-
Notifications
You must be signed in to change notification settings - Fork 349
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tetragon: get rid of some programs #1783
Conversation
✅ Deploy Preview for tetragon ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
2e9021b
to
93512be
Compare
8af5ffc
to
c20789f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice cleanup!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great work! LGTM , updating the comment would be perfect
bpf/process/bpf_generic_kprobe.c
Outdated
@@ -229,51 +230,15 @@ generic_kprobe_process_filter(void *ctx) | |||
// see also: MIN_FILTER_TAILCALL, MAX_FILTER_TAILCALL |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Jiri I would just remove the comment above about kprobe indexes or update it... also probably same for MIN_FILTER_TAILCALL or remove it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ah, right, will remove that
bpf/process/types/basic.h
Outdated
tail_call(ctx, tailcalls, MIN_FILTER_TAILCALL + index); | ||
if (index <= MAX_SELECTORS && e->sel.active[index & 7]) { | ||
e->index = index; | ||
tail_call(ctx, tailcalls, MIN_FILTER_TAILCALL); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Another thing it would be readable for new comers if the programs are identified by constant during the tail_call(), or an enum with a max as _MAX_TG_TAIL_CALL_INDEX. Please note no strong opinion, just to make tail_call readable ;-)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
good idea, enum values should be better I think
c20789f
to
774d6d5
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the cleanup!
LGTM, but I have some suggestions.
774d6d5
to
de76d92
Compare
The pass in msg_selector_data is treated as bool value, make it one then. Signed-off-by: Jiri Olsa <jolsa@kernel.org>
There's no need to keep separate kprobe programs for each filter_read_argX call, we can just tail call into single program with increased index. The number of loaded programs gets reduced, so we need to fix TestLoad* tests as well. Signed-off-by: Jiri Olsa <jolsa@kernel.org>
There's no need to keep separate kprobe programs for each generic_kprobe_process_event4X call, we can just tail call into single program with increased index. The number of loaded programs gets reduced, so we need to fix TestLoad* tests as well. I had to add several &= masks to make it verifiable under 5.4, can't find better solution yet. Signed-off-by: Jiri Olsa <jolsa@kernel.org>
Adding TAIL_CALL_* enum values to identify tail calls for generic probes and make it more human friendly. Suggested-by: Djalal Harouni <tixxdz@gmail.com> Signed-off-by: Jiri Olsa <jolsa@kernel.org>
de76d92
to
8f15a30
Compare
There's no need for having separate programs for generic_kprobe_filter_arg* and
generic_kprobe_process_event* function, we can have just one instance called
recursively by tail jump.
b4:
after: