fix: fix memory management issues when passing config to observer lib…

…rary
alibaba · Dec 10, 2024 · 9be979f · 9be979f
1 parent 41a9357
commit 9be979f
Show file tree

Hide file tree

Showing 6 changed files with 71 additions and 52 deletions.
diff --git a/core/ebpf/SourceManager.cpp b/core/ebpf/SourceManager.cpp
@@ -188,7 +188,7 @@ bool SourceManager::StartPlugin(nami::PluginType plugin_type, std::unique_ptr<na
     return false;
   }
   auto init_f = (init_func)f;
-  int res = init_f(conf.release());
+  int res = init_f(conf.get());
   if (!res) mRunning[int(plugin_type)] = true;
   return !res;
 }
@@ -199,6 +199,7 @@ bool SourceManager::UpdatePlugin(nami::PluginType plugin_type, std::unique_ptr<n
     return false;
   }
 
+  LOG_INFO(sLogger, ("begin to update plugin, type", int(plugin_type)));
   conf->type = UpdataType::SECURE_UPDATE_TYPE_CONFIG_CHAGE;
   FillCommonConf(conf);
 #ifdef APSARA_UNIT_TEST_MAIN
@@ -212,20 +213,21 @@ bool SourceManager::UpdatePlugin(nami::PluginType plugin_type, std::unique_ptr<n
   }
 
   auto update_f = (update_func)f;
-  int res = update_f(conf.release());
-  if (!res) mRunning[int(plugin_type)] = true;
+  int res = update_f(conf.get());
   return !res;
 }
 
 bool SourceManager::StopAll() {
   if (!DynamicLibSuccess()) {
-    LOG_WARNING(sLogger, ("dynamic lib not load, just exit", "need check"));
-    return true;
+      LOG_WARNING(sLogger, ("dynamic lib not load, just exit", "need check"));
+      return true;
   }
 
   for (size_t i = 0; i < mRunning.size(); i ++) {
     auto& x = mRunning[i];
-    if (!x) continue;
+    if (!x) {
+        continue;
+    }
     // stop plugin
     StopPlugin(static_cast<nami::PluginType>(i));
   }
@@ -241,13 +243,13 @@ bool SourceManager::StopAll() {
 }
 
 bool SourceManager::SuspendPlugin(nami::PluginType plugin_type) {
-  if (!CheckPluginRunning(plugin_type)) {
-    LOG_WARNING(sLogger, ("plugin not started, cannot suspend. type",  int(plugin_type)));
-    return false;
-  }
-  auto config = std::make_unique<nami::eBPFConfig>();
-  config->plugin_type_ = plugin_type;
-  config->type = UpdataType::SECURE_UPDATE_TYPE_SUSPEND_PROBE;
+    if (!CheckPluginRunning(plugin_type)) {
+        LOG_WARNING(sLogger, ("plugin not started, cannot suspend. type", int(plugin_type)));
+        return false;
+    }
+    auto config = std::make_unique<nami::eBPFConfig>();
+    config->plugin_type_ = plugin_type;
+    config->type = UpdataType::SECURE_UPDATE_TYPE_SUSPEND_PROBE;
 #ifdef APSARA_UNIT_TEST_MAIN
   mConfig = std::move(config);
   return true;
@@ -260,15 +262,15 @@ bool SourceManager::SuspendPlugin(nami::PluginType plugin_type) {
   }
 
   auto suspend_f = (suspend_func)f;
-  int res = suspend_f(config.release());
+  int res = suspend_f(config.get());
 
   return !res;
 }
 
 bool SourceManager::StopPlugin(nami::PluginType plugin_type) {
   if (!CheckPluginRunning(plugin_type)) {
-    LOG_WARNING(sLogger, ("plugin not started, do nothing. type",  int(plugin_type)));
-    return true;
+      LOG_WARNING(sLogger, ("plugin not started, do nothing. type", int(plugin_type)));
+      return true;
   }
 
