From f39eaa105005ebe0ed93cd536a1961348239155f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Geyslan=20Greg=C3=B3rio?= Date: Tue, 14 Jan 2025 10:15:17 -0300 Subject: [PATCH] perf: improve procTreeExitProcessor Improve procTreeExitProcessor for both Tracee and Controller. - Tracee | Metric | Old Value | New Value | Improvement (%) | |-------------------------|------------|-------------|-----------------| | Time per operation (ns) | 159.9 | 95.71 | 40.14% | | Bytes allocated (B/op) | 48 | 0 | 100.00% | | Allocations per op | 2 | 0 | 100.00% | | Total runtime (s) | 16.001 | 9.586 | 40.14% | Running tool: /home/gg/.goenv/versions/1.22.4/bin/go test -benchmem -run=^$ -tags ebpf -bench ^Benchmark_procTreeExitProcessor$ github.com/aquasecurity/tracee/pkg/ebpf -benchtime=100000000x goos: linux goarch: amd64 pkg: github.com/aquasecurity/tracee/pkg/ebpf cpu: AMD Ryzen 9 7950X 16-Core Processor Benchmark_procTreeExitProcessor-32 100000000 95.71 ns/op 0 B/op 0 allocs/op PASS ok github.com/aquasecurity/tracee/pkg/ebpf 9.586s --- Controller | Metric | Old Value | New Value | Improvement (%) | |-------------------------|------------|-------------|-----------------| | Time per operation (ns) | 335.5 | 115.4 | 65.60% | | Bytes allocated (B/op) | 240 | 0 | 100.00% | | Allocations per op | 4 | 0 | 100.00% | | Total runtime (s) | 33.558 | 11.553 | 65.60% | Running tool: /home/gg/.goenv/versions/1.22.4/bin/go test -benchmem -run=^$ -tags ebpf -bench ^Benchmark_procTreeExitProcessor$ github.com/aquasecurity/tracee/pkg/ebpf/controlplane -benchtime=100000000x goos: linux goarch: amd64 pkg: github.com/aquasecurity/tracee/pkg/ebpf/controlplane cpu: AMD Ryzen 9 7950X 16-Core Processor Benchmark_procTreeExitProcessor-32 100000000 115.4 ns/op 0 B/op 0 allocs/op PASS ok github.com/aquasecurity/tracee/pkg/ebpf/controlplane 11.553s --- pkg/ebpf/controlplane/processes.go | 31 ++++++++++++++++-------------- pkg/ebpf/processor_proctree.go | 21 ++++++++------------ 2 files changed, 25 insertions(+), 27 deletions(-) diff --git a/pkg/ebpf/controlplane/processes.go b/pkg/ebpf/controlplane/processes.go index a0ae6e45ad21..7cde1c3031b0 100644 --- a/pkg/ebpf/controlplane/processes.go +++ b/pkg/ebpf/controlplane/processes.go @@ -216,33 +216,36 @@ func (ctrl *Controller) procTreeExecProcessor(args []trace.Argument) error { } func (ctrl *Controller) procTreeExitProcessor(args []trace.Argument) error { - var errs []error - if ctrl.processTree == nil { return nil // process tree is disabled } // Process & Event identification arguments (won't exist for regular events) timestamp, err := parse.ArgVal[uint64](args, "timestamp") - errs = append(errs, err) + if err != nil { + return err + } taskHash, err := parse.ArgVal[uint32](args, "task_hash") - errs = append(errs, err) + if err != nil { + return err + } parentHash, err := parse.ArgVal[uint32](args, "parent_hash") - errs = append(errs, err) + if err != nil { + return err + } leaderHash, err := parse.ArgVal[uint32](args, "leader_hash") - errs = append(errs, err) + if err != nil { + return err + } // Exit logic arguments exitCode, err := parse.ArgVal[int64](args, "exit_code") - errs = append(errs, err) + if err != nil { + return err + } groupExit, err := parse.ArgVal[bool](args, "process_group_exit") - errs = append(errs, err) - - // Handle errors - for _, err := range errs { - if err != nil { - return err - } + if err != nil { + return err } return ctrl.processTree.FeedFromExit( diff --git a/pkg/ebpf/processor_proctree.go b/pkg/ebpf/processor_proctree.go index 9ba2039e182f..7758f275ff88 100644 --- a/pkg/ebpf/processor_proctree.go +++ b/pkg/ebpf/processor_proctree.go @@ -209,8 +209,6 @@ func (t *Tracee) procTreeExecProcessor(event *trace.Event) error { // procTreeExitProcessor handles process exit events. func (t *Tracee) procTreeExitProcessor(event *trace.Event) error { - var errs []error - if t.processTree == nil { return fmt.Errorf("process tree is disabled") } @@ -218,22 +216,19 @@ func (t *Tracee) procTreeExitProcessor(event *trace.Event) error { return nil // chek FeedFromExec for TODO of execve() handled by threads } - timestamp := uint64(event.Timestamp) - taskHash := utils.HashTaskID(uint32(event.HostThreadID), uint64(event.ThreadStartTime)) - // Exit logic arguments exitCode, err := parse.ArgVal[int64](event.Args, "exit_code") - errs = append(errs, err) + if err != nil { + return err + } groupExit, err := parse.ArgVal[bool](event.Args, "process_group_exit") - errs = append(errs, err) - - // Handle errors - for _, err := range errs { - if err != nil { - return err - } + if err != nil { + return err } + timestamp := uint64(event.Timestamp) + taskHash := utils.HashTaskID(uint32(event.HostThreadID), uint64(event.ThreadStartTime)) + return t.processTree.FeedFromExit( proctree.ExitFeed{ TimeStamp: timestamp, // time of exit is already a timestamp