cleanup: rename some methods/maps

Signed-off-by: Andrea Terzolo <[email protected]>

driver/modern_bpf/maps/maps.h

@@ -117,20 +117,17 @@ struct {
 } syscall_exit_tail_table __weak SEC(".maps");
 
 /**
- * @brief This tail table is used when a bpf program needs another program
- * to complete its execution flow. This table could be used both by
- * programs directly attached in the kernel (like page_faults,
- * context_switch, ...) and by syscall_events (like
- * ppme_syscall_execveat_x, ...).
- * Given a predefined tail-code (`extra_syscall_codes`), it calls
+ * @brief This tail table is used when a sys exit bpf program needs another program
+ * to complete its execution flow.
+ * Given a predefined tail-code (`sys_exit_extra_code`), it calls
  * the right bpf program.
  */
 struct {
 	__uint(type, BPF_MAP_TYPE_PROG_ARRAY);
-	__uint(max_entries, TAIL_EXTRA_EVENT_PROG_MAX);
+	__uint(max_entries, SYS_EXIT_EXTRA_CODE_MAX);
 	__type(key, uint32_t);
 	__type(value, uint32_t);
-} extra_syscall_calls __weak SEC(".maps");
+} syscall_exit_extra_tail_table __weak SEC(".maps");
 
 /*=============================== BPF_MAP_TYPE_PROG_ARRAY ===============================*/
 

driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/clone.bpf.c

@@ -150,7 +150,7 @@ int BPF_PROG(clone_x, struct pt_regs *regs, long ret) {
 	/* We have to split here the bpf program, otherwise, it is too large
 	 * for the verifier (limit 1000000 instructions).
 	 */
-	bpf_tail_call(ctx, &extra_syscall_calls, T1_CLONE_X);
+	bpf_tail_call(ctx, &syscall_exit_extra_tail_table, T1_CLONE_X);
 	return 0;
 }
 
@@ -206,7 +206,7 @@ int BPF_PROG(t1_clone_x, struct pt_regs *regs, long ret) {
 	/* We have to split here the bpf program, otherwise, it is too large
 	 * for the verifier (limit 1000000 instructions).
 	 */
-	bpf_tail_call(ctx, &extra_syscall_calls, T2_CLONE_X);
+	bpf_tail_call(ctx, &syscall_exit_extra_tail_table, T2_CLONE_X);
 	return 0;
 }
 

driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/clone3.bpf.c

@@ -150,7 +150,7 @@ int BPF_PROG(clone3_x, struct pt_regs *regs, long ret) {
 	/* We have to split here the bpf program, otherwise, it is too large
 	 * for the verifier (limit 1000000 instructions).
 	 */
-	bpf_tail_call(ctx, &extra_syscall_calls, T1_CLONE3_X);
+	bpf_tail_call(ctx, &syscall_exit_extra_tail_table, T1_CLONE3_X);
 	return 0;
 }
 
@@ -204,7 +204,7 @@ int BPF_PROG(t1_clone3_x, struct pt_regs *regs, long ret) {
 	/* We have to split here the bpf program, otherwise, it is too large
 	 * for the verifier (limit 1000000 instructions).
 	 */
-	bpf_tail_call(ctx, &extra_syscall_calls, T2_CLONE3_X);
+	bpf_tail_call(ctx, &syscall_exit_extra_tail_table, T2_CLONE3_X);
 	return 0;
 }
 

driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/execve.bpf.c

@@ -155,7 +155,7 @@ int BPF_PROG(execve_x, struct pt_regs *regs, long ret) {
 	/* We have to split here the bpf program, otherwise, it is too large
 	 * for the verifier (limit 1000000 instructions).
 	 */
-	bpf_tail_call(ctx, &extra_syscall_calls, T1_EXECVE_X);
+	bpf_tail_call(ctx, &syscall_exit_extra_tail_table, T1_EXECVE_X);
 	return 0;
 }
 
@@ -284,7 +284,7 @@ int BPF_PROG(t1_execve_x, struct pt_regs *regs, long ret) {
 
 	/*=============================== COLLECT PARAMETERS  ===========================*/
 
-	bpf_tail_call(ctx, &extra_syscall_calls, T2_EXECVE_X);
+	bpf_tail_call(ctx, &syscall_exit_extra_tail_table, T2_EXECVE_X);
 	return 0;
 }
 

driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/execveat.bpf.c

@@ -168,7 +168,7 @@ int BPF_PROG(execveat_x, struct pt_regs *regs, long ret) {
 	/* We have to split here the bpf program, otherwise it is too large
 	 * for the verifier (limit 1000000 instructions).
 	 */
-	bpf_tail_call(ctx, &extra_syscall_calls, T1_EXECVEAT_X);
+	bpf_tail_call(ctx, &syscall_exit_extra_tail_table, T1_EXECVEAT_X);
 	return 0;
 }
 
@@ -296,7 +296,7 @@ int BPF_PROG(t1_execveat_x, struct pt_regs *regs, long ret) {
 
 	/*=============================== COLLECT PARAMETERS  ===========================*/
 
-	bpf_tail_call(ctx, &extra_syscall_calls, T2_EXECVEAT_X);
+	bpf_tail_call(ctx, &syscall_exit_extra_tail_table, T2_EXECVEAT_X);
 	return 0;
 }
 

driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/fork.bpf.c

@@ -152,7 +152,7 @@ int BPF_PROG(fork_x, struct pt_regs *regs, long ret) {
 	/* We have to split here the bpf program, otherwise, it is too large
 	 * for the verifier (limit 1000000 instructions).
 	 */
-	bpf_tail_call(ctx, &extra_syscall_calls, T1_FORK_X);
+	bpf_tail_call(ctx, &syscall_exit_extra_tail_table, T1_FORK_X);
 	return 0;
 }
 
@@ -198,7 +198,7 @@ int BPF_PROG(t1_fork_x, struct pt_regs *regs, long ret) {
 	/* We have to split here the bpf program, otherwise, it is too large
 	 * for the verifier (limit 1000000 instructions).
 	 */
-	bpf_tail_call(ctx, &extra_syscall_calls, T2_FORK_X);
+	bpf_tail_call(ctx, &syscall_exit_extra_tail_table, T2_FORK_X);
 	return 0;
 }
 

driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/open_by_handle_at.bpf.c

@@ -60,7 +60,7 @@ int BPF_PROG(open_by_handle_at_x, struct pt_regs *regs, long ret) {
 
 	/*=============================== COLLECT PARAMETERS  ===========================*/
 
-	bpf_tail_call(ctx, &extra_syscall_calls, T1_OPEN_BY_HANDLE_AT_X);
+	bpf_tail_call(ctx, &syscall_exit_extra_tail_table, T1_OPEN_BY_HANDLE_AT_X);
 	return 0;
 }
 

driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/vfork.bpf.c

@@ -150,7 +150,7 @@ int BPF_PROG(vfork_x, struct pt_regs *regs, long ret) {
 	/* We have to split here the bpf program, otherwise, it is too large
 	 * for the verifier (limit 1000000 instructions).
 	 */
-	bpf_tail_call(ctx, &extra_syscall_calls, T1_VFORK_X);
+	bpf_tail_call(ctx, &syscall_exit_extra_tail_table, T1_VFORK_X);
 	return 0;
 }
 
@@ -196,7 +196,7 @@ int BPF_PROG(t1_vfork_x, struct pt_regs *regs, long ret) {
 	/* We have to split here the bpf program, otherwise, it is too large
 	 * for the verifier (limit 1000000 instructions).
 	 */
-	bpf_tail_call(ctx, &extra_syscall_calls, T2_VFORK_X);
+	bpf_tail_call(ctx, &syscall_exit_extra_tail_table, T2_VFORK_X);
 	return 0;
 }
 

driver/ppm_events_public.h

@@ -1521,11 +1521,9 @@ typedef enum {
  * "Tx_" stands for "extra tail call number x for the event after '_'".
  * For example "T1_EXECVE_X" stands for:
  * - `T1` = extra tail call number 1.
- * - `EXECVE` = name of the syscall for which we need an extra tail call.
- * - `X` = means that we need this extra tail call for the exit event, `E` means enter the event.
- *
+ * - `EXECVE_X` = name of the syscall for which we need an extra tail call.
  */
-enum extra_syscall_codes {
+enum sys_exit_extra_code {
 	T1_EXECVE_X,
 	T1_EXECVEAT_X,
 	T1_CLONE_X,
@@ -1540,7 +1538,7 @@ enum extra_syscall_codes {
 	T2_EXECVE_X,
 	T2_EXECVEAT_X,
 	// Add new codes here...
-	TAIL_EXTRA_EVENT_PROG_MAX,
+	SYS_EXIT_EXTRA_CODE_MAX,
 };
 
