Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
tetragon: Limit max entries of cgroup_rate_map when it's not used
Browse files Browse the repository at this point in the history
It's not needed when the feature is disabled.

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
olsajiri committed Jun 13, 2024
1 parent 4877cfd commit bfdc038
Showing 3 changed files with 24 additions and 4 deletions.
2 changes: 1 addition & 1 deletion bpf/process/bpf_rate.h
Original file line number Diff line number Diff line change
@@ -27,7 +27,7 @@ struct cgroup_rate_options {

struct {
__uint(type, BPF_MAP_TYPE_PERCPU_HASH);
__uint(max_entries, 32768);
__uint(max_entries, 1);
__type(key, struct cgroup_rate_key);
__type(value, struct cgroup_rate_value);
} cgroup_rate_map SEC(".maps");
4 changes: 3 additions & 1 deletion cmd/tetragon/main.go
Original file line number Diff line number Diff line change
@@ -447,6 +447,8 @@ func tetragonExecute() error {

obs.LogPinnedBpf(observerDir)

base.ConfigCgroupRate(&option.Config.CgroupRate)

// load base sensor
initialSensor := base.GetInitialSensor()
if err := initialSensor.Load(observerDir); err != nil {
@@ -456,7 +458,7 @@ func tetragonExecute() error {
initialSensor.Unload()
}()

cgrouprate.NewCgroupRate(ctx, pm, base.CgroupRateMap, &option.Config.CgroupRate)
cgrouprate.NewCgroupRate(ctx, pm, base.CgroupRateMapExec, &option.Config.CgroupRate)
cgrouprate.Config(base.CgroupRateOptionsMap)

// now that the base sensor was loaded, we can start the sensor manager
22 changes: 20 additions & 2 deletions pkg/sensors/base/base.go
Original file line number Diff line number Diff line change
@@ -15,6 +15,10 @@ import (
"github.com/cilium/tetragon/pkg/sensors/program"
)

const (
hasMapMaxEntries = 32768 // this value could be fine tuned
)

var (
Execve = program.Builder(
ExecObj(),
@@ -73,7 +77,10 @@ var (
StatsMap = program.MapBuilder("tg_stats_map", Execve)

/* Cgroup rate data, attached to execve sensor */
CgroupRateMap = program.MapBuilder("cgroup_rate_map", Execve)
CgroupRateMapExec = program.MapBuilder("cgroup_rate_map", Execve)
CgroupRateMapExit = program.MapBuilder("cgroup_rate_map", Exit)
CgroupRateMapFork = program.MapBuilder("cgroup_rate_map", Fork)
CgroupRateMapCgroup = program.MapBuilder("cgroup_rate_map", CgroupRmdir)
CgroupRateOptionsMap = program.MapBuilder("cgroup_rate_options_map", Execve)

sensor = sensors.Sensor{
@@ -144,7 +151,7 @@ func GetDefaultMaps(cgroupRate bool) []*program.Map {
StatsMap,
}
if cgroupRate {
maps = append(maps, CgroupRateMap, CgroupRateOptionsMap)
maps = append(maps, CgroupRateMapExec, CgroupRateOptionsMap)
}
return maps

@@ -180,3 +187,14 @@ func ExecObj() string {
}
return "bpf_execve_event.o"
}

func ConfigCgroupRate(opts *option.CgroupRate) {
if opts.Events == 0 || opts.Interval == 0 {
return
}

CgroupRateMapExec.SetMaxEntries(hasMapMaxEntries)
CgroupRateMapExit.SetMaxEntries(hasMapMaxEntries)
CgroupRateMapFork.SetMaxEntries(hasMapMaxEntries)
CgroupRateMapCgroup.SetMaxEntries(hasMapMaxEntries)
}

0 comments on commit bfdc038

Please sign in to comment.