Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[backport 0.21.0] Fix ksymbols mem consumption backport #4100

Merged
merged 3 commits into from
Jun 5, 2024
Merged

[backport 0.21.0] Fix ksymbols mem consumption backport #4100

merged 3 commits into from
Jun 5, 2024

Commits on Jun 5, 2024

  1. fix: add missing cap_syslog dependencies 

    The hooked_syscalls and do_init_module events require CAP_SYSLOG in
order to refresh its symbol table when reading /proc/kallsyms.
Add these missing dependencies.
    @yanivagman
    yanivagman committed Jun 5, 2024
    Configuration menu
    Copy the full SHA
    e933b67 View commit details
    Browse the repository at this point in the history

  2. feat(ksymbols): restore lazy ksyms implementation 

    Use modified ksymbols implementation. The new implementation may take
a list of required symbols and addresses to track. If the list is given,
symbol scanning will only save those symbols or addresses which were
given in the list. If a new symbol is queried, then a rescan is needed.

Refactor tracee initialization to find all necessary symbols to track
ahead of runtime.

Co-authored-by: Geyslan Gregório <geyslan@gmail.com>
Co-authored-by: Yaniv Agman <yanivagman@gmail.com>
    @NDStrahilevitz @geyslan @yanivagman
    3 people committed Jun 5, 2024
    Configuration menu
    Copy the full SHA
    dc356ec View commit details
    Browse the repository at this point in the history

  3. Refactor: Simplify refresh logic by removing concurrency 

    This commit refactors the refresh logic of KernelSymbolTable to be sequential,
removing the use of goroutines and channels.

The decision to simplify the code was made for the following reasons:
1. Simplicity: The sequential approach simplifies the codebase,
   making it easier to understand, maintain, and debug.
2. Less Relevant Concurrency: With the introduction of "required symbols",
   the need for concurrency has been reduced. We now skip memory allocation
   for symbols that are not required, which constitutes the majority of the
   symbols in /proc/kallsyms.
    @yanivagman
    yanivagman committed Jun 5, 2024
    Configuration menu
    Copy the full SHA
    a8a4a60 View commit details
    Browse the repository at this point in the history