Skip to content

Commit

Permalink
[CWS] Fix a load controller issue where tags were resolved multiple t…
Browse files Browse the repository at this point in the history 
…imes (#30178)
  • Loading branch information
@spikat
spikat authored Oct 16, 2024
1 parent d672cf3 commit ef1f063
Show file tree
Hide file tree
Showing 4 changed files with 7 additions and 6 deletions.
3 changes: 2 additions & 1 deletion pkg/security/security_profile/dump/activity_dump.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -615,7 +615,8 @@ func (ad *ActivityDump) ResolveTags() error {

// resolveTags thread unsafe version ot ResolveTags
func (ad *ActivityDump) resolveTags() error {
if len(ad.Tags) >= 10 || len(ad.Metadata.ContainerID) == 0 {
selector := ad.GetWorkloadSelector()
if selector != nil {
return nil
}

Expand Down
3 changes: 2 additions & 1 deletion pkg/security/security_profile/dump/load_controller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,7 @@ func (lc *ActivityDumpLoadController) NextPartialDump(ad *ActivityDump) *Activit
newDump.Metadata.ContainerID = ad.Metadata.ContainerID
newDump.Metadata.DifferentiateArgs = ad.Metadata.DifferentiateArgs
newDump.Tags = ad.Tags
newDump.selector = ad.selector

// copy storage requests
for _, reqList := range ad.StorageRequests {
Expand All @@ -101,7 +102,7 @@ func (lc *ActivityDumpLoadController) NextPartialDump(ad *ActivityDump) *Activit
}

// compute the duration it took to reach the dump size threshold
timeToThreshold := ad.End.Sub(ad.Start)
timeToThreshold := time.Since(ad.Start)

// set new load parameters
newDump.SetTimeout(ad.LoadConfig.Timeout - timeToThreshold)
Expand Down
6 changes: 3 additions & 3 deletions pkg/security/security_profile/dump/manager.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -852,6 +852,9 @@ func (adm *ActivityDumpManager) triggerLoadController() {

// handle overweight dumps
for _, ad := range dumps {
// restart a new dump for the same workload
newDump := adm.loadController.NextPartialDump(ad)

// stop the dump but do not release the cgroup
ad.Finalize(false)
seclog.Infof("tracing paused for [%s]", ad.GetSelectorStr())
Expand All @@ -867,9 +870,6 @@ func (adm *ActivityDumpManager) triggerLoadController() {
adm.emptyDropped.Inc()
}

// restart a new dump for the same workload
newDump := adm.loadController.NextPartialDump(ad)

adm.Lock()
if err := adm.insertActivityDump(newDump); err != nil {
seclog.Errorf("couldn't resume tracing [%s]: %v", newDump.GetSelectorStr(), err)
Expand Down
1 change: 0 additions & 1 deletion pkg/security/tests/fake_tags_resolver.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,6 @@ func (fr *FakeResolver) Stop() error {
func (fr *FakeResolver) Resolve(containerID string) []string {
fakeTags := []string{
"image_tag:latest",
"container_id:" + containerID,
}
fr.Lock()
defer fr.Unlock()
Expand Down

0 comments on commit ef1f063

Please sign in to comment.