sync adapt file ebpf for kernel 6.6 patch to 2403-lts-sp1
This commit is contained in:
zgzxx
parent
048b57b052
commit
dc7714aab8
87
Backport-adapt-file-ebpf-for-kernel-6.6.patch
Normal file
87
Backport-adapt-file-ebpf-for-kernel-6.6.patch
Normal file
@ -0,0 +1,87 @@
|
||||
From 12f2a608cc1c519786befadd3195316968a5ca28 Mon Sep 17 00:00:00 2001
|
||||
From: zgzxx <zhangguangzhi3@huawei.com>
|
||||
Date: Thu, 19 Sep 2024 10:36:59 +0800
|
||||
Subject: [PATCH] adapt file ebpf for kernel 6.6
|
||||
|
||||
---
|
||||
observer_agent/ebpf/CMakeLists.txt | 2 +-
|
||||
observer_agent/ebpf/file_ebpf/CMakeLists.txt | 2 +-
|
||||
observer_agent/ebpf/file_ebpf/file_fentry.bpf.c | 14 ++++++++------
|
||||
3 files changed, 10 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/observer_agent/ebpf/CMakeLists.txt b/observer_agent/ebpf/CMakeLists.txt
|
||||
index a5c9bbe..d400c01 100644
|
||||
--- a/observer_agent/ebpf/CMakeLists.txt
|
||||
+++ b/observer_agent/ebpf/CMakeLists.txt
|
||||
@@ -3,7 +3,7 @@ project(ebpf)
|
||||
add_subdirectory(file_ebpf)
|
||||
add_custom_target(ebpf
|
||||
COMMAND mkdir -p ${CMAKE_CURRENT_BINARY_DIR}/.output
|
||||
- COMMAND bpftool btf dump file /sys/kernel/btf/vmlinux format c > ${CMAKE_CURRENT_BINARY_DIR}/.output/vmlinux.h
|
||||
+ COMMAND bpftool btf dump file /usr/lib/debug/lib/modules/`uname -r`/vmlinux format c > ${CMAKE_CURRENT_BINARY_DIR}/.output/vmlinux.h
|
||||
COMMAND clang -g -O2 -target bpf -D__TARGET_ARCH_x86 -I${CMAKE_SOURCE_DIR}/include -I${CMAKE_CURRENT_BINARY_DIR}/.output -c ${CMAKE_CURRENT_SOURCE_DIR}/fentry.bpf.c -o ${CMAKE_CURRENT_BINARY_DIR}/.output/fentry.bpf.o
|
||||
COMMAND bpftool gen skeleton ${CMAKE_CURRENT_BINARY_DIR}/.output/fentry.bpf.o > ${CMAKE_CURRENT_BINARY_DIR}/.output/fentry.skel.h
|
||||
COMMAND cc -g -Wall -fPIC -I${CMAKE_SOURCE_DIR}/include -I${CMAKE_CURRENT_BINARY_DIR}/.output -I${CMAKE_CURRENT_SOURCE_DIR} -c ${CMAKE_CURRENT_SOURCE_DIR}/fentry.c -o ${CMAKE_CURRENT_BINARY_DIR}/.output/fentry.o
|
||||
diff --git a/observer_agent/ebpf/file_ebpf/CMakeLists.txt b/observer_agent/ebpf/file_ebpf/CMakeLists.txt
|
||||
index e9e073a..b8939df 100644
|
||||
--- a/observer_agent/ebpf/file_ebpf/CMakeLists.txt
|
||||
+++ b/observer_agent/ebpf/file_ebpf/CMakeLists.txt
|
||||
@@ -4,7 +4,7 @@ cmake_minimum_required(VERSION 3.22)
|
||||
project(file_ebpf)
|
||||
add_custom_target(file_ebpf
|
||||
COMMAND mkdir -p ${CMAKE_CURRENT_BINARY_DIR}/.output
|
||||
- COMMAND bpftool btf dump file /sys/kernel/btf/vmlinux format c > ${CMAKE_CURRENT_BINARY_DIR}/.output/vmlinux.h
|
||||
+ COMMAND bpftool btf dump file /usr/lib/debug/lib/modules/`uname -r`/vmlinux format c > ${CMAKE_CURRENT_BINARY_DIR}/.output/vmlinux.h
|
||||
COMMAND clang -g -O2 -target bpf -D__TARGET_ARCH_x86 -I${CMAKE_SOURCE_DIR}/include -I${CMAKE_CURRENT_BINARY_DIR}/.output -c ${CMAKE_CURRENT_SOURCE_DIR}/file_fentry.bpf.c -o ${CMAKE_CURRENT_BINARY_DIR}/.output/file_fentry.bpf.o
|
||||
COMMAND bpftool gen skeleton ${CMAKE_CURRENT_BINARY_DIR}/.output/file_fentry.bpf.o > ${CMAKE_CURRENT_BINARY_DIR}/.output/file_fentry.skel.h
|
||||
COMMAND cc -g -Wall -fPIC -I${CMAKE_SOURCE_DIR}/include -I${CMAKE_CURRENT_BINARY_DIR}/.output -I${CMAKE_CURRENT_SOURCE_DIR} -c ${CMAKE_CURRENT_SOURCE_DIR}/file_fentry.c -o ${CMAKE_CURRENT_BINARY_DIR}/.output/file_fentry.o
|
||||
diff --git a/observer_agent/ebpf/file_ebpf/file_fentry.bpf.c b/observer_agent/ebpf/file_ebpf/file_fentry.bpf.c
|
||||
index 941b785..b3ef041 100644
|
||||
--- a/observer_agent/ebpf/file_ebpf/file_fentry.bpf.c
|
||||
+++ b/observer_agent/ebpf/file_ebpf/file_fentry.bpf.c
|
||||
@@ -178,7 +178,7 @@ int BPF_PROG(fexit_vfs_write, struct file *file, const char *buf, size_t count,
