diff --git a/pkg/sensors/base/base.go b/pkg/sensors/base/base.go index 34afc2d48c9..8193b758a7b 100644 --- a/pkg/sensors/base/base.go +++ b/pkg/sensors/base/base.go @@ -64,26 +64,26 @@ var ( ).SetPolicy(basePolicy) /* Event Ring map */ - TCPMonMap = program.MapBuilder("tcpmon_map", Execve) + TCPMonMap = program.MapBuilder("tcpmon_map", Execve, Exit, Fork) /* Networking and Process Monitoring maps */ - ExecveMap = program.MapBuilder("execve_map", Execve) + ExecveMap = program.MapBuilder("execve_map", Execve, Exit, Fork, ExecveBprmCommit) ExecveTailCallsMap = program.MapBuilderPin("execve_calls", "execve_calls", Execve) - ExecveJoinMap = program.MapBuilder("tg_execve_joined_info_map", ExecveBprmCommit) + ExecveJoinMap = program.MapBuilder("tg_execve_joined_info_map", Execve, Exit, Fork, ExecveBprmCommit) /* Tetragon runtime configuration */ - TetragonConfMap = program.MapBuilder("tg_conf_map", Execve) + TetragonConfMap = program.MapBuilder("tg_conf_map", Execve, Exit, Fork) /* Internal statistics for debugging */ - ExecveStats = program.MapBuilder("execve_map_stats", Execve) - ExecveJoinMapStats = program.MapBuilder("tg_execve_joined_info_map_stats", ExecveBprmCommit) - StatsMap = program.MapBuilder("tg_stats_map", Execve) + ExecveStats = program.MapBuilder("execve_map_stats", Execve, Exit, Fork) + ExecveJoinMapStats = program.MapBuilder("tg_execve_joined_info_map_stats", Execve, Exit, Fork, ExecveBprmCommit) + StatsMap = program.MapBuilder("tg_stats_map", Execve, Exit, Fork) /* Cgroup rate data, attached to execve sensor */ CgroupRateMap = program.MapBuilder("cgroup_rate_map", Execve, Exit, Fork, CgroupRmdir) - CgroupRateOptionsMap = program.MapBuilder("cgroup_rate_options_map", Execve) + CgroupRateOptionsMap = program.MapBuilder("cgroup_rate_options_map", Execve, Exit, Fork) - MatchBinariesSetMap = program.MapBuilder(mbset.MapName, Execve) + MatchBinariesSetMap = program.MapBuilder(mbset.MapName, Execve, Exit, Fork) sensor = sensors.Sensor{ Name: basePolicy, @@ -169,7 +169,6 @@ func GetInitialSensor() *sensors.Sensor { sensorInit.Do(func() { setupPrograms() sensor.Progs = GetDefaultPrograms(option.CgroupRateEnabled()) - sensor.Maps = GetDefaultMaps(option.CgroupRateEnabled()) }) return &sensor } @@ -178,7 +177,6 @@ func GetInitialSensorTest() *sensors.Sensor { sensorTestInit.Do(func() { setupPrograms() sensorTest.Progs = GetDefaultPrograms(true) - sensorTest.Maps = GetDefaultMaps(true) }) return &sensorTest } diff --git a/pkg/sensors/load.go b/pkg/sensors/load.go index 87bb1c7cc56..b57886598e0 100644 --- a/pkg/sensors/load.go +++ b/pkg/sensors/load.go @@ -7,10 +7,8 @@ import ( "fmt" "os" "path" - "path/filepath" "strings" - "github.com/cilium/ebpf" cachedbtf "github.com/cilium/tetragon/pkg/btf" "github.com/cilium/tetragon/pkg/kernels" "github.com/cilium/tetragon/pkg/logger" @@ -93,10 +91,6 @@ func (s *Sensor) Load(bpfDir string) error { return fmt.Errorf("tetragon, aborting could not find BPF programs: %w", err) } - if err := s.loadMaps(bpfDir); err != nil { - return fmt.Errorf("tetragon, aborting could not load sensor BPF maps: %w", err) - } - for _, p := range s.Progs { if p.LoadState.IsLoaded() { l.WithField("prog", p.Name).Info("BPF prog is already loaded, incrementing reference count") @@ -113,7 +107,6 @@ func (s *Sensor) Load(bpfDir string) error { // Add the *loaded* programs and maps, so they can be unloaded later progsAdd(s.Progs) - AllMaps = append(AllMaps, s.Maps...) l.WithField("sensor", s.Name).Infof("Loaded BPF maps and events for sensor successfully") s.Loaded = true @@ -136,9 +129,11 @@ func (s *Sensor) Unload() error { unloadProgram(p) } - for _, m := range s.Maps { - if err := m.Unload(); err != nil { - logger.GetLogger().WithError(err).WithField("map", s.Name).Warn("Failed to unload map") + for _, p := range s.Progs { + for name, m := range p.PinMap { + if err := m.Unload(); err != nil { + logger.GetLogger().WithError(err).WithField("map", name).Warn("Failed to unload map") + } } } @@ -200,76 +195,24 @@ func (s *Sensor) FindPrograms() error { if err := s.findProgram(p); err != nil { return err } - } - for _, m := range s.Maps { - if err := s.findProgram(m.Prog); err != nil { - return err - } - } - return nil -} - -// loadMaps loads all the BPF maps in the sensor. -func (s *Sensor) loadMaps(bpfDir string) error { - l := logger.GetLogger() - for _, m := range s.Maps { - if m.PinState.IsLoaded() { - l.WithFields(logrus.Fields{ - "sensor": s.Name, - "map": m.Name, - }).Info("map is already loaded, incrementing reference count") - m.PinState.RefInc() - continue - } - - pinPath := filepath.Join(bpfDir, m.PinName) - - spec, err := ebpf.LoadCollectionSpec(m.Prog.Name) - if err != nil { - return fmt.Errorf("failed to open collection '%s': %w", m.Prog.Name, err) - } - mapSpec, ok := spec.Maps[m.Name] - if !ok { - return fmt.Errorf("map '%s' not found from '%s'", m.Name, m.Prog.Name) - } - - if max, ok := m.GetMaxEntries(); ok { - mapSpec.MaxEntries = max - } - - if innerMax, ok := m.GetMaxInnerEntries(); ok { - if innerMs := mapSpec.InnerMap; innerMs != nil { - mapSpec.InnerMap.MaxEntries = innerMax + for _, m := range p.PinMap { + if err := s.findProgram(m.Prog); err != nil { + return err } } - - if err := m.LoadOrCreatePinnedMap(pinPath, mapSpec); err != nil { - return fmt.Errorf("failed to load map '%s' for sensor '%s': %w", m.Name, s.Name, err) - } - - l.WithFields(logrus.Fields{ - "sensor": s.Name, - "map": m.Name, - "path": pinPath, - "max": m.Entries, - }).Info("tetragon, map loaded.") } - return nil } func mergeSensors(sensors []*Sensor) *Sensor { var progs []*program.Program - var maps []*program.Map for _, s := range sensors { progs = append(progs, s.Progs...) - maps = append(maps, s.Maps...) } return &Sensor{ Name: "__main__", Progs: progs, - Maps: maps, } } @@ -283,7 +226,7 @@ func observerLoadInstance(bpfDir string, load *program.Program) error { l.WithFields(logrus.Fields{ "prog": load.Name, "kern_version": version, - }).Debug("observerLoadInstance", load.Name, version) + }).Debugf("observerLoadInstance %s %d", load.Name, version) if load.Type == "tracepoint" { err = loadInstance(bpfDir, load, version, option.Config.Verbosity) if err != nil { diff --git a/pkg/sensors/program/loader.go b/pkg/sensors/program/loader.go index b904f2b1334..36ef61c2c68 100644 --- a/pkg/sensors/program/loader.go +++ b/pkg/sensors/program/loader.go @@ -863,6 +863,26 @@ func doLoadProgram( } defer coll.Close() + // Pin all requested maps + for name, m := range coll.Maps { + // Is the map refferenced by program + if _, ok := refMaps[name]; !ok { + continue + } + // Is the map already pinned + if _, ok := pinnedMaps[name]; ok { + continue + } + // Do we want the map to be pinned? + pm, ok := load.PinMap[name] + if !ok { + continue + } + if err := pm.CloneAndPin(bpfDir, m); err != nil { + return nil, fmt.Errorf("map pinning failed: %s", err) + } + } + err = installTailCalls(bpfDir, spec, coll, load) if err != nil { return nil, fmt.Errorf("installing tail calls failed: %s", err) diff --git a/pkg/sensors/program/map.go b/pkg/sensors/program/map.go index e7c17bfdcc7..6d005e413c3 100644 --- a/pkg/sensors/program/map.go +++ b/pkg/sensors/program/map.go @@ -153,6 +153,21 @@ func (m *Map) LoadOrCreatePinnedMap(pinPath string, mapSpec *ebpf.MapSpec) error return nil } +func (m *Map) CloneAndPin(bpfDir string, handle *ebpf.Map) error { + var err error + + m.MapHandle, err = handle.Clone() + if err != nil { + return fmt.Errorf("failed to clone map '%s': %w", m.Name, err) + } + pinPath := filepath.Join(bpfDir, m.PinName) + if err = m.MapHandle.Pin(pinPath); err != nil { + return fmt.Errorf("failed to pin to %s: %w", pinPath, err) + } + m.PinState.RefInc() + return nil +} + func isValidSubdir(d string) bool { dir := filepath.Base(d) return dir != "." && dir != ".." diff --git a/pkg/sensors/sensors.go b/pkg/sensors/sensors.go index 4222ae5a691..15c6b82d91a 100644 --- a/pkg/sensors/sensors.go +++ b/pkg/sensors/sensors.go @@ -41,8 +41,6 @@ type Sensor struct { Name string // Progs are all the BPF programs that exist on the filesystem. Progs []*program.Program - // Maps are all the BPF Maps that the progs use. - Maps []*program.Map // Loaded indicates whether the sensor has been Loaded. Loaded bool // Destroyed indicates whether the sensor had been destroyed. @@ -84,19 +82,16 @@ type SensorHook func() error func SensorCombine(name string, sensors ...*Sensor) *Sensor { progs := []*program.Program{} - maps := []*program.Map{} for _, s := range sensors { progs = append(progs, s.Progs...) - maps = append(maps, s.Maps...) } - return SensorBuilder(name, progs, maps) + return SensorBuilder(name, progs) } -func SensorBuilder(name string, p []*program.Program, m []*program.Map) *Sensor { +func SensorBuilder(name string, p []*program.Program) *Sensor { return &Sensor{ Name: name, Progs: p, - Maps: m, } } diff --git a/pkg/sensors/test/cgroups.go b/pkg/sensors/test/cgroups.go index 7c98bb2a40e..b6ac19409de 100644 --- a/pkg/sensors/test/cgroups.go +++ b/pkg/sensors/test/cgroups.go @@ -50,18 +50,10 @@ func getCgroupPrograms() []*program.Program { return progs } -func getCgroupMaps() []*program.Map { - maps := []*program.Map{ - GetCgroupsTrackingMap(), - } - return maps -} - // GetCgroupSensor returns the Cgroups base sensor func GetCgroupSensor() *sensors.Sensor { return &sensors.Sensor{ Name: "test-sensor-cgroups", Progs: getCgroupPrograms(), - Maps: getCgroupMaps(), } } diff --git a/pkg/sensors/test/test.go b/pkg/sensors/test/test.go index 38051b36200..4d4d8f6100c 100644 --- a/pkg/sensors/test/test.go +++ b/pkg/sensors/test/test.go @@ -66,7 +66,6 @@ func GetTestSensor() *sensors.Sensor { sensors.PathJoin(sensorName, "test_lseek_prog"), "tracepoint", )} - maps := []*program.Map{} - sensor := &sensors.Sensor{Name: sensorName, Progs: progs, Maps: maps} + sensor := &sensors.Sensor{Name: sensorName, Progs: progs} return sensor } diff --git a/pkg/sensors/tracing/enforcer.go b/pkg/sensors/tracing/enforcer.go index 1266376dc98..a769e4d406b 100644 --- a/pkg/sensors/tracing/enforcer.go +++ b/pkg/sensors/tracing/enforcer.go @@ -248,7 +248,6 @@ func (kp *enforcerPolicy) createEnforcerSensor( // register enforcer sensor var load *program.Program var progs []*program.Program - var maps []*program.Map specOpts, err := getSpecOptions(opts) if err != nil { return nil, fmt.Errorf("failed to get spec options: %s", err) @@ -318,8 +317,6 @@ func (kp *enforcerPolicy) createEnforcerSensor( enforcerDataMap := enforcerMap(policyName, progs...) enforcerDataMap.SetMaxEntries(enforcerMapMaxEntries) - maps = append(maps, enforcerDataMap) - if ok := kp.enforcerAdd(name, kh); !ok { return nil, fmt.Errorf("failed to add enforcer: '%s'", name) } @@ -329,7 +326,6 @@ func (kp *enforcerPolicy) createEnforcerSensor( return &sensors.Sensor{ Name: "__enforcer__", Progs: progs, - Maps: maps, PostUnloadHook: func() error { if ok := kp.enforcerDel(name); !ok { logger.GetLogger().Infof("Failed