tetragon: Switch filter_read_arg to use maps directly

Switching generic_start_process_filter to use maps directly and drop struct generic_maps. Keeping tail call map, because it's convenient in following changes. And rename it to generic_filter_arg. Signed-off-by: Jiri Olsa <[email protected]>
cilium · Jan 7, 2025 · 0118a0d · 0118a0d
1 parent 5445145
commit 0118a0d
Show file tree

Hide file tree

Showing 6 changed files with 11 additions and 33 deletions.
diff --git a/bpf/process/bpf_generic_kprobe.c b/bpf/process/bpf_generic_kprobe.c
@@ -110,11 +110,7 @@ generic_kprobe_process_filter(void *ctx)
 __attribute__((section("kprobe"), used)) int
 generic_kprobe_filter_arg(void *ctx)
 {
-	return filter_read_arg(ctx, (struct bpf_map_def *)&process_call_heap,
-			       (struct bpf_map_def *)&filter_map,
-			       (struct bpf_map_def *)&kprobe_calls,
-			       (struct bpf_map_def *)&config_map,
-			       true);
+	return generic_filter_arg(ctx, (struct bpf_map_def *)&kprobe_calls, true);
 }
 
 __attribute__((section("kprobe"), used)) int

diff --git a/bpf/process/bpf_generic_lsm_core.c b/bpf/process/bpf_generic_lsm_core.c
@@ -78,11 +78,7 @@ generic_lsm_process_filter(void *ctx)
 __attribute__((section("lsm"), used)) int
 generic_lsm_filter_arg(void *ctx)
 {
-	return filter_read_arg(ctx, (struct bpf_map_def *)&process_call_heap,
-			       (struct bpf_map_def *)&filter_map,
-			       (struct bpf_map_def *)&lsm_calls,
-			       (struct bpf_map_def *)&config_map,
-			       true);
+	return generic_filter_arg(ctx, (struct bpf_map_def *)&lsm_calls, true);
 }
 
 __attribute__((section("lsm"), used)) int

diff --git a/bpf/process/bpf_generic_retkprobe.c b/bpf/process/bpf_generic_retkprobe.c
@@ -52,11 +52,7 @@ BPF_KRETPROBE(generic_retkprobe_event, unsigned long ret)
 __attribute__((section("kprobe"), used)) int
 BPF_KRETPROBE(generic_retkprobe_filter_arg)
 {
-	return filter_read_arg(ctx, (struct bpf_map_def *)&process_call_heap,
-			       (struct bpf_map_def *)&filter_map,
-			       (struct bpf_map_def *)&retkprobe_calls,
-			       (struct bpf_map_def *)&config_map,
-			       false);
+	return generic_filter_arg(ctx, (struct bpf_map_def *)&retkprobe_calls, false);
 }
 
 __attribute__((section("kprobe"), used)) int

diff --git a/bpf/process/bpf_generic_tracepoint.c b/bpf/process/bpf_generic_tracepoint.c
@@ -241,11 +241,7 @@ generic_tracepoint_filter(void *ctx)
 __attribute__((section("tracepoint"), used)) int
 generic_tracepoint_arg(void *ctx)
 {
-	return filter_read_arg(ctx, (struct bpf_map_def *)&process_call_heap,
-			       (struct bpf_map_def *)&filter_map,
-			       (struct bpf_map_def *)&tp_calls,
-			       (struct bpf_map_def *)&config_map,
-			       true);
+	return generic_filter_arg(ctx, (struct bpf_map_def *)&tp_calls, true);
 }
 
 __attribute__((section("tracepoint"), used)) int

diff --git a/bpf/process/bpf_generic_uprobe.c b/bpf/process/bpf_generic_uprobe.c
@@ -84,11 +84,7 @@ generic_uprobe_process_filter(void *ctx)
 __attribute__((section("uprobe"), used)) int
 generic_uprobe_filter_arg(void *ctx)
 {
-	return filter_read_arg(ctx, (struct bpf_map_def *)&process_call_heap,
-			       (struct bpf_map_def *)&filter_map,
-			       (struct bpf_map_def *)&uprobe_calls,
-			       (struct bpf_map_def *)&config_map,
-			       true);
+	return generic_filter_arg(ctx, (struct bpf_map_def *)&uprobe_calls, true);
 }
 
 __attribute__((section("uprobe"), used)) int

diff --git a/bpf/process/generic_calls.h b/bpf/process/generic_calls.h
@@ -613,13 +613,12 @@ FUNC_INLINE int generic_process_filter(void)
 	return PFILTER_CURR_NOT_FOUND;
 }
 
-FUNC_INLINE int filter_args(struct msg_generic_kprobe *e, int selidx, void *filter_map,
-			    bool is_entry)
+FUNC_INLINE int filter_args(struct msg_generic_kprobe *e, int selidx, bool is_entry)
 {
 	__u8 *f;
 
 	/* No filters and no selectors so just accepts */
-	f = map_lookup_elem(filter_map, &e->idx);
+	f = map_lookup_elem(&filter_map, &e->idx);
 	if (!f)
 		return 1;
 
@@ -643,18 +642,17 @@ FUNC_INLINE int filter_args(struct msg_generic_kprobe *e, int selidx, void *filt
 	return 0;
 }
 
-FUNC_INLINE long filter_read_arg(void *ctx, struct bpf_map_def *heap,
-				 struct bpf_map_def *filter, struct bpf_map_def *tailcalls,
-				 struct bpf_map_def *config_map, bool is_entry)
+FUNC_INLINE long generic_filter_arg(void *ctx, struct bpf_map_def *tailcalls,
+				    bool is_entry)
 {
 	struct msg_generic_kprobe *e;
 	int selidx, pass, zero = 0;
 
-	e = map_lookup_elem(heap, &zero);
+	e = map_lookup_elem(&process_call_heap, &zero);
 	if (!e)
 		return 0;
 	selidx = e->tailcall_index_selector;
-	pass = filter_args(e, selidx & MAX_SELECTORS_MASK, filter, is_entry);
+	pass = filter_args(e, selidx & MAX_SELECTORS_MASK, is_entry);
 	if (!pass) {
 		selidx++;
 		if (selidx <= MAX_SELECTORS && e->sel.active[selidx & MAX_SELECTORS_MASK]) {