From 7c5848d4c9898d3686def5da3c408c1c5fb55c01 Mon Sep 17 00:00:00 2001 From: Jiri Olsa Date: Thu, 13 Jun 2024 21:18:53 +0000 Subject: [PATCH] tetragon: Limit max entries of cgroup_rate_map when it's not used It's not needed when the feature is disabled. Signed-off-by: Jiri Olsa --- bpf/process/bpf_rate.h | 2 +- cmd/tetragon/main.go | 4 +++- .../observer_test_helper.go | 2 +- pkg/sensors/base/base.go | 22 +++++++++++++++++-- 4 files changed, 25 insertions(+), 5 deletions(-) diff --git a/bpf/process/bpf_rate.h b/bpf/process/bpf_rate.h index 1a84162b772..151bfb79b7a 100644 --- a/bpf/process/bpf_rate.h +++ b/bpf/process/bpf_rate.h @@ -27,7 +27,7 @@ struct cgroup_rate_options { struct { __uint(type, BPF_MAP_TYPE_PERCPU_HASH); - __uint(max_entries, 32768); + __uint(max_entries, 1); __type(key, struct cgroup_rate_key); __type(value, struct cgroup_rate_value); } cgroup_rate_map SEC(".maps"); diff --git a/cmd/tetragon/main.go b/cmd/tetragon/main.go index 2e673be21a4..2a4304df809 100644 --- a/cmd/tetragon/main.go +++ b/cmd/tetragon/main.go @@ -447,6 +447,8 @@ func tetragonExecute() error { obs.LogPinnedBpf(observerDir) + base.ConfigCgroupRate(&option.Config.CgroupRate) + // load base sensor initialSensor := base.GetInitialSensor() if err := initialSensor.Load(observerDir); err != nil { @@ -456,7 +458,7 @@ func tetragonExecute() error { initialSensor.Unload() }() - cgrouprate.NewCgroupRate(ctx, pm, base.CgroupRateMap, &option.Config.CgroupRate) + cgrouprate.NewCgroupRate(ctx, pm, base.CgroupRateMapExec, &option.Config.CgroupRate) cgrouprate.Config(base.CgroupRateOptionsMap) // now that the base sensor was loaded, we can start the sensor manager diff --git a/pkg/observer/observertesthelper/observer_test_helper.go b/pkg/observer/observertesthelper/observer_test_helper.go index 9c3e0b08917..eed7f5aa829 100644 --- a/pkg/observer/observertesthelper/observer_test_helper.go +++ b/pkg/observer/observertesthelper/observer_test_helper.go @@ -440,7 +440,7 @@ func loadExporter(tb testing.TB, ctx context.Context, obs *observer.Observer, op obs.RemoveListener(processManager) }) - cgrouprate.NewCgroupRate(ctx, processManager, base.CgroupRateMap, &option.Config.CgroupRate) + cgrouprate.NewCgroupRate(ctx, processManager, base.CgroupRateMapExec, &option.Config.CgroupRate) return nil } diff --git a/pkg/sensors/base/base.go b/pkg/sensors/base/base.go index 36fae85eed1..27de932b695 100644 --- a/pkg/sensors/base/base.go +++ b/pkg/sensors/base/base.go @@ -15,6 +15,10 @@ import ( "github.com/cilium/tetragon/pkg/sensors/program" ) +const ( + hasMapMaxEntries = 32768 // this value could be fine tuned +) + var ( Execve = program.Builder( ExecObj(), @@ -73,7 +77,10 @@ var ( StatsMap = program.MapBuilder("tg_stats_map", Execve) /* Cgroup rate data, attached to execve sensor */ - CgroupRateMap = program.MapBuilder("cgroup_rate_map", Execve) + CgroupRateMapExec = program.MapBuilder("cgroup_rate_map", Execve) + CgroupRateMapExit = program.MapBuilder("cgroup_rate_map", Exit) + CgroupRateMapFork = program.MapBuilder("cgroup_rate_map", Fork) + CgroupRateMapCgroup = program.MapBuilder("cgroup_rate_map", CgroupRmdir) CgroupRateOptionsMap = program.MapBuilder("cgroup_rate_options_map", Execve) sensor = sensors.Sensor{ @@ -144,7 +151,7 @@ func GetDefaultMaps(cgroupRate bool) []*program.Map { StatsMap, } if cgroupRate { - maps = append(maps, CgroupRateMap, CgroupRateOptionsMap) + maps = append(maps, CgroupRateMapExec, CgroupRateOptionsMap) } return maps @@ -180,3 +187,14 @@ func ExecObj() string { } return "bpf_execve_event.o" } + +func ConfigCgroupRate(opts *option.CgroupRate) { + if opts.Events == 0 || opts.Interval == 0 { + return + } + + CgroupRateMapExec.SetMaxEntries(hasMapMaxEntries) + CgroupRateMapExit.SetMaxEntries(hasMapMaxEntries) + CgroupRateMapFork.SetMaxEntries(hasMapMaxEntries) + CgroupRateMapCgroup.SetMaxEntries(hasMapMaxEntries) +}