Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introduce a limit of collected items #2051

Merged
merged 8 commits into from
Dec 5, 2023
Merged

Introduce a limit of collected items #2051

Changes from 2 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
d1045b2
Refactor: Extract function
jan-cerny Nov 13, 2023
b20fca6
Introduce a limit for collected objects
jan-cerny Nov 13, 2023
5e3d8bc
Test collected items limit
jan-cerny Nov 14, 2023
176f1a8
Handle return value of probe_item_collect
jan-cerny Nov 14, 2023
f2461c7
Make probe items limit configurable
jan-cerny Nov 21, 2023
fb97a51
Add comment for visual consistency
jan-cerny Nov 23, 2023
dd1977c
Remove empty line
jan-cerny Dec 4, 2023
6b29c04
Rename "memory" directory to "probe_behavior"
jan-cerny Dec 4, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
62 changes: 41 additions & 21 deletions src/OVAL/probes/probe/icache.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,11 +39,14 @@
#include "probe-api.h"
#include "common/debug_priv.h"
#include "common/memusage.h"
#include "oscap_helpers.h"

#include "probe.h"
#include "icache.h"
#include "_sexp-ID.h"

#define PROBE_ITEM_COLLECT_MAX 1000
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here was used 1.000 but in the commit description is mentioned 10.000. Also, do you have information about how much memory one item consumes? I would like to understand how this proposed limit was calculated.


static volatile uint32_t next_ID = 0;

#if !defined(HAVE_ATOMIC_FUNCTIONS)
Expand Down Expand Up @@ -528,6 +531,31 @@ static int probe_cobj_memcheck(size_t item_cnt, double max_ratio)
return (0);
}

static int _mark_collected_object_as_incomplete(struct probe_ctx *ctx, const char *message)
{

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Redundant \n

/*
* Don't set the message again if the collected object is
* already flagged as incomplete.
*/
if (probe_cobj_get_flag(ctx->probe_out) == SYSCHAR_FLAG_INCOMPLETE) {
return 0;
}
/*
* Sync with the icache thread before modifying the
* collected object.
*/
if (probe_icache_nop(ctx->icache) != 0) {
return -1;
}

SEXP_t *sexp_msg = probe_msg_creat(OVAL_MESSAGE_LEVEL_WARNING, (char *) message);
probe_cobj_add_msg(ctx->probe_out, sexp_msg);
probe_cobj_set_flag(ctx->probe_out, SYSCHAR_FLAG_INCOMPLETE);
SEXP_free(sexp_msg);
return 0;
}

/**
* Collect an item
* This function adds an item the collected object assosiated
Expand Down Expand Up @@ -557,6 +585,16 @@ int probe_item_collect(struct probe_ctx *ctx, SEXP_t *item)
cobj_itemcnt = SEXP_list_length(cobj_content);
SEXP_free(cobj_content);

if (cobj_itemcnt >= PROBE_ITEM_COLLECT_MAX) {
char *message = oscap_sprintf("Object is incomplete because the object matches more than %d items.", PROBE_ITEM_COLLECT_MAX);
if (_mark_collected_object_as_incomplete(ctx, message) != 0) {
free(message);
return -1;
}
free(message);
return 2;
}

memcheck_ret = probe_cobj_memcheck(cobj_itemcnt, ctx->max_mem_ratio);
if (memcheck_ret == -1) {
dE("Failed to check available memory");
Expand All @@ -565,27 +603,9 @@ int probe_item_collect(struct probe_ctx *ctx, SEXP_t *item)
}
if (memcheck_ret == 1) {
SEXP_free(item);

/*
* Don't set the message again if the collected object is
* already flagged as incomplete.
*/
if (probe_cobj_get_flag(ctx->probe_out) != SYSCHAR_FLAG_INCOMPLETE) {
SEXP_t *msg;
/*
* Sync with the icache thread before modifying the
* collected object.
*/
if (probe_icache_nop(ctx->icache) != 0)
return -1;

msg = probe_msg_creat(OVAL_MESSAGE_LEVEL_WARNING,
"Object is incomplete due to memory constraints.");

probe_cobj_add_msg(ctx->probe_out, msg);
probe_cobj_set_flag(ctx->probe_out, SYSCHAR_FLAG_INCOMPLETE);

SEXP_free(msg);
const char *message = "Object is incomplete due to memory constraints.";
if (_mark_collected_object_as_incomplete(ctx, message) != 0) {
return -1;
}

return 2;
Expand Down