From 2210ffc2c97d2d0e00792a610c4dded21607db00 Mon Sep 17 00:00:00 2001
From: Jiri Olsa <jolsa@kernel.org>
Date: Thu, 30 May 2024 11:37:53 +0000
Subject: [PATCH] tetragon: Create enforcer map only when enforcer is defined

So we do not get enforcer map created when it's not needed.

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
---
 pkg/sensors/tracing/generickprobe.go | 27 +++++++++++++++++----------
 1 file changed, 17 insertions(+), 10 deletions(-)

diff --git a/pkg/sensors/tracing/generickprobe.go b/pkg/sensors/tracing/generickprobe.go
index 75a3bb8050f..156a1b2f12f 100644
--- a/pkg/sensors/tracing/generickprobe.go
+++ b/pkg/sensors/tracing/generickprobe.go
@@ -249,7 +249,7 @@ func filterMaps(load *program.Program, kprobeEntry *genericKprobe) []*program.Ma
 	return maps
 }
 
-func createMultiKprobeSensor(multiIDs []idtable.EntryID) ([]*program.Program, []*program.Map, error) {
+func createMultiKprobeSensor(multiIDs []idtable.EntryID, hasEnforcer bool) ([]*program.Program, []*program.Map, error) {
 	var multiRetIDs []idtable.EntryID
 	var progs []*program.Program
 	var maps []*program.Map
@@ -320,8 +320,10 @@ func createMultiKprobeSensor(multiIDs []idtable.EntryID) ([]*program.Program, []
 		maps = append(maps, socktrack)
 	}
 
-	enforcerDataMap := enforcerMap(load)
-	maps = append(maps, enforcerDataMap)
+	if hasEnforcer {
+		enforcerDataMap := enforcerMap(load)
+		maps = append(maps, enforcerDataMap)
+	}
 
 	filterMap.SetMaxEntries(len(multiIDs))
 	configMap.SetMaxEntries(len(multiIDs))
@@ -549,6 +551,8 @@ func createGenericKprobeSensor(
 		selMaps:       selMaps,
 	}
 
+	hasEnforcer := len(spec.Enforcers) != 0
+
 	for i := range kprobes {
 		syms, syscall, err := getKprobeSymbols(kprobes[i].Call, kprobes[i].Syscall, lists)
 		if err != nil {
@@ -568,9 +572,9 @@ func createGenericKprobeSensor(
 	}
 
 	if useMulti {
-		progs, maps, err = createMultiKprobeSensor(ids)
+		progs, maps, err = createMultiKprobeSensor(ids, hasEnforcer)
 	} else {
-		progs, maps, err = createSingleKprobeSensor(ids)
+		progs, maps, err = createSingleKprobeSensor(ids, hasEnforcer)
 	}
 
 	if err != nil {
@@ -796,7 +800,8 @@ func addKprobe(funcName string, f *v1alpha1.KProbeSpec, in *addKprobeIn) (id idt
 }
 
 func createKprobeSensorFromEntry(kprobeEntry *genericKprobe,
-	progs []*program.Program, maps []*program.Map) ([]*program.Program, []*program.Map) {
+	progs []*program.Program, maps []*program.Map,
+	hasEnforcer bool) ([]*program.Program, []*program.Map) {
 
 	loadProgName, loadProgRetName := kernels.GenericKprobeObjs()
 	isSecurityFunc := strings.HasPrefix(kprobeEntry.funcName, "security_")
@@ -855,8 +860,10 @@ func createKprobeSensorFromEntry(kprobeEntry *genericKprobe,
 		maps = append(maps, socktrack)
 	}
 
-	enforcerDataMap := enforcerMap(load)
-	maps = append(maps, enforcerDataMap)
+	if hasEnforcer {
+		enforcerDataMap := enforcerMap(load)
+		maps = append(maps, enforcerDataMap)
+	}
 
 	if kprobeEntry.loadArgs.retprobe {
 		pinRetProg := sensors.PathJoin(fmt.Sprintf("%s_return", kprobeEntry.funcName))
@@ -902,7 +909,7 @@ func createKprobeSensorFromEntry(kprobeEntry *genericKprobe,
 	return progs, maps
 }
 
-func createSingleKprobeSensor(ids []idtable.EntryID) ([]*program.Program, []*program.Map, error) {
+func createSingleKprobeSensor(ids []idtable.EntryID, hasEnforcer bool) ([]*program.Program, []*program.Map, error) {
 	var progs []*program.Program
 	var maps []*program.Map
 
@@ -912,7 +919,7 @@ func createSingleKprobeSensor(ids []idtable.EntryID) ([]*program.Program, []*pro
 			return nil, nil, err
 		}
 		gk.data = &genericKprobeData{}
-		progs, maps = createKprobeSensorFromEntry(gk, progs, maps)
+		progs, maps = createKprobeSensorFromEntry(gk, progs, maps, hasEnforcer)
 	}
 
 	return progs, maps, nil