ProcessCache: Add test to check GC interval works

Signed-off-by: Kevin Sheldrake <[email protected]>
cilium · Nov 21, 2024 · 16f383d · 16f383d
1 parent 2e82bd6
commit 16f383d
Show file tree

Hide file tree

Showing 2 changed files with 69 additions and 5 deletions.
diff --git a/pkg/process/cache.go b/pkg/process/cache.go
@@ -197,12 +197,16 @@ func (pc *Cache) len() int {
 
 func (pc *Cache) dump(opts *tetragon.DumpProcessCacheReqArgs) []*tetragon.ProcessInternal {
 	execveMapPath := filepath.Join(defaults.DefaultMapRoot, defaults.DefaultMapPrefix, "execve_map")
-	execveMap, err := ebpf.LoadPinnedMap(execveMapPath, &ebpf.LoadPinOptions{ReadOnly: true})
-	if err != nil {
-		logger.GetLogger().WithError(err).Warn("failed to open execve_map")
-		return []*tetragon.ProcessInternal{}
+	var execveMap *ebpf.Map
+	var err error
+	if opts.ExcludeExecveMapProcesses {
+		execveMap, err = ebpf.LoadPinnedMap(execveMapPath, &ebpf.LoadPinOptions{ReadOnly: true})
+		if err != nil {
+			logger.GetLogger().WithError(err).Warn("failed to open execve_map")
+			return []*tetragon.ProcessInternal{}
+		}
+		defer execveMap.Close()
 	}
-	defer execveMap.Close()
 
 	var processes []*tetragon.ProcessInternal
 	for _, v := range pc.cache.Values() {

diff --git a/pkg/sensors/exec/cache_test.go b/pkg/sensors/exec/cache_test.go
@@ -0,0 +1,60 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright Authors of Tetragon
+
+package exec
+
+import (
+	"context"
+	"os/exec"
+	"sync"
+	"testing"
+	"time"
+
+	"github.com/cilium/tetragon/api/v1/tetragon"
+	"github.com/cilium/tetragon/pkg/observer/observertesthelper"
+	"github.com/cilium/tetragon/pkg/process"
+	tus "github.com/cilium/tetragon/pkg/testutils/sensors"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func processInList(pid uint32, processes []*tetragon.ProcessInternal) bool {
+	for _, p := range processes {
+		if p.Process.Pid.Value == pid {
+			return true
+		}
+	}
+	return false
+}
+
+func TestProcessCacheInterval(t *testing.T) {
+	var doneWG, readyWG sync.WaitGroup
+	defer doneWG.Wait()
+
+	ctx, cancel := context.WithTimeout(context.Background(), tus.Conf().CmdWaitTime)
+	defer cancel()
+
+	sleepBin := "/bin/sleep"
+
+	obs, err := observertesthelper.GetDefaultObserver(t, ctx, tus.Conf().TetragonLib, observertesthelper.WithProcCacheGCInterval(100*time.Millisecond))
+	if err != nil {
+		t.Fatalf("GetDefaultObserver error: %s", err)
+	}
+	observertesthelper.LoopEvents(ctx, t, &doneWG, &readyWG, obs)
+
+	readyWG.Wait()
+	cmd := exec.Command(sleepBin, "0.001")
+	assert.NoError(t, cmd.Start())
+	pid := cmd.Process.Pid
+	time.Sleep(50 * time.Millisecond)
+
+	processes := process.DumpProcessCache(&tetragon.DumpProcessCacheReqArgs{SkipZeroRefcnt: false, ExcludeExecveMapProcesses: false})
+	// Should find our sleep process in the list, even though the process should have finished.
+	require.True(t, processInList(uint32(pid), processes))
+
+	time.Sleep(500 * time.Millisecond)
+	processes = process.DumpProcessCache(&tetragon.DumpProcessCacheReqArgs{SkipZeroRefcnt: false, ExcludeExecveMapProcesses: false})
+	// Should not find our sleep process in the list, as it should have been evicted by now.
+	require.False(t, processInList(uint32(pid), processes))
+}