Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[backport 0.21.0] Fix ksymbols mem consumption backport #4100

Merged
merged 3 commits into from
Jun 5, 2024
Merged

[backport 0.21.0] Fix ksymbols mem consumption backport #4100

merged 3 commits into from
Jun 5, 2024

Conversation

yanivagman
Copy link
Collaborator

@yanivagman yanivagman commented Jun 2, 2024
edited
Loading

1. Explain what the PR does

Backport #4095 to v0.21.0 branch

2. Explain how to test it

3. Other comments

@yanivagman yanivagman changed the title Fix ksymbols mem consumption backport 0.21 [backport 0.21.0] Fix ksymbols mem consumption backport Jun 2, 2024
@yanivagman yanivagman force-pushed the fix_ksymbols_mem_consumption_backport_0.21 branch 3 times, most recently from 0b78f71 to cf84b86 Compare June 5, 2024 10:26
yanivagman and others added 3 commits June 5, 2024 14:42
@yanivagman
fix: add missing cap_syslog dependencies
e933b67 
The hooked_syscalls and do_init_module events require CAP_SYSLOG in
order to refresh its symbol table when reading /proc/kallsyms.
Add these missing dependencies.
@NDStrahilevitz @geyslan @yanivagman
feat(ksymbols): restore lazy ksyms implementation
dc356ec 
Use modified ksymbols implementation. The new implementation may take
a list of required symbols and addresses to track. If the list is given,
symbol scanning will only save those symbols or addresses which were
given in the list. If a new symbol is queried, then a rescan is needed.

Refactor tracee initialization to find all necessary symbols to track
ahead of runtime.

Co-authored-by: Geyslan Gregório <geyslan@gmail.com>
Co-authored-by: Yaniv Agman <yanivagman@gmail.com>
@yanivagman
Refactor: Simplify refresh logic by removing concurrency
a8a4a60 
This commit refactors the refresh logic of KernelSymbolTable to be sequential,
removing the use of goroutines and channels.

The decision to simplify the code was made for the following reasons:
1. Simplicity: The sequential approach simplifies the codebase,
   making it easier to understand, maintain, and debug.
2. Less Relevant Concurrency: With the introduction of "required symbols",
   the need for concurrency has been reduced. We now skip memory allocation
   for symbols that are not required, which constitutes the majority of the
   symbols in /proc/kallsyms.
@yanivagman yanivagman force-pushed the fix_ksymbols_mem_consumption_backport_0.21 branch from cf84b86 to a8a4a60 Compare June 5, 2024 11:42
@yanivagman yanivagman merged commit a610b87 into aquasecurity:v0.21.0 Jun 5, 2024
2 checks passed
@yanivagman yanivagman deleted the fix_ksymbols_mem_consumption_backport_0.21 branch June 5, 2024 11:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@yanivagman yanivagman

Labels
area/ebpf area/events area/testing milestone/v0.21.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@yanivagman @NDStrahilevitz