to clean up enforcer sensor '%s'", name) diff --git a/pkg/sensors/tracing/generickprobe.go b/pkg/sensors/tracing/generickprobe.go index a4c4fbff7b8..1da5a17ba1c 100644 --- a/pkg/sensors/tracing/generickprobe.go +++ b/pkg/sensors/tracing/generickprobe.go @@ -198,8 +198,7 @@ func getProgramSelector(load *program.Program, kprobeEntry *genericKprobe) *sele return nil } -func filterMaps(load *program.Program, pinPath string, kprobeEntry *genericKprobe) []*program.Map { - var maps []*program.Map +func filterMaps(load *program.Program, pinPath string, kprobeEntry *genericKprobe) { /* * If we got passed genericKprobe != nil we can make selector map fixes @@ -215,7 +214,6 @@ func filterMaps(load *program.Program, pinPath string, kprobeEntry *genericKprob maxEntries := state.ValueMapsMaxEntries() argFilterMaps.SetInnerMaxEntries(maxEntries) } - maps = append(maps, argFilterMaps) addr4FilterMaps := program.MapBuilderPin("addr4lpm_maps", sensors.PathJoin(pinPath, "addr4lpm_maps"), load) if state != nil && !kernels.MinKernelVersion("5.9") { @@ -224,7 +222,6 @@ func filterMaps(load *program.Program, pinPath string, kprobeEntry *genericKprob maxEntries := state.Addr4MapsMaxEntries() addr4FilterMaps.SetInnerMaxEntries(maxEntries) } - maps = append(maps, addr4FilterMaps) addr6FilterMaps := program.MapBuilderPin("addr6lpm_maps", sensors.PathJoin(pinPath, "addr6lpm_maps"), load) if state != nil && !kernels.MinKernelVersion("5.9") { @@ -233,7 +230,6 @@ func filterMaps(load *program.Program, pinPath string, kprobeEntry *genericKprob maxEntries := state.Addr6MapsMaxEntries() addr6FilterMaps.SetInnerMaxEntries(maxEntries) } - maps = append(maps, addr6FilterMaps) var stringFilterMap [selectors.StringMapsNumSubMaps]*program.Map numSubMaps := selectors.StringMapsNumSubMaps @@ -250,7 +246,6 @@ func filterMaps(load *program.Program, pinPath string, kprobeEntry *genericKprob maxEntries := state.StringMapsMaxEntries(string_map_index) stringFilterMap[string_map_index].SetInnerMaxEntries(maxEntries) } - maps = append(maps, stringFilterMap[string_map_index]) } stringPrefixFilterMaps := program.MapBuilderPin("string_prefix_maps", sensors.PathJoin(pinPath, "string_prefix_maps"), load) @@ -260,7 +255,6 @@ func filterMaps(load *program.Program, pinPath string, kprobeEntry *genericKprob maxEntries := state.StringPrefixMapsMaxEntries() stringPrefixFilterMaps.SetInnerMaxEntries(maxEntries) } - maps = append(maps, stringPrefixFilterMaps) stringPostfixFilterMaps := program.MapBuilderPin("string_postfix_maps", sensors.PathJoin(pinPath, "string_postfix_maps"), load) if state != nil && !kernels.MinKernelVersion("5.9") { @@ -269,22 +263,18 @@ func filterMaps(load *program.Program, pinPath string, kprobeEntry *genericKprob maxEntries := state.StringPostfixMapsMaxEntries() stringPostfixFilterMaps.SetInnerMaxEntries(maxEntries) } - maps = append(maps, stringPostfixFilterMaps) - - return maps } -func createMultiKprobeSensor(sensorPath, policyName string, multiIDs []idtable.EntryID, has hasMaps) ([]*program.Program, []*program.Map, error) { +func createMultiKprobeSensor(sensorPath, policyName string, multiIDs []idtable.EntryID, has hasMaps) ([]*program.Program, error) { var multiRetIDs []idtable.EntryID var progs []*program.Program - var maps []*program.Map data := &genericKprobeData{} for _, id := range multiIDs { gk, err := genericKprobeTableGet(id) if err != nil { - return nil, nil, err + return nil, err } if gk.loadArgs.retprobe { multiRetIDs = append(multiRetIDs, id) @@ -322,43 +312,27 @@ func createMultiKprobeSensor(sensorPath, policyName string, multiIDs []idtable.E if has.fdInstall { fdinstall.SetMaxEntries(fdInstallMapMaxEntries) } - maps = append(maps, fdinstall) configMap := program.MapBuilderPin("config_map", sensors.PathJoin(pinPath, "config_map"), load) - maps = append(maps, configMap) - tailCalls := program.MapBuilderPin("kprobe_calls", sensors.PathJoin(pinPath, "kp_calls"), load) - maps = append(maps, tailCalls) - load.SetTailCall("kprobe", tailCalls) filterMap := program.MapBuilderPin("filter_map", sensors.PathJoin(pinPath, "filter_map"), load) - maps = append(maps, filterMap) - - maps = append(maps, filterMaps(load, pinPath, nil)...) - - retProbe := program.MapBuilderPin("retprobe_map", sensors.PathJoin(pinPath, "retprobe_map"), load) - maps = append(maps, retProbe) - - callHeap := program.MapBuilderPin("process_call_heap", sensors.PathJoin(pinPath, "process_call_heap"), load) - maps = append(maps, callHeap) + filterMaps(load, pinPath, nil) - selMatchBinariesMap := program.MapBuilderPin("tg_mb_sel_opts", sensors.PathJoin(pinPath, "tg_mb_sel_opts"), load) - maps = append(maps, selMatchBinariesMap) - - matchBinariesPaths := program.MapBuilderPin("tg_mb_paths", sensors.PathJoin(pinPath, "tg_mb_paths"), load) - maps = append(maps, matchBinariesPaths) + program.MapBuilderPin("retprobe_map", sensors.PathJoin(pinPath, "retprobe_map"), load) + program.MapBuilderPin("process_call_heap", sensors.PathJoin(pinPath, "process_call_heap"), load) + program.MapBuilderPin("tg_mb_sel_opts", sensors.PathJoin(pinPath, "tg_mb_sel_opts"), load) + program.MapBuilderPin("tg_mb_paths", sensors.PathJoin(pinPath, "tg_mb_paths"), load) stackTraceMap := program.MapBuilderPin("stack_trace_map", sensors.PathJoin(pinPath, "stack_trace_map"), load) if has.stackTrace { stackTraceMap.SetMaxEntries(stackTraceMapMaxEntries) } - maps = append(maps, stackTraceMap) data.stackTraceMap = stackTraceMap if kernels.EnableLargeProgs() { - socktrack := program.MapBuilderPin("socktrack_map", sensors.PathJoin(sensorPath, "socktrack_map"), load) - maps = append(maps, socktrack) + program.MapBuilderPin("socktrack_map", sensors.PathJoin(sensorPath, "socktrack_map"), load) } if kernels.EnableLargeProgs() { @@ -366,14 +340,12 @@ func createMultiKprobeSensor(sensorPath, policyName string, multiIDs []idtable.E if has.rateLimit { ratelimitMap.SetMaxEntries(ratelimitMapMaxEntries) } - maps = append(maps, ratelimitMap) } enforcerDataMap := enforcerMap(policyName, load) if has.enforcer { enforcerDataMap.SetMaxEntries(enforcerMapMaxEntries) } - maps = append(maps, enforcerDataMap) filterMap.SetMaxEntries(len(multiIDs)) configMap.SetMaxEntries(len(multiIDs)) @@ -382,7 +354,6 @@ func createMultiKprobeSensor(sensorPath, policyName string, multiIDs []idtable.E if has.override { overrideTasksMap.SetMaxEntries(overrideMapMaxEntries) } - maps = append(maps, overrideTasksMap) if len(multiRetIDs) != 0 { loadret := program.Builder( @@ -396,39 +367,27 @@ func createMultiKprobeSensor(sensorPath, policyName string, multiIDs []idtable.E SetPolicy(policyName) progs = append(progs, loadret) - retProbe := program.MapBuilderPin("retprobe_map", sensors.PathJoin(pinPath, "retprobe_map"), loadret) - maps = append(maps, retProbe) - + program.MapBuilderPin("retprobe_map", sensors.PathJoin(pinPath, "retprobe_map"), loadret) retConfigMap := program.MapBuilderPin("config_map", sensors.PathJoin(pinPath, "retprobe_config_map"), loadret) - maps = append(maps, retConfigMap) - retFilterMap := program.MapBuilderPin("filter_map", sensors.PathJoin(pinPath, "retprobe_filter_map"), loadret) - maps = append(maps, retFilterMap) - maps = append(maps, filterMaps(loadret, pinPath, nil)...) - - callHeap := program.MapBuilderPin("process_call_heap", sensors.PathJoin(pinPath, "process_call_heap"), loadret) - maps = append(maps, callHeap) + filterMaps(loadret, pinPath, nil) + program.MapBuilderPin("process_call_heap", sensors.PathJoin(pinPath, "process_call_heap"), loadret) fdinstall := program.MapBuilderPin("fdinstall_map", sensors.PathJoin(sensorPath, "fdinstall_map"), loadret) if has.fdInstall { fdinstall.SetMaxEntries(fdInstallMapMaxEntries) } - maps = append(maps, fdinstall) - - socktrack := program.MapBuilderPin("socktrack_map", sensors.PathJoin(sensorPath, "socktrack_map"), loadret) - maps = append(maps, socktrack) + program.MapBuilderPin("socktrack_map", sensors.PathJoin(sensorPath, "socktrack_map"), loadret) tailCalls := program.MapBuilderPin("retkprobe_calls", sensors.PathJoin(pinPath, "retprobe-kp_calls"), loadret) - maps = append(maps, tailCalls) - loadret.SetTailCall("kprobe", tailCalls) retConfigMap.SetMaxEntries(len(multiRetIDs)) retFilterMap.SetMaxEntries(len(multiRetIDs)) } - return progs, maps, nil + return progs, nil } // preValidateKprobes pre-validates the semantics and BTF information of a Kprobe spec @@ -594,7 +553,6 @@ func createGenericKprobeSensor( customHandler eventhandler.Handler, ) (*sensors.Sensor, error) { var progs []*program.Program - var maps []*program.Map var ids []idtable.EntryID var useMulti bool var selMaps *selectors.KernelSelectorMaps @@ -649,9 +607,9 @@ func createGenericKprobeSensor( } if useMulti { - progs, maps, err = createMultiKprobeSensor(in.sensorPath, in.policyName, ids, has) + progs, err = createMultiKprobeSensor(in.sensorPath, in.policyName, ids, has) } else { - progs, maps, err = createSingleKprobeSensor(in.sensorPath, ids, has) + progs, err = createSingleKprobeSensor(in.sensorPath, ids, has) } if err != nil { @@ -661,7 +619,6 @@ func createGenericKprobeSensor( return &sensors.Sensor{ Name: name, Progs: progs, - Maps: maps, DestroyHook: func() error { var errs error for _, id := range ids { @@ -888,7 +845,7 @@ func addKprobe(funcName string, f *v1alpha1.KProbeSpec, in *addKprobeIn) (id idt } func createKprobeSensorFromEntry(kprobeEntry *genericKprobe, sensorPath string, - progs []*program.Program, maps []*program.Map, has hasMaps) ([]*program.Program, []*program.Map) { + progs []*program.Program, has hasMaps) []*program.Program { loadProgName, loadProgRetName := kernels.GenericKprobeObjs() isSecurityFunc := strings.HasPrefix(kprobeEntry.funcName, "security_") @@ -914,29 +871,17 @@ func createKprobeSensorFromEntry(kprobeEntry *genericKprobe, sensorPath string, if has.fdInstall { fdinstall.SetMaxEntries(fdInstallMapMaxEntries) } - maps = append(maps, fdinstall) - - configMap := program.MapBuilderPin("config_map", sensors.PathJoin(pinPath, "config_map"), load) - maps = append(maps, configMap) + program.MapBuilderPin("config_map", sensors.PathJoin(pinPath, "config_map"), load) tailCalls := program.MapBuilderPin("kprobe_calls", sensors.PathJoin(pinPath, "kp_calls"), load) - maps = append(maps, tailCalls) - load.SetTailCall("kprobe", tailCalls) - filterMap := program.MapBuilderPin("filter_map", sensors.PathJoin(pinPath, "filter_map"), load) - maps = append(maps, filterMap) - - maps = append(maps, filterMaps(load, pinPath, kprobeEntry)...) - - retProbe := program.MapBuilderPin("retprobe_map", sensors.PathJoin(pinPath, "retprobe_map"), load) - maps = append(maps, retProbe) - - callHeap := program.MapBuilderPin("process_call_heap", sensors.PathJoin(pinPath, "process_call_heap"), load) - maps = append(maps, callHeap) + program.MapBuilderPin("filter_map", sensors.PathJoin(pinPath, "filter_map"), load) + filterMaps(load, pinPath, kprobeEntry) - selMatchBinariesMap := program.MapBuilderPin("tg_mb_sel_opts", sensors.PathJoin(pinPath, "tg_mb_sel_opts"), load) - maps = append(maps, selMatchBinariesMap) + program.MapBuilderPin("retprobe_map", sensors.PathJoin(pinPath, "retprobe_map"), load) + program.MapBuilderPin("process_call_heap", sensors.PathJoin(pinPath, "process_call_heap"), load) + program.MapBuilderPin("tg_mb_sel_opts", sensors.PathJoin(pinPath, "tg_mb_sel_opts"), load) matchBinariesPaths := program.MapBuilderPin("tg_mb_paths", sensors.PathJoin(pinPath, "tg_mb_paths"), load) if !kernels.MinKernelVersion("5.9") { @@ -944,7 +889,6 @@ func createKprobeSensorFromEntry(kprobeEntry *genericKprobe, sensorPath string, // See: https://lore.kernel.org/bpf/20200828011800.1970018-1-kafai@fb.com/ matchBinariesPaths.SetInnerMaxEntries(kprobeEntry.loadArgs.selectors.entry.MatchBinariesPathsMaxEntries()) } - maps = append(maps, matchBinariesPaths) // loading the stack trace map in any case so that it does not end up as an // anonymous map (as it's always used by the BPF prog) and is clearly linked @@ -955,12 +899,10 @@ func createKprobeSensorFromEntry(kprobeEntry *genericKprobe, sensorPath string, // max entry of 1, we need to expand that at loading. stackTraceMap.SetMaxEntries(stackTraceMapMaxEntries) } - maps = append(maps, stackTraceMap) kprobeEntry.data.stackTraceMap = stackTraceMap if kernels.EnableLargeProgs() { - socktrack := program.MapBuilderPin("socktrack_map", sensors.PathJoin(sensorPath, "socktrack_map"), load) - maps = append(maps, socktrack) + program.MapBuilderPin("socktrack_map", sensors.PathJoin(sensorPath, "socktrack_map"), load) } if kernels.EnableLargeProgs() { @@ -970,20 +912,17 @@ func createKprobeSensorFromEntry(kprobeEntry *genericKprobe, sensorPath string, // needed to reduce the memory footprint when unused ratelimitMap.SetMaxEntries(ratelimitMapMaxEntries) } - maps = append(maps, ratelimitMap) } enforcerDataMap := enforcerMap(kprobeEntry.policyName, load) if has.enforcer { enforcerDataMap.SetMaxEntries(enforcerMapMaxEntries) } - maps = append(maps, enforcerDataMap) overrideTasksMap := program.MapBuilderPin("override_tasks", sensors.PathJoin(pinPath, "override_tasks"), load) if has.override { overrideTasksMap.SetMaxEntries(overrideMapMaxEntries) } - maps = append(maps, overrideTasksMap) if kprobeEntry.loadArgs.retprobe { pinRetProg := sensors.PathJoin(pinPath, fmt.Sprintf("%s_ret_prog", kprobeEntry.funcName)) @@ -998,51 +937,39 @@ func createKprobeSensorFromEntry(kprobeEntry *genericKprobe, sensorPath string, SetPolicy(kprobeEntry.policyName) progs = append(progs, loadret) - retProbe := program.MapBuilderPin("retprobe_map", sensors.PathJoin(pinPath, "retprobe_map"), loadret) - maps = append(maps, retProbe) - - retConfigMap := program.MapBuilderPin("config_map", sensors.PathJoin(pinPath, "retprobe_config_map"), loadret) - maps = append(maps, retConfigMap) - + program.MapBuilderPin("retprobe_map", sensors.PathJoin(pinPath, "retprobe_map"), loadret) + program.MapBuilderPin("config_map", sensors.PathJoin(pinPath, "retprobe_config_map"), loadret) tailCalls := program.MapBuilderPin("retkprobe_calls", sensors.PathJoin(pinPath, "retprobe-kp_calls"), loadret) - maps = append(maps, tailCalls) - loadret.SetTailCall("kprobe", tailCalls) - filterMap := program.MapBuilderPin("filter_map", sensors.PathJoin(pinPath, "retkprobe_filter_map"), loadret) - maps = append(maps, filterMap) - - maps = append(maps, filterMaps(loadret, pinPath, kprobeEntry)...) + program.MapBuilderPin("filter_map", sensors.PathJoin(pinPath, "retkprobe_filter_map"), loadret) + filterMaps(loadret, pinPath, kprobeEntry) // add maps with non-default paths (pins) to the retprobe - callHeap := program.MapBuilderPin("process_call_heap", sensors.PathJoin(pinPath, "process_call_heap"), loadret) - maps = append(maps, callHeap) + program.MapBuilderPin("process_call_heap", sensors.PathJoin(pinPath, "process_call_heap"), loadret) fdinstall := program.MapBuilderPin("fdinstall_map", sensors.PathJoin(sensorPath, "fdinstall_map"), loadret) if has.fdInstall { fdinstall.SetMaxEntries(fdInstallMapMaxEntries) } - maps = append(maps, fdinstall) if kernels.EnableLargeProgs() { - socktrack := program.MapBuilderPin("socktrack_map", sensors.PathJoin(sensorPath, "socktrack_map"), loadret) - maps = append(maps, socktrack) + program.MapBuilderPin("socktrack_map", sensors.PathJoin(sensorPath, "socktrack_map"), loadret) } } logger.GetLogger().WithField("override", kprobeEntry.hasOverride). Infof("Added generic kprobe sensor: %s -> %s", load.Name, load.Attach) - return progs, maps + return progs } -func createSingleKprobeSensor(sensorPath string, ids []idtable.EntryID, has hasMaps) ([]*program.Program, []*program.Map, error) { +func createSingleKprobeSensor(sensorPath string, ids []idtable.EntryID, has hasMaps) ([]*program.Program, error) { var progs []*program.Program - var maps []*program.Map for _, id := range ids { gk, err := genericKprobeTableGet(id) if err != nil { - return nil, nil, err + return nil, err } gk.data = &genericKprobeData{} @@ -1051,10 +978,10 @@ func createSingleKprobeSensor(sensorPath string, ids []idtable.EntryID, has hasM has.rateLimit = gk.hasRatelimit has.override = gk.hasOverride - progs, maps = createKprobeSensorFromEntry(gk, sensorPath, progs, maps, has) + progs = createKprobeSensorFromEntry(gk, sensorPath, progs, has) } - return progs, maps, nil + return progs, nil } func getMapLoad(load *program.Program, kprobeEntry *genericKprobe, index uint32) []*program.MapLoad { diff --git a/pkg/sensors/tracing/genericlsm.go