Skip to content

Commit

Permalink
fix(driver): fixed build against 6.6 rc kernel.
Browse files Browse the repository at this point in the history
Signed-off-by: Federico Di Pierro <[email protected]>
  • Loading branch information
FedeDP authored and poiana committed Sep 14, 2023
1 parent 0714308 commit 8da5805
Show file tree
Hide file tree
Showing 7 changed files with 134 additions and 4 deletions.
10 changes: 10 additions & 0 deletions driver/bpf/fillers.h
Original file line number Diff line number Diff line change
Expand Up @@ -2839,7 +2839,12 @@ FILLER(execve_extra_tail_1, true)
struct timespec64 time = {0};

/* Parameter 25: exe_file ctime (last status change time, epoch value in nanoseconds) (type: PT_ABSTIME) */
#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 6, 0)
time = _READ(inode->__i_ctime);
time.tv_nsec = time.tv_nsec & ~I_CTIME_QUERIED; // See https://elixir.bootlin.com/linux/v6.6-rc1/source/include/linux/fs.h#L1544
#else
time = _READ(inode->i_ctime);
#endif
res = bpf_push_u64_to_ring(data, bpf_epoch_ns_from_time(time));
CHECK_RES(res);

Expand Down Expand Up @@ -6694,7 +6699,12 @@ FILLER(sched_prog_exec_4, false)
struct timespec64 time = {0};

/* Parameter 25: exe_file ctime (last status change time, epoch value in nanoseconds) (type: PT_ABSTIME) */
#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 6, 0)
time = _READ(inode->__i_ctime);
time.tv_nsec = time.tv_nsec & ~I_CTIME_QUERIED; // See https://elixir.bootlin.com/linux/v6.6-rc1/source/include/linux/fs.h#L1544
#else
time = _READ(inode->i_ctime);
#endif
res = bpf_push_u64_to_ring(data, bpf_epoch_ns_from_time(time));
CHECK_RES(res);

Expand Down
7 changes: 7 additions & 0 deletions driver/modern_bpf/definitions/missing_definitions.h
Original file line number Diff line number Diff line change
Expand Up @@ -584,6 +584,13 @@

#define FMODE_CREATED (/*(__force fmode_t) */0x100000)

//////////////////////////
// ctime flags
//////////////////////////

/* `include/linux/fs.h` from kernel source tree. */
#define I_CTIME_QUERIED (1L<<30)

//////////////////////////
// flock flags
//////////////////////////
Expand Down
71 changes: 71 additions & 0 deletions driver/modern_bpf/definitions/struct_flavors.h
Original file line number Diff line number Diff line change
Expand Up @@ -58,4 +58,75 @@ struct modern_bpf__kernel_timex_timeval
long long int tv_usec;
};

struct inode___v6_6 {
umode_t i_mode;
short unsigned int i_opflags;
kuid_t i_uid;
kgid_t i_gid;
unsigned int i_flags;
struct posix_acl *i_acl;
struct posix_acl *i_default_acl;
const struct inode_operations *i_op;
struct super_block *i_sb;
struct address_space *i_mapping;
void *i_security;
long unsigned int i_ino;
union {
const unsigned int i_nlink;
unsigned int __i_nlink;
};
dev_t i_rdev;
loff_t i_size;
struct timespec64 i_atime;
struct timespec64 i_mtime;
struct timespec64 __i_ctime;
spinlock_t i_lock;
short unsigned int i_bytes;
u8 i_blkbits;
u8 i_write_hint;
blkcnt_t i_blocks;
long unsigned int i_state;
struct rw_semaphore i_rwsem;
long unsigned int dirtied_when;
long unsigned int dirtied_time_when;
struct hlist_node i_hash;
struct list_head i_io_list;
struct bdi_writeback *i_wb;
int i_wb_frn_winner;
u16 i_wb_frn_avg_time;
u16 i_wb_frn_history;
struct list_head i_lru;
struct list_head i_sb_list;
struct list_head i_wb_list;
union {
struct hlist_head i_dentry;
struct callback_head i_rcu;
};
atomic64_t i_version;
atomic64_t i_sequence;
atomic_t i_count;
atomic_t i_dio_count;
atomic_t i_writecount;
atomic_t i_readcount;
union {
const struct file_operations *i_fop;
void (*free_inode)(struct inode *);
};
struct file_lock_context *i_flctx;
struct address_space i_data;
struct list_head i_devices;
union {
struct pipe_inode_info *i_pipe;
struct cdev *i_cdev;
char *i_link;
unsigned int i_dir_seq;
};
__u32 i_generation;
__u32 i_fsnotify_mask;
struct fsnotify_mark_connector *i_fsnotify_marks;
struct fscrypt_info *i_crypt_info;
struct fsverity_info *i_verity_info;
void *i_private;
};

