tetragon: ensure struct alignment on startup

Mismatches between the BPF and userspace API are often the cause of bizarre bugs that are difficult to debug. This might happen if a developer makes a change to one and forgets to update the other, or it might simply happen during development if the userspace and BPF targets go out of sync. This PR introduces alignment checks to the Tetragon startup process so that we can fail with a clear error message when such situations arise. Signed-off-by: William Findlay <will@isovalent.com>
cilium · Oct 27, 2023 · 0fd246f · 0fd246f
1 parent 6c0b8e5
commit 0fd246f
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/cmd/tetragon/main.go b/cmd/tetragon/main.go
@@ -11,6 +11,7 @@ import (
 	pprofhttp "net/http/pprof"
 	"os"
 	"os/signal"
+	"path"
 	"path/filepath"
 	"runtime"
 	"runtime/pprof"
@@ -20,6 +21,7 @@ import (
 	"time"
 
 	"github.com/cilium/tetragon/api/v1/tetragon"
+	"github.com/cilium/tetragon/pkg/alignchecker"
 	"github.com/cilium/tetragon/pkg/bpf"
 	"github.com/cilium/tetragon/pkg/btf"
 	"github.com/cilium/tetragon/pkg/bugtool"
@@ -72,6 +74,11 @@ var (
 	log = logger.GetLogger()
 )
 
+func checkStructAlignments() error {
+	path := path.Join(option.Config.HubbleLib, "bpf_alignchecker.o")
+	return alignchecker.CheckStructAlignments(path)
+}
+
 func getExportFilters() ([]*tetragon.Filter, []*tetragon.Filter, error) {
 	allowList, err := filters.ParseFilterList(viper.GetString(option.KeyExportAllowlist), viper.GetBool(option.KeyEnablePidSetFilter))
 	if err != nil {
@@ -178,6 +185,10 @@ func tetragonExecute() error {
 		defaults.NetnsDir = viper.GetString(option.KeyNetnsDir)
 	}
 
+	if err := checkStructAlignments(); err != nil {
+		return fmt.Errorf("struct alignment checks failed: %w", err)
+	}
+
 	checkprocfs.Check()
 
 	// Setup file system mounts