&current->fs->lock);
-#endif
-
-	res = d_path(&pwd, buf, bufsize);
-
-	if (IS_ERR(res))
-		res = NULL;
-
-	path_put(&pwd);
-
-	return res;
-}
-#else /* LINUX_VERSION_CODE > KERNEL_VERSION(2, 6, 20) */
-char *npm_getcwd(char *buf, unsigned long bufsize)
-{
-	struct dentry *dentry;
-	struct vfsmount *mnt;
-	char *res;
-
-	ASSERT(bufsize >= PAGE_SIZE - 1);
-
-	read_lock(&current->fs->lock);
-	mnt = mntget(current->fs->pwdmnt);
-	dentry = dget(current->fs->pwd);
-	read_unlock(&current->fs->lock);
-
-	res = d_path(dentry, mnt, buf, bufsize);
-
-	if (IS_ERR(res))
-		res = NULL;
-
-	return res;
-}
-#endif
-
 static inline u8 socket_family_to_scap(u8 family)
 {
 	if (family == AF_INET)

driver/ppm_events.h

@@ -129,7 +129,6 @@ extern const struct ppm_event_entry g_ppm_events[];
 int32_t dpi_lookahead_init(void);
 int32_t f_sys_autofill(struct event_filler_arguments *args, const struct ppm_event_entry *evinfo);
 int32_t val_to_ring(struct event_filler_arguments *args, u64 val, u16 val_len, bool fromuser, u8 dyn_idx);
-char *npm_getcwd(char *buf, unsigned long bufsize);
 u16 pack_addr(struct sockaddr *usrsockaddr, int ulen, char *targetbuf, u16 targetbufsize);
 u16 fd_to_socktuple(int fd, struct sockaddr *usrsockaddr, int ulen, bool use_userdata, bool is_inbound, char *targetbuf, u16 targetbufsize);
 int addr_to_kernel(void __user *uaddr, int ulen, struct sockaddr *kaddr);

driver/ppm_fillers.c

@@ -1006,7 +1006,7 @@ static int f_proc_startupdate(struct event_filler_arguments *args)
 	struct mm_struct *mm = current->mm;
 	int64_t retval;
 	int ptid;
-	char *spwd;
+	char *spwd = "";
 	long total_vm = 0;
 	long total_rss = 0;
 	long swap = 0;
@@ -1149,14 +1149,9 @@ static int f_proc_startupdate(struct event_filler_arguments *args)
 		return res;
 
 	/*
-	 * cwd
+	 * cwd, pushed empty to avoid breaking compatibility
+	 * with the older event format
 	 */
-	spwd = npm_getcwd(args->str_storage, STR_STORAGE_SIZE - 1);
-	if (spwd == NULL)
-		spwd = "";
-
-	args->str_storage[STR_STORAGE_SIZE - 1] = '\0';
-
 	res = val_to_ring(args, (uint64_t)(long)spwd, 0, false, 0);
 	if (unlikely(res != PPM_SUCCESS))
 		return res;

test/sysdig_trace_regression.sh

@@ -104,6 +104,8 @@ $BASEDIR/sysdig_batch_parser.sh $SYSDIG $CHISELS "-cps" $TRACEDIR $RESULTDIR/ps
 $BASEDIR/sysdig_batch_parser.sh $SYSDIG $CHISELS "-j -n 10000" $TRACEDIR $RESULTDIR/fd_fields_json $BASELINEDIR/fd_fields_json || ret=1
 # Sessions
 $BASEDIR/sysdig_batch_parser.sh $SYSDIG $CHISELS "-p '*%evt.num %evt.outputtime %evt.cpu %proc.name (%thread.tid) %evt.dir %evt.type %evt.info sid=%proc.sid sname=%proc.sname'" $TRACEDIR $RESULTDIR/sessions $BASELINEDIR/sessions || ret=1
+# Cwd
+$BASEDIR/sysdig_batch_parser.sh $SYSDIG $CHISELS "-pc -p\"*%evt.num %evt.outputtime %evt.cpu %container.name (%container.id) %proc.name (%thread.tid:%thread.vtid) %evt.dir %evt.type %evt.info %proc.cwd\"" $TRACEDIR $RESULTDIR/cwd $BASELINEDIR/cwd || ret=1
 
 rm -rf "${TMPBASE}"
 exit $ret

userspace/libsinsp/parsers.cpp

@@ -1221,22 +1221,27 @@ void sinsp_parser::parse_clone_exit(sinsp_evt *evt)
 		tinfo.m_pid = childtid;
 	}
 
-	//
-	// Copy the fd list
-	// XXX this is a gross oversimplification that will need to be fixed.
-	// What we do is: if the child is NOT a thread, we copy all the parent fds.
-	// The right thing to do is looking at PPM_CL_CLONE_FILES, but there are
-	// syscalls like open and pipe2 that can override PPM_CL_CLONE_FILES with the O_CLOEXEC flag
-	//
 	if(!(tinfo.m_flags & PPM_CL_CLONE_THREAD))
 	{
+		//
+		// Copy the fd list
+		// XXX this is a gross oversimplification that will need to be fixed.
+		// What we do is: if the child is NOT a thread, we copy all the parent fds.
+		// The right thing to do is looking at PPM_CL_CLONE_FILES, but there are
+		// syscalls like open and pipe2 that can override PPM_CL_CLONE_FILES with the O_CLOEXEC flag
+		//
 		tinfo.m_fdtable = *(ptinfo->get_fd_table());
 
 		//
 		// It's important to reset the cache of the child thread, to prevent it from
 		// referring to an element in the parent's table.
 		//
 		tinfo.m_fdtable.reset_cache();
+
+		//
+		// Not a thread, copy cwd
+		//
+		tinfo.m_cwd = ptinfo->m_cwd;
 	}
 	//if((tinfo.m_flags & (PPM_CL_CLONE_FILES)))
 	//{
@@ -1277,10 +1282,6 @@ void sinsp_parser::parse_clone_exit(sinsp_evt *evt)
 	parinfo = evt->get_param(2);
 	tinfo.set_args(parinfo->m_val, parinfo->m_len);
 
-	// Copy the working directory
-	parinfo = evt->get_param(6);
-	tinfo.set_cwd(parinfo->m_val, parinfo->m_len);
-
 	// Copy the fdlimit
 	parinfo = evt->get_param(7);
 	ASSERT(parinfo->m_len == sizeof(int64_t));
@@ -1517,10 +1518,6 @@ void sinsp_parser::parse_execve_exit(sinsp_evt *evt)
 	ASSERT(parinfo->m_len == sizeof(uint64_t));
 	evt->m_tinfo->m_pid = *(uint64_t *)parinfo->m_val;
 
-	// Get the working directory
-	parinfo = evt->get_param(6);
-	evt->m_tinfo->set_cwd(parinfo->m_val, parinfo->m_len);
-
 	// Get the fdlimit
 	parinfo = evt->get_param(7);
 	ASSERT(parinfo->m_len == sizeof(int64_t));