Skip to content

Commit

Permalink
tetragon: Keep map setup in doLoadProgram
Browse files Browse the repository at this point in the history
Signed-off-by: Jiri Olsa <[email protected]>
  • Loading branch information
olsajiri committed Aug 17, 2024
1 parent f4f474f commit 2224c7a
Show file tree
Hide file tree
Showing 4 changed files with 49 additions and 67 deletions.
18 changes: 9 additions & 9 deletions pkg/sensors/base/base.go
Original file line number Diff line number Diff line change
Expand Up @@ -64,26 +64,26 @@ var (
).SetPolicy(basePolicy)

/* Event Ring map */
TCPMonMap = program.MapBuilder("tcpmon_map", Execve)
TCPMonMap = program.MapBuilder("tcpmon_map", Execve, Exit, Fork)
/* Networking and Process Monitoring maps */
ExecveMap = program.MapBuilder("execve_map", Execve)
ExecveMap = program.MapBuilder("execve_map", Execve, Exit, Fork, ExecveBprmCommit)
ExecveTailCallsMap = program.MapBuilderPin("execve_calls", "execve_calls", Execve)

ExecveJoinMap = program.MapBuilder("tg_execve_joined_info_map", ExecveBprmCommit)
ExecveJoinMap = program.MapBuilder("tg_execve_joined_info_map", Execve, Exit, Fork, ExecveBprmCommit)

/* Tetragon runtime configuration */
TetragonConfMap = program.MapBuilder("tg_conf_map", Execve)
TetragonConfMap = program.MapBuilder("tg_conf_map", Execve, Exit, Fork)

/* Internal statistics for debugging */
ExecveStats = program.MapBuilder("execve_map_stats", Execve)
ExecveJoinMapStats = program.MapBuilder("tg_execve_joined_info_map_stats", ExecveBprmCommit)
StatsMap = program.MapBuilder("tg_stats_map", Execve)
ExecveStats = program.MapBuilder("execve_map_stats", Execve, Exit, Fork)
ExecveJoinMapStats = program.MapBuilder("tg_execve_joined_info_map_stats", Execve, Exit, Fork, ExecveBprmCommit)
StatsMap = program.MapBuilder("tg_stats_map", Execve, Exit, Fork)

/* Cgroup rate data, attached to execve sensor */
CgroupRateMap = program.MapBuilder("cgroup_rate_map", Execve, Exit, Fork, CgroupRmdir)
CgroupRateOptionsMap = program.MapBuilder("cgroup_rate_options_map", Execve)
CgroupRateOptionsMap = program.MapBuilder("cgroup_rate_options_map", Execve, Exit, Fork)

MatchBinariesSetMap = program.MapBuilder(mbset.MapName, Execve)
MatchBinariesSetMap = program.MapBuilder(mbset.MapName, Execve, Exit, Fork)

sensor = sensors.Sensor{
Name: basePolicy,
Expand Down
63 changes: 5 additions & 58 deletions pkg/sensors/load.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,8 @@ import (
"fmt"
"os"
"path"
"path/filepath"
"strings"

"github.com/cilium/ebpf"
cachedbtf "github.com/cilium/tetragon/pkg/btf"
"github.com/cilium/tetragon/pkg/kernels"
"github.com/cilium/tetragon/pkg/logger"
Expand Down Expand Up @@ -93,10 +91,6 @@ func (s *Sensor) Load(bpfDir string) error {
return fmt.Errorf("tetragon, aborting could not find BPF programs: %w", err)
}

if err := s.loadMaps(bpfDir); err != nil {
return fmt.Errorf("tetragon, aborting could not load sensor BPF maps: %w", err)
}

for _, p := range s.Progs {
if p.LoadState.IsLoaded() {
l.WithField("prog", p.Name).Info("BPF prog is already loaded, incrementing reference count")
Expand Down Expand Up @@ -136,9 +130,11 @@ func (s *Sensor) Unload() error {
unloadProgram(p)
}

for _, m := range s.Maps {
if err := m.Unload(); err != nil {
logger.GetLogger().WithError(err).WithField("map", s.Name).Warn("Failed to unload map")
for _, p := range s.Progs {
for name, m := range p.PinMap {
if err := m.Unload(); err != nil {
logger.GetLogger().WithError(err).WithField("map", name).Warn("Failed to unload map")
}
}
}

