From 6ed124a93fb81adb2ce2409f2579772b71b0d1e8 Mon Sep 17 00:00:00 2001 From: Jiri Olsa Date: Fri, 10 Jan 2025 11:26:45 +0000 Subject: [PATCH] tetragon: Pass execve_map_value directly to match_binaries Passing execve_map_value directly to match_binaries to eliminate superfluous event_find_curr in it. Signed-off-by: Jiri Olsa --- bpf/process/pfilter.h | 2 +- bpf/process/types/basic.h | 12 ++---------- 2 files changed, 3 insertions(+), 11 deletions(-) diff --git a/bpf/process/pfilter.h b/bpf/process/pfilter.h index bdd90b7f930..bbdf7adbbbe 100644 --- a/bpf/process/pfilter.h +++ b/bpf/process/pfilter.h @@ -409,7 +409,7 @@ selector_process_filter(__u32 *f, __u32 index, struct execve_map_value *enter, __u64 i; /* Do binary filter first for selector index */ - if (!match_binaries(index)) + if (!match_binaries(index, enter)) return 0; /* Find selector offset byte index */ diff --git a/bpf/process/types/basic.h b/bpf/process/types/basic.h index 5cea0a7c505..84ef549480e 100644 --- a/bpf/process/types/basic.h +++ b/bpf/process/types/basic.h @@ -1543,11 +1543,9 @@ struct { }); } tg_mb_paths SEC(".maps"); -FUNC_INLINE int match_binaries(__u32 selidx) +FUNC_INLINE int match_binaries(__u32 selidx, struct execve_map_value *current) { - struct execve_map_value *current; - __u32 ppid; - bool walker, match = 0; + bool match = 0; void *path_map; __u8 *found_key; #ifdef __LARGE_BPF_PROG @@ -1567,12 +1565,6 @@ FUNC_INLINE int match_binaries(__u32 selidx) if (selector_options->op == op_filter_none) return 1; // matchBinaries selector is empty <=> match - current = event_find_curr(&ppid, &walker); - if (!current) { - // this should not happen, it means that the process was missed when - // scanning /proc for process that started before and after tetragon - return 0; - } if (current->bin.path_length < 0) { // something wrong happened when copying the filename to execve_map return 0;