Skip to content

Commit

Permalink
tetragon: Create enforcer map only when enforcer is defined
Browse files Browse the repository at this point in the history 
So we do not get enforcer map created when it's not needed.

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
  • Loading branch information
@olsajiri
olsajiri committed May 30, 2024
1 parent 013cca9 commit 2210ffc
Showing 1 changed file with 17 additions and 10 deletions.
27 changes: 17 additions & 10 deletions pkg/sensors/tracing/generickprobe.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -249,7 +249,7 @@ func filterMaps(load *program.Program, kprobeEntry *genericKprobe) []*program.Ma
return maps
}

func createMultiKprobeSensor(multiIDs []idtable.EntryID) ([]*program.Program, []*program.Map, error) {
func createMultiKprobeSensor(multiIDs []idtable.EntryID, hasEnforcer bool) ([]*program.Program, []*program.Map, error) {
var multiRetIDs []idtable.EntryID
var progs []*program.Program
var maps []*program.Map
Expand Down Expand Up @@ -320,8 +320,10 @@ func createMultiKprobeSensor(multiIDs []idtable.EntryID) ([]*program.Program, []
maps = append(maps, socktrack)
}

enforcerDataMap := enforcerMap(load)
maps = append(maps, enforcerDataMap)
if hasEnforcer {
enforcerDataMap := enforcerMap(load)
maps = append(maps, enforcerDataMap)
}

filterMap.SetMaxEntries(len(multiIDs))
configMap.SetMaxEntries(len(multiIDs))
Expand Down Expand Up @@ -549,6 +551,8 @@ func createGenericKprobeSensor(
selMaps: selMaps,
}

hasEnforcer := len(spec.Enforcers) != 0

for i := range kprobes {
syms, syscall, err := getKprobeSymbols(kprobes[i].Call, kprobes[i].Syscall, lists)
if err != nil {
Expand All @@ -568,9 +572,9 @@ func createGenericKprobeSensor(
}

if useMulti {
progs, maps, err = createMultiKprobeSensor(ids)
progs, maps, err = createMultiKprobeSensor(ids, hasEnforcer)
} else {
progs, maps, err = createSingleKprobeSensor(ids)
progs, maps, err = createSingleKprobeSensor(ids, hasEnforcer)
}

if err != nil {
Expand Down Expand Up @@ -796,7 +800,8 @@ func addKprobe(funcName string, f *v1alpha1.KProbeSpec, in *addKprobeIn) (id idt
}

func createKprobeSensorFromEntry(kprobeEntry *genericKprobe,
progs []*program.Program, maps []*program.Map) ([]*program.Program, []*program.Map) {
progs []*program.Program, maps []*program.Map,
hasEnforcer bool) ([]*program.Program, []*program.Map) {

loadProgName, loadProgRetName := kernels.GenericKprobeObjs()
isSecurityFunc := strings.HasPrefix(kprobeEntry.funcName, "security_")
Expand Down Expand Up @@ -855,8 +860,10 @@ func createKprobeSensorFromEntry(kprobeEntry *genericKprobe,
maps = append(maps, socktrack)
}

enforcerDataMap := enforcerMap(load)
maps = append(maps, enforcerDataMap)
if hasEnforcer {
enforcerDataMap := enforcerMap(load)
maps = append(maps, enforcerDataMap)
}

if kprobeEntry.loadArgs.retprobe {
pinRetProg := sensors.PathJoin(fmt.Sprintf("%s_return", kprobeEntry.funcName))
Expand Down Expand Up @@ -902,7 +909,7 @@ func createKprobeSensorFromEntry(kprobeEntry *genericKprobe,
return progs, maps
}

func createSingleKprobeSensor(ids []idtable.EntryID) ([]*program.Program, []*program.Map, error) {
func createSingleKprobeSensor(ids []idtable.EntryID, hasEnforcer bool) ([]*program.Program, []*program.Map, error) {
var progs []*program.Program
var maps []*program.Map

Expand All @@ -912,7 +919,7 @@ func createSingleKprobeSensor(ids []idtable.EntryID) ([]*program.Program, []*pro
return nil, nil, err
}
gk.data = &genericKprobeData{}
progs, maps = createKprobeSensorFromEntry(gk, progs, maps)
progs, maps = createKprobeSensorFromEntry(gk, progs, maps, hasEnforcer)
}

return progs, maps, nil
Expand Down

0 comments on commit 2210ffc

Please sign in to comment.