Expand Down Expand Up @@ -209,55 +205,6 @@ func (s *Sensor) FindPrograms() error {
return nil
}

// loadMaps loads all the BPF maps in the sensor.
func (s *Sensor) loadMaps(bpfDir string) error {
l := logger.GetLogger()
for _, m := range s.Maps {
if m.PinState.IsLoaded() {
l.WithFields(logrus.Fields{
"sensor": s.Name,
"map": m.Name,
}).Info("map is already loaded, incrementing reference count")
m.PinState.RefInc()
continue
}

pinPath := filepath.Join(bpfDir, m.PinName)

spec, err := ebpf.LoadCollectionSpec(m.Prog.Name)
if err != nil {
return fmt.Errorf("failed to open collection '%s': %w", m.Prog.Name, err)
}
mapSpec, ok := spec.Maps[m.Name]
if !ok {
return fmt.Errorf("map '%s' not found from '%s'", m.Name, m.Prog.Name)
}

if max, ok := m.GetMaxEntries(); ok {
mapSpec.MaxEntries = max
}

if innerMax, ok := m.GetMaxInnerEntries(); ok {
if innerMs := mapSpec.InnerMap; innerMs != nil {
mapSpec.InnerMap.MaxEntries = innerMax
}
}

if err := m.LoadOrCreatePinnedMap(pinPath, mapSpec); err != nil {
return fmt.Errorf("failed to load map '%s' for sensor '%s': %w", m.Name, s.Name, err)
}

l.WithFields(logrus.Fields{
"sensor": s.Name,
"map": m.Name,
"path": pinPath,
"max": m.Entries,
}).Info("tetragon, map loaded.")
}

return nil
}

func mergeSensors(sensors []*Sensor) *Sensor {
var progs []*program.Program
var maps []*program.Map
Expand Down
20 changes: 20 additions & 0 deletions pkg/sensors/program/loader.go
Original file line number Diff line number Diff line change
Expand Up @@ -863,6 +863,26 @@ func doLoadProgram(
}
defer coll.Close()

// Pin all requested maps
for name, m := range coll.Maps {
// Is the map refferenced by program
if _, ok := refMaps[name]; !ok {
continue
}
// Is the map already pinned
if _, ok := pinnedMaps[name]; ok {
continue
}
// Do we want the map to be pinned?
pm, ok := load.PinMap[name]
if !ok {
continue
}
if err := pm.CloneAndPin(bpfDir, m); err != nil {
return nil, fmt.Errorf("map pinning failed: %s", err)
}
}

err = installTailCalls(bpfDir, spec, coll, load)
if err != nil {
return nil, fmt.Errorf("installing tail calls failed: %s", err)
Expand Down
15 changes: 15 additions & 0 deletions pkg/sensors/program/map.go
Original file line number Diff line number Diff line change
Expand Up @@ -153,6 +153,21 @@ func (m *Map) LoadOrCreatePinnedMap(pinPath string, mapSpec *ebpf.MapSpec) error
return nil
}

func (m *Map) CloneAndPin(bpfDir string, handle *ebpf.Map) error {
var err error

m.MapHandle, err = handle.Clone()
if err != nil {
return fmt.Errorf("failed to clone map '%s': %w", m.Name, err)
}
pinPath := filepath.Join(bpfDir, m.PinName)
if err = m.MapHandle.Pin(pinPath); err != nil {
return fmt.Errorf("failed to pin to %s: %w", pinPath, err)
}
m.PinState.RefInc()
return nil
}

func isValidSubdir(d string) bool {
dir := filepath.Base(d)
return dir != "." && dir != ".."
Expand Down

0 comments on commit 2224c7a

Please sign in to comment.