tetragon: Pass execve_map_value directly to match_binaries

Passing execve_map_value directly to match_binaries to eliminate superfluous event_find_curr in it. Signed-off-by: Jiri Olsa <[email protected]>
cilium · Jan 24, 2025 · 6ed124a · 6ed124a
1 parent c92c069
commit 6ed124a
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 11 deletions.
diff --git a/bpf/process/pfilter.h b/bpf/process/pfilter.h
@@ -409,7 +409,7 @@ selector_process_filter(__u32 *f, __u32 index, struct execve_map_value *enter,
 	__u64 i;
 
 	/* Do binary filter first for selector index */
-	if (!match_binaries(index))
+	if (!match_binaries(index, enter))
 		return 0;
 
 	/* Find selector offset byte index */

diff --git a/bpf/process/types/basic.h b/bpf/process/types/basic.h
@@ -1543,11 +1543,9 @@ struct {
 		});
 } tg_mb_paths SEC(".maps");
 
-FUNC_INLINE int match_binaries(__u32 selidx)
+FUNC_INLINE int match_binaries(__u32 selidx, struct execve_map_value *current)
 {
-	struct execve_map_value *current;
-	__u32 ppid;
-	bool walker, match = 0;
+	bool match = 0;
 	void *path_map;
 	__u8 *found_key;
 #ifdef __LARGE_BPF_PROG
@@ -1567,12 +1565,6 @@ FUNC_INLINE int match_binaries(__u32 selidx)
 		if (selector_options->op == op_filter_none)
 			return 1; // matchBinaries selector is empty <=> match
 
-		current = event_find_curr(&ppid, &walker);
-		if (!current) {
-			// this should not happen, it means that the process was missed when
-			// scanning /proc for process that started before and after tetragon
-			return 0;
-		}
 		if (current->bin.path_length < 0) {
 			// something wrong happened when copying the filename to execve_map
 			return 0;