   auto config = std::make_unique<nami::eBPFConfig>();
@@ -288,7 +290,7 @@ bool SourceManager::StopPlugin(nami::PluginType plugin_type) {
   }
 
   auto remove_f = (remove_func)f;
-  int res = remove_f(config.release());
+  int res = remove_f(config.get());
   if (!res) mRunning[int(plugin_type)] = false;
   return !res;
 }

diff --git a/core/ebpf/config.cpp b/core/ebpf/config.cpp
@@ -368,10 +368,10 @@ bool SecurityOptions::Init(SecurityProbeType probeType,
         }
         nami::SecurityOption thisSecurityOption;
         GetSecurityProbeDefaultCallName(probeType, thisSecurityOption.call_names_);
-        mOptionList.emplace_back(thisSecurityOption);
+        mOptionList.emplace_back(std::move(thisSecurityOption));
         return true;
     }
-    auto innerConfig = config["ProbeConfig"];
+    const auto& innerConfig = config["ProbeConfig"];
     nami::SecurityOption thisSecurityOption;
     // Genral Filter (Optional)
     std::variant<std::monostate, nami::SecurityFileFilter, nami::SecurityNetworkFilter> thisFilter;
@@ -402,8 +402,8 @@ bool SecurityOptions::Init(SecurityProbeType probeType,
                                     mContext->GetRegion());
     }
     thisSecurityOption.filter_ = thisFilter;
-    GetSecurityProbeDefaultCallName(probeType, thisSecurityOption.call_names_);    
-    mOptionList.emplace_back(thisSecurityOption);
+    GetSecurityProbeDefaultCallName(probeType, thisSecurityOption.call_names_);
+    mOptionList.emplace_back(std::move(thisSecurityOption));
     mProbeType = probeType;
     return true;
 }

diff --git a/core/ebpf/eBPFServer.cpp b/core/ebpf/eBPFServer.cpp
@@ -189,7 +189,7 @@ void eBPFServer::Stop() {
     for (int i = 0; i < int(nami::PluginType::MAX); i ++) {
         UpdatePipelineName(static_cast<nami::PluginType>(i), "", "");
     }
-    
+
     // UpdateContext must after than StopPlugin
     if (mEventCB) mEventCB->UpdateContext(nullptr, -1, -1);
     if (mMeterCB) mMeterCB->UpdateContext(nullptr, -1, -1);
@@ -199,11 +199,12 @@ void eBPFServer::Stop() {
     if (mFileSecureCB) mFileSecureCB->UpdateContext(nullptr, -1, -1);
 }
 
-bool eBPFServer::StartPluginInternal(const std::string& pipeline_name, uint32_t plugin_index,
-                        nami::PluginType type, 
-                        const logtail::PipelineContext* ctx, 
-                        const std::variant<SecurityOptions*, nami::ObserverNetworkOption*> options, PluginMetricManagerPtr mgr) {
-
+bool eBPFServer::StartPluginInternal(const std::string& pipeline_name,
+                                     uint32_t plugin_index,
+                                     nami::PluginType type,
+                                     const logtail::PipelineContext* ctx,
+                                     const std::variant<SecurityOptions*, nami::ObserverNetworkOption*> options,
+                                     PluginMetricManagerPtr mgr) {
     std::string prev_pipeline_name = CheckLoadedPipelineName(type);
     if (prev_pipeline_name.size() && prev_pipeline_name != pipeline_name) {
         LOG_WARNING(sLogger, ("pipeline already loaded, plugin type", int(type))
@@ -217,23 +218,21 @@ bool eBPFServer::StartPluginInternal(const std::string& pipeline_name, uint32_t
     mMonitorMgr->Init(type, mgr, pipeline_name, ctx->GetProjectName());
 
