From 12f2a608cc1c519786befadd3195316968a5ca28 Mon Sep 17 00:00:00 2001 From: zgzxx Date: Thu, 19 Sep 2024 10:36:59 +0800 Subject: [PATCH] adapt file ebpf for kernel 6.6 --- observer_agent/ebpf/CMakeLists.txt | 2 +- observer_agent/ebpf/file_ebpf/CMakeLists.txt | 2 +- observer_agent/ebpf/file_ebpf/file_fentry.bpf.c | 14 ++++++++------ 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/observer_agent/ebpf/CMakeLists.txt b/observer_agent/ebpf/CMakeLists.txt index a5c9bbe..d400c01 100644 --- a/observer_agent/ebpf/CMakeLists.txt +++ b/observer_agent/ebpf/CMakeLists.txt @@ -3,7 +3,7 @@ project(ebpf) add_subdirectory(file_ebpf) add_custom_target(ebpf COMMAND mkdir -p ${CMAKE_CURRENT_BINARY_DIR}/.output - COMMAND bpftool btf dump file /sys/kernel/btf/vmlinux format c > ${CMAKE_CURRENT_BINARY_DIR}/.output/vmlinux.h + COMMAND bpftool btf dump file /usr/lib/debug/lib/modules/`uname -r`/vmlinux format c > ${CMAKE_CURRENT_BINARY_DIR}/.output/vmlinux.h COMMAND clang -g -O2 -target bpf -D__TARGET_ARCH_x86 -I${CMAKE_SOURCE_DIR}/include -I${CMAKE_CURRENT_BINARY_DIR}/.output -c ${CMAKE_CURRENT_SOURCE_DIR}/fentry.bpf.c -o ${CMAKE_CURRENT_BINARY_DIR}/.output/fentry.bpf.o COMMAND bpftool gen skeleton ${CMAKE_CURRENT_BINARY_DIR}/.output/fentry.bpf.o > ${CMAKE_CURRENT_BINARY_DIR}/.output/fentry.skel.h COMMAND cc -g -Wall -fPIC -I${CMAKE_SOURCE_DIR}/include -I${CMAKE_CURRENT_BINARY_DIR}/.output -I${CMAKE_CURRENT_SOURCE_DIR} -c ${CMAKE_CURRENT_SOURCE_DIR}/fentry.c -o ${CMAKE_CURRENT_BINARY_DIR}/.output/fentry.o diff --git a/observer_agent/ebpf/file_ebpf/CMakeLists.txt b/observer_agent/ebpf/file_ebpf/CMakeLists.txt index e9e073a..b8939df 100644 --- a/observer_agent/ebpf/file_ebpf/CMakeLists.txt +++ b/observer_agent/ebpf/file_ebpf/CMakeLists.txt @@ -4,7 +4,7 @@ cmake_minimum_required(VERSION 3.22) project(file_ebpf) add_custom_target(file_ebpf COMMAND mkdir -p ${CMAKE_CURRENT_BINARY_DIR}/.output - COMMAND bpftool btf dump file /sys/kernel/btf/vmlinux format c > ${CMAKE_CURRENT_BINARY_DIR}/.output/vmlinux.h + COMMAND bpftool btf dump file /usr/lib/debug/lib/modules/`uname -r`/vmlinux format c > ${CMAKE_CURRENT_BINARY_DIR}/.output/vmlinux.h COMMAND clang -g -O2 -target bpf -D__TARGET_ARCH_x86 -I${CMAKE_SOURCE_DIR}/include -I${CMAKE_CURRENT_BINARY_DIR}/.output -c ${CMAKE_CURRENT_SOURCE_DIR}/file_fentry.bpf.c -o ${CMAKE_CURRENT_BINARY_DIR}/.output/file_fentry.bpf.o COMMAND bpftool gen skeleton ${CMAKE_CURRENT_BINARY_DIR}/.output/file_fentry.bpf.o > ${CMAKE_CURRENT_BINARY_DIR}/.output/file_fentry.skel.h COMMAND cc -g -Wall -fPIC -I${CMAKE_SOURCE_DIR}/include -I${CMAKE_CURRENT_BINARY_DIR}/.output -I${CMAKE_CURRENT_SOURCE_DIR} -c ${CMAKE_CURRENT_SOURCE_DIR}/file_fentry.c -o ${CMAKE_CURRENT_BINARY_DIR}/.output/file_fentry.o diff --git a/observer_agent/ebpf/file_ebpf/file_fentry.bpf.c b/observer_agent/ebpf/file_ebpf/file_fentry.bpf.c index 941b785..b3ef041 100644 --- a/observer_agent/ebpf/file_ebpf/file_fentry.bpf.c +++ b/observer_agent/ebpf/file_ebpf/file_fentry.bpf.c @@ -178,7 +178,7 @@ int BPF_PROG(fexit_vfs_write, struct file *file, const char *buf, size_t count, } SEC("fexit/vfs_unlink") -int BPF_PROG(fexit_vfs_unlink, struct inode *dir, struct dentry *dentry, struct inode **delegated_inode, int ret) +int BPF_PROG(fexit_vfs_unlink, struct mnt_idmap *idmap, struct inode *dir, struct dentry *dentry, struct inode **delegated_inode, int ret) { struct ebpf_event *e = NULL; @@ -287,7 +287,7 @@ int BPF_PROG(fexit_chown_common, const struct path *path, uid_t user, gid_t grou } SEC("fentry/__vfs_setxattr_noperm") -int BPF_PROG(fentry__vfs_setxattr_noperm, struct dentry *dentry, const char *name, const void *value, size_t size, int flags) +int BPF_PROG(fentry__vfs_setxattr_noperm, struct mnt_idmap *idmap, struct dentry *dentry, const char *name, const void *value, size_t size, int flags) { struct ebpf_event *e = NULL; @@ -307,7 +307,7 @@ int BPF_PROG(fentry__vfs_setxattr_noperm, struct dentry *dentry, const char *nam } SEC("fentry/__vfs_removexattr_locked") -int BPF_PROG(fentry__vfs_removexattr_locked, struct dentry *dentry, const char *name, struct inode **delegated_inode) +int BPF_PROG(fentry__vfs_removexattr_locked, struct mnt_idmap *idmap, struct dentry *dentry, const char *name, struct inode **delegated_inode) { struct ebpf_event *e = NULL; @@ -327,10 +327,12 @@ int BPF_PROG(fentry__vfs_removexattr_locked, struct dentry *dentry, const char * } SEC("fentry/vfs_rename") -int BPF_PROG(fentry_vfs_rename, struct inode *old_dir, struct dentry *old_dentry, - struct inode *new_dir, struct dentry *new_dentry, struct inode **delegated_inode, - unsigned int flags) +int BPF_PROG(fentry_vfs_rename, struct renamedata *rd) { + if (!rd) + return 0; + struct dentry *old_dentry = rd->old_dentry; + struct dentry *new_dentry = rd->new_dentry; struct ebpf_event *e = NULL; char name[] = "rename"; -- 2.33.0