tetragon: Pass selector_filter to process_filter callback

bpf_generic_kprobe_v61.o.csv: Program Insns (A) Insns (B) Insns (DIFF) States (A) States (B) States (DIFF) ----------------------------- --------- --------- ---------------- ---------- ---------- --------------- generic_fmodret_override 18 18 +0 (+0.00%) 2 2 +0 (+0.00%) generic_kprobe_actions 27387 27387 +0 (+0.00%) 993 993 +0 (+0.00%) generic_kprobe_event 357 357 +0 (+0.00%) 26 26 +0 (+0.00%) generic_kprobe_filter_arg 167281 167281 +0 (+0.00%) 5409 5409 +0 (+0.00%) generic_kprobe_output 281 281 +0 (+0.00%) 21 21 +0 (+0.00%) generic_kprobe_override 20 20 +0 (+0.00%) 2 2 +0 (+0.00%) generic_kprobe_process_event 27264 27264 +0 (+0.00%) 773 773 +0 (+0.00%) generic_kprobe_process_filter 178641 145524 -33117 (-18.54%) 7346 5477 -1869 (-25.44%) generic_kprobe_setup_event 27430 27430 +0 (+0.00%) 782 782 +0 (+0.00%) similar stats for bpf_generic_tracepoint_v61.o bpf_generic_uprobe_v61.o bpf_multi_kprobe_v61.o bpf_multi_uprobe_v61.o Signed-off-by: Jiri Olsa <[email protected]>
cilium · May 23, 2024 · 8e3cdc5 · 8e3cdc5
1 parent 69baec3
commit 8e3cdc5
Showing 1 changed file with 20 additions and 17 deletions.
diff --git a/bpf/process/pfilter.h b/bpf/process/pfilter.h
@@ -108,12 +108,20 @@ FUNC_INLINE int next_pid_value(__u32 off, __u32 *f, __u32 ty)
 	return off + 4;
 }
 
+struct selector_filter {
+	__u64 ty;
+	__u64 flags;
+	__u64 len;
+	__u32 index;
+};
+
 FUNC_INLINE int
-process_filter_pid(__u32 off, __u32 *f, __u64 ty, __u64 flags,
+process_filter_pid(struct selector_filter *sf, __u32 *f,
 		   struct execve_map_value *enter, struct msg_ns *n,
 		   struct msg_capabilities *c)
 {
-	__u32 sel;
+	__u32 sel, off = sf->index;
+	__u64 flags = sf->flags;
 	__u64 pid;
 
 	if (flags & PID_SELECTOR_FLAG_NSPID) {
@@ -131,15 +139,18 @@ process_filter_pid(__u32 off, __u32 *f, __u64 ty, __u64 flags,
 			     :);
 		sel = f[o];
 	}
-	return __process_filter_pid(ty, flags, sel, pid, enter);
+	return __process_filter_pid(sf->ty, sf->flags, sel, pid, enter);
 }
 
 FUNC_INLINE int
-process_filter_namespace(__u32 off, __u32 *f, __u64 ty, __u64 nsid,
+process_filter_namespace(struct selector_filter *sf, __u32 *f,
 			 struct execve_map_value *enter, struct msg_ns *n,
 			 struct msg_capabilities *c)
 {
+	__u64 nsid = sf->flags;
+	__u32 off = sf->index;
 	__u32 sel, inum = 0;
+	__u64 ty = sf->ty;
 
 	if (off > 1000)
 		sel = 0;
@@ -288,24 +299,16 @@ process_filter_capability_change(__u32 ty, __u32 op, __u32 ns, __u64 val,
 
 #define MAX_SELECTOR_VALUES 4
 
-struct selector_filter {
-	__u64 ty;
-	__u64 flags;
-	__u64 len;
-	__u32 index;
-};
-
 FUNC_INLINE int
 selector_match(__u32 *f, struct selector_filter *sel,
 	       struct execve_map_value *enter,
 	       struct msg_generic_kprobe *msg,
-	       int (*process_filter)(__u32, __u32 *, __u64, __u64,
+	       int (*process_filter)(struct selector_filter *, __u32 *,
 				     struct execve_map_value *, struct msg_ns *,
 				     struct msg_capabilities *))
 {
 	int res1 = 0, res2 = 0, res3 = 0, res4 = 0;
 	__u32 index = sel->index;
-	__u64 flags = sel->flags;
 	__u64 len = sel->len;
 	__u64 ty = sel->ty;
 
@@ -330,16 +333,16 @@ selector_match(__u32 *f, struct selector_filter *sel,
 	else if (len == 1)
 		goto one;
 four:
-	res4 = process_filter(index, f, ty, flags, enter, &msg->ns, &msg->caps);
+	res4 = process_filter(sel, f, enter, &msg->ns, &msg->caps);
 	index = next_pid_value(index, f, ty);
 three:
-	res3 = process_filter(index, f, ty, flags, enter, &msg->ns, &msg->caps);
+	res3 = process_filter(sel, f, enter, &msg->ns, &msg->caps);
 	index = next_pid_value(index, f, ty);
 two:
-	res2 = process_filter(index, f, ty, flags, enter, &msg->ns, &msg->caps);
+	res2 = process_filter(sel, f, enter, &msg->ns, &msg->caps);
 	index = next_pid_value(index, f, ty);
 one:
-	res1 = process_filter(index, f, ty, flags, enter, &msg->ns, &msg->caps);
+	res1 = process_filter(sel, f, enter, &msg->ns, &msg->caps);
 	index = next_pid_value(index, f, ty);
 
 	if (ty == op_filter_notin)