From 2224c7a5e65a69bbee25f551427bcc476749eed0 Mon Sep 17 00:00:00 2001
From: Jiri Olsa <jolsa@kernel.org>
Date: Tue, 13 Aug 2024 07:31:30 +0000
Subject: [PATCH] tetragon: Keep map setup in doLoadProgram

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
---
 pkg/sensors/base/base.go      | 18 +++++-----
 pkg/sensors/load.go           | 63 +++--------------------------------
 pkg/sensors/program/loader.go | 20 +++++++++++
 pkg/sensors/program/map.go    | 15 +++++++++
 4 files changed, 49 insertions(+), 67 deletions(-)

diff --git a/pkg/sensors/base/base.go b/pkg/sensors/base/base.go
index 34afc2d48c9..6ae7bef1cb3 100644
--- a/pkg/sensors/base/base.go
+++ b/pkg/sensors/base/base.go
@@ -64,26 +64,26 @@ var (
 	).SetPolicy(basePolicy)
 
 	/* Event Ring map */
-	TCPMonMap = program.MapBuilder("tcpmon_map", Execve)
+	TCPMonMap = program.MapBuilder("tcpmon_map", Execve, Exit, Fork)
 	/* Networking and Process Monitoring maps */
-	ExecveMap          = program.MapBuilder("execve_map", Execve)
+	ExecveMap          = program.MapBuilder("execve_map", Execve, Exit, Fork, ExecveBprmCommit)
 	ExecveTailCallsMap = program.MapBuilderPin("execve_calls", "execve_calls", Execve)
 
-	ExecveJoinMap = program.MapBuilder("tg_execve_joined_info_map", ExecveBprmCommit)
+	ExecveJoinMap = program.MapBuilder("tg_execve_joined_info_map", Execve, Exit, Fork, ExecveBprmCommit)
 
 	/* Tetragon runtime configuration */
-	TetragonConfMap = program.MapBuilder("tg_conf_map", Execve)
+	TetragonConfMap = program.MapBuilder("tg_conf_map", Execve, Exit, Fork)
 
 	/* Internal statistics for debugging */
-	ExecveStats        = program.MapBuilder("execve_map_stats", Execve)
-	ExecveJoinMapStats = program.MapBuilder("tg_execve_joined_info_map_stats", ExecveBprmCommit)
-	StatsMap           = program.MapBuilder("tg_stats_map", Execve)
+	ExecveStats        = program.MapBuilder("execve_map_stats", Execve, Exit, Fork)
+	ExecveJoinMapStats = program.MapBuilder("tg_execve_joined_info_map_stats", Execve, Exit, Fork, ExecveBprmCommit)
+	StatsMap           = program.MapBuilder("tg_stats_map", Execve, Exit, Fork)
 
 	/* Cgroup rate data, attached to execve sensor */
 	CgroupRateMap        = program.MapBuilder("cgroup_rate_map", Execve, Exit, Fork, CgroupRmdir)
-	CgroupRateOptionsMap = program.MapBuilder("cgroup_rate_options_map", Execve)
+	CgroupRateOptionsMap = program.MapBuilder("cgroup_rate_options_map", Execve, Exit, Fork)
 
-	MatchBinariesSetMap = program.MapBuilder(mbset.MapName, Execve)
+	MatchBinariesSetMap = program.MapBuilder(mbset.MapName, Execve, Exit, Fork)
 
 	sensor = sensors.Sensor{
 		Name: basePolicy,
diff --git a/pkg/sensors/load.go b/pkg/sensors/load.go
index 0d1be2e6519..800d7f62cc6 100644
--- a/pkg/sensors/load.go
+++ b/pkg/sensors/load.go
@@ -7,10 +7,8 @@ import (
 	"fmt"
 	"os"
 	"path"
-	"path/filepath"
 	"strings"
 
-	"github.com/cilium/ebpf"
 	cachedbtf "github.com/cilium/tetragon/pkg/btf"
 	"github.com/cilium/tetragon/pkg/kernels"
 	"github.com/cilium/tetragon/pkg/logger"
@@ -93,10 +91,6 @@ func (s *Sensor) Load(bpfDir string) error {
 		return fmt.Errorf("tetragon, aborting could not find BPF programs: %w", err)
 	}
 
-	if err := s.loadMaps(bpfDir); err != nil {
-		return fmt.Errorf("tetragon, aborting could not load sensor BPF maps: %w", err)
-	}
-
 	for _, p := range s.Progs {
 		if p.LoadState.IsLoaded() {
 			l.WithField("prog", p.Name).Info("BPF prog is already loaded, incrementing reference count")
@@ -136,9 +130,11 @@ func (s *Sensor) Unload() error {
 		unloadProgram(p)
 	}
 