 /*

userspace/libpman/include/libpman.h

@@ -396,19 +396,18 @@ uint64_t pman_get_probe_api_ver(void);
 uint64_t pman_get_probe_schema_ver(void);
 
 /**
- * @brief Some bpf programs exceed the maximum complexity
+ * @brief Some sys exit bpf programs exceed the maximum complexity
  * so they have to tail-call other programs. To do that, they
- * need a particular tail table that we call `extra_syscall_calls`.
+ * need a particular tail table that we call `syscall_exit_extra_tail_table`.
  *
- * -> EXTRA EVENT PROG TAIL TABLE
- * extra_syscall_calls(extra_syscall_codes, program_fd).
+ * syscall_exit_extra_tail_table(sys_exit_extra_code, program_fd).
  *
- * `extra_syscall_codes` is an enum defined in
+ * `sys_exit_extra_code` is an enum defined in
  * `/driver/ppm_events_public.h`
  *
  * @return `0` on success, `errno` in case of error.
  */
-int pman_fill_extra_syscall_calls_table(void);
+int pman_fill_syscall_exit_extra_tail_table(void);
 
 /**
  * @brief The syscall dispatchers will look into these tables

userspace/libpman/src/events_prog_names.h

@@ -341,8 +341,8 @@ static const char* event_prog_names[PPM_EVENT_MAX] = {
         [PPME_SYSCALL_SETREGID_X] = "setregid_x",
 };
 
-/* Some events can require more than one bpf program to collect all the data. */
-static const char* extra_event_prog_names[TAIL_EXTRA_EVENT_PROG_MAX] = {
+/* Some exit events can require more than one bpf program to collect all the data. */
+static const char* sys_exit_extra_event_names[SYS_EXIT_EXTRA_CODE_MAX] = {
         [T1_EXECVE_X] = "t1_execve_x",
         [T1_EXECVEAT_X] = "t1_execveat_x",
         [T1_CLONE_X] = "t1_clone_x",

userspace/libpman/src/maps.c

@@ -249,24 +249,25 @@ int pman_fill_syscalls_tail_table() {
 	return errno;
 }
 
-int pman_fill_extra_syscall_calls_table() {
-	int extra_syscall_call_table_fd = bpf_map__fd(g_state.skel->maps.extra_syscall_calls);
-	if(extra_syscall_call_table_fd <= 0) {
-		pman_print_error("unable to get the extra event programs tail table");
+int pman_fill_syscall_exit_extra_tail_table() {
+	int extra_sys_exit_tail_table_fd =
+	        bpf_map__fd(g_state.skel->maps.syscall_exit_extra_tail_table);
+	if(extra_sys_exit_tail_table_fd <= 0) {
+		pman_print_error("unable to get the extra sys exit tail table");
 		return errno;
 	}
 
 	const char* tail_prog_name = NULL;
-	for(int j = 0; j < TAIL_EXTRA_EVENT_PROG_MAX; j++) {
-		tail_prog_name = extra_event_prog_names[j];
+	for(int j = 0; j < SYS_EXIT_EXTRA_CODE_MAX; j++) {
+		tail_prog_name = sys_exit_extra_event_names[j];
 
 		if(!tail_prog_name) {
-			pman_print_error("unknown entry in the extra event programs tail table");
+			pman_print_error("unknown entry in the extra sys exit tail table");
 			return -1;
 		}
 
-		if(add_bpf_program_to_tail_table(extra_syscall_call_table_fd, tail_prog_name, j)) {
-			close(extra_syscall_call_table_fd);
+		if(add_bpf_program_to_tail_table(extra_sys_exit_tail_table_fd, tail_prog_name, j)) {
+			close(extra_sys_exit_tail_table_fd);
 			return errno;
 		}
 	}
@@ -331,6 +332,6 @@ int pman_finalize_maps_after_loading() {
 	pman_fill_syscall_sampling_table();
 	pman_fill_ia32_to_64_table();
 	err = pman_fill_syscalls_tail_table();
-	err = err ?: pman_fill_extra_syscall_calls_table();
+	err = err ?: pman_fill_syscall_exit_extra_tail_table();
 	return err;
 }