tetragon: Limit max entries of cgroup_rate_map when it's not used

It's not needed when the feature is disabled. Signed-off-by: Jiri Olsa <[email protected]>
cilium · Jun 13, 2024 · 7c5848d · 7c5848d
1 parent 4877cfd
commit 7c5848d
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 5 deletions.
diff --git a/bpf/process/bpf_rate.h b/bpf/process/bpf_rate.h
@@ -27,7 +27,7 @@ struct cgroup_rate_options {
 
 struct {
 	__uint(type, BPF_MAP_TYPE_PERCPU_HASH);
-	__uint(max_entries, 32768);
+	__uint(max_entries, 1);
 	__type(key, struct cgroup_rate_key);
 	__type(value, struct cgroup_rate_value);
 } cgroup_rate_map SEC(".maps");

diff --git a/cmd/tetragon/main.go b/cmd/tetragon/main.go
@@ -447,6 +447,8 @@ func tetragonExecute() error {
 
 	obs.LogPinnedBpf(observerDir)
 
+	base.ConfigCgroupRate(&option.Config.CgroupRate)
+
 	// load base sensor
 	initialSensor := base.GetInitialSensor()
 	if err := initialSensor.Load(observerDir); err != nil {
@@ -456,7 +458,7 @@ func tetragonExecute() error {
 		initialSensor.Unload()
 	}()
 
-	cgrouprate.NewCgroupRate(ctx, pm, base.CgroupRateMap, &option.Config.CgroupRate)
+	cgrouprate.NewCgroupRate(ctx, pm, base.CgroupRateMapExec, &option.Config.CgroupRate)
 	cgrouprate.Config(base.CgroupRateOptionsMap)
 
 	// now that the base sensor was loaded, we can start the sensor manager

diff --git a/pkg/observer/observertesthelper/observer_test_helper.go b/pkg/observer/observertesthelper/observer_test_helper.go
@@ -440,7 +440,7 @@ func loadExporter(tb testing.TB, ctx context.Context, obs *observer.Observer, op
 		obs.RemoveListener(processManager)
 	})
 
-	cgrouprate.NewCgroupRate(ctx, processManager, base.CgroupRateMap, &option.Config.CgroupRate)
+	cgrouprate.NewCgroupRate(ctx, processManager, base.CgroupRateMapExec, &option.Config.CgroupRate)
 	return nil
 }
 

diff --git a/pkg/sensors/base/base.go b/pkg/sensors/base/base.go
@@ -15,6 +15,10 @@ import (
 	"github.com/cilium/tetragon/pkg/sensors/program"
 )
 
+const (
+	hasMapMaxEntries = 32768 // this value could be fine tuned
+)
+
 var (
 	Execve = program.Builder(
 		ExecObj(),
@@ -73,7 +77,10 @@ var (
 	StatsMap           = program.MapBuilder("tg_stats_map", Execve)
 
 	/* Cgroup rate data, attached to execve sensor */
-	CgroupRateMap        = program.MapBuilder("cgroup_rate_map", Execve)
+	CgroupRateMapExec    = program.MapBuilder("cgroup_rate_map", Execve)
+	CgroupRateMapExit    = program.MapBuilder("cgroup_rate_map", Exit)
+	CgroupRateMapFork    = program.MapBuilder("cgroup_rate_map", Fork)
+	CgroupRateMapCgroup  = program.MapBuilder("cgroup_rate_map", CgroupRmdir)
 	CgroupRateOptionsMap = program.MapBuilder("cgroup_rate_options_map", Execve)
 
 	sensor = sensors.Sensor{
@@ -144,7 +151,7 @@ func GetDefaultMaps(cgroupRate bool) []*program.Map {
 		StatsMap,
 	}
 	if cgroupRate {
-		maps = append(maps, CgroupRateMap, CgroupRateOptionsMap)
+		maps = append(maps, CgroupRateMapExec, CgroupRateOptionsMap)
 	}
 	return maps
 
@@ -180,3 +187,14 @@ func ExecObj() string {
 	}
 	return "bpf_execve_event.o"
 }
+
+func ConfigCgroupRate(opts *option.CgroupRate) {
+	if opts.Events == 0 || opts.Interval == 0 {
+		return
+	}
+
+	CgroupRateMapExec.SetMaxEntries(hasMapMaxEntries)
+	CgroupRateMapExit.SetMaxEntries(hasMapMaxEntries)
+	CgroupRateMapFork.SetMaxEntries(hasMapMaxEntries)
+	CgroupRateMapCgroup.SetMaxEntries(hasMapMaxEntries)
+}