b/pkg/sensors/tracing/genericlsm.go index fff5316cd92..1b8d539cdcc 100644 --- a/pkg/sensors/tracing/genericlsm.go +++ b/pkg/sensors/tracing/genericlsm.go @@ -288,7 +288,6 @@ func createGenericLsmSensor( policyName string, ) (*sensors.Sensor, error) { var progs []*program.Program - var maps []*program.Map var ids []idtable.EntryID var selMaps *selectors.KernelSelectorMaps var err error @@ -320,7 +319,7 @@ func createGenericLsmSensor( if err != nil { return nil, err } - progs, maps = createLsmSensorFromEntry(gl, progs, maps) + progs = createLsmSensorFromEntry(gl, progs) } if err != nil { @@ -330,7 +329,6 @@ func createGenericLsmSensor( return &sensors.Sensor{ Name: name, Progs: progs, - Maps: maps, DestroyHook: func() error { var errs error for _, id := range ids { @@ -345,7 +343,7 @@ func createGenericLsmSensor( } func createLsmSensorFromEntry(lsmEntry *genericLsm, - progs []*program.Program, maps []*program.Map) ([]*program.Program, []*program.Map) { + progs []*program.Program) []*program.Program { loadProgName := "bpf_generic_lsm.o" if kernels.EnableV61Progs() { @@ -366,24 +364,16 @@ func createLsmSensorFromEntry(lsmEntry *genericLsm, SetLoaderData(lsmEntry.tableId) progs = append(progs, load) - configMap := program.MapBuilderPin("config_map", sensors.PathJoin(pinPath, "config_map"), load) - maps = append(maps, configMap) + program.MapBuilderPin("config_map", sensors.PathJoin(pinPath, "config_map"), load) tailCalls := program.MapBuilderPin("lsm_calls", sensors.PathJoin(pinPath, "lsm_calls"), load) - maps = append(maps, tailCalls) - load.SetTailCall("lsm", tailCalls) - filterMap := program.MapBuilderPin("filter_map", sensors.PathJoin(pinPath, "filter_map"), load) - maps = append(maps, filterMap) - - maps = append(maps, filterMapsForLsm(load, pinPath, lsmEntry)...) - - callHeap := program.MapBuilderPin("process_call_heap", sensors.PathJoin(pinPath, "process_call_heap"), load) - maps = append(maps, callHeap) + filterMapsForLsm(load, pinPath, lsmEntry) - selMatchBinariesMap := program.MapBuilderPin("tg_mb_sel_opts", sensors.PathJoin(pinPath, "tg_mb_sel_opts"), load) - maps = append(maps, selMatchBinariesMap) + program.MapBuilderPin("filter_map", sensors.PathJoin(pinPath, "filter_map"), load) + program.MapBuilderPin("process_call_heap", sensors.PathJoin(pinPath, "process_call_heap"), load) + program.MapBuilderPin("tg_mb_sel_opts", sensors.PathJoin(pinPath, "tg_mb_sel_opts"), load) matchBinariesPaths := program.MapBuilderPin("tg_mb_paths", sensors.PathJoin(pinPath, "tg_mb_paths"), load) if !kernels.MinKernelVersion("5.9") { @@ -391,16 +381,13 @@ func createLsmSensorFromEntry(lsmEntry *genericLsm, // See: https://lore.kernel.org/bpf/20200828011800.1970018-1-kafai@fb.com/ matchBinariesPaths.SetInnerMaxEntries(lsmEntry.selectors.MatchBinariesPathsMaxEntries()) } - maps = append(maps, matchBinariesPaths) logger.GetLogger(). Infof("Added generic lsm sensor: %s -> %s", load.Name, load.Attach) - return progs, maps + return progs } -func filterMapsForLsm(load *program.Program, pinPath string, lsmEntry *genericLsm) []*program.Map { - var maps []*program.Map - +func filterMapsForLsm(load *program.Program, pinPath string, lsmEntry *genericLsm) { argFilterMaps := program.MapBuilderPin("argfilter_maps", sensors.PathJoin(pinPath, "argfilter_maps"), load) if !kernels.MinKernelVersion("5.9") { // Versions before 5.9 do not allow inner maps to have different sizes. @@ -408,7 +395,6 @@ func filterMapsForLsm(load *program.Program, pinPath string, lsmEntry *genericLs maxEntries := lsmEntry.selectors.ValueMapsMaxEntries() argFilterMaps.SetInnerMaxEntries(maxEntries) } - maps = append(maps, argFilterMaps) addr4FilterMaps := program.MapBuilderPin("addr4lpm_maps", sensors.PathJoin(pinPath, "addr4lpm_maps"), load) if !kernels.MinKernelVersion("5.9") { @@ -417,7 +403,6 @@ func filterMapsForLsm(load *program.Program, pinPath string, lsmEntry *genericLs maxEntries := lsmEntry.selectors.Addr4MapsMaxEntries() addr4FilterMaps.SetInnerMaxEntries(maxEntries) } - maps = append(maps, addr4FilterMaps) addr6FilterMaps := program.MapBuilderPin("addr6lpm_maps", sensors.PathJoin(pinPath, "addr6lpm_maps"), load) if !kernels.MinKernelVersion("5.9") { @@ -426,7 +411,6 @@ func filterMapsForLsm(load *program.Program, pinPath string, lsmEntry *genericLs maxEntries := lsmEntry.selectors.Addr6MapsMaxEntries() addr6FilterMaps.SetInnerMaxEntries(maxEntries) } - maps = append(maps, addr6FilterMaps) var stringFilterMap [selectors.StringMapsNumSubMaps]*program.Map numSubMaps := selectors.StringMapsNumSubMaps @@ -443,7 +427,6 @@ func filterMapsForLsm(load *program.Program, pinPath string, lsmEntry *genericLs maxEntries := lsmEntry.selectors.StringMapsMaxEntries(string_map_index) stringFilterMap[string_map_index].SetInnerMaxEntries(maxEntries) } - maps = append(maps, stringFilterMap[string_map_index]) } stringPrefixFilterMaps := program.MapBuilderPin("string_prefix_maps", sensors.PathJoin(pinPath, "string_prefix_maps"), load) @@ -453,7 +436,6 @@ func filterMapsForLsm(load *program.Program, pinPath string, lsmEntry *genericLs maxEntries := lsmEntry.selectors.StringPrefixMapsMaxEntries() stringPrefixFilterMaps.SetInnerMaxEntries(maxEntries) } - maps = append(maps, stringPrefixFilterMaps) stringPostfixFilterMaps := program.MapBuilderPin("string_postfix_maps", sensors.PathJoin(pinPath, "string_postfix_maps"), load) if !kernels.MinKernelVersion("5.9") { @@ -462,7 +444,4 @@ func filterMapsForLsm(load *program.Program, pinPath