-	for _, m := range s.Maps {
-		if err := m.Unload(); err != nil {
-			logger.GetLogger().WithError(err).WithField("map", s.Name).Warn("Failed to unload map")
+	for _, p := range s.Progs {
+		for name, m := range p.PinMap {
+			if err := m.Unload(); err != nil {
+				logger.GetLogger().WithError(err).WithField("map", name).Warn("Failed to unload map")
+			}
 		}
 	}
 
@@ -209,55 +205,6 @@ func (s *Sensor) FindPrograms() error {
 	return nil
 }
 
-// loadMaps loads all the BPF maps in the sensor.
-func (s *Sensor) loadMaps(bpfDir string) error {
-	l := logger.GetLogger()
-	for _, m := range s.Maps {
-		if m.PinState.IsLoaded() {
-			l.WithFields(logrus.Fields{
-				"sensor": s.Name,
-				"map":    m.Name,
-			}).Info("map is already loaded, incrementing reference count")
-			m.PinState.RefInc()
-			continue
-		}
-
-		pinPath := filepath.Join(bpfDir, m.PinName)
-
-		spec, err := ebpf.LoadCollectionSpec(m.Prog.Name)
-		if err != nil {
-			return fmt.Errorf("failed to open collection '%s': %w", m.Prog.Name, err)
-		}
-		mapSpec, ok := spec.Maps[m.Name]
-		if !ok {
-			return fmt.Errorf("map '%s' not found from '%s'", m.Name, m.Prog.Name)
-		}
-
-		if max, ok := m.GetMaxEntries(); ok {
-			mapSpec.MaxEntries = max
-		}
-
-		if innerMax, ok := m.GetMaxInnerEntries(); ok {
-			if innerMs := mapSpec.InnerMap; innerMs != nil {
-				mapSpec.InnerMap.MaxEntries = innerMax
-			}
-		}
-
-		if err := m.LoadOrCreatePinnedMap(pinPath, mapSpec); err != nil {
-			return fmt.Errorf("failed to load map '%s' for sensor '%s': %w", m.Name, s.Name, err)
-		}
-
-		l.WithFields(logrus.Fields{
-			"sensor": s.Name,
-			"map":    m.Name,
-			"path":   pinPath,
-			"max":    m.Entries,
-		}).Info("tetragon, map loaded.")
-	}
-
-	return nil
-}
-
 func mergeSensors(sensors []*Sensor) *Sensor {
 	var progs []*program.Program
 	var maps []*program.Map
diff --git a/pkg/sensors/program/loader.go b/pkg/sensors/program/loader.go
index b904f2b1334..36ef61c2c68 100644
--- a/pkg/sensors/program/loader.go
+++ b/pkg/sensors/program/loader.go
@@ -863,6 +863,26 @@ func doLoadProgram(
 	}
 	defer coll.Close()
 
+	// Pin all requested maps
+	for name, m := range coll.Maps {
+		// Is the map refferenced by program
+		if _, ok := refMaps[name]; !ok {
+			continue
+		}
+		// Is the map already pinned
+		if _, ok := pinnedMaps[name]; ok {
+			continue
+		}
+		// Do we want the map to be pinned?
+		pm, ok := load.PinMap[name]
+		if !ok {
+			continue
+		}
+		if err := pm.CloneAndPin(bpfDir, m); err != nil {
+			return nil, fmt.Errorf("map pinning failed: %s", err)
+		}
+	}
+
 	err = installTailCalls(bpfDir, spec, coll, load)
 	if err != nil {
 		return nil, fmt.Errorf("installing tail calls failed: %s", err)
diff --git a/pkg/sensors/program/map.go b/pkg/sensors/program/map.go
index e7c17bfdcc7..6d005e413c3 100644
--- a/pkg/sensors/program/map.go
+++ b/pkg/sensors/program/map.go
@@ -153,6 +153,21 @@ func (m *Map) LoadOrCreatePinnedMap(pinPath string, mapSpec *ebpf.MapSpec) error
 	return nil
 }
 
+func (m *Map) CloneAndPin(bpfDir string, handle *ebpf.Map) error {
+	var err error
+
+	m.MapHandle, err = handle.Clone()
+	if err != nil {
+		return fmt.Errorf("failed to clone map '%s': %w", m.Name, err)
+	}
+	pinPath := filepath.Join(bpfDir, m.PinName)
+	if err = m.MapHandle.Pin(pinPath); err != nil {
+		return fmt.Errorf("failed to pin to %s: %w", pinPath, err)
+	}
+	m.PinState.RefInc()
+	return nil
+}
+
 func isValidSubdir(d string) bool {
 	dir := filepath.Base(d)
 	return dir != "." && dir != ".."