tribes/guix
1
0
Fork 0
mirror of https://git.savannah.gnu.org/git/guix.git synced 2026-04-06 21:20:33 +02:00
Code Activity
Files
master
guix/gnu/packages/patches/falcosecurity-libs-bpf-probes-fix.patch
Maxim Cournoyer 5f7ec06d2c gnu: falcosecurity-libs: Fix BPF issue on Linux 6.15+. 
This fixes sysdig.

* gnu/packages/patches/falcosecurity-libs-bpf-probes-fix.patch: New patch.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/linux.scm (falcosecurity-libs): Apply it.

Change-Id: Ie908824288febb767114a932c050231c6f7647c9
2025-11-09 23:47:03 +09:00

105 lines
3.4 KiB
Diff
Raw Permalink Blame History

From c1a97c03832deb62ca4d30342e00031eda5227eb Mon Sep 17 00:00:00 2001
From: Federico Di Pierro <nierro92@gmail.com>
Date: Fri, 11 Apr 2025 09:03:21 +0200
Subject: [PATCH] fix(driver): fixed build of old bpf probe against linux
6.15-rc1.
Also, fixed modern_ebpf running against the new kernel version.
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
---
.../bpf/configure/KERNFS_NODE_PARENT/test.c | 32 +++++++++++++++++++
driver/bpf/fillers.h | 4 +++
.../modern_bpf/definitions/struct_flavors.h | 4 +++
.../helpers/store/auxmap_store_params.h | 7 +++-
4 files changed, 46 insertions(+), 1 deletion(-)
create mode 100644 driver/bpf/configure/KERNFS_NODE_PARENT/test.c
diff --git a/driver/bpf/configure/KERNFS_NODE_PARENT/test.c b/driver/bpf/configure/KERNFS_NODE_PARENT/test.c
new file mode 100644
index 0000000000..4887380769
--- /dev/null
+++ b/driver/bpf/configure/KERNFS_NODE_PARENT/test.c
@@ -0,0 +1,32 @@
+// SPDX-License-Identifier: GPL-2.0-only OR MIT
+/*
+
+Copyright (C) 2025 The Falco Authors.
+
+This file is dual licensed under either the MIT or GPL 2. See MIT.txt
+or GPL2.txt for full copies of the license.
+
+*/
+
+/*
+ * Check that kernfs_node's field `parent` exists.
+ * See 6.15 kernel commit it is named __parent:
+ * https://github.com/torvalds/linux/commit/633488947ef66b194377411322dc9e12aab79b65
+ */
+
+#include "../../quirks.h"
+#include "../../ppm_events_public.h"
+#include "../../types.h"
+
+// struct kernfs_node declaration
+#include <linux/kernfs.h>
+
+BPF_PROBE("signal/", signal_deliver, signal_deliver_args) {
+ struct kernfs_node *parent;
+ struct kernfs_node node;
+
+ parent = node.parent;
+ return 0;
+}
+
+char __license[] __bpf_section("license") = "Dual MIT/GPL";
diff --git a/driver/bpf/fillers.h b/driver/bpf/fillers.h
index 5ce78747fb..fcc57f1531 100644
--- a/driver/bpf/fillers.h
+++ b/driver/bpf/fillers.h
@@ -1819,7 +1819,11 @@ static __always_inline int __bpf_append_cgroup(struct css_set *cgroups,
for(int k = 0; k < MAX_CGROUP_PATHS; ++k) {
if(kn) {
cgroup_path[k] = (char *)_READ(kn->name);
+#ifdef HAS_KERNFS_NODE_PARENT
kn = _READ(kn->parent);
+#else
+ kn = _READ(kn->__parent);
+#endif
} else {
cgroup_path[k] = NULL;
}
diff --git a/driver/modern_bpf/definitions/struct_flavors.h b/driver/modern_bpf/definitions/struct_flavors.h
index 4e76281ed9..05f5201be4 100644
--- a/driver/modern_bpf/definitions/struct_flavors.h
+++ b/driver/modern_bpf/definitions/struct_flavors.h
@@ -59,6 +59,10 @@ struct inode___v6_11 {
uint32_t i_ctime_nsec;
};
+struct kernfs_node___v6_15 {
+ struct kernfs_node *__parent;
+};
+
#ifndef BPF_NO_PRESERVE_ACCESS_INDEX
#pragma clang attribute pop
#endif
diff --git a/driver/modern_bpf/helpers/store/auxmap_store_params.h b/driver/modern_bpf/helpers/store/auxmap_store_params.h
index d6cbe663e0..ab54e2db51 100644
--- a/driver/modern_bpf/helpers/store/auxmap_store_params.h
+++ b/driver/modern_bpf/helpers/store/auxmap_store_params.h
@@ -1296,7 +1296,12 @@ static __always_inline uint16_t store_cgroup_subsys(struct auxiliary_map *auxmap
}
path_components++;
BPF_CORE_READ_INTO(&cgroup_path_pointers[k], kn, name);
- BPF_CORE_READ_INTO(&kn, kn, parent);
+ if(bpf_core_field_exists(kn->parent)) {
+ BPF_CORE_READ_INTO(&kn, kn, parent);
+ } else {
+ struct kernfs_node___v6_15 *kn_v6_15 = (void *)kn;
+ BPF_CORE_READ_INTO(&kn, kn_v6_15, __parent);
+ }
}
/* Reconstruct the path in reverse, using previously collected pointers.
View Git Blame Copy Permalink