|
||||
}
|
||||
|
||||
SEC("fexit/vfs_unlink")
|
||||
-int BPF_PROG(fexit_vfs_unlink, struct inode *dir, struct dentry *dentry, struct inode **delegated_inode, int ret)
|
||||
+int BPF_PROG(fexit_vfs_unlink, struct mnt_idmap *idmap, struct inode *dir, struct dentry *dentry, struct inode **delegated_inode, int ret)
|
||||
{
|
||||
struct ebpf_event *e = NULL;
|
||||
|
||||
@@ -287,7 +287,7 @@ int BPF_PROG(fexit_chown_common, const struct path *path, uid_t user, gid_t grou
|
||||
}
|
||||
|
||||
SEC("fentry/__vfs_setxattr_noperm")
|
||||
-int BPF_PROG(fentry__vfs_setxattr_noperm, struct dentry *dentry, const char *name, const void *value, size_t size, int flags)
|
||||
+int BPF_PROG(fentry__vfs_setxattr_noperm, struct mnt_idmap *idmap, struct dentry *dentry, const char *name, const void *value, size_t size, int flags)
|
||||
{
|
||||
struct ebpf_event *e = NULL;
|
||||
|
||||
@@ -307,7 +307,7 @@ int BPF_PROG(fentry__vfs_setxattr_noperm, struct dentry *dentry, const char *nam
|
||||
}
|
||||
|
||||
SEC("fentry/__vfs_removexattr_locked")
|
||||
-int BPF_PROG(fentry__vfs_removexattr_locked, struct dentry *dentry, const char *name, struct inode **delegated_inode)
|
||||
+int BPF_PROG(fentry__vfs_removexattr_locked, struct mnt_idmap *idmap, struct dentry *dentry, const char *name, struct inode **delegated_inode)
|
||||
{
|
||||
struct ebpf_event *e = NULL;
|
||||
|
||||
@@ -327,10 +327,12 @@ int BPF_PROG(fentry__vfs_removexattr_locked, struct dentry *dentry, const char *
|
||||
}
|
||||
|
||||
SEC("fentry/vfs_rename")
|
||||
-int BPF_PROG(fentry_vfs_rename, struct inode *old_dir, struct dentry *old_dentry,
|
||||
- struct inode *new_dir, struct dentry *new_dentry, struct inode **delegated_inode,
|
||||
- unsigned int flags)
|
||||
+int BPF_PROG(fentry_vfs_rename, struct renamedata *rd)
|
||||
{
|
||||
+ if (!rd)
|
||||
+ return 0;
|
||||
+ struct dentry *old_dentry = rd->old_dentry;
|
||||
+ struct dentry *new_dentry = rd->new_dentry;
|
||||
struct ebpf_event *e = NULL;
|
||||
char name[] = "rename";
|
||||
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -5,12 +5,12 @@
|
||||
Name : secDetector
|
||||
Summary : OS Security Intrusion Detection System
|
||||
Version : 1.0
|
||||
Release : 14
|
||||
Release : 15
|
||||
License : GPL-2.0
|
||||
Source0 : %{name}-v%{version}.tar.gz
|
||||
BuildRequires: kernel-devel kernel-headers
|
||||
BuildRequires: gcc gcc-c++ clang cmake make
|
||||
BuildRequires: libbpf-devel bpftool
|
||||
BuildRequires: libbpf-devel bpftool uname-build-checks kernel-debuginfo
|
||||
BuildRequires: grpc-devel grpc-plugins protobuf-devel c-ares-devel libuuid-devel
|
||||
Requires : kernel
|
||||
Requires : protobuf grpc libuuid libbpf
|
||||
@ -47,6 +47,7 @@ Patch0030: Backport-fix-the-memory-leak-in-collect-unit.patch
|
||||
Patch0031: Backport-fix-memory-leak-in-program_action.patch
|
||||
Patch0032: Backport-bug-fix-memory-leak-in-sc-analyze-unit.patch
|
||||
Patch0033: Backport-fix-6.x-kernel-compile-error.patch
|
||||
Patch0034: Backport-adapt-file-ebpf-for-kernel-6.6.patch
|
||||
|
||||
%description
|
||||
OS Security Intrusion Detection System
|
||||
@ -120,6 +121,9 @@ rm -rf %{buildroot}
|
||||
%attr(0644,root,root) /usr/include/secDetector/secDetector_topic.h
|
||||
|
||||
%changelog
|
||||
* Thu Sep 19 2024 zhangguangzhi <zhangguangzhi3@huawei.com> 1.0-15
|
||||
- backport patch to adapt file ebpf for kernel 6.6
|
||||
|
||||
* Tue Feb 20 2024 hurricane618 <hurricane618@hotmail.com> 1.0-14
|
||||
- backport patch to fix compile error in v6.6 kernel
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user