     // step1: convert options to export type
-    std::variant<nami::NetworkObserveConfig, nami::ProcessConfig, nami::NetworkSecurityConfig, nami::FileSecurityConfig> config;
     bool ret = false;
     auto eBPFConfig = std::make_unique<nami::eBPFConfig>();
     eBPFConfig->plugin_type_ = type;
-    eBPFConfig->stats_handler_ = [this](auto stats){ return mMonitorMgr->HandleStatistic(std::move(stats)); };
+    eBPFConfig->stats_handler_ = [this](auto&& stats) { return mMonitorMgr->HandleStatistic(std::move(stats)); };
     // call update function
     // step2: call init function
     switch(type) {
     case nami::PluginType::PROCESS_SECURITY: {
         nami::ProcessConfig pconfig;
-        pconfig.process_security_cb_ = [this](auto events) { return mProcessSecureCB->handle(std::move(events)); };
+        pconfig.process_security_cb_ = [this](auto&& events) { return mProcessSecureCB->handle(std::move(events)); };
         SecurityOptions* opts = std::get<SecurityOptions*>(options);
         pconfig.options_ = opts->mOptionList;
-        config = std::move(pconfig);
         // UpdateContext must ahead of StartPlugin
         mProcessSecureCB->UpdateContext(ctx, ctx->GetProcessQueueKey(), plugin_index);
-        eBPFConfig->config_ = config;
+        eBPFConfig->config_ = std::move(pconfig);
         ret = mSourceManager->StartPlugin(type, std::move(eBPFConfig));
         break;
     }
@@ -243,36 +242,34 @@ bool eBPFServer::StartPluginInternal(const std::string& pipeline_name, uint32_t
         nami::ObserverNetworkOption* opts = std::get<nami::ObserverNetworkOption*>(options);
         if (opts->mEnableMetric) {
             nconfig.enable_metric_ = true;
-            nconfig.measure_cb_ = [this](auto events, auto ts) { return mMeterCB->handle(std::move(events), ts); };
+            nconfig.measure_cb_ = [this](auto&& events, auto ts) { return mMeterCB->handle(std::move(events), ts); };
             nconfig.enable_metric_ = true;
             mMeterCB->UpdateContext(ctx, ctx->GetProcessQueueKey(), plugin_index);
         }
         if (opts->mEnableSpan) {
             nconfig.enable_span_ = true;
-            nconfig.span_cb_ = [this](auto events) { return mSpanCB->handle(std::move(events)); };
+            nconfig.span_cb_ = [this](auto&& events) { return mSpanCB->handle(std::move(events)); };
             nconfig.enable_span_ = true;
             mSpanCB->UpdateContext(ctx, ctx->GetProcessQueueKey(), plugin_index);
         }
         if (opts->mEnableLog) {
             nconfig.enable_event_ = true;
-            nconfig.event_cb_ = [this](auto events) { return mEventCB->handle(std::move(events)); };
+            nconfig.event_cb_ = [this](auto&& events) { return mEventCB->handle(std::move(events)); };
             nconfig.enable_event_ = true;
             mEventCB->UpdateContext(ctx, ctx->GetProcessQueueKey(), plugin_index);
         }
 
-        config = std::move(nconfig);
-        eBPFConfig->config_ = config;
+        eBPFConfig->config_ = std::move(nconfig);
         ret = mSourceManager->StartPlugin(type, std::move(eBPFConfig));
         break;
     }
 
     case nami::PluginType::NETWORK_SECURITY:{
         nami::NetworkSecurityConfig nconfig;
-        nconfig.network_security_cb_ = [this](auto events) { return mNetworkSecureCB->handle(std::move(events)); };
+        nconfig.network_security_cb_ = [this](auto&& events) { return mNetworkSecureCB->handle(std::move(events)); };
         SecurityOptions* opts = std::get<SecurityOptions*>(options);
         nconfig.options_ = opts->mOptionList;
-        config = std::move(nconfig);
-        eBPFConfig->config_ = config;
+        eBPFConfig->config_ = std::move(nconfig);
         // UpdateContext must ahead of StartPlugin
         mNetworkSecureCB->UpdateContext(ctx, ctx->GetProcessQueueKey(), plugin_index);
         ret = mSourceManager->StartPlugin(type, std::move(eBPFConfig));
@@ -281,11 +278,10 @@ bool eBPFServer::StartPluginInternal(const std::string& pipeline_name, uint32_t
 