string, lsmEntry *genericLs maxEntries := lsmEntry.selectors.StringPostfixMapsMaxEntries() stringPostfixFilterMaps.SetInnerMaxEntries(maxEntries) } - maps = append(maps, stringPostfixFilterMaps) - - return maps } diff --git a/pkg/sensors/tracing/generictracepoint.go b/pkg/sensors/tracing/generictracepoint.go index a81ec1541fd..e2d55463b1c 100644 --- a/pkg/sensors/tracing/generictracepoint.go +++ b/pkg/sensors/tracing/generictracepoint.go @@ -391,7 +391,6 @@ func createGenericTracepointSensor( enforcer: len(spec.Enforcers) != 0, } - maps := []*program.Map{} progs := make([]*program.Program, 0, len(tracepoints)) for _, tp := range tracepoints { pinPath := tp.pinPathPrefix @@ -419,16 +418,12 @@ func createGenericTracepointSensor( if has.fdInstall { fdinstall.SetMaxEntries(fdInstallMapMaxEntries) } - maps = append(maps, fdinstall) - - tailCalls := program.MapBuilderPin("tp_calls", sensors.PathJoin(pinPath, "tp_calls"), prog0) - maps = append(maps, tailCalls) // tracepoint tail calls details + tailCalls := program.MapBuilderPin("tp_calls", sensors.PathJoin(pinPath, "tp_calls"), prog0) prog0.SetTailCall("tracepoint", tailCalls) - filterMap := program.MapBuilderPin("filter_map", sensors.PathJoin(pinPath, "filter_map"), prog0) - maps = append(maps, filterMap) + program.MapBuilderPin("filter_map", sensors.PathJoin(pinPath, "filter_map"), prog0) argFilterMaps := program.MapBuilderPin("argfilter_maps", sensors.PathJoin(pinPath, "argfilter_maps"), prog0) if !kernels.MinKernelVersion("5.9") { @@ -437,7 +432,6 @@ func createGenericTracepointSensor( maxEntries := tp.selectors.ValueMapsMaxEntries() argFilterMaps.SetInnerMaxEntries(maxEntries) } - maps = append(maps, argFilterMaps) addr4FilterMaps := program.MapBuilderPin("addr4lpm_maps", sensors.PathJoin(pinPath, "addr4lpm_maps"), prog0) if !kernels.MinKernelVersion("5.9") { @@ -446,7 +440,6 @@ func createGenericTracepointSensor( maxEntries := tp.selectors.Addr4MapsMaxEntries() addr4FilterMaps.SetInnerMaxEntries(maxEntries) } - maps = append(maps, addr4FilterMaps) addr6FilterMaps := program.MapBuilderPin("addr6lpm_maps", sensors.PathJoin(pinPath, "addr6lpm_maps"), prog0) if !kernels.MinKernelVersion("5.9") { @@ -455,7 +448,6 @@ func createGenericTracepointSensor( maxEntries := tp.selectors.Addr6MapsMaxEntries() addr6FilterMaps.SetInnerMaxEntries(maxEntries) } - maps = append(maps, addr6FilterMaps) numSubMaps := selectors.StringMapsNumSubMaps if !kernels.MinKernelVersion("5.11") { @@ -470,7 +462,6 @@ func createGenericTracepointSensor( maxEntries := tp.selectors.StringMapsMaxEntries(string_map_index) stringFilterMap.SetInnerMaxEntries(maxEntries) } - maps = append(maps, stringFilterMap) } stringPrefixFilterMaps := program.MapBuilderPin("string_prefix_maps", sensors.PathJoin(pinPath, "string_prefix_maps"), prog0) @@ -480,7 +471,6 @@ func createGenericTracepointSensor( maxEntries := tp.selectors.StringPrefixMapsMaxEntries() stringPrefixFilterMaps.SetInnerMaxEntries(maxEntries) } - maps = append(maps, stringPrefixFilterMaps) stringPostfixFilterMaps := program.MapBuilderPin("string_postfix_maps", sensors.PathJoin(pinPath, "string_postfix_maps"), prog0) if !kernels.MinKernelVersion("5.9") { @@ -489,7 +479,6 @@ func createGenericTracepointSensor( maxEntries := tp.selectors.StringPostfixMapsMaxEntries() stringPostfixFilterMaps.SetInnerMaxEntries(maxEntries) } - maps = append(maps, stringPostfixFilterMaps) matchBinariesPaths := program.MapBuilderPin("tg_mb_paths", sensors.PathJoin(pinPath, "tg_mb_paths"), prog0) if !kernels.MinKernelVersion("5.9") { @@ -497,22 +486,18 @@ func createGenericTracepointSensor( // See: https://lore.kernel.org/bpf/20200828011800.1970018-1-kafai@fb.com/ matchBinariesPaths.SetInnerMaxEntries(tp.selectors.MatchBinariesPathsMaxEntries()) } - maps = append(maps, matchBinariesPaths) enforcerDataMap := enforcerMap(policyName, prog0) if has.enforcer { enforcerDataMap.SetMaxEntries(enforcerMapMaxEntries) } - maps = append(maps, enforcerDataMap) - selMatchBinariesMap := program.MapBuilderPin("tg_mb_sel_opts", sensors.PathJoin(pinPath, "tg_mb_sel_opts"), prog0) - maps = append(maps, selMatchBinariesMap) + program.MapBuilderPin("tg_mb_sel_opts", sensors.PathJoin(pinPath, "tg_mb_sel_opts"), prog0) } return &sensors.Sensor{ Name: name, Progs: progs, - Maps: maps, }, nil } diff --git a/pkg/sensors/tracing/genericuprobe.go b/pkg/sensors/tracing/genericuprobe.go index e7eca3e7c1e..7f508fc6ecd 100644 --- a/pkg/sensors/tracing/genericuprobe.go +++ b/pkg/sensors/tracing/genericuprobe.go @@ -251,7 +251,6 @@ func createGenericUprobeSensor( policyName string, ) (*sensors.Sensor, error) { var progs []*program.Program - var maps []*program.Map var ids []idtable.EntryID var err error @@ -278,9 +277,9 @@ func createGenericUprobeSensor( } if in.useMulti { - progs, maps, err = createMultiUprobeSensor(name, ids) + progs, err = createMultiUprobeSensor(name, ids) } else { - progs, maps, err = createSingleUprobeSensor(ids) + progs, err = createSingleUprobeSensor(ids) } if err != nil { @@ -290,7 +289,6 @@ func createGenericUprobeSensor( return &sensors.Sensor{ Name: name, Progs: progs, - Maps: maps, }, nil } @@ -397,9 +395,8 @@ func multiUprobePinPath(sensorPath string) string { return sensors.PathJoin(sensorPath, "multi_kprobe") } -func createMultiUprobeSensor(sensorPath string, multiIDs []idtable.EntryID) ([]*program.Program, []*program.Map, error) { +func createMultiUprobeSensor(sensorPath string, multiIDs []idtable.EntryID) ([]*program.Program, error) { var progs []*program.Program - var maps []*program.Map loadProgName := "bpf_multi_uprobe_v61.o" @@ -419,32 +416,29 @@ func createMultiUprobeSensor(sensorPath string, multiIDs []idtable.EntryID) ([]* tailCalls := program.MapBuilderPin("uprobe_calls", sensors.PathJoin(pinPath, "up_calls"), load) filterMap := program.MapBuilderPin("filter_map", sensors.PathJoin(pinPath, "filter_map"), load) - maps = append(maps, configMap, tailCalls, filterMap) - load.SetTailCall("uprobe", tailCalls) filterMap.SetMaxEntries(len(multiIDs)) configMap.SetMaxEntries(len(multiIDs)) - return progs, maps, nil + return progs, nil } -func createSingleUprobeSensor(ids []idtable.EntryID) ([]*program.Program, []*program.Map, error) { +func createSingleUprobeSensor(ids []idtable.EntryID) ([]*program.Program, error) { var progs []*program.Program - var maps []*program.Map for _, id := range ids { uprobeEntry, err := genericUprobeTableGet(id) if err != nil { - return nil, nil, err + return nil, err } - progs, maps = createUprobeSensorFromEntry(uprobeEntry, progs, maps) + progs = createUprobeSensorFromEntry(uprobeEntry, progs) } - return progs, maps, nil + return progs, nil } func createUprobeSensorFromEntry(uprobeEntry *genericUprobe, - progs []*program.Program, maps []*program.Map) ([]*program.Program, []*program.Map) { + progs []*program.Program) []*program.Program { loadProgName := "bpf_generic_uprobe.o" if kernels.EnableV61Progs() { @@ -472,13 +466,13 @@ func createUprobeSensorFromEntry(uprobeEntry *genericUprobe, progs = append(progs, load) - configMap := program.MapBuilderPin("config_map", sensors.PathJoin(pinPath, "config_map"), load) + program.MapBuilderPin("config_map", sensors.PathJoin(pinPath, "config_map"), load) + program.MapBuilderPin("filter_map", sensors.PathJoin(pinPath, "filter_map"), load) + program.MapBuilderPin("tg_mb_sel_opts", sensors.PathJoin(pinPath, "tg_mb_sel_opts"), load) + tailCalls := program.MapBuilderPin("uprobe_calls", sensors.PathJoin(pinPath, "up_calls"), load) - filterMap := program.MapBuilderPin("filter_map", sensors.PathJoin(pinPath, "filter_map"), load) - selMatchBinariesMap := program.MapBuilderPin("tg_mb_sel_opts", sensors.PathJoin(pinPath, "tg_mb_sel_opts"), load) - maps = append(maps, configMap, tailCalls, filterMap, selMatchBinariesMap) load.SetTailCall("uprobe", tailCalls) - return progs, maps + return progs } func (k *observerUprobeSensor) PolicyHandler( diff --git a/pkg/sensors/tracing/kprobe_test.go b/pkg/sensors/tracing/kprobe_test.go index 3b9542de014..8a0d5749d41 100644 --- a/pkg/sensors/tracing/kprobe_test.go +++ b/pkg/sensors/tracing/kprobe_test.go @@ -4001,7 +4001,11 @@ func matchBinariesPerfringTest(t *testing.T, operator string, values []string) { } err := sm.Manager.AddTracingPolicy(ctx, &matchBinariesTracingPolicy) - assert.NoError(t, err) + if assert.NoError(t, err) { + t.Cleanup(func() { + sm.Manager.DeleteTracingPolicy(ctx, "match-binaries", "") + }) + } var tailPID, headPID int ops := func() { @@ -4112,7 +4116,11 @@ func TestKprobeMatchBinariesEarlyExec(t *testing.T) { } err = sm.Manager.AddTracingPolicy(ctx, &matchBinariesTracingPolicy) - assert.NoError(t, err) + if assert.NoError(t, err) { + t.Cleanup(func() { + sm.Manager.DeleteTracingPolicy(ctx, "match-binaries", "") + }) + } ops := func() { file.WriteString("trigger!") @@ -4188,7 +4196,11 @@ func TestKprobeMatchBinariesPrefixMatchArgs(t *testing.T) { } err := sm.Manager.AddTracingPolicy(ctx, &matchBinariesTracingPolicy) - assert.NoError(t, err) + if assert.NoError(t, err) { + t.Cleanup(func() { + sm.Manager.DeleteTracingPolicy(ctx, "match-binaries", "") + }) + } var tailEtcPID, tailProcPID, headPID int ops := func() { @@ -6123,7 +6135,11 @@ func TestLinuxBinprmExtractPath(t *testing.T) { } err := sm.Manager.AddTracingPolicy(ctx, &bprmTracingPolicy) - assert.NoError(t, err) + if assert.NoError(t, err) { + t.Cleanup(func() { + sm.Manager.DeleteTracingPolicy(ctx, "bprm-extract-path", "") + }) + } targetCommand := exec.Command("/usr/bin/id") filteredCommand := exec.Command("/usr/bin/uname") @@ -6159,7 +6175,7 @@ func TestLinuxBinprmExtractPath(t *testing.T) { // Test module loading/unloading on Ubuntu func TestTraceKernelModule(t *testing.T) { - _, err := ftrace.ReadAvailFuncs("find_module_sections") + _, err := ftrace.ReadAvailFuncs("^find_module_sections$") if err != nil { t.Skip("Skipping test: could not find find_module_sections") } @@ -6592,7 +6608,7 @@ func trigger(t *testing.T) { } func TestKprobeArgs(t *testing.T) { - _, err := ftrace.ReadAvailFuncs("bpf_fentry_test1") + _, err := ftrace.ReadAvailFuncs("^bpf_fentry_test1$") if err != nil { t.Skip("Skipping test: could not find bpf_fentry_test1") } diff --git a/pkg/sensors/tracing/loader.go b/pkg/sensors/tracing/loader.go index 43fe98d0df6..14711ada685 100644 --- a/pkg/sensors/tracing/loader.go +++ b/pkg/sensors/tracing/loader.go @@ -104,7 +104,6 @@ func GetLoaderSensor() *sensors.Sensor { return &sensors.Sensor{ Name: "__loader__", Progs: []*program.Program{loader}, - Maps: []*program.Map{idsMap}, } } @@ -177,10 +176,10 @@ func createLoaderEvents() error { func (k *loaderSensor) LoadProbe(args sensors.LoadProbeArgs) error { if loaderEnabled { - if err := createLoaderEvents(); err != nil { + if err := program.LoadKprobeProgram(args.BPFDir, args.Load, args.Verbose); err != nil { return err } - return program.LoadKprobeProgram(args.BPFDir, args.Load, args.Verbose) + return createLoaderEvents() } return nil }