#endif /* __STRUCT_FLAVORS_H__ */
Original file line number Diff line number Diff line change
Expand Up @@ -213,7 +213,16 @@ int BPF_PROG(t1_sched_p_exec,

/* Parameter 25: exe_file ctime (last status change time, epoch value in nanoseconds) (type: PT_ABSTIME) */
struct timespec64 time = { 0, 0 };
BPF_CORE_READ_INTO(&time, exe_inode, i_ctime);
if(bpf_core_type_exists(struct inode))
{
BPF_CORE_READ_INTO(&time, exe_inode, i_ctime);
}
else
{
struct inode___v6_6 *exe_inode_v6_6 = (void *)exe_inode;
BPF_CORE_READ_INTO(&time, exe_inode_v6_6, __i_ctime);
time.tv_nsec = time.tv_nsec & ~I_CTIME_QUERIED;
}
auxmap__store_u64_param(auxmap, extract__epoch_ns_from_time(time));

/* Parameter 26: exe_file mtime (last modification time, epoch value in nanoseconds) (type: PT_ABSTIME) */
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -277,7 +277,16 @@ int BPF_PROG(t1_execve_x,

/* Parameter 25: exe_file ctime (last status change time, epoch value in nanoseconds) (type: PT_ABSTIME) */
struct timespec64 time = { 0, 0 };
BPF_CORE_READ_INTO(&time, exe_inode, i_ctime);
if(bpf_core_type_exists(struct inode))
{
BPF_CORE_READ_INTO(&time, exe_inode, i_ctime);
}
else
{
struct inode___v6_6 *exe_inode_v6_6 = (void *)exe_inode;
BPF_CORE_READ_INTO(&time, exe_inode_v6_6, __i_ctime);
time.tv_nsec = time.tv_nsec & ~I_CTIME_QUERIED;
}
auxmap__store_u64_param(auxmap, extract__epoch_ns_from_time(time));

/* Parameter 26: exe_file mtime (last modification time, epoch value in nanoseconds) (type: PT_ABSTIME) */
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -293,7 +293,16 @@ int BPF_PROG(t1_execveat_x,

/* Parameter 25: exe_file ctime (last status change time, epoch value in nanoseconds) (type: PT_ABSTIME) */
struct timespec64 time = { 0, 0 };
BPF_CORE_READ_INTO(&time, exe_inode, i_ctime);
if(bpf_core_type_exists(struct inode))
{
BPF_CORE_READ_INTO(&time, exe_inode, i_ctime);
}
else
{
struct inode___v6_6 *exe_inode_v6_6 = (void *)exe_inode;
BPF_CORE_READ_INTO(&time, exe_inode_v6_6, __i_ctime);
time.tv_nsec = time.tv_nsec & ~I_CTIME_QUERIED;
}
auxmap__store_u64_param(auxmap, extract__epoch_ns_from_time(time));

/* Parameter 26: exe_file mtime (last modification time, epoch value in nanoseconds) (type: PT_ABSTIME) */
Expand Down
17 changes: 16 additions & 1 deletion driver/ppm_fillers.c
Original file line number Diff line number Diff line change
Expand Up @@ -1512,8 +1512,15 @@ int f_proc_startupdate(struct event_filler_arguments *args)
* During kernel versions `i_ctime` changed from `struct timespec` to `struct timespec64`
* but fields names should be always the same.
*/
#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 6, 0)
{
struct timespec64 inode_ctime;
inode_ctime = inode_get_ctime(file_inode(exe_file));
ctime = inode_ctime.tv_sec * (uint64_t) 1000000000 + inode_ctime.tv_nsec;
}
#else
ctime = file_inode(exe_file)->i_ctime.tv_sec * (uint64_t) 1000000000 + file_inode(exe_file)->i_ctime.tv_nsec;

#endif
/* Support exe_file mtime
* During kernel versions `i_mtime` changed from `struct timespec` to `struct timespec64`
* but fields names should be always the same.
Expand Down Expand Up @@ -7775,7 +7782,15 @@ int f_sched_prog_exec(struct event_filler_arguments *args)
* During kernel versions `i_ctime` changed from `struct timespec` to `struct timespec64`
* but fields names should be always the same.
*/
#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 6, 0)
{
struct timespec64 inode_ctime;
inode_ctime = inode_get_ctime(file_inode(exe_file));
ctime = inode_ctime.tv_sec * (uint64_t) 1000000000 + inode_ctime.tv_nsec;
}
#else
ctime = file_inode(exe_file)->i_ctime.tv_sec * (uint64_t) 1000000000 + file_inode(exe_file)->i_ctime.tv_nsec;
#endif

/* Support exe_file mtime
* During kernel versions `i_mtime` changed from `struct timespec` to `struct timespec64`
Expand Down

0 comments on commit 8da5805

Please sign in to comment.