     case nami::PluginType::FILE_SECURITY:{
         nami::FileSecurityConfig fconfig;
-        fconfig.file_security_cb_ = [this](auto events) { return mFileSecureCB->handle(std::move(events)); };
+        fconfig.file_security_cb_ = [this](auto&& events) { return mFileSecureCB->handle(std::move(events)); };
         SecurityOptions* opts = std::get<SecurityOptions*>(options);
         fconfig.options_ = opts->mOptionList;
-        config = std::move(fconfig);
-        eBPFConfig->config_ = config;
+        eBPFConfig->config_ = std::move(fconfig);
         // UpdateContext must ahead of StartPlugin
         mFileSecureCB->UpdateContext(ctx, ctx->GetProcessQueueKey(), plugin_index);
         ret = mSourceManager->StartPlugin(type, std::move(eBPFConfig));

diff --git a/core/ebpf/handler/SecurityHandler.cpp b/core/ebpf/handler/SecurityHandler.cpp
@@ -49,7 +49,7 @@ void SecurityHandler::handle(std::vector<std::unique_ptr<AbstractSecurityEvent>>
     event_group.SetTag(host_ip_key, mHostIp);
     event_group.SetTag(host_name_key, mHostName);
     for (auto& x : events) {
-        auto event = event_group.AddLogEvent();
+        auto* event = event_group.AddLogEvent();
         for (auto& tag : x->GetAllTags()) {
             event->SetContent(tag.first, tag.second);
         }

diff --git a/core/ebpf/include/SysAkApi.h b/core/ebpf/include/SysAkApi.h
@@ -4,8 +4,10 @@
 
 #pragma once
 
-using init_func = int (*)(void *);
-using remove_func = int (*)(void *);
-using suspend_func = int(*)(void *);
+#include "ebpf/include/export.h"
+
+using init_func = int (*)(nami::eBPFConfig*);
+using remove_func = int (*)(nami::eBPFConfig*);
 using deinit_func = void (*)(void);
-using update_func = int(*)(void*);
+using suspend_func = int (*)(nami::eBPFConfig*);
+using update_func = int (*)(nami::eBPFConfig*);
diff --git a/core/ebpf/include/export.h b/core/ebpf/include/export.h
@@ -4,12 +4,13 @@
 
 #pragma once
 
-#include <vector>
-#include <string>
-#include <memory>
 #include <functional>
+#include <iostream>
 #include <map>
+#include <memory>
+#include <string>
 #include <variant>
+#include <vector>
 
 enum class SecureEventType {
   SECURE_EVENT_TYPE_SOCKET_SECURE,
@@ -227,6 +228,24 @@ struct SecurityNetworkFilter {
 struct SecurityOption {
   std::vector<std::string> call_names_;
   std::variant<std::monostate, SecurityFileFilter, SecurityNetworkFilter> filter_;
+
+  SecurityOption() = default;
+
+  SecurityOption(const SecurityOption& other) = default;
+
+  SecurityOption(SecurityOption&& other) noexcept
+      : call_names_(std::move(other.call_names_)), filter_(std::move(other.filter_)) {}
+
+  SecurityOption& operator=(const SecurityOption& other) = default;
+
+  SecurityOption& operator=(SecurityOption&& other) noexcept {
+      call_names_ = other.call_names_;
+      filter_ = other.filter_;
+      return *this;
+  }
+
+  ~SecurityOption() {}
+
   bool operator==(const SecurityOption& other) const {
     return call_names_ == other.call_names_ &&
             filter_ == other.filter_;
@@ -342,4 +361,4 @@ struct eBPFConfig {
   }
 };
 
-};
+}; // namespace nami