Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tetragon: Use execve_map_get_noinit cgroup related code #984

Merged
merged 1 commit into from May 18, 2023
Merged

tetragon: Use execve_map_get_noinit cgroup related code #984

merged 1 commit into from May 18, 2023

Conversation

olsajiri
Copy link
Contributor

@olsajiri olsajiri commented May 9, 2023
edited

hunt for execve_map leak showed few places that use
execve_map_get instead of execve_map_get_noinit.

Even though it did not turn out to be the source of the leak,
we should use execve_map_get_noinit calls.

The execve_map_get is used only by fork sensor to create the
stat record.

@olsajiri olsajiri changed the title check tetragon: Use execve_map_get_noinit cgroup related code May 15, 2023
@olsajiri
tetragon: Use execve_map_get_noinit cgroup related code
78adfec 
Recent hunt for execve_map leak showed few places that use
execve_map_get instead of execve_map_get_noinit.

Even though it did not turn out to be the source of the leak,
we should use execve_map_get_noinit calls.

The execve_map_get is used only by fork sensor to create the
stat record.

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
@netlify
Copy link

netlify bot commented May 15, 2023

Deploy Preview for tetragon ready!

Name Link
🔨 Latest commit 78adfec
🔍 Latest deploy log https://app.netlify.com/sites/tetragon/deploys/64620fc83761580008071887
😎 Deploy Preview https://deploy-preview-984--tetragon.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site settings.

tpapagian
tpapagian approved these changes May 15, 2023
View reviewed changes
Copy link
Member

@tpapagian tpapagian left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

@olsajiri olsajiri marked this pull request as ready for review May 15, 2023 12:01
@olsajiri olsajiri requested a review from a team as a code owner May 15, 2023 12:01
tixxdz
tixxdz approved these changes May 15, 2023
View reviewed changes
Copy link
Member

@tixxdz tixxdz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @olsajiri !

I wonder if we could somehow compute the entries from /proc at startup they are pushed to bpf, so use the all value of execve_map_stats then with execve event, then correlate this with user space process cache

Seems we don't decrement the execve_map_stats counter on process exit ?! anyway not related here

@jrfastab jrfastab merged commit 6a79e0e into cilium:main May 18, 2023
22 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tpapagian tpapagian tpapagian approved these changes

@tixxdz tixxdz tixxdz approved these changes

@kkourt kkourt Awaiting requested review from kkourt

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@olsajiri @tpapagian @tixxdz @jrfastab