From 52da8ed339981c0e959ce1663e8d4e10a99b6d34 Mon Sep 17 00:00:00 2001 From: Federico Di Pierro Date: Wed, 13 Sep 2023 15:26:51 +0200 Subject: [PATCH] fix(driver/modern_bpf): fixed modern bpf driver. Signed-off-by: Federico Di Pierro Co-authored-by: Andrea Terzolo --- .../modern_bpf/definitions/struct_flavors.h | 75 +------------------ .../attached/events/sched_process_exec.bpf.c | 2 +- .../syscall_dispatched_events/execve.bpf.c | 2 +- .../syscall_dispatched_events/execveat.bpf.c | 2 +- 4 files changed, 7 insertions(+), 74 deletions(-) diff --git a/driver/modern_bpf/definitions/struct_flavors.h b/driver/modern_bpf/definitions/struct_flavors.h index e58274ff89..30173d3f03 100644 --- a/driver/modern_bpf/definitions/struct_flavors.h +++ b/driver/modern_bpf/definitions/struct_flavors.h @@ -36,6 +36,10 @@ struct task_struct___cos { struct audit_task_info *audit; }; +struct inode___v6_6 { + struct timespec64 __i_ctime; +}; + #ifndef BPF_NO_PRESERVE_ACCESS_INDEX #pragma clang attribute pop #endif @@ -58,75 +62,4 @@ struct modern_bpf__kernel_timex_timeval long long int tv_usec; }; -struct inode___v6_6 { - umode_t i_mode; - short unsigned int i_opflags; - kuid_t i_uid; - kgid_t i_gid; - unsigned int i_flags; - struct posix_acl *i_acl; - struct posix_acl *i_default_acl; - const struct inode_operations *i_op; - struct super_block *i_sb; - struct address_space *i_mapping; - void *i_security; - long unsigned int i_ino; - union { - const unsigned int i_nlink; - unsigned int __i_nlink; - }; - dev_t i_rdev; - loff_t i_size; - struct timespec64 i_atime; - struct timespec64 i_mtime; - struct timespec64 __i_ctime; - spinlock_t i_lock; - short unsigned int i_bytes; - u8 i_blkbits; - u8 i_write_hint; - blkcnt_t i_blocks; - long unsigned int i_state; - struct rw_semaphore i_rwsem; - long unsigned int dirtied_when; - long unsigned int dirtied_time_when; - struct hlist_node i_hash; - struct list_head i_io_list; - struct bdi_writeback *i_wb; - int i_wb_frn_winner; - u16 i_wb_frn_avg_time; - u16 i_wb_frn_history; - struct list_head i_lru; - struct list_head i_sb_list; - struct list_head i_wb_list; - union { - struct hlist_head i_dentry; - struct callback_head i_rcu; - }; - atomic64_t i_version; - atomic64_t i_sequence; - atomic_t i_count; - atomic_t i_dio_count; - atomic_t i_writecount; - atomic_t i_readcount; - union { - const struct file_operations *i_fop; - void (*free_inode)(struct inode *); - }; - struct file_lock_context *i_flctx; - struct address_space i_data; - struct list_head i_devices; - union { - struct pipe_inode_info *i_pipe; - struct cdev *i_cdev; - char *i_link; - unsigned int i_dir_seq; - }; - __u32 i_generation; - __u32 i_fsnotify_mask; - struct fsnotify_mark_connector *i_fsnotify_marks; - struct fscrypt_info *i_crypt_info; - struct fsverity_info *i_verity_info; - void *i_private; -}; - #endif /* __STRUCT_FLAVORS_H__ */ diff --git a/driver/modern_bpf/programs/attached/events/sched_process_exec.bpf.c b/driver/modern_bpf/programs/attached/events/sched_process_exec.bpf.c index 2519e40255..a4fd699d15 100644 --- a/driver/modern_bpf/programs/attached/events/sched_process_exec.bpf.c +++ b/driver/modern_bpf/programs/attached/events/sched_process_exec.bpf.c @@ -213,7 +213,7 @@ int BPF_PROG(t1_sched_p_exec, /* Parameter 25: exe_file ctime (last status change time, epoch value in nanoseconds) (type: PT_ABSTIME) */ struct timespec64 time = { 0, 0 }; - if(bpf_core_type_exists(struct inode)) + if(bpf_core_field_exists(exe_inode->i_ctime)) { BPF_CORE_READ_INTO(&time, exe_inode, i_ctime); } diff --git a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/execve.bpf.c b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/execve.bpf.c index dba43f9bc4..5a6705cdd6 100644 --- a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/execve.bpf.c +++ b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/execve.bpf.c @@ -277,7 +277,7 @@ int BPF_PROG(t1_execve_x, /* Parameter 25: exe_file ctime (last status change time, epoch value in nanoseconds) (type: PT_ABSTIME) */ struct timespec64 time = { 0, 0 }; - if(bpf_core_type_exists(struct inode)) + if(bpf_core_field_exists(exe_inode->i_ctime)) { BPF_CORE_READ_INTO(&time, exe_inode, i_ctime); } diff --git a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/execveat.bpf.c b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/execveat.bpf.c index 1089369cfb..d441844166 100644 --- a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/execveat.bpf.c +++ b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/execveat.bpf.c @@ -293,7 +293,7 @@ int BPF_PROG(t1_execveat_x, /* Parameter 25: exe_file ctime (last status change time, epoch value in nanoseconds) (type: PT_ABSTIME) */ struct timespec64 time = { 0, 0 }; - if(bpf_core_type_exists(struct inode)) + if(bpf_core_field_exists(exe_inode->i_ctime)) { BPF_CORE_READ_INTO(&time, exe_inode, i_ctime); }